345 lines
10 KiB
C#
345 lines
10 KiB
C#
using InnovEnergy.App.Backend.Database;
|
|
using InnovEnergy.App.Backend.DataTypes;
|
|
using InnovEnergy.App.Backend.DataTypes.Methods;
|
|
using InnovEnergy.App.Backend.Relations;
|
|
using InnovEnergy.Lib.Utils;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace InnovEnergy.App.Backend.Controllers;
|
|
|
|
using Token = String;
|
|
|
|
[ApiController]
|
|
[Route("api/")]
|
|
public class Controller : ControllerBase
|
|
{
|
|
[HttpPost(nameof(Login))]
|
|
public ActionResult<Session> Login(String username, String password)
|
|
{
|
|
var user = Db.GetUserByName(username);
|
|
|
|
if (user is null || !user.VerifyPassword(password))
|
|
return Unauthorized();
|
|
|
|
var session = new Session(user);
|
|
|
|
return Db.Create(session)
|
|
? session
|
|
: Unauthorized();
|
|
}
|
|
|
|
|
|
[HttpPost(nameof(Logout))]
|
|
public ActionResult Logout(Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
return session.Logout()
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
|
|
[HttpGet(nameof(GetUserById))]
|
|
public ActionResult<User> GetUserById(Int64 id, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken)?.User;
|
|
if (session == null)
|
|
return Unauthorized();
|
|
|
|
var user = Db.GetUserById(id);
|
|
|
|
if (user is null || !session.HasAccessTo(user))
|
|
return Unauthorized();
|
|
|
|
user.Password = "";
|
|
return user;
|
|
}
|
|
|
|
|
|
[HttpGet(nameof(GetInstallationById))]
|
|
public ActionResult<Installation> GetInstallationById(Int64 id, Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
if (user == null)
|
|
return Unauthorized();
|
|
|
|
var installation = Db.GetInstallationById(id);
|
|
|
|
if (installation is null || !user.HasAccessTo(installation))
|
|
return Unauthorized();
|
|
|
|
return installation;
|
|
}
|
|
|
|
[HttpGet(nameof(GetUsersWithAccessToInstallation))]
|
|
public ActionResult<IEnumerable<Object>> GetUsersWithAccessToInstallation(Int64 id, Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
if (user == null)
|
|
return Unauthorized();
|
|
|
|
var installation = Db.GetInstallationById(id);
|
|
|
|
if (installation is null || !user.HasAccessTo(installation))
|
|
return Unauthorized();
|
|
|
|
var directAccess = installation
|
|
.UsersWithDirectAccess()
|
|
.Where(u => u.IsDescendantOf(user));
|
|
|
|
var inheritedAccess = installation
|
|
.Ancestors()
|
|
.SelectMany(f => f.UsersWithDirectAccess()
|
|
.Where(u => u.IsDescendantOf(user))
|
|
.Select(u => new { folderId = f.Id, user = u }));
|
|
|
|
return directAccess
|
|
.Concat<Object>(inheritedAccess)
|
|
.Apply(Ok); // TODO: typing
|
|
}
|
|
|
|
[HttpGet(nameof(GetUsersWithAccessToFolder))]
|
|
public ActionResult<IEnumerable<Object>> GetUsersWithAccessToFolder(Int64 id, Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
if (user == null)
|
|
return Unauthorized();
|
|
|
|
var folder = Db.GetFolderById(id);
|
|
|
|
if (folder is null || !user.HasAccessTo(folder))
|
|
return Unauthorized();
|
|
|
|
return folder
|
|
.Ancestors()
|
|
.Prepend(folder)
|
|
.SelectMany(f => f.UsersWithDirectAccess()
|
|
.Where(u => u.IsDescendantOf(user))
|
|
.Select(u => new { folderId = f.Id, user = u }))
|
|
.ToList();
|
|
}
|
|
|
|
[HttpGet(nameof(GetFolderById))]
|
|
public ActionResult<Folder> GetFolderById(Int64 id, Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
if (user == null)
|
|
return Unauthorized();
|
|
|
|
var folder = Db.GetFolderById(id);
|
|
|
|
if (folder is null || !user.HasAccessTo(folder))
|
|
return Unauthorized();
|
|
|
|
return folder;
|
|
}
|
|
|
|
|
|
[HttpGet(nameof(GetAllInstallations))]
|
|
public ActionResult<IEnumerable<Installation>> GetAllInstallations(Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
|
|
if (user is null)
|
|
return Unauthorized();
|
|
|
|
return user.AccessibleInstallations().ToList();
|
|
}
|
|
|
|
|
|
|
|
[HttpGet(nameof(GetAllFolders))]
|
|
public ActionResult<IEnumerable<Folder>> GetAllFolders(Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
|
|
if (user is null)
|
|
return Unauthorized();
|
|
|
|
return new(user.AccessibleFolders());
|
|
}
|
|
|
|
|
|
[HttpGet(nameof(GetAllFoldersAndInstallations))]
|
|
public ActionResult<IEnumerable<Object>> GetAllFoldersAndInstallations(Token authToken)
|
|
{
|
|
var user = Db.GetSession(authToken)?.User;
|
|
|
|
if (user is null)
|
|
return Unauthorized();
|
|
|
|
var foldersAndInstallations = user
|
|
.AccessibleFoldersAndInstallations()
|
|
.OfType<Object>(); // Important! JSON serializer must see Objects otherwise
|
|
// it will just serialize the members of TreeNode %&@#!!!
|
|
|
|
return new (foldersAndInstallations);
|
|
}
|
|
|
|
|
|
[HttpPost(nameof(CreateUser))]
|
|
public ActionResult<User> CreateUser(User newUser, Token authToken)
|
|
{
|
|
return Db.GetSession(authToken).Create(newUser)
|
|
? newUser
|
|
: Unauthorized() ;
|
|
}
|
|
|
|
[HttpPost(nameof(CreateInstallation))]
|
|
public async Task<ActionResult<Installation>> CreateInstallation(Installation installation, Token authToken)
|
|
{
|
|
if (!await Db.GetSession(authToken).Create(installation))
|
|
return Unauthorized();
|
|
|
|
return installation;
|
|
}
|
|
|
|
[HttpPost(nameof(CreateFolder))]
|
|
public ActionResult<Folder> CreateFolder(Folder folder, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
if (!session.Create(folder))
|
|
return Unauthorized();
|
|
|
|
return folder;
|
|
}
|
|
|
|
[HttpPost(nameof(GrantUserAccessToFolder))]
|
|
public ActionResult GrantUserAccessToFolder(FolderAccess folderAccess, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
// TODO: automatic BadRequest when properties are null during deserialization
|
|
var folder = Db.GetFolderById(folderAccess.FolderId);
|
|
var user = Db.GetUserById(folderAccess.UserId);
|
|
|
|
return session.GrantUserAccessTo(user, folder)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
|
|
[HttpPost(nameof(RevokeUserAccessToFolder))]
|
|
public ActionResult RevokeUserAccessToFolder(FolderAccess folderAccess, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
// TODO: automatic BadRequest when properties are null during deserialization
|
|
var folder = Db.GetFolderById(folderAccess.FolderId);
|
|
var user = Db.GetUserById(folderAccess.UserId);
|
|
|
|
return session.RevokeUserAccessTo(user, folder)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
|
|
[HttpPost(nameof(GrantUserAccessToInstallation))]
|
|
public ActionResult GrantUserAccessToInstallation(InstallationAccess installationAccess, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
// TODO: automatic BadRequest when properties are null during deserialization
|
|
var installation = Db.GetFolderById(installationAccess.InstallationId);
|
|
var user = Db.GetUserById(installationAccess.UserId);
|
|
|
|
return session.GrantUserAccessTo(user, installation)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
[HttpPost(nameof(RevokeUserAccessToInstallation))]
|
|
public ActionResult RevokeUserAccessToInstallation(InstallationAccess installationAccess, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
// TODO: automatic BadRequest when properties are null during deserialization
|
|
var installation = Db.GetFolderById(installationAccess.InstallationId);
|
|
var user = Db.GetUserById(installationAccess.UserId);
|
|
|
|
return session.RevokeUserAccessTo(user, installation)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
|
|
|
|
[HttpPut(nameof(UpdateUser))]
|
|
public ActionResult<User> UpdateUser(User updatedUser, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
if (!session.Update(updatedUser))
|
|
return Unauthorized();
|
|
|
|
updatedUser.Password = ""; // TODO: generic sanitize return values
|
|
|
|
return updatedUser;
|
|
}
|
|
|
|
|
|
[HttpPut(nameof(UpdateInstallation))]
|
|
public ActionResult<Installation> UpdateInstallation(Installation installation, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
if (!session.Update(installation))
|
|
return Unauthorized();
|
|
|
|
return installation;
|
|
}
|
|
|
|
|
|
[HttpPut(nameof(UpdateFolder))]
|
|
public ActionResult<Folder> UpdateFolder(Folder folder, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
|
|
if (!session.Update(folder))
|
|
return Unauthorized();
|
|
|
|
return folder;
|
|
}
|
|
|
|
[HttpDelete(nameof(DeleteUser))]
|
|
public ActionResult DeleteUser(Int64 userId, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
var user = Db.GetUserById(userId);
|
|
|
|
return session.Delete(user)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
[HttpDelete(nameof(DeleteInstallation))]
|
|
public ActionResult DeleteInstallation(Int64 installationId, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
var installation = Db.GetInstallationById(installationId);
|
|
|
|
return session.Delete(installation)
|
|
? Ok()
|
|
: Unauthorized();
|
|
}
|
|
|
|
[HttpDelete(nameof(DeleteFolder))]
|
|
public ActionResult DeleteFolder(Int64 folderId, Token authToken)
|
|
{
|
|
var session = Db.GetSession(authToken);
|
|
var folder = Db.GetFolderById(folderId);
|
|
|
|
return session.Delete(folder)
|
|
? Ok()
|
|
: Unauthorized();
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|