Compare commits
No commits in common. "8058add053b4b900a6c252580f7311ce801a4bd4" and "dad144a80fdb3206466f9cf62424fbe90a049fcf" have entirely different histories.
8058add053
...
dad144a80f
6 changed files with 18 additions and 126 deletions
|
|
@ -1,6 +0,0 @@
|
|||
namespace DrinkRateAPI.ApiModels.UserProfile;
|
||||
|
||||
public class UserProfileAdminStatusPut
|
||||
{
|
||||
public bool ChangeStatusTo { get; set; }
|
||||
}
|
||||
|
|
@ -1,49 +0,0 @@
|
|||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.Services;
|
||||
|
||||
namespace DrinkRateAPI.AuthorizationPolicies;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
public class AdminOnlyRequirement : IAuthorizationRequirement
|
||||
{
|
||||
}
|
||||
|
||||
public class AdminOnlyHandler : AuthorizationHandler<AdminOnlyRequirement>
|
||||
{
|
||||
private readonly ApplicationUserService _applicationUserService;
|
||||
private readonly UserProfileService _userProfileService;
|
||||
|
||||
public AdminOnlyHandler(
|
||||
ApplicationUserService applicationUserService,
|
||||
UserProfileService userProfileService)
|
||||
{
|
||||
_applicationUserService = applicationUserService;
|
||||
_userProfileService = userProfileService;
|
||||
}
|
||||
|
||||
protected override async Task HandleRequirementAsync(
|
||||
AuthorizationHandlerContext context,
|
||||
AdminOnlyRequirement requirement)
|
||||
{
|
||||
DbUserProfile userProfile;
|
||||
|
||||
try
|
||||
{
|
||||
userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
|
||||
}
|
||||
catch (Exception _)
|
||||
{
|
||||
context.Fail();
|
||||
return;
|
||||
}
|
||||
|
||||
if (_userProfileService.IsUserProfileAdmin(userProfile))
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
}
|
||||
else
|
||||
{
|
||||
context.Fail();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,38 +1,18 @@
|
|||
using System.Security.Claims;
|
||||
using DrinkRateAPI.ApiModels.UserProfile;
|
||||
using DrinkRateAPI.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace DrinkRateAPI.Controllers;
|
||||
|
||||
[ApiController]
|
||||
[Route("userProfile")]
|
||||
[Route("user_profile")]
|
||||
public class UserProfileController : ControllerBase
|
||||
{
|
||||
private readonly ILogger<UserProfileController> _logger;
|
||||
private readonly UserProfileService _userProfileService;
|
||||
|
||||
public UserProfileController(ILogger<UserProfileController> logger, UserProfileService userProfileService)
|
||||
{
|
||||
_logger = logger;
|
||||
_userProfileService = userProfileService;
|
||||
}
|
||||
|
||||
public UserProfileGet PutUserProfile([FromBody] UserProfilePut userProfile)
|
||||
[HttpPut(Name = "user_profile")]
|
||||
public UserProfileGet PutUserProfile(UserProfilePut userProfile)
|
||||
{
|
||||
throw new ApplicationException();
|
||||
var x = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; //HttpContext.User.Identities.First();
|
||||
return new();
|
||||
}
|
||||
|
||||
[HttpPut("{userId}/adminStatus")]
|
||||
[Authorize(Policy = "AdminOnly")]
|
||||
[Produces("application/json")]
|
||||
public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] UserProfileAdminStatusPut body)
|
||||
{
|
||||
var changedProfile = await _userProfileService.PutUserProfileAdminStatusAsync(userId, body.ChangeStatusTo);
|
||||
|
||||
return Ok(changedProfile);
|
||||
}
|
||||
}
|
||||
|
|
@ -20,7 +20,6 @@
|
|||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<Folder Include="ApiModels\" />
|
||||
<Folder Include="Migrations\" />
|
||||
</ItemGroup>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
using DrinkRateAPI.AuthorizationPolicies;
|
||||
using DrinkRateAPI.Contexts;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.OpenApi.Models;
|
||||
|
||||
|
|
@ -13,13 +10,10 @@ var builder = WebApplication.CreateBuilder(args);
|
|||
builder.Services.AddControllers();
|
||||
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
|
||||
builder.Services.AddEndpointsApiExplorer();
|
||||
builder.Services.AddAuthorizationBuilder()
|
||||
.AddPolicy("AdminOnly", policy =>
|
||||
policy.Requirements.Add(new AdminOnlyRequirement()));
|
||||
builder.Services.AddAuthorization();
|
||||
builder.Services.AddIdentityApiEndpoints<DbApplicationUser>()
|
||||
.AddEntityFrameworkStores<ApplicationDbContext>();
|
||||
builder.Services.AddScoped<UserManager<DbApplicationUser>, UserWithProfileManager>();
|
||||
builder.Services.AddScoped<IAuthorizationHandler, AdminOnlyHandler>();
|
||||
|
||||
builder.Services.AddSwaggerGen(c =>
|
||||
{
|
||||
|
|
@ -48,6 +42,7 @@ builder.Services.AddSwaggerGen(c =>
|
|||
Scheme = "oauth2",
|
||||
Name = "Bearer",
|
||||
In = ParameterLocation.Header,
|
||||
|
||||
},
|
||||
new List<string>()
|
||||
}
|
||||
|
|
@ -55,8 +50,6 @@ builder.Services.AddSwaggerGen(c =>
|
|||
});
|
||||
|
||||
builder.Services.AddDbContext<ApplicationDbContext>();
|
||||
builder.Services.AddScoped<ApplicationUserService>();
|
||||
builder.Services.AddScoped<UserProfileService>();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
|
|
|
|||
|
|
@ -1,36 +1,18 @@
|
|||
using System.Security.Claims;
|
||||
using DrinkRateAPI.ApiModels.UserProfile;
|
||||
using DrinkRateAPI.Contexts;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.Exceptions;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
|
||||
namespace DrinkRateAPI.Services;
|
||||
|
||||
public class UserProfileService(ApplicationDbContext context, ApplicationUserService applicationUserService)
|
||||
public class UserProfileService(ApplicationDbContext context,
|
||||
ApplicationUserService applicationUserService)
|
||||
{
|
||||
private ApplicationDbContext _context = context;
|
||||
private ApplicationUserService _applicationUserService = applicationUserService;
|
||||
|
||||
public bool IsUserProfileAdmin(DbUserProfile userProfile)
|
||||
{
|
||||
return userProfile.IsAdmin;
|
||||
}
|
||||
|
||||
public async Task<DbUserProfile> PutUserProfileAdminStatusAsync(string userId, bool changeStatusTo)
|
||||
{
|
||||
var userProfile = GetUserProfileById(userId);
|
||||
userProfile.IsAdmin = changeStatusTo;
|
||||
_context.UserProfiles.Update(userProfile);
|
||||
await _context.SaveChangesAsync();
|
||||
|
||||
return userProfile;
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> PutUserProfileAsync(UserProfilePut userProfile, ClaimsPrincipal identity)
|
||||
{
|
||||
var profile = _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
|
@ -39,11 +21,4 @@ public class UserProfileService(ApplicationDbContext context, ApplicationUserSer
|
|||
|
||||
return new();
|
||||
}
|
||||
|
||||
public DbUserProfile GetUserProfileById(string userId)
|
||||
{
|
||||
var userProfile = _context.UserProfiles.FirstOrDefault(x => x.Id.ToString() == userId);
|
||||
|
||||
return userProfile ?? throw new NotFoundException();
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue