chilldev/drinkrate
5
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chilldev:main
Branches Tags
chilldev:main
chilldev:250812_UserProfileHistory
chilldev:250811_ProductCompanyTable
chilldev:250810_UserProfileAdmin
..
compare: chilldev:250810_UserProfileAdmin
Branches Tags
chilldev:250812_UserProfileHistory
chilldev:250811_ProductCompanyTable
chilldev:main
chilldev:250810_UserProfileAdmin

No commits in common. "main" and "250810_UserProfileAdmin" have entirely different histories.
main ... 250810_Use

12 changed files with 67 additions and 278 deletions
Show stats Expand all files Collapse all files

6
DrinkRateAPI/ApiModels/UserProfile/ChangeAdminStatusBody.cs Normal file
View file

@ -0,0 +1,6 @@
namespace DrinkRateAPI.ApiModels.UserProfile;
public class ChangeAdminStatusBody
{
public bool ChangeStatusTo { get; set; }
}

23
DrinkRateAPI/ApiModels/UserProfile/UserProfileGet.cs
View file

@ -2,28 +2,5 @@ namespace DrinkRateAPI.ApiModels.UserProfile;
public class UserProfileGet public class UserProfileGet
{ {
/// <summary>
/// User profile ID
/// </summary>
public string Id { get; set; }
/// <summary>
/// User profile name
/// </summary>
public string UserName { get; set; }
/// <summary>
/// Is user admin
/// </summary>
public bool IsAdmin { get; set; }
/// <summary>
/// Is user deleted
/// </summary>
public bool IsDeleted { get; set; }
/// <summary>
/// Applicaton user ID of the user profile
/// </summary>
public string ApplicationUserId { get; set; }
} }

7
DrinkRateAPI/ApiModels/UserProfile/UserProfilePut.cs
View file

@ -1,9 +1,6 @@
namespace DrinkRateAPI.ApiModels.UserProfile; namespace DrinkRateAPI.ApiModels.UserProfile;
public class UserProfilePut : UserProfileSelfPut public class UserProfilePut
{ {
/// <summary> public string UserName { get; set; }
/// Is user admin
/// </summary>
public bool? IsAdmin { get; set; }
} }

9
DrinkRateAPI/ApiModels/UserProfile/UserProfileSelfPut.cs
View file

@ -1,9 +0,0 @@
namespace DrinkRateAPI.ApiModels.UserProfile;
public class UserProfileSelfPut
{
/// <summary>
/// User profile name
/// </summary>
public string? UserName { get; set; }
}

17
DrinkRateAPI/AuthorizationPolicies/AdminOnlyRequirement.cs
View file

@ -2,7 +2,6 @@ using DrinkRateAPI.DbEntities;
using DrinkRateAPI.Services; using DrinkRateAPI.Services;
namespace DrinkRateAPI.AuthorizationPolicies; namespace DrinkRateAPI.AuthorizationPolicies;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
public class AdminOnlyRequirement : IAuthorizationRequirement public class AdminOnlyRequirement : IAuthorizationRequirement
@ -26,11 +25,25 @@ public class AdminOnlyHandler : AuthorizationHandler<AdminOnlyRequirement>
AuthorizationHandlerContext context, AuthorizationHandlerContext context,
AdminOnlyRequirement requirement) AdminOnlyRequirement requirement)
{ {
var userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User); DbUserProfile userProfile;
try
{
userProfile = await _applicationUserService.UserProfileByApplicationUserAsync(context.User);
}
catch (Exception _)
{
context.Fail();
return;
}
if (_userProfileService.IsUserProfileAdmin(userProfile)) if (_userProfileService.IsUserProfileAdmin(userProfile))
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }
else
{
context.Fail();
}
} }
} }

35
DrinkRateAPI/Controllers/UserProfileController.cs
View file

@ -1,3 +1,4 @@
using System.Security.Claims;
using DrinkRateAPI.ApiModels.UserProfile; using DrinkRateAPI.ApiModels.UserProfile;
using DrinkRateAPI.Services; using DrinkRateAPI.Services;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
@ -9,40 +10,30 @@ namespace DrinkRateAPI.Controllers;
[Route("userProfile")] [Route("userProfile")]
public class UserProfileController : ControllerBase public class UserProfileController : ControllerBase
{ {
private readonly ILogger<UserProfileController> _logger;
private readonly UserProfileService _userProfileService; private readonly UserProfileService _userProfileService;
public UserProfileController(UserProfileService userProfileService) public UserProfileController(ILogger<UserProfileController> logger, UserProfileService userProfileService)
{ {
_logger = logger;
_userProfileService = userProfileService; _userProfileService = userProfileService;
} }
[HttpPut] [HttpPut(Name = "user_profile")]
[Produces("application/json")] public UserProfileGet PutUserProfile(UserProfilePut userProfile)
public async Task<UserProfileGet> PutUserProfileSelf([FromBody] UserProfileSelfPut userProfile)
{ {
return await _userProfileService.PutUserProfileSelfAsync(User, userProfile); throw new ApplicationException();
var x = User.FindFirst(ClaimTypes.NameIdentifier)?.Value; //HttpContext.User.Identities.First();
return new();
} }
[HttpGet] [HttpPut("{userId}/adminStatus")]
[Produces("application/json")]
public async Task<UserProfileGet> GetUserProfileSelf()
{
return await _userProfileService.GetUserProfileSelfAsync(User);
}
[HttpPut("{userId}")]
[Authorize(Policy = "AdminOnly")] [Authorize(Policy = "AdminOnly")]
[Produces("application/json")] [Produces("application/json")]
public async Task<UserProfileGet> PutUserProfile(string userId, [FromBody] UserProfilePut userProfile) public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] ChangeAdminStatusBody body)
{ {
return await _userProfileService.PutUserProfileAsync(User, userProfile, userId); var changedProfile = await _userProfileService.PutUserProfileAdminStatusAsync(userId, body.ChangeStatusTo);
}
[HttpGet("{userId}")] return Ok(changedProfile);
[Authorize(Policy = "AdminOnly")]
[Produces("application/json")]
public async Task<UserProfileGet> GetUserProfile(string userId)
{
return await _userProfileService.GetUserProfileAsync(User, userId);
} }
} }

1
DrinkRateAPI/DbEntities/DbUserProfile.cs
View file

@ -20,5 +20,6 @@ public class DbUserProfile : DbEntityWithHistory
public bool IsDeleted { get; set; } public bool IsDeleted { get; set; }
public Guid ApplicationUserId { get; set; } public Guid ApplicationUserId { get; set; }
public virtual DbApplicationUser ApplicationUser { get; set; } public virtual DbApplicationUser ApplicationUser { get; set; }
} }

52
DrinkRateAPI/Exceptions/ExceptionHandlingMiddleware.cs
View file

@ -1,52 +0,0 @@
using System.Net;
using Microsoft.AspNetCore.Http.HttpResults;
namespace DrinkRateAPI.Exceptions;
public record ExceptionResponse(int StatusCode, string Description);
public class ExceptionHandlingMiddleware
{
private readonly RequestDelegate _next;
private readonly ILogger<ExceptionHandlingMiddleware> _logger;
public ExceptionHandlingMiddleware(RequestDelegate next, ILogger<ExceptionHandlingMiddleware> logger)
{
_next = next;
_logger = logger;
}
public async Task InvokeAsync(HttpContext context)
{
try
{
await _next(context);
}
catch (Exception ex)
{
await HandleExceptionAsync(context, ex);
}
}
private async Task HandleExceptionAsync(HttpContext context, Exception exception)
{
_logger.LogError(exception, "An unexpected error occurred.");
var response = exception switch
{
BadRequestException _ => new ExceptionResponse(StatusCodes.Status400BadRequest, "Application exception occurred."),
NotFoundException _ => new ExceptionResponse(StatusCodes.Status404NotFound, "The request key not found."),
UnauthenticatedException _ => new ExceptionResponse(StatusCodes.Status401Unauthorized, "Unauthorized."),
PaymentRequiredException _ => new ExceptionResponse(StatusCodes.Status402PaymentRequired, "Payment required."),
ForbiddenException _ => new ExceptionResponse(StatusCodes.Status403Forbidden, "Forbidden."),
IamATeapotException _ => new ExceptionResponse(StatusCodes.Status418ImATeapot, "I am a teapot."),
UnavailableForLagalReasonsException _ => new ExceptionResponse(StatusCodes.Status451UnavailableForLegalReasons, "Unavailable for legal reasons."),
_ => new ExceptionResponse(StatusCodes.Status500InternalServerError, "Internal server error. Please retry later.")
};
context.Response.ContentType = "application/json";
context.Response.StatusCode = response.StatusCode;
await context.Response.WriteAsJsonAsync(response);
}
}

69
DrinkRateAPI/Exceptions/Exceptions.cs
View file

@ -1,70 +1,7 @@
namespace DrinkRateAPI.Exceptions; namespace DrinkRateAPI.Exceptions;
public class DrinkRateException : Exception public class DrinkRateException : Exception;
{
public DrinkRateException() : base() { }
public DrinkRateException(string message) : base(message) { }
}
/// <summary> public class NotFoundException : DrinkRateException;
/// 400 - Bad request
/// </summary>
public class BadRequestException : DrinkRateException
{
public BadRequestException() : base() { }
public BadRequestException(string message) : base(message) { }
}
/// <summary> public class UnauthorizedException : DrinkRateException;
/// 401 - Unauthenticated
/// </summary>
public class UnauthenticatedException : DrinkRateException
{
public UnauthenticatedException() : base() { }
public UnauthenticatedException(string message) : base(message) { }
}
/// <summary>
/// 402 - Payment required
/// </summary>
public class PaymentRequiredException : DrinkRateException
{
public PaymentRequiredException() : base() { }
public PaymentRequiredException(string message) : base(message) { }
}
/// <summary>
/// 403 - Forbidden
/// </summary>
public class ForbiddenException : DrinkRateException
{
public ForbiddenException() : base() { }
public ForbiddenException(string message) : base(message) { }
}
/// <summary>
/// 404 - Not found
/// </summary>
public class NotFoundException : DrinkRateException
{
public NotFoundException() : base() { }
public NotFoundException(string message) : base(message) { }
}
/// <summary>
/// 418 - I'm a teapot
/// </summary>
public class IamATeapotException : DrinkRateException
{
public IamATeapotException() : base() { }
public IamATeapotException(string message) : base(message) { }
}
/// <summary>
/// 451 - Unavailable for lagal reasons
/// </summary>
public class UnavailableForLagalReasonsException : DrinkRateException
{
public UnavailableForLagalReasonsException() : base() { }
public UnavailableForLagalReasonsException(string message) : base(message) { }
}

3
DrinkRateAPI/Program.cs
View file

@ -1,7 +1,6 @@
using DrinkRateAPI.AuthorizationPolicies; using DrinkRateAPI.AuthorizationPolicies;
using DrinkRateAPI.Contexts; using DrinkRateAPI.Contexts;
using DrinkRateAPI.DbEntities; using DrinkRateAPI.DbEntities;
using DrinkRateAPI.Exceptions;
using DrinkRateAPI.Services; using DrinkRateAPI.Services;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity;
@ -71,8 +70,6 @@ if (app.Environment.IsDevelopment())
app.MapIdentityApi<DbApplicationUser>(); app.MapIdentityApi<DbApplicationUser>();
app.UseMiddleware<ExceptionHandlingMiddleware>();
app.UseHttpsRedirection(); app.UseHttpsRedirection();
app.UseAuthorization(); app.UseAuthorization();

2
DrinkRateAPI/Services/ApplicationUserService.cs
View file

@ -13,7 +13,7 @@ public class ApplicationUserService(ApplicationDbContext context)
{ {
var appUserId = identity.FindFirst(ClaimTypes.NameIdentifier)?.Value; var appUserId = identity.FindFirst(ClaimTypes.NameIdentifier)?.Value;
var profile = await _context.UserProfiles var profile = await _context.UserProfiles
.FirstOrDefaultAsync(x => x.ApplicationUserId.ToString() == appUserId && !x.IsDeleted) .FirstAsync(x => x.ApplicationUserId.ToString() == appUserId)
?? throw new NotFoundException(); ?? throw new NotFoundException();
return profile; return profile;

115
DrinkRateAPI/Services/UserProfileService.cs
View file

@ -2,8 +2,12 @@ using System.Security.Claims;
using DrinkRateAPI.ApiModels.UserProfile; using DrinkRateAPI.ApiModels.UserProfile;
using DrinkRateAPI.Contexts; using DrinkRateAPI.Contexts;
using DrinkRateAPI.DbEntities; using DrinkRateAPI.DbEntities;
using DrinkRateAPI.DbEntities;
using DrinkRateAPI.Exceptions; using DrinkRateAPI.Exceptions;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace DrinkRateAPI.Services; namespace DrinkRateAPI.Services;
@ -17,102 +21,29 @@ public class UserProfileService(ApplicationDbContext context, ApplicationUserSer
return userProfile.IsAdmin; return userProfile.IsAdmin;
} }
public async Task<UserProfileGet> PutUserProfileSelfAsync(ClaimsPrincipal identity, UserProfileSelfPut userProfileSelfPut) public async Task<DbUserProfile> PutUserProfileAdminStatusAsync(string userId, bool changeStatusTo)
{ {
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity); var userProfile = GetUserProfileById(userId);
userProfile.IsAdmin = changeStatusTo;
var userId = authenticatedUser.Id.ToString();
await PutUserProfile(userProfileSelfPut, userId, false);
return await GetUserProfile(userId);
}
public async Task<UserProfileGet> GetUserProfileSelfAsync(ClaimsPrincipal identity)
{
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
var userId = authenticatedUser.Id.ToString();
return await GetUserProfile(userId);
}
public async Task<UserProfileGet> PutUserProfileAsync(ClaimsPrincipal identity, UserProfilePut userProfilePut, string userId)
{
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
if (authenticatedUser.Id.ToString() == userId)
{
// Prevent admin de-admining him/herself
await PutUserProfile(userProfilePut, userId, false);
}
else
{
await PutUserProfile(userProfilePut, userId, IsUserProfileAdmin(authenticatedUser));
}
return await GetUserProfile(userId);
}
public async Task<UserProfileGet> GetUserProfileAsync(ClaimsPrincipal identity, string userId)
{
var authenticatedUser = await _applicationUserService.UserProfileByApplicationUserAsync(identity);
return await GetUserProfile(userId);
}
private async Task PutUserProfile<TUserProfilePut>(TUserProfilePut userProfilePut, string userId, bool byAdmin) where TUserProfilePut : UserProfileSelfPut
{
var userProfile = await GetUserProfileById(userId);
if (!string.IsNullOrEmpty(userProfilePut.UserName) && userProfile.UserName != userProfilePut.UserName)
{
var userByName = await TryGetUserProfileByUserName(userProfilePut.UserName);
if (userByName == null)
{
userProfile.UserName = userProfilePut.UserName;
}
else
{
throw new BadRequestException($"User with username {userProfilePut.UserName} already exists");
}
}
if (byAdmin && userProfilePut is UserProfilePut adminPut && adminPut.IsAdmin != null)
{
userProfile.IsAdmin = (bool)adminPut.IsAdmin;
}
_context.UserProfiles.Update(userProfile); _context.UserProfiles.Update(userProfile);
await _context.SaveChangesAsync(); await _context.SaveChangesAsync();
}
private async Task<UserProfileGet> GetUserProfile(string userId)
{
var userProfile = await GetUserProfileById(userId);
var userProfileGet = new UserProfileGet
{
Id = userProfile.Id.ToString(),
UserName = userProfile.UserName,
IsAdmin = userProfile.IsAdmin,
IsDeleted = userProfile.IsDeleted,
ApplicationUserId = userProfile.ApplicationUserId.ToString(),
};
return userProfileGet;
}
private async Task<DbUserProfile> GetUserProfileById(string userId)
{
var userProfile = await _context.UserProfiles.FirstOrDefaultAsync(x => x.Id.ToString() == userId);
return userProfile ?? throw new NotFoundException();
}
private async Task<DbUserProfile?> TryGetUserProfileByUserName(string userName)
{
var userProfile = await _context.UserProfiles.FirstOrDefaultAsync(x => x.UserName == userName);
return userProfile; return userProfile;
} }
public async Task<UserProfileGet> PutUserProfileAsync(UserProfilePut userProfile, ClaimsPrincipal identity)
{
var profile = _applicationUserService.UserProfileByApplicationUserAsync(identity);
return new();
}
public DbUserProfile GetUserProfileById(string userId)
{
var userProfile = _context.UserProfiles.FirstOrDefault(x => x.Id.ToString() == userId);
return userProfile ?? throw new NotFoundException();
}
} }