Egalware/cms_thermo_active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
134aaf31d4f329afffb8ca2b6e727d13b5a333e0
cms_thermo_active/Thermo.Active/Controllers/WebApi/UserController.cs
T
Samuele Locatelli 134aaf31d4 refresh classname step --> thermo
2020-06-12 18:42:00 +02:00

248 lines
9.4 KiB
C#
Raw Blame History

using Microsoft.AspNet.SignalR;
using Thermo.Active.Controllers.SignalR;
using Thermo.Active.Database.Controllers;
using Thermo.Active.Model.DatabaseModels;
using Thermo.Active.Model.DTOModels;
using System;
using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Helpers;
using static Thermo.Active.Model.Constants;
using static Thermo.Active.Utils.LanguageController;
using Thermo.Active.Utils;
namespace Thermo.Active.Controllers.WebApi
{
[RoutePrefix("api/user")]
public class UserController : ApiController
{
[Route("logout"), HttpPost]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult Logout()
{
var identity = User.Identity as ClaimsIdentity;
// Find user id from the bearer token
var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY);
if (userId == null)
return Unauthorized();
// Find machine id from the bearer token
var machineId = identity.Claims.FirstOrDefault(c => c.Type == MACHINE_ID_KEY);
if (machineId == null)
return Unauthorized();
using (SessionsController sessionsController = new SessionsController())
{
// Delete all the user session on the machine
sessionsController.DeleteSessionsByUserAndMachineId(Convert.ToInt32(machineId.Value), Convert.ToInt32(userId.Value));
}
// Send to the clients the id of the disconnected user
var context = GlobalHost.ConnectionManager.GetHubContext<NcHub>();
context.Clients.All.logout(new { id = userId.Value });
ThermoActiveLogger.LogMessage("Logout: " + userId.Value + "Date:" + DateTime.Now, ERROR_LEVEL.INFO);
return Ok();
}
[Route("info"), HttpGet]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)]
public IHttpActionResult UserInfo()
{
var identity = User.Identity as ClaimsIdentity;
// Find user id from the bearer token
var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY);
if (userId == null)
return Unauthorized();
using (UsersController usersController = new UsersController())
{
return Ok(usersController.GetUserInfo(Convert.ToInt32(userId.Value)));
}
}
[Route("language"), HttpPut]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)]
public IHttpActionResult PutUserLanguage([FromBody] dynamic user)
{
// If no body return 400
if (user == null)
return BadRequest();
// Validate user id
var identity = User.Identity as ClaimsIdentity;
var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY);
if (userId == null)
return Unauthorized();
// Parse body data and validate language
var newLanguage = (string)user.language;
if (newLanguage == null || !IsValidLanguage(newLanguage))
return BadRequest();
// Find if language is Available in the server directory
if (!LanguageIsAvailable(newLanguage))
return NotFound();
using (UsersController usersController = new UsersController())
{
// Update database with new language
usersController.ChangeUserLanguage(Convert.ToInt32(userId.Value), CultureInfo.CreateSpecificCulture(newLanguage));
return Ok();
}
}
[Route("list"), HttpGet]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)]
public IHttpActionResult GetMessageUserList()
{
// Validate user id
var identity = User.Identity as ClaimsIdentity;
var userId = identity.Claims.FirstOrDefault(c => c.Type == USER_ID_KEY);
if (userId == null)
return Unauthorized();
using (UsersController usersController = new UsersController())
{
// Update database with new language
List<DTOMessageUserModel> users = usersController.GetMessageUserList();
return Ok(users);
}
}
#region User Manager
[Route("manager/list"), HttpGet]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)]
public IHttpActionResult GetUserList()
{
using (UsersController usersController = new UsersController())
{
// Update database with new language
List<DTOUserModel> users = usersController.GetUserList();
return Ok(users);
}
}
[Route("manager/user/{userId:int}"), HttpPut]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult UpdateUserData(int userId, [FromBody] DTONewUserModel userData)
{
using (UsersController usersController = new UsersController())
{
UserModel user = usersController.FindById(userId);
if (user == null)
return NotFound();
else
{
if (user.Username != userData.Username)
{
if (usersController.FindByUsername(userData.Username) != null)
return BadRequest();
}
return Ok(usersController.UpdateUserData(userId, userData));
}
}
}
[Route("manager/user"), HttpPost]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult CreateUser(UserModel model)
{
using (UsersController usersController = new UsersController())
{
if (usersController.FindByUsername(model.Username) != null)
return BadRequest(API_ERROR_KEYS.DUPLICATED_USERNAME);
DTOUserModel user = usersController.Create(model.Username, model.Password, model.FirstName, model.LastName, model.Language);
return Ok(user);
}
}
[Route("manager/user/{userId:int}"), HttpDelete]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult DeleteUserData(int userId)
{
using (UsersController usersController = new UsersController())
{
UserModel user = usersController.FindById(userId);
if (user == null)
return NotFound();
usersController.DeleteUser(user);
return Ok();
}
}
[Route("manager/password/{userId:int}"), HttpPut]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult UpdateUserPassword(int userId, [FromBody] DTONewPasswordrModel userData)
{
using (UsersController usersController = new UsersController())
{
UserModel user = usersController.FindById(userId);
if (user == null)
return NotFound();
if(userData.newPassword == userData.actPassword)
return BadRequest("error_password_same");
if (Crypto.VerifyHashedPassword(user.Password, userData.actPassword) != true)
return BadRequest("error_password_not_ok");
if (Crypto.VerifyHashedPassword(user.Password, userData.newPassword) == true)
return BadRequest("error_password_same_old");
return Ok(usersController.UpdateUserPassword(userId, userData));
}
}
// Role
[Route("manager/role/list"), HttpGet]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.READ)]
public IHttpActionResult GetRoleList()
{
using (MachinesUsersController machineController = new MachinesUsersController())
{
List<DTORoleModel> roles = machineController.GetRolesList();
return Ok(roles);
}
}
[Route("manager/user/{userId:int}/role/{roleId:int}"), HttpPut]
[WebApiAuthorize(FunctionAccess = FUNCTIONALITY_NAMES.USER_FUNCTIONS, Action = ACTIONS.WRITE)]
public IHttpActionResult UpdateUserRole(int userId, int roleId)
{
using (UsersController usersController = new UsersController())
{
if(usersController.isCMSRole(roleId))
return BadRequest("not_permitted");
// Update database with new user's role
var user = usersController.UpdateUserRole(userId, roleId);
return Ok(user);
}
}
#endregion User Manager
}
}
Reference in New Issue View Git Blame Copy Permalink