Compare commits
No commits in common. "main" and "250810_UserProfileAdmin" have entirely different histories.
main
...
250810_Use
12 changed files with 67 additions and 278 deletions
|
|
@ -0,0 +1,6 @@
|
|||
namespace DrinkRateAPI.ApiModels.UserProfile;
|
||||
|
||||
public class ChangeAdminStatusBody
|
||||
{
|
||||
public bool ChangeStatusTo { get; set; }
|
||||
}
|
||||
|
|
@ -2,28 +2,5 @@ namespace DrinkRateAPI.ApiModels.UserProfile;
|
|||
|
||||
public class UserProfileGet
|
||||
{
|
||||
/// <summary>
|
||||
/// User profile ID
|
||||
/// </summary>
|
||||
public string Id { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// User profile name
|
||||
/// </summary>
|
||||
public string UserName { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Is user admin
|
||||
/// </summary>
|
||||
public bool IsAdmin { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Is user deleted
|
||||
/// </summary>
|
||||
public bool IsDeleted { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Applicaton user ID of the user profile
|
||||
/// </summary>
|
||||
public string ApplicationUserId { get; set; }
|
||||
}
|
||||
|
|
@ -1,9 +1,6 @@
|
|||
namespace DrinkRateAPI.ApiModels.UserProfile;
|
||||
|
||||
public class UserProfilePut : UserProfileSelfPut
|
||||
public class UserProfilePut
|
||||
{
|
||||
/// <summary>
|
||||
/// Is user admin
|
||||
/// </summary>
|
||||
public bool? IsAdmin { get; set; }
|
||||
public string UserName { get; set; }
|
||||
}
|
||||
|
|
@ -1,9 +0,0 @@
|
|||
namespace DrinkRateAPI.ApiModels.UserProfile;
|
||||
|
||||
public class UserProfileSelfPut
|
||||
{
|
||||
/// <summary>
|
||||
/// User profile name
|
||||
/// </summary>
|
||||
public string? UserName { get; set; }
|
||||
}
|
||||
|
|
@ -2,7 +2,6 @@ using DrinkRateAPI.DbEntities;
|
|||
using DrinkRateAPI.Services;
|
||||
|
||||
namespace DrinkRateAPI.AuthorizationPolicies;
|
||||
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
public class AdminOnlyRequirement : IAuthorizationRequirement
|
||||
|
|
@ -23,14 +22,28 @@ public class AdminOnlyHandler : AuthorizationHandler<AdminOnlyRequirement>
|
|||
}
|
||||
|
||||
protected override async Task HandleRequirementAsync(
|
||||
AuthorizationHandlerContext context,
|
||||
AuthorizationHandlerContext context,
|
||||
AdminOnlyRequirement requirement)
|
||||
{
|
||||
var userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
|
||||
DbUserProfile userProfile;
|
||||
|
||||
try
|
||||
{
|
||||
userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
|
||||
}
|
||||
catch (Exception _)
|
||||
{
|
||||
context.Fail();
|
||||
return;
|
||||
}
|
||||
|
||||
if (_userProfileService.IsUserProfileAdmin(userProfile))
|
||||
{
|
||||
context.Succeed(requirement);
|
||||
}
|
||||
else
|
||||
{
|
||||
context.Fail();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
using System.Security.Claims;
|
||||
using DrinkRateAPI.ApiModels.UserProfile;
|
||||
using DrinkRateAPI.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
|
@ -9,40 +10,30 @@ namespace DrinkRateAPI.Controllers;
|
|||
[Route("userProfile")]
|
||||
public class UserProfileController : ControllerBase
|
||||
{
|
||||
private readonly ILogger<UserProfileController> _logger;
|
||||
private readonly UserProfileService _userProfileService;
|
||||
|
||||
public UserProfileController(UserProfileService userProfileService)
|
||||
public UserProfileController(ILogger<UserProfileController> logger, UserProfileService userProfileService)
|
||||
{
|
||||
_logger = logger;
|
||||
_userProfileService = userProfileService;
|
||||
}
|
||||
|
||||
[HttpPut]
|
||||
[Produces("application/json")]
|
||||
public async Task<UserProfileGet> PutUserProfileSelf([FromBody] UserProfileSelfPut userProfile)
|
||||
|
||||
[HttpPut(Name = "user_profile")]
|
||||
public UserProfileGet PutUserProfile(UserProfilePut userProfile)
|
||||
{
|
||||
return await _userProfileService.PutUserProfileSelfAsync(User, userProfile);
|
||||
throw new ApplicationException();
|
||||
var x = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; //HttpContext.User.Identities.First();
|
||||
return new();
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
[Produces("application/json")]
|
||||
public async Task<UserProfileGet> GetUserProfileSelf()
|
||||
{
|
||||
return await _userProfileService.GetUserProfileSelfAsync(User);
|
||||
}
|
||||
|
||||
[HttpPut("{userId}")]
|
||||
|
||||
[HttpPut("{userId}/adminStatus")]
|
||||
[Authorize(Policy = "AdminOnly")]
|
||||
[Produces("application/json")]
|
||||
public async Task<UserProfileGet> PutUserProfile(string userId, [FromBody] UserProfilePut userProfile)
|
||||
public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] ChangeAdminStatusBody body)
|
||||
{
|
||||
return await _userProfileService.PutUserProfileAsync(User, userProfile, userId);
|
||||
}
|
||||
var changedProfile = await _userProfileService.PutUserProfileAdminStatusAsync(userId, body.ChangeStatusTo);
|
||||
|
||||
[HttpGet("{userId}")]
|
||||
[Authorize(Policy = "AdminOnly")]
|
||||
[Produces("application/json")]
|
||||
public async Task<UserProfileGet> GetUserProfile(string userId)
|
||||
{
|
||||
return await _userProfileService.GetUserProfileAsync(User, userId);
|
||||
return Ok(changedProfile);
|
||||
}
|
||||
}
|
||||
|
|
@ -20,5 +20,6 @@ public class DbUserProfile : DbEntityWithHistory
|
|||
public bool IsDeleted { get; set; }
|
||||
|
||||
public Guid ApplicationUserId { get; set; }
|
||||
|
||||
public virtual DbApplicationUser ApplicationUser { get; set; }
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
using System.Net;
|
||||
using Microsoft.AspNetCore.Http.HttpResults;
|
||||
|
||||
namespace DrinkRateAPI.Exceptions;
|
||||
|
||||
public record ExceptionResponse(int StatusCode, string Description);
|
||||
|
||||
public class ExceptionHandlingMiddleware
|
||||
{
|
||||
private readonly RequestDelegate _next;
|
||||
private readonly ILogger<ExceptionHandlingMiddleware> _logger;
|
||||
|
||||
public ExceptionHandlingMiddleware(RequestDelegate next, ILogger<ExceptionHandlingMiddleware> logger)
|
||||
{
|
||||
_next = next;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
public async Task InvokeAsync(HttpContext context)
|
||||
{
|
||||
try
|
||||
{
|
||||
await _next(context);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
await HandleExceptionAsync(context, ex);
|
||||
}
|
||||
}
|
||||
|
||||
private async Task HandleExceptionAsync(HttpContext context, Exception exception)
|
||||
{
|
||||
_logger.LogError(exception, "An unexpected error occurred.");
|
||||
|
||||
|
||||
var response = exception switch
|
||||
{
|
||||
BadRequestException _ => new ExceptionResponse(StatusCodes.Status400BadRequest, "Application exception occurred."),
|
||||
NotFoundException _ => new ExceptionResponse(StatusCodes.Status404NotFound, "The request key not found."),
|
||||
UnauthenticatedException _ => new ExceptionResponse(StatusCodes.Status401Unauthorized, "Unauthorized."),
|
||||
PaymentRequiredException _ => new ExceptionResponse(StatusCodes.Status402PaymentRequired, "Payment required."),
|
||||
ForbiddenException _ => new ExceptionResponse(StatusCodes.Status403Forbidden, "Forbidden."),
|
||||
IamATeapotException _ => new ExceptionResponse(StatusCodes.Status418ImATeapot, "I am a teapot."),
|
||||
UnavailableForLagalReasonsException _ => new ExceptionResponse(StatusCodes.Status451UnavailableForLegalReasons, "Unavailable for legal reasons."),
|
||||
_ => new ExceptionResponse(StatusCodes.Status500InternalServerError, "Internal server error. Please retry later.")
|
||||
};
|
||||
|
||||
context.Response.ContentType = "application/json";
|
||||
context.Response.StatusCode = response.StatusCode;
|
||||
await context.Response.WriteAsJsonAsync(response);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,70 +1,7 @@
|
|||
namespace DrinkRateAPI.Exceptions;
|
||||
|
||||
public class DrinkRateException : Exception
|
||||
{
|
||||
public DrinkRateException() : base() { }
|
||||
public DrinkRateException(string message) : base(message) { }
|
||||
}
|
||||
public class DrinkRateException : Exception;
|
||||
|
||||
/// <summary>
|
||||
/// 400 - Bad request
|
||||
/// </summary>
|
||||
public class BadRequestException : DrinkRateException
|
||||
{
|
||||
public BadRequestException() : base() { }
|
||||
public BadRequestException(string message) : base(message) { }
|
||||
}
|
||||
public class NotFoundException : DrinkRateException;
|
||||
|
||||
/// <summary>
|
||||
/// 401 - Unauthenticated
|
||||
/// </summary>
|
||||
public class UnauthenticatedException : DrinkRateException
|
||||
{
|
||||
public UnauthenticatedException() : base() { }
|
||||
public UnauthenticatedException(string message) : base(message) { }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 402 - Payment required
|
||||
/// </summary>
|
||||
public class PaymentRequiredException : DrinkRateException
|
||||
{
|
||||
public PaymentRequiredException() : base() { }
|
||||
public PaymentRequiredException(string message) : base(message) { }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 403 - Forbidden
|
||||
/// </summary>
|
||||
public class ForbiddenException : DrinkRateException
|
||||
{
|
||||
public ForbiddenException() : base() { }
|
||||
public ForbiddenException(string message) : base(message) { }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 404 - Not found
|
||||
/// </summary>
|
||||
public class NotFoundException : DrinkRateException
|
||||
{
|
||||
public NotFoundException() : base() { }
|
||||
public NotFoundException(string message) : base(message) { }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 418 - I'm a teapot
|
||||
/// </summary>
|
||||
public class IamATeapotException : DrinkRateException
|
||||
{
|
||||
public IamATeapotException() : base() { }
|
||||
public IamATeapotException(string message) : base(message) { }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 451 - Unavailable for lagal reasons
|
||||
/// </summary>
|
||||
public class UnavailableForLagalReasonsException : DrinkRateException
|
||||
{
|
||||
public UnavailableForLagalReasonsException() : base() { }
|
||||
public UnavailableForLagalReasonsException(string message) : base(message) { }
|
||||
}
|
||||
public class UnauthorizedException : DrinkRateException;
|
||||
|
|
@ -1,7 +1,6 @@
|
|||
using DrinkRateAPI.AuthorizationPolicies;
|
||||
using DrinkRateAPI.Contexts;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.Exceptions;
|
||||
using DrinkRateAPI.Services;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
|
|
@ -71,8 +70,6 @@ if (app.Environment.IsDevelopment())
|
|||
|
||||
app.MapIdentityApi<DbApplicationUser>();
|
||||
|
||||
app.UseMiddleware<ExceptionHandlingMiddleware>();
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
|
||||
app.UseAuthorization();
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ public class ApplicationUserService(ApplicationDbContext context)
|
|||
{
|
||||
var appUserId = identity.FindFirst(ClaimTypes.NameIdentifier)?.Value;
|
||||
var profile = await _context.UserProfiles
|
||||
.FirstOrDefaultAsync(x => x.ApplicationUserId.ToString() == appUserId && !x.IsDeleted)
|
||||
.FirstAsync(x => x.ApplicationUserId.ToString() == appUserId)
|
||||
?? throw new NotFoundException();
|
||||
|
||||
return profile;
|
||||
|
|
|
|||
|
|
@ -2,8 +2,12 @@ using System.Security.Claims;
|
|||
using DrinkRateAPI.ApiModels.UserProfile;
|
||||
using DrinkRateAPI.Contexts;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.DbEntities;
|
||||
using DrinkRateAPI.Exceptions;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
|
||||
namespace DrinkRateAPI.Services;
|
||||
|
||||
|
|
@ -17,102 +21,29 @@ public class UserProfileService(ApplicationDbContext context, ApplicationUserSer
|
|||
return userProfile.IsAdmin;
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> PutUserProfileSelfAsync(ClaimsPrincipal identity, UserProfileSelfPut userProfileSelfPut)
|
||||
public async Task<DbUserProfile> PutUserProfileAdminStatusAsync(string userId, bool changeStatusTo)
|
||||
{
|
||||
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
||||
var userId = authenticatedUser.Id.ToString();
|
||||
await PutUserProfile(userProfileSelfPut, userId, false);
|
||||
|
||||
return await GetUserProfile(userId);
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> GetUserProfileSelfAsync(ClaimsPrincipal identity)
|
||||
{
|
||||
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
||||
var userId = authenticatedUser.Id.ToString();
|
||||
|
||||
return await GetUserProfile(userId);
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> PutUserProfileAsync(ClaimsPrincipal identity, UserProfilePut userProfilePut, string userId)
|
||||
{
|
||||
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
||||
if (authenticatedUser.Id.ToString() == userId)
|
||||
{
|
||||
// Prevent admin de-admining him/herself
|
||||
await PutUserProfile(userProfilePut, userId, false);
|
||||
}
|
||||
else
|
||||
{
|
||||
await PutUserProfile(userProfilePut, userId, IsUserProfileAdmin(authenticatedUser));
|
||||
}
|
||||
|
||||
return await GetUserProfile(userId);
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> GetUserProfileAsync(ClaimsPrincipal identity, string userId)
|
||||
{
|
||||
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
||||
return await GetUserProfile(userId);
|
||||
}
|
||||
|
||||
private async Task PutUserProfile<TUserProfilePut>(TUserProfilePut userProfilePut, string userId, bool byAdmin) where TUserProfilePut : UserProfileSelfPut
|
||||
{
|
||||
var userProfile = await GetUserProfileById(userId);
|
||||
|
||||
if (!string.IsNullOrEmpty(userProfilePut.UserName) && userProfile.UserName != userProfilePut.UserName)
|
||||
{
|
||||
var userByName = await TryGetUserProfileByUserName(userProfilePut.UserName);
|
||||
if (userByName == null)
|
||||
{
|
||||
userProfile.UserName = userProfilePut.UserName;
|
||||
}
|
||||
else
|
||||
{
|
||||
throw new BadRequestException($"User with username {userProfilePut.UserName} already exists");
|
||||
}
|
||||
}
|
||||
|
||||
if (byAdmin && userProfilePut is UserProfilePut adminPut && adminPut.IsAdmin != null)
|
||||
{
|
||||
userProfile.IsAdmin = (bool)adminPut.IsAdmin;
|
||||
}
|
||||
|
||||
var userProfile = GetUserProfileById(userId);
|
||||
userProfile.IsAdmin = changeStatusTo;
|
||||
_context.UserProfiles.Update(userProfile);
|
||||
await _context.SaveChangesAsync();
|
||||
}
|
||||
|
||||
private async Task<UserProfileGet> GetUserProfile(string userId)
|
||||
{
|
||||
var userProfile = await GetUserProfileById(userId);
|
||||
|
||||
var userProfileGet = new UserProfileGet
|
||||
{
|
||||
Id = userProfile.Id.ToString(),
|
||||
UserName = userProfile.UserName,
|
||||
IsAdmin = userProfile.IsAdmin,
|
||||
IsDeleted = userProfile.IsDeleted,
|
||||
ApplicationUserId = userProfile.ApplicationUserId.ToString(),
|
||||
};
|
||||
|
||||
return userProfileGet;
|
||||
}
|
||||
|
||||
private async Task<DbUserProfile> GetUserProfileById(string userId)
|
||||
{
|
||||
var userProfile = await _context.UserProfiles.FirstOrDefaultAsync(x => x.Id.ToString() == userId);
|
||||
|
||||
return userProfile ?? throw new NotFoundException();
|
||||
}
|
||||
|
||||
private async Task<DbUserProfile?> TryGetUserProfileByUserName(string userName)
|
||||
{
|
||||
var userProfile = await _context.UserProfiles.FirstOrDefaultAsync(x => x.UserName == userName);
|
||||
|
||||
return userProfile;
|
||||
}
|
||||
|
||||
public async Task<UserProfileGet> PutUserProfileAsync(UserProfilePut userProfile, ClaimsPrincipal identity)
|
||||
{
|
||||
var profile = _applicationUserService.UserProfileByApplicationUserAsync(identity);
|
||||
|
||||
|
||||
|
||||
return new();
|
||||
}
|
||||
|
||||
public DbUserProfile GetUserProfileById(string userId)
|
||||
{
|
||||
var userProfile = _context.UserProfiles.FirstOrDefault(x => x.Id.ToString() == userId);
|
||||
|
||||
return userProfile ?? throw new NotFoundException();
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue