Clean up

2022-01-25 21:11:24 +02:00
parent b367854887
commit df48e88614
8 changed files with 165 additions and 358 deletions
--- a/KTUSAPS/Controllers/IssuesController.cs
+++ b/KTUSAPS/Controllers/IssuesController.cs
@@ -1,9 +1,12 @@
-using KTUSAPS.Data.Model;
+using KTUSAPS.Auth;
+using KTUSAPS.Data.Model;
 using KTUSAPS.Extensions;
+using KTUSAPS.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
@@ -15,19 +18,29 @@ namespace KTUSAPS.Controllers
    public class IssuesController : ControllerBase
    {
        private readonly Data.SAPSDataContext dataContext;
+        private readonly IAuthorizationService _authorizationService;

-        public IssuesController(Data.SAPSDataContext dataContext)
+        public IssuesController(Data.SAPSDataContext dataContext, IAuthorizationService authorizationService)
        {
            this.dataContext = dataContext;
+            _authorizationService = authorizationService;
        }


        [HttpGet]
        [ProducesResponseType(StatusCodes.Status200OK)]
-        [Authorize("admin")]
-        public async Task<ActionResult<IEnumerable<Issue>>> GetIssues()
+        [Authorize]
+        public async Task<ActionResult<IEnumerable<Issue>>> GetIssues([FromQuery] RequestScope requestScope = RequestScope.All)
        {
-            return await dataContext.Issues.ToListAsync();
+            if (requestScope == RequestScope.All)
+            {
+                var authorizationResult = await _authorizationService.AuthorizeAsync(User, "admin");
+                if (!authorizationResult.Succeeded)
+                    return Forbid();
+                return await dataContext.Issues.ToListAsync();
+            } else if (requestScope == RequestScope.My)
+                return await dataContext.Issues.Where(i => i.UserID == User.GetUserId()).ToListAsync();
+            throw new NotImplementedException();
        }

        [HttpPost]
@@ -59,13 +72,17 @@ namespace KTUSAPS.Controllers
        [HttpGet("{id}")]
        [ProducesResponseType(StatusCodes.Status200OK)]
        [ProducesResponseType(StatusCodes.Status404NotFound)]
-        [Authorize("admin")]
-        public ActionResult<Issue> GetIssue(int id)
+        [Authorize]
+        public async Task<ActionResult<Issue>> GetIssue(int id)
        {
            var issue = dataContext.Issues.AsQueryable().Where(i => i.Id == id).FirstOrDefault();
            if(issue == default)
                return NotFound();
-            return Ok(issue);
+
+            var authorizationResult = await _authorizationService.AuthorizeAsync(User, issue, new MyIssueRequirement());
+            if(authorizationResult.Succeeded)
+                return Ok(issue);
+            return Forbid();
        }

        [HttpPatch("{id}")]