paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Estimate Owner implementation

Browse Source
This commit is contained in:
Paul Schneider
2016-08-13 01:26:32 +02:00
parent 6278732d85
commit 02c7905b28
2 changed files with 64 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
Yavsc/ApiControllers/EstimateApiController.cs
View File

@ -1,5 +1,5 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
@ -19,12 +19,26 @@ namespace Yavsc.Controllers
{
_context = context;
}
// GET: api/Estimate
[HttpGet]
public IEnumerable<Estimate> GetEstimates()
bool UserIsAdminOrThis(string uid)
{
return _context.Estimates;
if (User.IsInRole(Constants.AdminGroupName)) return true;
return uid == User.GetUserId();
}
bool UserIsAdminOrInThese (string oid, string uid)
{
if (User.IsInRole(Constants.AdminGroupName)) return true;
var cuid = User.GetUserId();
return cuid == uid || cuid == oid;
}
// GET: api/Estimate{?ownerId=User.GetUserId()}
[HttpGet]
public IActionResult GetEstimates(string ownerId=null)
{
if ( ownerId == null ) ownerId = User.GetUserId();
else if (!UserIsAdminOrThis(ownerId)) // throw new Exception("Not authorized") ;
// or just do nothing
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
return Ok(_context.Estimates.Where(e=>e.OwnerId == ownerId));
}
// GET: api/Estimate/5
@ -43,7 +57,9 @@ namespace Yavsc.Controllers
return HttpNotFound();
}
if (UserIsAdminOrInThese(estimate.ClientId,estimate.OwnerId))
return Ok(estimate);
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
}
// PUT: api/Estimate/5
@ -59,7 +75,15 @@ namespace Yavsc.Controllers
{
return HttpBadRequest();
}
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only modify your own estimates");
return HttpBadRequest(ModelState);
}
}
_context.Entry(estimate).State = EntityState.Modified;
try
@ -89,7 +113,15 @@ namespace Yavsc.Controllers
{
return HttpBadRequest(ModelState);
}
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only create your own estimates");
return HttpBadRequest(ModelState);
}
}
_context.Estimates.Add(estimate);
try
{
@ -120,11 +152,20 @@ namespace Yavsc.Controllers
}
Estimate estimate = _context.Estimates.Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
}
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only create your own estimates");
return HttpBadRequest(ModelState);
}
}
_context.Estimates.Remove(estimate);
_context.SaveChanges();

18
Yavsc/Model/Billing/Estimate.cs
View File

@ -35,8 +35,10 @@ namespace Yavsc.Models.Billing
[NotMapped]
public List<string> AttachedGraphics { get; set; }
public string AttachedGraphicsString { get { return string.Join(":", AttachedGraphics); }
set { AttachedGraphics = value.Split(':').ToList(); } }
public string AttachedGraphicsString {
get { return string.Join(":", AttachedGraphics); }
set { AttachedGraphics = value.Split(':').ToList(); }
}
/// <summary>
/// List of attached files
/// to this estimate, as relative pathes to
@ -46,7 +48,15 @@ namespace Yavsc.Models.Billing
/// <returns></returns>
[NotMapped]
public List<string> AttachedFiles { get; set; }
public string AttachedFilesString { get { return string.Join(":", AttachedFiles); }
set { AttachedFiles = value.Split(':').ToList(); } }
public string AttachedFilesString {
get { return string.Join(":", AttachedFiles); }
set { AttachedFiles = value.Split(':').ToList(); }
}
[Required]
public string OwnerId { get; set; }
[Required]
public string ClientId { get; set; }
}
}