paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIXME SR is private

Browse Source
This commit is contained in:
Paul Schneider
2023-03-19 17:57:55 +00:00
parent dac93a6206
commit 8b607e2606
576 changed files with 76023 additions and 13743 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
omnisharp.json
View File

@ -1,17 +1,12 @@
{
"dotnet": {
"enabled": true
},
"msbuild": {
"enabled": false
},
"scriptcs": {
"msbuild": {
"enabled": true
},
"Dnx": {
"enabled": false,
"enablePackageRestore": false,
"projects": "src/*/project.json;*/project.json;project.json;test/*/project.json"
"enabled": false
},
"Script": {
"enabled": false
@ -24,5 +19,4 @@
],
"userExcludeSearchPatterns": []
}
}

29
src/Yavsc/ApiControllers/Blogspot/BlogApiController.cs
View File

@ -1,10 +1,11 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Blog;
@ -36,14 +37,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogPost blog = _context.Blogspot.Single(m => m.Id == id);
if (blog == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(blog);
@ -55,12 +56,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != blog.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(blog).State = EntityState.Modified;
@ -73,7 +74,7 @@ namespace Yavsc.Controllers
{
if (!BlogExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -81,7 +82,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/BlogApi
@ -90,7 +91,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Blogspot.Add(blog);
@ -102,7 +103,7 @@ namespace Yavsc.Controllers
{
if (BlogExists(blog.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -119,13 +120,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogPost blog = _context.Blogspot.Single(m => m.Id == id);
if (blog == null)
{
return HttpNotFound();
return NotFound();
}
_context.Blogspot.Remove(blog);

26
src/Yavsc/ApiControllers/Blogspot/BlogTagsApiController.cs
View File

@ -1,9 +1,9 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Blog;
namespace Yavsc.Controllers
@ -32,14 +32,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogTag blogTag = await _context.TagsDomain.SingleAsync(m => m.PostId == id);
if (blogTag == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(blogTag);
@ -51,12 +51,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != blogTag.PostId)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(blogTag).State = EntityState.Modified;
@ -69,7 +69,7 @@ namespace Yavsc.Controllers
{
if (!BlogTagExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -77,7 +77,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/BlogTagsApi
@ -86,7 +86,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.TagsDomain.Add(blogTag);
@ -98,7 +98,7 @@ namespace Yavsc.Controllers
{
if (BlogTagExists(blogTag.PostId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -115,13 +115,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogTag blogTag = await _context.TagsDomain.SingleAsync(m => m.PostId == id);
if (blogTag == null)
{
return HttpNotFound();
return NotFound();
}
_context.TagsDomain.Remove(blogTag);

29
src/Yavsc/ApiControllers/Blogspot/CommentsApiController.cs
View File

@ -1,10 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Blog;
@ -34,14 +31,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Comment comment = await _context.Comment.SingleAsync(m => m.Id == id);
if (comment == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(comment);
@ -53,12 +50,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != comment.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(comment).State = EntityState.Modified;
@ -71,7 +68,7 @@ namespace Yavsc.Controllers
{
if (!CommentExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -79,7 +76,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/CommentsApi
@ -106,7 +103,7 @@ namespace Yavsc.Controllers
{
if (CommentExists(comment.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -122,13 +119,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Comment comment = await _context.Comment.SingleAsync(m => m.Id == id);
if (comment == null)
{
return HttpNotFound();
return NotFound();
}
RemoveRecursive(comment);

20
src/Yavsc/ApiControllers/Blogspot/FileSystemApiController.cs
View File

@ -1,9 +1,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Models;
namespace Yavsc.ApiControllers
@ -63,11 +61,11 @@ namespace Yavsc.ApiControllers
}
if (pathex!=null) {
_logger.LogError($"invalid sub path: '{subdir}'.");
return HttpBadRequest(pathex);
return BadRequest(pathex);
}
_logger.LogInformation($"Receiving files, saved in '{destDir}' (specified as '{subdir}').");
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = dbContext.Users.Single(
u => u.Id == uid
);
@ -91,7 +89,7 @@ namespace Yavsc.ApiControllers
[Authorize("AdministratorOnly")]
public IActionResult AddQuota(string uname, int len)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = dbContext.Users.FirstOrDefault(
u => u.UserName == uname
);
@ -107,7 +105,7 @@ namespace Yavsc.ApiControllers
public IActionResult MoveFile([FromBody] RenameFileQuery query)
{
if (!ModelState.IsValid) return new BadRequestObjectResult(ModelState);
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = dbContext.Users.Single(
u => u.Id == uid
);
@ -124,10 +122,10 @@ namespace Yavsc.ApiControllers
if (!ModelState.IsValid) {
var idvr = new ValidRemoteUserFilePathAttribute();
return this.HttpBadRequest(new { id = idvr.IsValid(query.id), to = idvr.IsValid(query.to), errors = ModelState });
return this.BadRequest(new { id = idvr.IsValid(query.id), to = idvr.IsValid(query.to), errors = ModelState });
}
_logger.LogInformation($"Valid move query: {query.id} => {query.to}");
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = dbContext.Users.Single(
u => u.Id == uid
);

28
src/Yavsc/ApiControllers/Blogspot/FileSystemStream.cs
View File

@ -1,16 +1,13 @@
using System.IO;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Attributes.Validation;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Messaging;
using Yavsc.Services;
using Microsoft.AspNetCore.SignalR;
namespace Yavsc.ApiControllers
{
@ -19,13 +16,16 @@ namespace Yavsc.ApiControllers
{
private readonly ILogger logger;
private readonly ILiveProcessor liveProcessor;
private readonly IHubContext<ChatHub> hubContext;
readonly ApplicationDbContext dbContext;
public FileSystemStreamController(ApplicationDbContext context, ILiveProcessor liveProcessor, ILoggerFactory loggerFactory)
public FileSystemStreamController(ApplicationDbContext context, ILiveProcessor liveProcessor, ILoggerFactory loggerFactory,
IHubContext<ChatHub> hubContext)
{
this.dbContext = context;
this.logger = loggerFactory.CreateLogger<FileSystemStreamController>();
this.liveProcessor = liveProcessor;
this.hubContext = hubContext;
}
[Authorize, Route("put/{filename}")]
@ -33,20 +33,20 @@ namespace Yavsc.ApiControllers
{
logger.LogInformation("Put : " + filename);
if (!HttpContext.WebSockets.IsWebSocketRequest)
return HttpBadRequest("not a web socket");
return BadRequest("not a web socket");
if (!HttpContext.User.Identity.IsAuthenticated)
return new HttpUnauthorizedResult();
return new UnauthorizedResult();
var subdirs = filename.Split('/');
var filePath = subdirs.Length > 1 ? string.Join("/", subdirs.Take(subdirs.Length-1)) : null;
var shortFileName = subdirs[subdirs.Length-1];
if (!shortFileName.IsValidShortFileName())
{
logger.LogInformation("invalid file name : " + filename);
return HttpBadRequest("invalid file name");
return BadRequest("invalid file name");
}
logger.LogInformation("validated: api/stream/Put: "+filename);
var userName = User.GetUserName();
var hubContext = Microsoft.AspNet.SignalR.GlobalHost.ConnectionManager.GetHubContext<ChatHub>();
string url = string.Format(
"{0}/{1}/{2}",
Startup.UserFilesOptions.RequestPath.ToUriComponent(),
@ -54,7 +54,7 @@ namespace Yavsc.ApiControllers
filename
);
hubContext.Clients.All.addPublicStream(new PublicStreamInfo
hubContext.Clients.All.SendAsync("addPublicStream", new PublicStreamInfo
{
sender = userName,
url = url,

31
src/Yavsc/ApiControllers/Blogspot/PostTagsApiController.cs
View File

@ -1,13 +1,14 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.Controllers
{
using System.Security.Claims;
using Models;
using Microsoft.EntityFrameworkCore;
using Models;
using Yavsc.Helpers;
using Yavsc.Models.Blog;
[Produces("application/json")]
@ -34,14 +35,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogTag postTag = _context.TagsDomain.Single(m => m.PostId == id);
if (postTag == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(postTag);
@ -53,12 +54,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != postTag.PostId)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(postTag).State = EntityState.Modified;
@ -71,7 +72,7 @@ namespace Yavsc.Controllers
{
if (!PostTagExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -79,7 +80,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/PostTagsApi
@ -88,7 +89,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.TagsDomain.Add(postTag);
@ -100,7 +101,7 @@ namespace Yavsc.Controllers
{
if (PostTagExists(postTag.PostId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -117,13 +118,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlogTag postTag = _context.TagsDomain.Single(m => m.PostId == id);
if (postTag == null)
{
return HttpNotFound();
return NotFound();
}
_context.TagsDomain.Remove(postTag);
@ -146,4 +147,4 @@ namespace Yavsc.Controllers
return _context.TagsDomain.Count(e => e.PostId == id) > 0;
}
}
}
}

31
src/Yavsc/ApiControllers/Blogspot/TagsApiController.cs
View File

@ -1,15 +1,14 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Extensions.Logging;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Models;
namespace Yavsc.Controllers
{
using System.Security.Claims;
using Microsoft.EntityFrameworkCore;
using Models.Relationship;
using Yavsc.Helpers;
[Produces("application/json")]
[Route("api/TagsApi")]
public class TagsApiController : Controller
@ -37,14 +36,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Tag tag = _context.Tags.Single(m => m.Id == id);
if (tag == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(tag);
@ -56,12 +55,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != tag.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(tag).State = EntityState.Modified;
@ -75,7 +74,7 @@ namespace Yavsc.Controllers
{
if (!TagExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -83,7 +82,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/TagsApi
@ -92,7 +91,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Tags.Add(tag);
@ -104,7 +103,7 @@ namespace Yavsc.Controllers
{
if (TagExists(tag.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -121,13 +120,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Tag tag = _context.Tags.Single(m => m.Id == id);
if (tag == null)
{
return HttpNotFound();
return NotFound();
}
_context.Tags.Remove(tag);

4
src/Yavsc/ApiControllers/Blogspot/TestApiController.cs
View File

@ -1,5 +1,5 @@
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.ApiControllers
{

29
src/Yavsc/ApiControllers/Business/ActivityApiController.cs
View File

@ -2,10 +2,11 @@ using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Workflow;
@ -37,14 +38,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Activity activity = await _context.Activities.SingleAsync(m => m.Code == id);
if (activity == null)
{
return HttpNotFound();
return NotFound();
}
// Also return hidden ones
// hidden doesn't mean disabled
@ -57,12 +58,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != activity.Code)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(activity).State = EntityState.Modified;
@ -75,7 +76,7 @@ namespace Yavsc.Controllers
{
if (!ActivityExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -83,7 +84,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ActivityApi
@ -92,7 +93,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Activities.Add(activity);
@ -104,7 +105,7 @@ namespace Yavsc.Controllers
{
if (ActivityExists(activity.Code))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -121,13 +122,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Activity activity = await _context.Activities.SingleAsync(m => m.Code == id);
if (activity == null)
{
return HttpNotFound();
return NotFound();
}
_context.Activities.Remove(activity);

41
src/Yavsc/ApiControllers/Business/BillingController.cs
View File

@ -1,15 +1,7 @@
using System.IO;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using System.Web.Routing;
using System.Linq;
using Microsoft.Data.Entity;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.OptionsModel;
using Newtonsoft.Json;
using System;
using System.Security.Claims;
using Yavsc.Helpers;
using Yavsc.ViewModels;
@ -21,6 +13,8 @@ namespace Yavsc.ApiControllers
using Models.Messaging;
using ViewModels.Auth;
using Microsoft.Extensions.Options;
using Microsoft.EntityFrameworkCore;
[Route("api/bill"), Authorize]
public class BillingController : Controller
@ -59,7 +53,7 @@ namespace Yavsc.ApiControllers
{
var bill = await billingService.GetBillAsync(billingCode, id);
if (!await authorizationService.AuthorizeAsync(User, bill, new ViewRequirement()))
if ( authorizationService.AuthorizeAsync(User, bill, new ViewRequirement()).IsFaulted)
{
return new ChallengeResult();
}
@ -77,11 +71,11 @@ namespace Yavsc.ApiControllers
if (bill==null) {
logger.LogCritical ( $"# not found !! {id} in {billingCode}");
return this.HttpNotFound();
return this.NotFound();
}
logger.LogVerbose(JsonConvert.SerializeObject(bill));
logger.LogTrace(JsonConvert.SerializeObject(bill));
if (!await authorizationService.AuthorizeAsync(User, bill, new ViewRequirement()))
if (!(await authorizationService.AuthorizeAsync(User, bill, new ViewRequirement())).Succeeded)
{
return new ChallengeResult();
}
@ -96,7 +90,7 @@ namespace Yavsc.ApiControllers
if (bill==null) {
logger.LogCritical ( $"# not found !! {id} in {billingCode}");
return this.HttpNotFound();
return this.NotFound();
}
logger.LogWarning("Got bill ack:"+bill.GetIsAcquitted().ToString());
return ViewComponent("Bill",new object[] { billingCode, bill, OutputFormat.Pdf, true } );
@ -112,7 +106,9 @@ namespace Yavsc.ApiControllers
.FirstOrDefault(e=>e.Id == id);
if (estimate == null)
return new BadRequestResult();
if (!await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()))
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
{
return new ChallengeResult();
}
@ -138,25 +134,26 @@ namespace Yavsc.ApiControllers
{
// For authorization purpose
var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id);
if (!await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()))
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
{
return new ChallengeResult();
}
var filename = AbstractFileSystemHelpers.SignFileNameFormat("pro", billingCode, id);
FileInfo fi = new FileInfo(Path.Combine(AbstractFileSystemHelpers.UserBillsDirName, filename));
if (!fi.Exists) return HttpNotFound(new { Error = "Professional signature not found" });
if (!fi.Exists) return NotFound(new { Error = "Professional signature not found" });
return File(fi.OpenRead(), "application/x-pdf", filename); ;
}
[HttpPost("clisign/{billingCode}/{id}")]
public async Task<IActionResult> CliSign(string billingCode, long id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var estimate = dbContext.Estimates.Include( e=>e.Query
).Include(e=>e.Owner).Include(e=>e.Owner.Performer).Include(e=>e.Client)
.FirstOrDefault( e=> e.Id == id && e.Query.ClientId == uid );
if (!await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()))
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
{
return new ChallengeResult();
}
@ -173,14 +170,14 @@ namespace Yavsc.ApiControllers
{
// For authorization purpose
var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id);
if (!await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()))
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
{
return new ChallengeResult();
}
var filename = AbstractFileSystemHelpers.SignFileNameFormat("pro", billingCode, id);
FileInfo fi = new FileInfo(Path.Combine(AbstractFileSystemHelpers.UserBillsDirName, filename));
if (!fi.Exists) return HttpNotFound(new { Error = "Professional signature not found" });
if (!fi.Exists) return NotFound(new { Error = "Professional signature not found" });
return File(fi.OpenRead(), "application/x-pdf", filename); ;
}
}

45
src/Yavsc/ApiControllers/Business/BookQueryApiController.cs
View File

@ -1,10 +1,9 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace Yavsc.Controllers
@ -14,6 +13,8 @@ namespace Yavsc.Controllers
using Yavsc.Models.Workflow;
using Yavsc.Models.Billing;
using Yavsc.Abstract.Identity;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
[Produces("application/json")]
[Route("api/bookquery"), Authorize(Roles = "Performer,Administrator")]
@ -37,7 +38,7 @@ namespace Yavsc.Controllers
[HttpGet]
public IEnumerable<RdvQueryProviderInfo> GetCommands(long maxId=long.MaxValue)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var now = DateTime.Now;
var result = _context.RdvQueries.Include(c => c.Location).
@ -69,15 +70,15 @@ namespace Yavsc.Controllers
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
RdvQuery bookQuery = _context.RdvQueries.Where(c => c.ClientId == uid || c.PerformerId == uid).Single(m => m.Id == id);
if (bookQuery == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(bookQuery);
@ -89,16 +90,16 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != bookQuery.Id)
{
return HttpBadRequest();
return BadRequest();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (bookQuery.ClientId != uid)
return HttpNotFound();
return NotFound();
_context.Entry(bookQuery).State = EntityState.Modified;
@ -110,7 +111,7 @@ namespace Yavsc.Controllers
{
if (!BookQueryExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -118,7 +119,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/BookQueryApi
@ -127,9 +128,9 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (bookQuery.ClientId != uid)
{
ModelState.AddModelError("ClientId", "You must be the client at creating a book query");
@ -144,7 +145,7 @@ namespace Yavsc.Controllers
{
if (BookQueryExists(bookQuery.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -161,16 +162,16 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
RdvQuery bookQuery = _context.RdvQueries.Single(m => m.Id == id);
if (bookQuery == null)
{
return HttpNotFound();
return NotFound();
}
if (bookQuery.ClientId != uid) return HttpNotFound();
if (bookQuery.ClientId != uid) return NotFound();
_context.RdvQueries.Remove(bookQuery);
_context.SaveChanges(User.GetUserId());
@ -192,4 +193,4 @@ namespace Yavsc.Controllers
return _context.RdvQueries.Count(e => e.Id == id) > 0;
}
}
}
}

41
src/Yavsc/ApiControllers/Business/EstimateApiController.cs
View File

@ -1,12 +1,13 @@
using System;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Billing;
@ -41,7 +42,7 @@ namespace Yavsc.Controllers
if (ownerId == null) ownerId = User.GetUserId();
else if (!UserIsAdminOrThis(ownerId)) // throw new Exception("Not authorized") ;
// or just do nothing
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
return new StatusCodeResult(StatusCodes.Status403Forbidden);
return Ok(_context.Estimates.Include(e => e.Bill).Where(e => e.OwnerId == ownerId));
}
// GET: api/Estimate/5
@ -50,19 +51,19 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Estimate estimate = _context.Estimates.Include(e => e.Bill).Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
return NotFound();
}
if (UserIsAdminOrInThese(estimate.ClientId, estimate.OwnerId))
return Ok(estimate);
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
return new StatusCodeResult(StatusCodes.Status403Forbidden);
}
// PUT: api/Estimate/5
@ -77,15 +78,15 @@ namespace Yavsc.Controllers
if (id != estimate.Id)
{
return HttpBadRequest();
return BadRequest();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId", "You can only modify your own estimates");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
}
@ -98,7 +99,7 @@ namespace Yavsc.Controllers
{
if (!EstimateExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -113,7 +114,7 @@ namespace Yavsc.Controllers
[HttpPost, Produces("application/json")]
public IActionResult PostEstimate([FromBody] Estimate estimate)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (estimate.OwnerId == null) estimate.OwnerId = uid;
if (!User.IsInRole(Constants.AdminGroupName))
@ -121,7 +122,7 @@ namespace Yavsc.Controllers
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId", "You can only create your own estimates");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
}
@ -130,7 +131,7 @@ namespace Yavsc.Controllers
var query = _context.RdvQueries.FirstOrDefault(q => q.Id == estimate.CommandId);
if (query == null)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
query.ValidationDate = DateTime.Now;
_context.SaveChanges(User.GetUserId());
@ -159,7 +160,7 @@ namespace Yavsc.Controllers
{
if (EstimateExists(estimate.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -175,22 +176,22 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Estimate estimate = _context.Estimates.Include(e => e.Bill).Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId", "You can only create your own estimates");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
}
_context.Estimates.Remove(estimate);

42
src/Yavsc/ApiControllers/Business/EstimateTemplatesApiController.cs
View File

@ -1,9 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Billing;
@ -24,7 +22,7 @@ namespace Yavsc.Controllers
[HttpGet]
public IEnumerable<EstimateTemplate> GetEstimateTemplate()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
return _context.EstimateTemplates.Where(x=>x.OwnerId==uid);
}
@ -34,15 +32,15 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
EstimateTemplate estimateTemplate = _context.EstimateTemplates.Where(x=>x.OwnerId==uid).Single(m => m.Id == id);
if (estimateTemplate == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(estimateTemplate);
@ -54,17 +52,17 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != estimateTemplate.Id)
{
return HttpBadRequest();
return BadRequest();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (estimateTemplate.OwnerId!=uid)
if (!User.IsInRole(Constants.AdminGroupName))
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
return new StatusCodeResult(StatusCodes.Status403Forbidden);
_context.Entry(estimateTemplate).State = EntityState.Modified;
@ -76,7 +74,7 @@ namespace Yavsc.Controllers
{
if (!EstimateTemplateExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -84,7 +82,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/EstimateTemplatesApi
@ -93,7 +91,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
estimateTemplate.OwnerId=User.GetUserId();
@ -106,7 +104,7 @@ namespace Yavsc.Controllers
{
if (EstimateTemplateExists(estimateTemplate.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -123,18 +121,18 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
EstimateTemplate estimateTemplate = _context.EstimateTemplates.Single(m => m.Id == id);
if (estimateTemplate == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (estimateTemplate.OwnerId!=uid)
if (!User.IsInRole(Constants.AdminGroupName))
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
return new StatusCodeResult(StatusCodes.Status403Forbidden);
_context.EstimateTemplates.Remove(estimateTemplate);
_context.SaveChanges(User.GetUserId());
@ -156,4 +154,4 @@ namespace Yavsc.Controllers
return _context.EstimateTemplates.Count(e => e.Id == id) > 0;
}
}
}
}

8
src/Yavsc/ApiControllers/Business/FrontOfficeApiController.cs
View File

@ -1,6 +1,6 @@
using System;
using System.Collections.Generic;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Services;
@ -30,10 +30,10 @@ namespace Yavsc.ApiControllers
[HttpPost("query/reject")]
public IActionResult RejectQuery(string billingCode, long queryId)
{
if (billingCode == null) return HttpBadRequest("billingCode");
if (queryId == 0) return HttpBadRequest("queryId");
if (billingCode == null) return BadRequest("billingCode");
if (queryId == 0) return BadRequest("queryId");
var billing = BillingService.GetBillable(dbContext, billingCode, queryId);
if (billing == null) return HttpBadRequest();
if (billing == null) return BadRequest();
billing.Rejected = true;
billing.RejectedAt = DateTime.Now;
dbContext.SaveChanges();

6
src/Yavsc/ApiControllers/Business/PaymentApiController.cs
View File

@ -1,7 +1,5 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Newtonsoft.Json;
using Yavsc.Helpers;
using Yavsc.Models;

9
src/Yavsc/ApiControllers/Business/PerformersApiController.cs
View File

@ -1,12 +1,11 @@
using Microsoft.AspNet.Mvc;
using System.Linq;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
namespace Yavsc.Controllers
{
using Microsoft.EntityFrameworkCore;
using Models;
using Yavsc.Helpers;
using Yavsc.Services;
@ -44,7 +43,7 @@ namespace Yavsc.Controllers
ModelState.AddModelError("id","Specifier un identifiant de prestataire valide");
}
else {
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!User.IsInRole("Administrator"))
if (uid != id) return new ChallengeResult();

31
src/Yavsc/ApiControllers/Business/ProductApiController.cs
View File

@ -1,10 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Market;
@ -34,14 +31,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Product product = _context.Products.Single(m => m.Id == id);
if (product == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(product);
@ -53,12 +50,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != product.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(product).State = EntityState.Modified;
@ -71,7 +68,7 @@ namespace Yavsc.Controllers
{
if (!ProductExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -79,7 +76,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ProductApi
@ -88,7 +85,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Products.Add(product);
@ -100,7 +97,7 @@ namespace Yavsc.Controllers
{
if (ProductExists(product.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -117,13 +114,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Product product = _context.Products.Single(m => m.Id == id);
if (product == null)
{
return HttpNotFound();
return NotFound();
}
_context.Products.Remove(product);

41
src/Yavsc/ApiControllers/DimissClicksApiController.cs
View File

@ -1,11 +1,8 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Messaging;
@ -26,7 +23,7 @@ namespace Yavsc.Controllers
[HttpGet]
public IEnumerable<DimissClicked> GetDimissClicked()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
return _context.DimissClicked.Where(d=>d.UserId == uid);
}
@ -47,19 +44,19 @@ namespace Yavsc.Controllers
[HttpGet("{id}", Name = "GetDimissClicked")]
public async Task<IActionResult> GetDimissClicked([FromRoute] string id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != id) return new ChallengeResult();
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
DimissClicked dimissClicked = await _context.DimissClicked.SingleAsync(m => m.UserId == id);
if (dimissClicked == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(dimissClicked);
@ -69,17 +66,17 @@ namespace Yavsc.Controllers
[HttpPut("{id}")]
public async Task<IActionResult> PutDimissClicked([FromRoute] string id, [FromBody] DimissClicked dimissClicked)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != id || uid != dimissClicked.UserId) return new ChallengeResult();
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != dimissClicked.UserId)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(dimissClicked).State = EntityState.Modified;
@ -92,7 +89,7 @@ namespace Yavsc.Controllers
{
if (!DimissClickedExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -100,19 +97,19 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/DimissClicksApi
[HttpPost]
public async Task<IActionResult> PostDimissClicked([FromBody] DimissClicked dimissClicked)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != dimissClicked.UserId) return new ChallengeResult();
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.DimissClicked.Add(dimissClicked);
@ -124,7 +121,7 @@ namespace Yavsc.Controllers
{
if (DimissClickedExists(dimissClicked.UserId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -139,19 +136,19 @@ namespace Yavsc.Controllers
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteDimissClicked([FromRoute] string id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!User.IsInRole("Administrator"))
if (uid != id) return new ChallengeResult();
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
DimissClicked dimissClicked = await _context.DimissClicked.SingleAsync(m => m.UserId == id);
if (dimissClicked == null)
{
return HttpNotFound();
return NotFound();
}
_context.DimissClicked.Remove(dimissClicked);

32
src/Yavsc/ApiControllers/HairCut/BursherProfilesApiController.cs
View File

@ -1,10 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using System.Security.Claims;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Haircut;
@ -34,14 +30,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BrusherProfile brusherProfile = await _context.BrusherProfile.SingleAsync(m => m.UserId == id);
if (brusherProfile == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(brusherProfile);
@ -53,17 +49,17 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != brusherProfile.UserId)
{
return HttpBadRequest();
return BadRequest();
}
if (id != User.GetUserId())
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(brusherProfile).State = EntityState.Modified;
@ -75,7 +71,7 @@ namespace Yavsc.Controllers
{
if (!BrusherProfileExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -83,7 +79,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/BursherProfilesApi
@ -92,7 +88,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.BrusherProfile.Add(brusherProfile);
@ -104,7 +100,7 @@ namespace Yavsc.Controllers
{
if (BrusherProfileExists(brusherProfile.UserId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -121,13 +117,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BrusherProfile brusherProfile = await _context.BrusherProfile.SingleAsync(m => m.UserId == id);
if (brusherProfile == null)
{
return HttpNotFound();
return NotFound();
}
_context.BrusherProfile.Remove(brusherProfile);

42
src/Yavsc/ApiControllers/HairCut/HairCutController.cs
View File

@ -1,6 +1,5 @@
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Localization;
@ -16,14 +15,15 @@ namespace Yavsc.ApiControllers
using Models.Haircut;
using System.Threading.Tasks;
using Helpers;
using Microsoft.Data.Entity;
using Models.Payment;
using Newtonsoft.Json;
using PayPal.PayPalAPIInterfaceService.Model;
using Yavsc.Models.Haircut.Views;
using Microsoft.AspNet.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Authorization;
[Route("api/haircut")]
[Route("api/haircut")][Authorize]
public class HairCutController : Controller
{
private readonly ApplicationDbContext _context;
@ -40,7 +40,9 @@ namespace Yavsc.ApiControllers
// user, as a client
public IActionResult Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var now = DateTime.Now;
var result = _context.HairCutQueries
.Include(q => q.Prestation)
@ -61,14 +63,14 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
HairCutQuery hairCutQuery = await _context.HairCutQueries.SingleAsync(m => m.Id == id);
if (hairCutQuery == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(hairCutQuery);
@ -80,12 +82,12 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != hairCutQuery.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(hairCutQuery).State = EntityState.Modified;
@ -98,7 +100,7 @@ namespace Yavsc.ApiControllers
{
if (!HairCutQueryExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -106,20 +108,20 @@ namespace Yavsc.ApiControllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
[HttpPost]
public async Task<IActionResult> PostQuery(HairCutQuery hairCutQuery)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!ModelState.IsValid)
{
return new BadRequestObjectResult(ModelState);
}
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.HairCutQueries.Add(hairCutQuery);
@ -131,7 +133,7 @@ namespace Yavsc.ApiControllers
{
if (HairCutQueryExists(hairCutQuery.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -159,13 +161,13 @@ namespace Yavsc.ApiControllers
}
catch (Exception ex) {
_logger.LogError(ex.Message);
return new HttpStatusCodeResult(500);
return new StatusCodeResult(500);
}
if (payment==null) {
_logger.LogError("Error doing SetExpressCheckout, aborting.");
_logger.LogError(JsonConvert.SerializeObject(Startup.PayPalSettings));
return new HttpStatusCodeResult(500);
return new StatusCodeResult(500);
}
switch (payment.Ack)
{
@ -195,13 +197,13 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
HairCutQuery hairCutQuery = await _context.HairCutQueries.SingleAsync(m => m.Id == id);
if (hairCutQuery == null)
{
return HttpNotFound();
return NotFound();
}
_context.HairCutQueries.Remove(hairCutQuery);

28
src/Yavsc/ApiControllers/HyperLinkApiController.cs
View File

@ -1,9 +1,5 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Relationship;
@ -33,14 +29,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == id);
if (hyperLink == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(hyperLink);
@ -52,12 +48,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != hyperLink.HRef)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(hyperLink).State = EntityState.Modified;
@ -70,7 +66,7 @@ namespace Yavsc.Controllers
{
if (!HyperLinkExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -78,7 +74,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/HyperLinkApi
@ -87,7 +83,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.HyperLink.Add(hyperLink);
@ -99,7 +95,7 @@ namespace Yavsc.Controllers
{
if (HyperLinkExists(hyperLink.HRef))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -116,13 +112,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == id);
if (hyperLink == null)
{
return HttpNotFound();
return NotFound();
}
_context.HyperLink.Remove(hyperLink);

30
src/Yavsc/ApiControllers/IT/GitRefsApiController.cs
View File

@ -1,10 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Server.Models.IT.SourceCode;
@ -35,14 +31,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
GitRepositoryReference gitRepositoryReference = await _context.GitRepositoryReference.SingleAsync(m => m.Id == id);
if (gitRepositoryReference == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(gitRepositoryReference);
@ -54,7 +50,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Entry(gitRepositoryReference).State = EntityState.Modified;
@ -67,7 +63,7 @@ namespace Yavsc.Controllers
{
if (!GitRepositoryReferenceExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -75,7 +71,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/GitRefsApi
@ -84,7 +80,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.GitRepositoryReference.Add(gitRepositoryReference);
@ -96,7 +92,7 @@ namespace Yavsc.Controllers
{
if (GitRepositoryReferenceExists(gitRepositoryReference.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -113,13 +109,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
GitRepositoryReference gitRepositoryReference = await _context.GitRepositoryReference.SingleAsync(m => m.Id == id);
if (gitRepositoryReference == null)
{
return HttpNotFound();
return NotFound();
}
_context.GitRepositoryReference.Remove(gitRepositoryReference);
@ -142,4 +138,4 @@ namespace Yavsc.Controllers
return _context.GitRepositoryReference.Count(e => e.Id == id) > 0;
}
}
}
}

2
src/Yavsc/ApiControllers/MailTemplatingApiController.cs
View File

@ -1,4 +1,4 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.ApiControllers
{

31
src/Yavsc/ApiControllers/MailingTemplateApiController.cs
View File

@ -1,13 +1,8 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Models;
using Yavsc.Server.Models.EMailing;
using Microsoft.AspNet.Authorization;
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
namespace Yavsc.Controllers
{
@ -36,14 +31,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MailingTemplate mailingTemplate = await _context.MailingTemplate.SingleAsync(m => m.Id == id);
if (mailingTemplate == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(mailingTemplate);
@ -55,12 +50,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != mailingTemplate.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(mailingTemplate).State = EntityState.Modified;
@ -73,7 +68,7 @@ namespace Yavsc.Controllers
{
if (!MailingTemplateExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -81,7 +76,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/MailingTemplateApi
@ -90,7 +85,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.MailingTemplate.Add(mailingTemplate);
@ -102,7 +97,7 @@ namespace Yavsc.Controllers
{
if (MailingTemplateExists(mailingTemplate.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -119,13 +114,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MailingTemplate mailingTemplate = await _context.MailingTemplate.SingleAsync(m => m.Id == id);
if (mailingTemplate == null)
{
return HttpNotFound();
return NotFound();
}
_context.MailingTemplate.Remove(mailingTemplate);

29
src/Yavsc/ApiControllers/Musical/MusicalPreferencesApiController.cs
View File

@ -1,9 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Musical;
@ -33,14 +30,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MusicalPreference musicalPreference = _context.MusicalPreference.Single(m => m.OwnerProfileId == id);
if (musicalPreference == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(musicalPreference);
@ -51,12 +48,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != musicalPreference.OwnerProfileId)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(musicalPreference).State = EntityState.Modified;
@ -69,7 +66,7 @@ namespace Yavsc.Controllers
{
if (!MusicalPreferenceExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -77,7 +74,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/MusicalPreferencesApi
@ -86,7 +83,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.MusicalPreference.Add(musicalPreference);
@ -98,7 +95,7 @@ namespace Yavsc.Controllers
{
if (MusicalPreferenceExists(musicalPreference.OwnerProfileId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -115,13 +112,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MusicalPreference musicalPreference = _context.MusicalPreference.Single(m => m.OwnerProfileId == id);
if (musicalPreference == null)
{
return HttpNotFound();
return NotFound();
}
_context.MusicalPreference.Remove(musicalPreference);

29
src/Yavsc/ApiControllers/Musical/MusicalTendenciesApiController.cs
View File

@ -1,9 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Musical;
@ -33,14 +30,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MusicalTendency musicalTendency = _context.MusicalTendency.Single(m => m.Id == id);
if (musicalTendency == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(musicalTendency);
@ -52,12 +49,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != musicalTendency.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(musicalTendency).State = EntityState.Modified;
@ -70,7 +67,7 @@ namespace Yavsc.Controllers
{
if (!MusicalTendencyExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -78,7 +75,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/MusicalTendenciesApi
@ -87,7 +84,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.MusicalTendency.Add(musicalTendency);
@ -99,7 +96,7 @@ namespace Yavsc.Controllers
{
if (MusicalTendencyExists(musicalTendency.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -116,13 +113,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
MusicalTendency musicalTendency = _context.MusicalTendency.Single(m => m.Id == id);
if (musicalTendency == null)
{
return HttpNotFound();
return NotFound();
}
_context.MusicalTendency.Remove(musicalTendency);

4
src/Yavsc/ApiControllers/Musical/PodcastController.cs
View File

@ -1,8 +1,8 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.ApiControllers
{
public class PodcastController : Controller
{
}
}
}

29
src/Yavsc/ApiControllers/NativeConfidentialController.cs
View File

@ -2,9 +2,10 @@
using System;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Identity;
@ -30,7 +31,7 @@ public class NativeConfidentialController : Controller
public IActionResult Register(
[FromBody] DeviceDeclaration declaration)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!ModelState.IsValid)
{
@ -40,12 +41,15 @@ public class NativeConfidentialController : Controller
declaration.LatestActivityUpdate = DateTime.Now;
_logger.LogInformation($"Registering device with id:{declaration.DeviceId} for {uid}");
var alreadyRegisteredDevice = _context.DeviceDeclaration.FirstOrDefault(d => d.DeviceId == declaration.DeviceId);
DeviceDeclaration? alreadyRegisteredDevice = _context.DeviceDeclaration.FirstOrDefault(d => d.DeviceId == declaration.DeviceId);
var deviceAlreadyRegistered = (alreadyRegisteredDevice!=null);
if (deviceAlreadyRegistered)
if (alreadyRegisteredDevice==null)
{
_logger.LogInformation($"deviceAlreadyRegistered");
// Override an exiting owner
declaration.DeclarationDate = DateTime.Now;
declaration.DeviceOwnerId = uid;
_context.DeviceDeclaration.Add(declaration);
}
else {
alreadyRegisteredDevice.DeviceOwnerId = uid;
alreadyRegisteredDevice.Model = declaration.Model;
alreadyRegisteredDevice.Platform = declaration.Platform;
@ -53,18 +57,13 @@ public class NativeConfidentialController : Controller
_context.Update(alreadyRegisteredDevice);
_context.SaveChanges(User.GetUserId());
}
else
{
_logger.LogInformation($"new device");
declaration.DeclarationDate = DateTime.Now;
declaration.DeviceOwnerId = uid;
_context.DeviceDeclaration.Add(declaration as DeviceDeclaration);
_context.SaveChanges(User.GetUserId());
}
var latestActivityUpdate = _context.Activities.Max(a=>a.DateModified);
return Json(new {
IsAnUpdate = deviceAlreadyRegistered,
UpdateActivities = (latestActivityUpdate != declaration.LatestActivityUpdate)
UpdateActivities = latestActivityUpdate != declaration.LatestActivityUpdate
});
}

13
src/Yavsc/ApiControllers/PostRateApiController.cs
View File

@ -1,7 +1,8 @@
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Helpers;
using Yavsc.Models;
namespace Yavsc.Controllers
@ -23,20 +24,20 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Models.Blog.BlogPost blogpost = _context.Blogspot.Single(x=>x.Id == id);
if (blogpost == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (blogpost.AuthorId!=uid)
if (!User.IsInRole(Constants.AdminGroupName))
return HttpBadRequest();
return BadRequest();
blogpost.Rate = rate;
_context.SaveChanges(User.GetUserId());

2
src/Yavsc/ApiControllers/ProfileApiController.cs
View File

@ -1,4 +1,4 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.ApiControllers
{

40
src/Yavsc/ApiControllers/Relationship/BlackListApiController.cs
View File

@ -1,10 +1,8 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Access;
@ -34,22 +32,22 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlackListed blackListed = _context.BlackListed.Single(m => m.Id == id);
if (blackListed == null)
{
return HttpNotFound();
return NotFound();
}
if (!CheckPermission(blackListed))
return HttpBadRequest();
return BadRequest();
return Ok(blackListed);
}
private bool CheckPermission(BlackListed blackListed)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != blackListed.OwnerId)
if (!User.IsInRole(Constants.AdminGroupName))
if (!User.IsInRole(Constants.FrontOfficeGroupName))
@ -62,15 +60,15 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != blackListed.Id)
{
return HttpBadRequest();
return BadRequest();
}
if (!CheckPermission(blackListed))
return HttpBadRequest();
return BadRequest();
_context.Entry(blackListed).State = EntityState.Modified;
try
@ -81,7 +79,7 @@ namespace Yavsc.Controllers
{
if (!BlackListedExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -89,7 +87,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/BlackListApi
@ -98,11 +96,11 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (!CheckPermission(blackListed))
return HttpBadRequest();
return BadRequest();
_context.BlackListed.Add(blackListed);
try
@ -113,7 +111,7 @@ namespace Yavsc.Controllers
{
if (BlackListedExists(blackListed.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -130,17 +128,17 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
BlackListed blackListed = _context.BlackListed.Single(m => m.Id == id);
if (blackListed == null)
{
return HttpNotFound();
return NotFound();
}
if (!CheckPermission(blackListed))
return HttpBadRequest();
return BadRequest();
_context.BlackListed.Remove(blackListed);
_context.SaveChanges(User.GetUserId());

35
src/Yavsc/ApiControllers/Relationship/BlogAclApiController.cs
View File

@ -1,10 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Access;
@ -34,15 +31,15 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
CircleAuthorizationToBlogPost circleAuthorizationToBlogPost = await _context.CircleAuthorizationToBlogPost.SingleAsync(
m => m.CircleId == id && m.Allowed.OwnerId == uid );
if (circleAuthorizationToBlogPost == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(circleAuthorizationToBlogPost);
@ -54,12 +51,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != circleAuthorizationToBlogPost.CircleId)
{
return HttpBadRequest();
return BadRequest();
}
if (!CheckOwner(circleAuthorizationToBlogPost.CircleId))
@ -76,7 +73,7 @@ namespace Yavsc.Controllers
{
if (!CircleAuthorizationToBlogPostExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -84,12 +81,12 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
private bool CheckOwner (long circleId)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var circle = _context.Circle.First(c=>c.Id==circleId);
_context.Entry(circle).State = EntityState.Detached;
return (circle.OwnerId == uid);
@ -100,7 +97,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (!CheckOwner(circleAuthorizationToBlogPost.CircleId))
{
@ -115,7 +112,7 @@ namespace Yavsc.Controllers
{
if (CircleAuthorizationToBlogPostExists(circleAuthorizationToBlogPost.CircleId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -132,9 +129,9 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
CircleAuthorizationToBlogPost circleAuthorizationToBlogPost = await _context.CircleAuthorizationToBlogPost.Include(
a=>a.Allowed
@ -142,7 +139,7 @@ namespace Yavsc.Controllers
&& m.Allowed.OwnerId == uid);
if (circleAuthorizationToBlogPost == null)
{
return HttpNotFound();
return NotFound();
}
_context.CircleAuthorizationToBlogPost.Remove(circleAuthorizationToBlogPost);
await _context.SaveChangesAsync(User.GetUserId());

15
src/Yavsc/ApiControllers/Relationship/ChatApiController.cs
View File

@ -1,13 +1,10 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.Data.Entity;
using System.Security.Claims;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Identity;
using Yavsc.Models;
using Yavsc.ViewModels.Chat;
using Yavsc.Services;
using Microsoft.EntityFrameworkCore;
namespace Yavsc.Controllers
{
@ -72,12 +69,12 @@ namespace Yavsc.Controllers
if (!ModelState.IsValid)
// Miguel mech profiler
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = dbContext.ApplicationUser.Include(u => u.Connections).FirstOrDefault(u => u.UserName == userName);
if (user == null) return HttpNotFound();
if (user == null) return NotFound();
return Ok(new ChatUserInfo
{

46
src/Yavsc/ApiControllers/Relationship/ChatRoomAccessApiController.cs
View File

@ -1,11 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Chat;
@ -35,7 +31,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ChatRoomAccess chatRoomAccess = await _context.ChatRoomAccess.SingleAsync(m => m.ChannelName == id);
@ -44,16 +40,16 @@ namespace Yavsc.Controllers
if (chatRoomAccess == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != chatRoomAccess.UserId && uid != chatRoomAccess.Room.OwnerId
&& ! User.IsInRole(Constants.AdminGroupName))
{
ModelState.AddModelError("UserId","get refused");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
return Ok(chatRoomAccess);
@ -65,20 +61,20 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (id != chatRoomAccess.ChannelName)
{
return HttpBadRequest();
return BadRequest();
}
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
if (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName))
{
ModelState.AddModelError("ChannelName", "access put refused");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Entry(chatRoomAccess).State = EntityState.Modified;
@ -91,7 +87,7 @@ namespace Yavsc.Controllers
{
if (!ChatRoomAccessExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -99,7 +95,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ChatRoomAccessApi
@ -108,15 +104,15 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
if (room == null || (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName)))
{
ModelState.AddModelError("ChannelName", "access post refused");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.ChatRoomAccess.Add(chatRoomAccess);
@ -129,7 +125,7 @@ namespace Yavsc.Controllers
{
if (ChatRoomAccessExists(chatRoomAccess.ChannelName))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -146,21 +142,21 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ChatRoomAccess chatRoomAccess = await _context.ChatRoomAccess.Include(acc => acc.Room).SingleAsync(m => m.ChannelName == id);
if (chatRoomAccess == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName );
if (room == null || (uid != room.OwnerId && chatRoomAccess.UserId != uid && ! User.IsInRole(Constants.AdminGroupName)))
{
ModelState.AddModelError("UserId", "access drop refused");
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.ChatRoomAccess.Remove(chatRoomAccess);

36
src/Yavsc/ApiControllers/Relationship/ChatRoomApiController.cs
View File

@ -1,10 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Chat;
@ -34,14 +30,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ChatRoom chatRoom = await _context.ChatRoom.SingleAsync(m => m.Name == id);
if (chatRoom == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(chatRoom);
@ -53,17 +49,17 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != chatRoom.Name)
{
return HttpBadRequest();
return BadRequest();
}
if (User.GetUserId() != chatRoom.OwnerId )
{
return HttpBadRequest(new {error = "OwnerId"});
return BadRequest(new {error = "OwnerId"});
}
_context.Entry(chatRoom).State = EntityState.Modified;
@ -76,7 +72,7 @@ namespace Yavsc.Controllers
{
if (!ChatRoomExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -84,7 +80,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ChatRoomApi
@ -93,12 +89,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (User.GetUserId() != chatRoom.OwnerId )
{
return HttpBadRequest(new {error = "OwnerId"});
return BadRequest(new {error = "OwnerId"});
}
_context.ChatRoom.Add(chatRoom);
@ -110,7 +106,7 @@ namespace Yavsc.Controllers
{
if (ChatRoomExists(chatRoom.Name))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -127,7 +123,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ChatRoom chatRoom = await _context.ChatRoom.SingleAsync(m => m.Name == id);
@ -135,13 +131,13 @@ namespace Yavsc.Controllers
if (chatRoom == null)
{
return HttpNotFound();
return NotFound();
}
if (User.GetUserId() != chatRoom.OwnerId )
{
if (!User.IsInRole(Constants.AdminGroupName))
return HttpBadRequest(new {error = "OwnerId"});
return BadRequest(new {error = "OwnerId"});
}
_context.ChatRoom.Remove(chatRoom);

30
src/Yavsc/ApiControllers/Relationship/CircleApiController.cs
View File

@ -1,10 +1,6 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Relationship;
@ -34,14 +30,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(circle);
@ -53,12 +49,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != circle.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(circle).State = EntityState.Modified;
@ -71,7 +67,7 @@ namespace Yavsc.Controllers
{
if (!CircleExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -79,7 +75,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/CircleApi
@ -88,7 +84,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Circle.Add(circle);
@ -100,7 +96,7 @@ namespace Yavsc.Controllers
{
if (CircleExists(circle.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -117,13 +113,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null)
{
return HttpNotFound();
return NotFound();
}
_context.Circle.Remove(circle);

24
src/Yavsc/ApiControllers/Relationship/ContactsApiController.cs
View File

@ -1,9 +1,7 @@
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Abstract.Identity;
using Yavsc.Helpers;
using Yavsc.Models;
namespace Yavsc.Controllers
@ -32,12 +30,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != clientProviderInfo.UserId)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(clientProviderInfo).State = EntityState.Modified;
@ -50,7 +48,7 @@ namespace Yavsc.Controllers
{
if (!ClientProviderInfoExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -58,7 +56,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ContactsApi
@ -67,7 +65,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.ClientProviderInfo.Add(clientProviderInfo);
@ -79,7 +77,7 @@ namespace Yavsc.Controllers
{
if (ClientProviderInfoExists(clientProviderInfo.UserId))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -96,13 +94,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ClientProviderInfo clientProviderInfo = _context.ClientProviderInfo.Single(m => m.UserId == id);
if (clientProviderInfo == null)
{
return HttpNotFound();
return NotFound();
}
_context.ClientProviderInfo.Remove(clientProviderInfo);

31
src/Yavsc/ApiControllers/ServiceApiController.cs
View File

@ -1,10 +1,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Market;
@ -34,14 +31,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Service service = _context.Services.Single(m => m.Id == id);
if (service == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(service);
@ -53,12 +50,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != service.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(service).State = EntityState.Modified;
@ -71,7 +68,7 @@ namespace Yavsc.Controllers
{
if (!ServiceExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -79,7 +76,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ServiceApi
@ -88,7 +85,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Services.Add(service);
@ -100,7 +97,7 @@ namespace Yavsc.Controllers
{
if (ServiceExists(service.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -117,13 +114,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Service service = _context.Services.Single(m => m.Id == id);
if (service == null)
{
return HttpNotFound();
return NotFound();
}
_context.Services.Remove(service);

31
src/Yavsc/ApiControllers/Survey/BugApiController.cs
View File

@ -1,14 +1,9 @@
using Newtonsoft.Json;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Authorization;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Yavsc.Models;
using Yavsc.Models.IT.Fixing;
using Microsoft.EntityFrameworkCore;
namespace Yavsc.ApiControllers
{
@ -73,14 +68,14 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Bug bug = await _context.Bug.SingleAsync(m => m.Id == id);
if (bug == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(bug);
@ -92,12 +87,12 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != bug.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(bug).State = EntityState.Modified;
@ -110,7 +105,7 @@ namespace Yavsc.ApiControllers
{
if (!BugExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -118,7 +113,7 @@ namespace Yavsc.ApiControllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/bug
@ -127,7 +122,7 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Bug.Add(bug);
@ -139,7 +134,7 @@ namespace Yavsc.ApiControllers
{
if (BugExists(bug.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -156,13 +151,13 @@ namespace Yavsc.ApiControllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
Bug bug = await _context.Bug.SingleAsync(m => m.Id == id);
if (bug == null)
{
return HttpNotFound();
return NotFound();
}
_context.Bug.Remove(bug);

12
src/Yavsc/ApiControllers/accounting/AccountController.cs
View File

@ -1,6 +1,6 @@
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using System.Security.Claims;
using System.Threading.Tasks;
@ -12,9 +12,8 @@ namespace Yavsc.WebApi.Controllers
using ViewModels.Account;
using Yavsc.Helpers;
using System.Linq;
using Microsoft.Data.Entity;
using Microsoft.AspNet.Identity.EntityFramework;
using Yavsc.Abstract.Identity;
using Microsoft.EntityFrameworkCore;
[Authorize(),Route("~/api/account")]
public class ApiAccountController : Controller
@ -132,12 +131,11 @@ namespace Yavsc.WebApi.Controllers
if (User==null)
return new BadRequestObjectResult(
new { error = "user not found" });
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var userData = await _dbContext.Users
.Include(u=>u.PostalAddress)
.Include(u=>u.AccountBalance)
.Include(u=>u.Roles)
.FirstAsync(u=>u.Id == uid);
var user = new Yavsc.Models.Auth.Me(userData.Id, userData.UserName, userData.Email,

31
src/Yavsc/ApiControllers/accounting/ApplicationUserApiController.cs
View File

@ -1,11 +1,12 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Abstract.Identity;
using Yavsc.Helpers;
using Yavsc.Models;
namespace Yavsc.Controllers
@ -49,14 +50,14 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ApplicationUser applicationUser = _context.Users.Include(u=>u.Roles).Include(u=>u.Logins).Include(u=>u.Claims).Single(m => m.Id == id);
ApplicationUser applicationUser = _context.Users.Single(m => m.Id == id);
if (applicationUser == null)
{
return HttpNotFound();
return NotFound();
}
return Ok(applicationUser);
@ -68,12 +69,12 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
if (id != applicationUser.Id)
{
return HttpBadRequest();
return BadRequest();
}
_context.Entry(applicationUser).State = EntityState.Modified;
@ -86,7 +87,7 @@ namespace Yavsc.Controllers
{
if (!ApplicationUserExists(id))
{
return HttpNotFound();
return NotFound();
}
else
{
@ -94,7 +95,7 @@ namespace Yavsc.Controllers
}
}
return new HttpStatusCodeResult(StatusCodes.Status204NoContent);
return new StatusCodeResult(StatusCodes.Status204NoContent);
}
// POST: api/ApplicationUserApi
@ -103,7 +104,7 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
_context.Users.Add(applicationUser);
@ -115,7 +116,7 @@ namespace Yavsc.Controllers
{
if (ApplicationUserExists(applicationUser.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
return new StatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
@ -132,13 +133,13 @@ namespace Yavsc.Controllers
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
return BadRequest(ModelState);
}
ApplicationUser applicationUser = _context.Users.Single(m => m.Id == id);
if (applicationUser == null)
{
return HttpNotFound();
return NotFound();
}
_context.Users.Remove(applicationUser);

5
src/Yavsc/ApiControllers/accounting/ProfileApiController.cs
View File

@ -1,10 +1,11 @@
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Linq;
using Yavsc.Models;
using Yavsc.Abstract.Identity;
using Yavsc.Helpers;
namespace Yavsc.ApiControllers.accounting
{

23
src/Yavsc/AuthorizationHandlers/AnnouceEditHandler.cs
View File

@ -1,23 +0,0 @@
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.Interfaces;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class AnnouceEditHandler : AuthorizationHandler<EditRequirement, IOwned>
{
protected override void Handle(AuthorizationContext context, EditRequirement requirement,
IOwned resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
if (resource.OwnerId == context.User.GetUserId())
context.Succeed(requirement);
}
}
}

21
src/Yavsc/AuthorizationHandlers/BillEditHandler.cs
View File

@ -1,21 +0,0 @@
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
using Billing;
public class BillEditHandler : AuthorizationHandler<EditRequirement, IBillable>
{
protected override void Handle(AuthorizationContext context, EditRequirement requirement, IBillable resource)
{
if (context.User.IsInRole("FrontOffice"))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.ClientId == context.User.GetUserId())
context.Succeed(requirement);
}
}
}

23
src/Yavsc/AuthorizationHandlers/BillViewHandlers.cs
View File

@ -1,23 +0,0 @@
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
using Billing;
public class BillViewHandler : AuthorizationHandler<ViewRequirement, IBillable>
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, IBillable resource)
{
if (context.User.IsInRole("FrontOffice"))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.ClientId == context.User.GetUserId())
context.Succeed(requirement);
else if (resource.PerformerId == context.User.GetUserId())
context.Succeed(requirement);
}
}
}

20
src/Yavsc/AuthorizationHandlers/BlogEditHandler.cs
View File

@ -1,20 +0,0 @@
using Microsoft.AspNet.Authorization;
using System.Security.Claims;
using Yavsc.Models.Blog;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class BlogEditHandler : AuthorizationHandler<EditRequirement, BlogPost>
{
protected override void Handle(AuthorizationContext context, EditRequirement requirement, BlogPost resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
}
}
}

35
src/Yavsc/AuthorizationHandlers/BlogViewHandler.cs
View File

@ -1,35 +0,0 @@
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.Models.Blog;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class BlogViewHandler : AuthorizationHandler<ViewRequirement, BlogPost>
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, BlogPost resource)
{
bool ok=false;
if (resource.Visible) {
if (resource.ACL==null)
ok=true;
else if (resource.ACL.Count==0) ok=true;
else {
if (context.User.IsSignedIn()) {
var uid = context.User.GetUserId();
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
ok=true;
}
}
}
if (ok) context.Succeed(requirement);
else {
if (context.User.IsInRole(Constants.AdminGroupName) ||
context.User.IsInRole(Constants.BlogModeratorGroupName))
context.Succeed(requirement);
else context.Fail();
}
}
}
}

18
src/Yavsc/AuthorizationHandlers/HasBadgeHandler.cs
View File

@ -1,18 +0,0 @@
using Microsoft.AspNet.Authorization;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class HasBadgeHandler : AuthorizationHandler<PrivateChatEntryRequirement>
{
protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "BadgeNumber" &&
c.Issuer == Startup.Authority))
{
return;
}
context.Succeed(requirement);
}
}
}

28
src/Yavsc/AuthorizationHandlers/HasTemporaryPassHandler.cs
View File

@ -1,28 +0,0 @@
using System;
using Microsoft.AspNet.Authorization;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class HasTemporaryPassHandler : AuthorizationHandler<PrivateChatEntryRequirement>
{
protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "TemporaryBadgeExpiry" &&
c.Issuer == Startup.Authority))
{
return;
}
var temporaryBadgeExpiry =
Convert.ToDateTime(context.User.FindFirst(
c => c.Type == "TemporaryBadgeExpiry" &&
c.Issuer == Startup.Authority).Value);
if (temporaryBadgeExpiry > DateTime.Now)
{
context.Succeed(requirement);
}
}
}
}

18
src/Yavsc/AuthorizationHandlers/ManageGitHookHandler.cs
View File

@ -1,18 +0,0 @@
using Microsoft.AspNet.Authorization;
using Yavsc.Server.Models.IT.SourceCode;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class ManageGitHookHandler: AuthorizationHandler<EditRequirement, GitRepositoryReference>
{
protected override void Handle(AuthorizationContext context, EditRequirement requirement, GitRepositoryReference resource)
{
if (context.User.IsInRole("FrontOffice"))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
context.Succeed(requirement);
}
}
}

22
src/Yavsc/AuthorizationHandlers/PostUserFileHandler.cs
View File

@ -1,22 +0,0 @@
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class PostUserFileHandler : AuthorizationHandler<EditRequirement, FileSpotInfo>
{
protected override void Handle(AuthorizationContext context, EditRequirement requirement, FileSpotInfo resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
if (!context.User.Identity.IsAuthenticated)
context.Fail();
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
else context.Fail();
}
}
}

34
src/Yavsc/AuthorizationHandlers/SendMessageHandler.cs
View File

@ -1,34 +0,0 @@
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.Models;
using Yavsc.ViewModels.Auth;
using System.Linq;
namespace Yavsc.AuthorizationHandlers
{
public class SendMessageHandler : AuthorizationHandler<PrivateChatEntryRequirement, string>
{
readonly ApplicationDbContext _dbContext ;
public SendMessageHandler(ApplicationDbContext dbContext)
{
_dbContext = dbContext;
}
protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement, string destUserId)
{
var uid = context.User.GetUserId();
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
else if (!context.User.Identity.IsAuthenticated)
context.Fail();
else if (destUserId == uid)
context.Succeed(requirement);
else if (_dbContext.Ban.Any(b=>b.TargetId == uid)) context.Fail();
else if (_dbContext.BlackListed.Any(b=>b.OwnerId == destUserId && b.UserId == uid)) context.Fail();
else context.Succeed(requirement);
}
}
}

38
src/Yavsc/AuthorizationHandlers/ViewFileHandler.cs
View File

@ -1,38 +0,0 @@
using Microsoft.AspNet.Authorization;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using Yavsc.Services;
using Yavsc.ViewModels.Auth;
namespace Yavsc.AuthorizationHandlers
{
public class ViewFileHandler : AuthorizationHandler<ViewRequirement, ViewFileContext>
{
readonly IFileSystemAuthManager _authManager;
private readonly ILogger _logger;
public ViewFileHandler(IFileSystemAuthManager authManager, ILoggerFactory logFactory)
{
_authManager = authManager;
_logger = logFactory.CreateLogger<ViewFileHandler>();
}
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext)
{
var rights = _authManager.GetFilePathAccess(context.User, fileContext.File);
_logger.LogInformation("Got access value : " + rights);
if ((rights & FileAccessRight.Read) > 0)
{
_logger.LogInformation("Allowing access");
context.Succeed(requirement);
}
else
{
_logger.LogInformation("Denying access");
context.Fail();
}
}
}
}

47
src/Yavsc/AuthorizationServer/GoogleExtensions.cs
View File

@ -1,47 +0,0 @@
using System;
using Microsoft.AspNet.Builder;
namespace Yavsc.Auth
{
/// <summary>
/// Extension methods to add Google authentication capabilities to an HTTP application pipeline.
/// </summary>
public static class GoogleAppBuilderExtensions
{
/// <summary>
/// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return app.UseMiddleware<GoogleMiddleware>();
}
/// <summary>
/// Adds the <see cref="GoogleMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Google authentication capabilities.
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
/// <param name="options">A <see cref="YavscGoogleOptions"/> that specifies options for the middleware.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public static IApplicationBuilder UseGoogleAuthentication(this IApplicationBuilder app, YavscGoogleOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return app.UseMiddleware<GoogleMiddleware>(options);
}
}
}

141
src/Yavsc/AuthorizationServer/GoogleHandler.cs
View File

@ -1,141 +0,0 @@
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Extensions.Logging;
using Newtonsoft.Json.Linq;
namespace Yavsc.Auth
{
internal class GoogleHandler : OAuthHandler<YavscGoogleOptions>
{
private readonly ILogger _logger;
public GoogleHandler(HttpClient httpClient,ILogger logger)
: base(httpClient)
{
_logger = logger;
}
protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity,
AuthenticationProperties properties, OAuthTokenResponse tokens
)
{
_logger.LogInformation("Getting user info from Google ...");
// Get the Google user
var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
response.EnsureSuccessStatusCode();
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
var identifier = GoogleHelper.GetId(payload);
var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
var context = new GoogleOAuthCreatingTicketContext(Context, Options, Backchannel, tokens, ticket, identifier);
if (!string.IsNullOrEmpty(identifier))
{
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var givenName = GoogleHelper.GetGivenName(payload);
if (!string.IsNullOrEmpty(givenName))
{
identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var familyName = GoogleHelper.GetFamilyName(payload);
if (!string.IsNullOrEmpty(familyName))
{
identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var name = GoogleHelper.GetName(payload);
if (!string.IsNullOrEmpty(name))
{
identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var email = GoogleHelper.GetEmail(payload);
if (!string.IsNullOrEmpty(email))
{
identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var profile = GoogleHelper.GetProfile(payload);
if (!string.IsNullOrEmpty(profile))
{
identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
}
await Options.Events.CreatingTicket(context);
return ticket;
}
protected override Task<OAuthTokenResponse> ExchangeCodeAsync(string code, string ruri)
{
var redirectUri = $"https://{Startup.Authority}{Options.CallbackPath}";
return base.ExchangeCodeAsync(code,redirectUri);
}
// TODO: Abstract this properties override pattern into the base class?
protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
{
var scope = FormatScope();
var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
{
{ "response_type", "code" },
{ "client_id", Options.ClientId }
};
// this runtime may not known this value,
// it should be get from config,
// And always be using a secure sheme ... since Google won't support anymore insecure ones.
_logger.LogInformation ($"Redirect uri was : {redirectUri}");
redirectUri = $"https://{Startup.Authority}{Options.CallbackPath}";
queryStrings.Add("redirect_uri", redirectUri);
_logger.LogInformation ($"Using redirect uri {redirectUri}");
AddQueryString(queryStrings, properties, "scope", scope);
AddQueryString(queryStrings, properties, "access_type", Options.AccessType);
AddQueryString(queryStrings, properties, "approval_prompt");
AddQueryString(queryStrings, properties, "login_hint");
var state = Options.StateDataFormat.Protect(properties);
queryStrings.Add("state", state);
var authorizationEndpoint = QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, queryStrings);
return authorizationEndpoint;
}
private static void AddQueryString(IDictionary<string, string> queryStrings, AuthenticationProperties properties,
string name, string defaultValue = null)
{
string value;
if (!properties.Items.TryGetValue(name, out value))
{
value = defaultValue;
}
else
{
// Remove the parameter from AuthenticationProperties so it won't be serialized to state parameter
properties.Items.Remove(name);
}
queryStrings[name] = value;
}
}
}

144
src/Yavsc/AuthorizationServer/GoogleHelper.cs
View File

@ -1,144 +0,0 @@
using System;
using Newtonsoft.Json.Linq;
/// <summary>
/// Contains static methods that allow to extract user's information from a <see cref="JObject"/>
/// instance retrieved from Google after a successful authentication process.
/// </summary>
public static class GoogleHelper
{
/// <summary>
/// Gets the Google user ID.
/// </summary>
public static string GetId(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return user.Value<string>("id");
}
/// <summary>
/// Gets the user's name.
/// </summary>
public static string GetName(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return user.Value<string>("displayName");
}
/// <summary>
/// Gets the user's given name.
/// </summary>
public static string GetGivenName(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return TryGetValue(user, "name", "givenName");
}
/// <summary>
/// Gets the user's family name.
/// </summary>
public static string GetFamilyName(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return TryGetValue(user, "name", "familyName");
}
/// <summary>
/// Gets the user's profile link.
/// </summary>
public static string GetProfile(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return user.Value<string>("url");
}
/// <summary>
/// Gets the user's email.
/// </summary>
public static string GetEmail(JObject user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
return TryGetFirstValue(user, "emails", "value");
}
// Get the given subProperty from a property.
private static string TryGetValue(JObject user, string propertyName, string subProperty)
{
JToken value;
if (user.TryGetValue(propertyName, out value))
{
var subObject = JObject.Parse(value.ToString());
if (subObject != null && subObject.TryGetValue(subProperty, out value))
{
return value.ToString();
}
}
return null;
}
#if GoogleApisAuthOAuth2
public static ServiceAccountCredential GetGoogleApiCredentials (string[] scopes)
{
String serviceAccountEmail = "SERVICE_ACCOUNT_EMAIL_HERE";
string private_key = Startup.GoogleSettings.Account.private_key;
string secret = Startup.GoogleSettings.ClientSecret;
var certificate = new X509Certificate2(@"key.p12", secret, X509KeyStorageFlags.Exportable);
return new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = scopes
}.FromCertificate(certificate));
}
#endif
// Get the given subProperty from a list property.
private static string TryGetFirstValue(JObject user, string propertyName, string subProperty)
{
JToken value;
if (user.TryGetValue(propertyName, out value))
{
var array = JArray.Parse(value.ToString());
if (array != null && array.Count > 0)
{
var subObject = JObject.Parse(array.First.ToString());
if (subObject != null)
{
if (subObject.TryGetValue(subProperty, out value))
{
return value.ToString();
}
}
}
}
return null;
}
}

74
src/Yavsc/AuthorizationServer/GoogleMiddleWare.cs
View File

@ -1,74 +0,0 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
using System;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.DataProtection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.WebEncoders;
namespace Yavsc.Auth
{
/// <summary>
/// An ASP.NET Core middleware for authenticating users using Google OAuth 2.0.
/// </summary>
public class GoogleMiddleware : OAuthMiddleware<YavscGoogleOptions>
{
private readonly ILogger _logger;
/// <summary>
/// Initializes a new <see cref="GoogleMiddleware"/>.
/// </summary>
/// <param name="next">The next middleware in the HTTP pipeline to invoke.</param>
/// <param name="dataProtectionProvider"></param>
/// <param name="loggerFactory"></param>
/// <param name="encoder"></param>
/// <param name="sharedOptions"></param>
/// <param name="options">Configuration options for the middleware.</param>
public GoogleMiddleware(
RequestDelegate next,
IDataProtectionProvider dataProtectionProvider,
ILoggerFactory loggerFactory,
UrlEncoder encoder,
IOptions<SharedAuthenticationOptions> sharedOptions,
YavscGoogleOptions options)
: base(next, dataProtectionProvider, loggerFactory, encoder, sharedOptions, options)
{
if (dataProtectionProvider == null)
{
throw new ArgumentNullException(nameof(dataProtectionProvider));
}
if (loggerFactory == null)
{
throw new ArgumentNullException(nameof(loggerFactory));
}
_logger = loggerFactory.CreateLogger<GoogleMiddleware>();
if (encoder == null)
{
throw new ArgumentNullException(nameof(encoder));
}
if (sharedOptions == null)
{
throw new ArgumentNullException(nameof(sharedOptions));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
}
protected override AuthenticationHandler<YavscGoogleOptions> CreateHandler()
{
return new GoogleHandler(Backchannel,_logger);
}
}
}

28
src/Yavsc/AuthorizationServer/GoogleOAuthCreatingTicket.cs
View File

@ -1,28 +0,0 @@
using System.Net.Http;
using Microsoft.AspNet.Authentication;
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http;
namespace Yavsc.Auth {
public class GoogleOAuthCreatingTicketContext : OAuthCreatingTicketContext {
public GoogleOAuthCreatingTicketContext(HttpContext context, OAuthOptions options,
HttpClient backchannel, OAuthTokenResponse tokens, AuthenticationTicket ticket, string googleUserId )
: base( context, options, backchannel, tokens )
{
_ticket = ticket;
_googleUserId = googleUserId;
Principal = ticket.Principal;
}
readonly AuthenticationTicket _ticket;
readonly string _googleUserId;
public AuthenticationTicket Ticket { get { return _ticket; } }
public string GoogleUserId { get { return _googleUserId; } }
}
}

46
src/Yavsc/AuthorizationServer/GoogleOptions.cs
View File

@ -1,46 +0,0 @@
using Microsoft.AspNet.Authentication.OAuth;
using Microsoft.AspNet.Http;
namespace Yavsc.Auth
{
public static class YavscGoogleDefaults
{
public const string AuthenticationScheme = "Google";
public static readonly string AuthorizationEndpoint = "https://accounts.google.com/o/oauth2/auth";
public static readonly string TokenEndpoint = "https://www.googleapis.com/oauth2/v3/token";
public static readonly string UserInformationEndpoint = "https://www.googleapis.com/plus/v1/people/me";
}
/// <summary>
/// Configuration options for <see cref="GoogleMiddleware"/>.
/// </summary>
public class YavscGoogleOptions : OAuthOptions
{
/// <summary>
/// Initializes a new <see cref="YavscGoogleOptions"/>.
/// </summary>
public YavscGoogleOptions()
{
AuthenticationScheme = YavscGoogleDefaults.AuthenticationScheme;
DisplayName = AuthenticationScheme;
CallbackPath = new PathString("/signin-google");
AuthorizationEndpoint = YavscGoogleDefaults.AuthorizationEndpoint;
TokenEndpoint = YavscGoogleDefaults.TokenEndpoint;
UserInformationEndpoint = YavscGoogleDefaults.UserInformationEndpoint;
Scope.Add("openid");
Scope.Add("profile");
Scope.Add("email");
}
/// <summary>
/// access_type. Set to 'offline' to request a refresh token.
/// </summary>
public string AccessType { get; set; }
}
}

40
src/Yavsc/AuthorizationServer/MonoJwtSecurityTokenHandler.cs
View File

@ -1,40 +0,0 @@
using System;
using System.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
namespace Yavsc.Auth
{
public class MonoJwtSecurityTokenHandler : JwtSecurityTokenHandler
{
public MonoJwtSecurityTokenHandler()
{
}
public override JwtSecurityToken CreateToken(
string issuer,
string audience, ClaimsIdentity subject,
DateTime? notBefore, DateTime? expires, DateTime? issuedAt,
SigningCredentials signingCredentials
)
{
SecurityTokenDescriptor tokenDescriptor = new SecurityTokenDescriptor
{
Audience = audience,
Claims = subject.Claims,
Expires = expires,
IssuedAt = issuedAt,
Issuer = issuer,
NotBefore = notBefore,
SigningCredentials = signingCredentials
};
var token = base.CreateToken(tokenDescriptor);
return token as JwtSecurityToken;
}
}
}

101
src/Yavsc/AuthorizationServer/RSAKeyUtils.cs
View File

@ -1,101 +0,0 @@
using System.IO;
using System.Security.Cryptography;
using Newtonsoft.Json;
namespace Yavsc
{
public class RSAKeyUtils
{
public static RSAParameters GetRandomKey()
{
using (var rsa = new RSACryptoServiceProvider(2048))
{
try
{
return rsa.ExportParameters(true);
}
finally
{
rsa.PersistKeyInCsp = false;
}
}
}
public static RSAParameters GenerateKeyAndSave(string file)
{
var p = GetRandomKey();
RSAParametersWithPrivate t = new RSAParametersWithPrivate();
t.SetParameters(p);
File.WriteAllText(file, JsonConvert.SerializeObject(t));
return p;
}
/// <summary>
/// This expects a file in the format:
/// {
/// "Modulus": "z7eXmrs9z3Xm7VXwYIdziDYzXGfi3XQiozIRa58m3ApeLVDcsDeq6Iv8C5zJ2DHydDyc0x6o5dtTRIb23r5/ZRj4I/UwbgrwMk5iHA0bVsXVPBDSWsrVcPDGafr6YbUNQnNWIF8xOqgpeTwxrqGiCJMUjuKyUx01PBzpBxjpnQ++Ryz6Y7MLqKHxBkDiOw5wk9cxO8/IMspSNJJosOtRXFTR74+bj+pvNBa8IJ+5Jf/UfJEEjk+qC+pohCAryRk0ziXcPdxXEv5KGT4zf3LdtHy1YwsaGLnTb62vgbdqqCJaVyHWOoXsDTQBLjxNl9o9CzP6CrfBGK6JV8pA/xfQlw==",
/// "Exponent": "AQAB",
/// "P": "+VsETS2exORYlg2CxaRMzyG60dTfHSuv0CsfmO3PFv8mcYxglGa6bUV5VGtB6Pd1HdtV/iau1WR/hYXQphCP99Pu803NZvFvVi34alTFbh0LMfZ+2iQ9toGzVfO8Qdbj7go4TWoHNzCpG4UCx/9wicVIWJsNzkppSEcXYigADMM=",
/// "Q": "1UCJ2WAHasiCdwJtV2Ep0VCK3Z4rVFLWg3q1v5OoOU1CkX5/QAcrr6bX6zOdHR1bDCPsH1n1E9cCMvwakgi9M4Ch0dYF5CxDKtlx+IGsZJL0gB6HhcEsHat+yXUtOAlS4YB82G1hZqiDw+Q0O8LGyu/gLDPB+bn0HmbkUC2kP50=",
/// "DP": "CBqvLxr2eAu73VSfFXFblbfQ7JTwk3AiDK/6HOxNuL+eLj6TvP8BvB9v7BB4WewBAHFqgBIdyI21n09UErGjHDjlIT88F8ZtCe4AjuQmboe/H2aVhN18q/vXKkn7qmAjlE78uXdiuKZ6OIzAJGPm8nNZAJg5gKTmexTka6pFJiU=",
/// "DQ": "ND6zhwX3yzmEfROjJh0v2ZAZ9WGiy+3fkCaoEF9kf2VmQa70DgOzuDzv+TeT7mYawEasuqGXYVzztPn+qHhrogqJmpcMqnINopnTSka6rYkzTZAtM5+35yz0yvZiNbBTFdwcuglSK4xte7iU828stNs/2JR1mXDtVeVvWhVUgCE=",
/// "InverseQ": "Heo0BHv685rvWreFcI5MXSy3AN0Zs0YbwAYtZZd1K/OzFdYVdOnqw+Dg3wGU9yFD7h4icJFwZUBGOZ0ww/gZX/5ZgJK35/YY/DeV+qfZmywKauUzC6+DPsrDdW1uf1eAety6/huRZTduBFTwIOlPdZ+PY49j6S38DjPFNImn0cU=",
/// "D": "IvjMI5cGzxkQqkDf2cC0aOiHOTWccqCM/GD/odkH1+A+/u4wWdLliYWYB/R731R5d6yE0t7EnP6SRGVcxx/XnxPXI2ayorRgwHeF+ScTxUZFonlKkVK5IOzI2ysQYMb01o1IoOamCTQq12iVDMvV1g+9VFlCoM+4GMjdSv6cxn6ELabuD4nWt8tCskPjECThO+WdrknbUTppb2rRgMvNKfsPuF0H7+g+WisbzVS+UVRvJe3U5O5X5j7Z82Uq6hw2NCwv2YhQZRo/XisFZI7yZe0OU2JkXyNG3NCk8CgsM9yqX8Sk5esXMZdJzjwXtEpbR7FiKZXiz9LhPSmzxz/VsQ=="
/// }
///
/// Generate
/// </summary>
/// <param name="file"></param>
/// <returns></returns>
public static RSAParameters GetKeyParameters(string file)
{
if (!File.Exists(file)) throw new FileNotFoundException("Check configuration - cannot find auth key file: " + file);
var keyParams = JsonConvert.DeserializeObject<RSAParametersWithPrivate>(File.ReadAllText(file));
return keyParams.ToRSAParameters();
}
/// <summary>
/// Util class to allow restoring RSA parameters from JSON as the normal
/// RSA parameters class won't restore private key info.
/// </summary>
private class RSAParametersWithPrivate
{
public byte[] D { get; set; }
public byte[] DP { get; set; }
public byte[] DQ { get; set; }
public byte[] Exponent { get; set; }
public byte[] InverseQ { get; set; }
public byte[] Modulus { get; set; }
public byte[] P { get; set; }
public byte[] Q { get; set; }
public void SetParameters(RSAParameters p)
{
D = p.D;
DP = p.DP;
DQ = p.DQ;
Exponent = p.Exponent;
InverseQ = p.InverseQ;
Modulus = p.Modulus;
P = p.P;
Q = p.Q;
}
public RSAParameters ToRSAParameters()
{
return new RSAParameters()
{
D = this.D,
DP = this.DP,
DQ = this.DQ,
Exponent = this.Exponent,
InverseQ = this.InverseQ,
Modulus = this.Modulus,
P = this.P,
Q = this.Q
};
}
}
}
}

57
src/Yavsc/AuthorizationServer/RequiredScopesMiddleware.cs
View File

@ -1,57 +0,0 @@
using Microsoft.AspNet.Builder;
using Microsoft.AspNet.Http;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
namespace Api
{
public class RequiredScopesMiddleware
{
private readonly RequestDelegate _next;
private readonly IEnumerable<string> _requiredScopes;
public RequiredScopesMiddleware(RequestDelegate next, IList<string> requiredScopes)
{
_next = next;
_requiredScopes = requiredScopes;
}
public async Task Invoke(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
if (!ScopePresent(context.User))
{
context.Response.OnCompleted(Send403, context);
return;
}
}
await _next(context);
}
private bool ScopePresent(ClaimsPrincipal principal)
{
foreach (var scope in principal.FindAll("scope"))
{
if (_requiredScopes.Contains(scope.Value))
{
return true;
}
}
return false;
}
private Task Send403(object contextObject)
{
var context = contextObject as HttpContext;
context.Response.StatusCode = 403;
return Task.FromResult(0);
}
}
}

26
src/Yavsc/AuthorizationServer/TokenAuthOptions.cs
View File

@ -1,26 +0,0 @@
using System;
using System.IdentityModel.Tokens;
namespace Yavsc
{
[Obsolete("Use OAuth2AppSettings instead")]
public class TokenAuthOptions
{
/// <summary>
/// Public's identification
/// </summary>
/// <returns></returns>
public string Audience { get; set; }
/// <summary>
/// Identity authority
/// </summary>
/// <returns></returns>
public string Issuer { get; set; }
/// <summary>
/// Signin key and signature algotythm
/// </summary>
/// <returns></returns>
public SigningCredentials SigningCredentials { get; set; }
public int ExpiresIn { get; set; }
}
}

39
src/Yavsc/AuthorizationServer/UserTokenProvider.cs
View File

@ -1,39 +0,0 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNet.DataProtection;
using Microsoft.AspNet.Identity;
using Yavsc.Models;
using Yavsc.Server;
namespace Yavsc.Auth {
public class UserTokenProvider : Microsoft.AspNet.Identity.IUserTokenProvider<ApplicationUser>
{
public Task<bool> CanGenerateTwoFactorTokenAsync(UserManager<ApplicationUser> manager, ApplicationUser user)
{
return Task.FromResult(true);
}
public Task<string> GenerateAsync(string purpose, UserManager<ApplicationUser> manager, ApplicationUser user)
{
if ( user==null ) throw new InvalidOperationException("no user");
var por = new MonoDataProtector(ServerConstants.ApplicationName, new string[] { purpose } );
return Task.FromResult(por.Protect(UserStamp(user)));
}
public Task<bool> ValidateAsync(string purpose, string token, UserManager<ApplicationUser> manager, ApplicationUser user)
{
var por = new MonoDataProtector(ServerConstants.ApplicationName,new string[] { purpose } );
var userStamp = por.Unprotect(token);
Console.WriteLine ("Unprotected: "+userStamp);
string [] values = userStamp.Split(';');
return Task.FromResult ( user.Id == values[0] && user.Email == values[1] && user.UserName == values[2]);
}
public static string UserStamp(ApplicationUser user) {
return $"{user.Id};{user.Email};{user.UserName}";
}
}
}

23
src/Yavsc/AuthorizationServer/XmlEncryptor.cs
View File

@ -1,23 +0,0 @@
using System;
using System.Xml.Linq;
using Microsoft.AspNet.DataProtection.XmlEncryption;
namespace Yavsc.Auth {
public class MonoXmlEncryptor : IXmlEncryptor
{
public MonoXmlEncryptor ()
{
}
public EncryptedXmlInfo Encrypt(XElement plaintextElement)
{
var result = new EncryptedXmlInfo(plaintextElement,
typeof(MonoDataProtector));
return result;
}
}
}

57
src/Yavsc/Controllers/Accounting/AccountController.cs
View File

@ -1,27 +1,20 @@
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNet.Http;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Yavsc.Models;
using Yavsc.Services;
using Yavsc.ViewModels.Account;
using Microsoft.Extensions.Localization;
using Microsoft.Data.Entity;
using Newtonsoft.Json;
namespace Yavsc.Controllers
{
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Yavsc.Abstract.Manage;
using Yavsc.Auth;
using Yavsc.Helpers;
public class AccountController : Controller
@ -54,11 +47,6 @@ namespace Yavsc.Controllers
{
_userManager = userManager;
_signInManager = signInManager;
var emailUserTokenProvider = new UserTokenProvider();
_userManager.RegisterTokenProvider("EmailConfirmation", emailUserTokenProvider);
_userManager.RegisterTokenProvider("ResetPassword", emailUserTokenProvider);
// _userManager.RegisterTokenProvider("SMS",new UserTokenProvider());
// _userManager.RegisterTokenProvider("Phone", new UserTokenProvider());
_emailSender = emailSender;
_siteSettings = siteSettings.Value;
_twilioSettings = twilioSettings.Value;
@ -86,7 +74,7 @@ namespace Yavsc.Controllers
var toShow = users.Skip(shown).Take(pageLen);
ViewBag.page = pageNum;
ViewBag.hasNext = await users.CountAsync() > (toShow.Count() + shown);
ViewBag.hasNext = users.Count() > (toShow.Count() + shown);
ViewBag.nextpage = pageNum+1;
ViewBag.pageLen = pageLen;
// ApplicationUser user;
@ -122,7 +110,8 @@ namespace Yavsc.Controllers
[AllowAnonymous]
public ActionResult AccessDenied(string requestUrl = null)
{
ViewBag.UserIsSignedIn = User.IsSignedIn();
ViewBag.UserIsSignedIn = User.Identity.IsAuthenticated;
if (string.IsNullOrWhiteSpace(requestUrl))
if (string.IsNullOrWhiteSpace(Request.Headers["Referer"]))
requestUrl = "/";
@ -198,13 +187,7 @@ namespace Yavsc.Controllers
if (string.IsNullOrEmpty(model.Provider))
{
_logger.LogWarning("Provider not specified");
return HttpBadRequest();
}
if (!_signInManager.GetExternalAuthenticationSchemes().Any(x => x.AuthenticationScheme == model.Provider))
{
_logger.LogWarning($"Provider not found : {model.Provider}");
return HttpBadRequest();
return BadRequest();
}
// Instruct the middleware corresponding to the requested external identity
@ -217,7 +200,7 @@ namespace Yavsc.Controllers
if (string.IsNullOrEmpty(model.ReturnUrl))
{
_logger.LogWarning("ReturnUrl not specified");
return HttpBadRequest();
return BadRequest();
}
// Note: this still is not the redirect uri given to the third party provider, at building the challenge.
var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { model.ReturnUrl }, protocol:"https", host: Startup.Authority);
@ -364,7 +347,8 @@ namespace Yavsc.Controllers
}
// Sign in the user with this external login provider if the user already has a login.
info.ProviderDisplayName = info.ExternalPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;
throw new NotImplementedException();
// info.ProviderDisplayName = info.ExternalPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;
var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false);
if (result.Succeeded)
@ -392,9 +376,9 @@ namespace Yavsc.Controllers
// If the user does not have an account, then ask the user to create an account.
ViewData["ReturnUrl"] = returnUrl;
ViewData["LoginProvider"] = info.LoginProvider;
var email = info.ExternalPrincipal.FindFirstValue(ClaimTypes.Email);
var name = info.ExternalPrincipal.FindFirstValue(ClaimTypes.Name);
var avatar = info.ExternalPrincipal.FindFirstValue("urn:google:profile");
var email = info.AuthenticationProperties.GetParameter<string>(ClaimTypes.Email);
var name = info.AuthenticationProperties.GetParameter<string>(ClaimTypes.Name);
var avatar = info.AuthenticationProperties.GetParameter<string>("urn:google:profile");
/* var phone = info.ExternalPrincipal.FindFirstValue(ClaimTypes.HomePhone);
var mobile = info.ExternalPrincipal.FindFirstValue(ClaimTypes.MobilePhone);
var postalcode = info.ExternalPrincipal.FindFirstValue(ClaimTypes.PostalCode);
@ -403,9 +387,9 @@ namespace Yavsc.Controllers
foreach (var claim in info.ExternalPrincipal.Claims)
_logger.LogWarning("# {0} Claim: {1} {2}", info.LoginProvider, claim.Type, claim.Value);
*/
var access_token = info.ExternalPrincipal.FindFirstValue("access_token");
var token_type = info.ExternalPrincipal.FindFirstValue("token_type");
var expires_in = info.ExternalPrincipal.FindFirstValue("expires_in");
var access_token = info.AuthenticationProperties.GetParameter<string>("access_token");
var token_type = info.AuthenticationProperties.GetParameter<string>("token_type");
var expires_in = info.AuthenticationProperties.GetParameter<string>("expires_in");
return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel
{
@ -439,7 +423,8 @@ namespace Yavsc.Controllers
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
info.ProviderDisplayName = info.ExternalPrincipal.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;
throw new NotImplementedException();
// info.ProviderDisplayName = info.Claims.First(c => c.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")?.Value;
result = await _userManager.AddLoginAsync(user, info);
if (result.Succeeded)

44
src/Yavsc/Controllers/Accounting/ManageController.cs
View File

@ -1,27 +1,22 @@
using System.Linq;
using System.Threading.Tasks;
using System.Security.Claims;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Data.Entity;
using System;
using System.Collections.Generic;
using System.IO;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Localization;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Yavsc.Models.Workflow;
using Yavsc.Helpers;
using Yavsc.Models.Relationship;
using Yavsc.Models.Bank;
using Yavsc.ViewModels.Calendar;
using Yavsc.Models;
using Yavsc.Services;
using Yavsc.ViewModels.Manage;
namespace Yavsc.Controllers
{
using Yavsc.Helpers;
using Models.Relationship;
using Models.Bank;
using ViewModels.Calendar;
using Yavsc.Models;
using Yavsc.Services;
using Yavsc.ViewModels.Manage;
using System.IO;
public class ManageController : Controller
{
@ -298,7 +293,7 @@ namespace Yavsc.Controllers
public async Task<IActionResult> SetGoogleCalendar(string returnUrl, string pageToken)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var calendars = await _calendarManager.GetCalendarsAsync(pageToken);
return View(new SetGoogleCalendarViewModel {
@ -321,7 +316,7 @@ namespace Yavsc.Controllers
[HttpGet]
public async Task<IActionResult> AddBankInfo()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = await _dbContext.Users.Include(u=>u.BankInfo).SingleAsync(u=>u.Id==uid);
return View(user.BankInfo);
@ -333,7 +328,7 @@ namespace Yavsc.Controllers
if (ModelState.IsValid)
{
// TODO PostBankInfoRequirement & auth
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = _dbContext.Users.Include(u=>u.BankInfo)
.Single(u=>u.Id == uid);
@ -496,13 +491,12 @@ namespace Yavsc.Controllers
return View("Error");
}
var userLogins = await _userManager.GetLoginsAsync(user);
var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();
ViewData["ShowRemoveButton"] = user.PasswordHash != null || userLogins.Count > 1;
return View(new ManageLoginsViewModel
{
CurrentLogins = userLogins,
OtherLogins = otherLogins
CurrentLogins = userLogins
});
}
@ -720,7 +714,7 @@ namespace Yavsc.Controllers
[HttpGet]
public async Task <IActionResult> SetAddress()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = await _dbContext.Users.Include(u=>u.PostalAddress).SingleAsync(u=>u.Id==uid);
ViewBag.GoogleSettings = _googleSettings;
return View (user.PostalAddress ?? new Location());
@ -730,7 +724,7 @@ namespace Yavsc.Controllers
public async Task <IActionResult> SetAddress(Location model)
{
if (ModelState.IsValid) {
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = _dbContext.Users.Include(u=>u.PostalAddress).Single(u=>u.Id==uid);

148
src/Yavsc/Controllers/Accounting/OAuthController.cs
View File

@ -1,148 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.DataProtection.KeyManagement;
using Microsoft.AspNet.Http.Authentication;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.WebUtilities;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using Microsoft.Extensions.Primitives;
using OAuth.AspNet.AuthServer;
using Yavsc.Models;
using Yavsc.Models.Auth;
namespace Yavsc.Controllers
{
[AllowAnonymous]
public class OAuthController : Controller
{
readonly ILogger _logger;
public OAuthController(ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger<OAuthController>();
}
[HttpGet("~/api/getclaims"), Produces("application/json")]
public IActionResult GetClaims()
{
var identity = User.Identity as ClaimsIdentity;
var claims = from c in identity.Claims
select new
{
subject = c.Subject.Name,
type = c.Type,
value = c.Value
};
return Ok(claims);
}
[HttpGet(Constants.AuthorizePath),HttpPost(Constants.AuthorizePath)]
public async Task<ActionResult> Authorize()
{
if (Response.StatusCode != 200)
{
if (Request.Headers.Keys.Contains("Accept")) {
var accepted = Request.Headers["Accept"];
if (accepted.Contains("application/json"))
{
_logger.LogError("Invalid http status at authorisation");
return new BadRequestObjectResult(new { error = Response.StatusCode} );
}
}
return View("AuthorizeError");
}
AuthenticationManager authentication = Request.HttpContext.Authentication;
var appAuthSheme = Startup.IdentityAppOptions.Cookies.ApplicationCookieAuthenticationScheme;
ClaimsPrincipal principal = await authentication.AuthenticateAsync(appAuthSheme);
if (principal == null)
{
await authentication.ChallengeAsync(appAuthSheme);
if (Response.StatusCode == 200)
return new HttpUnauthorizedResult();
return new HttpStatusCodeResult(Response.StatusCode);
}
string[] scopes = { };
string redirect_uri=null;
IDictionary<string,StringValues> queryStringComponents = null;
if (Request.QueryString.HasValue)
{
queryStringComponents = QueryHelpers.ParseQuery(Request.QueryString.Value);
if (queryStringComponents.ContainsKey("scope"))
scopes = ((string)queryStringComponents["scope"]).Split(' ');
if (queryStringComponents.ContainsKey("redirect_uri"))
redirect_uri = queryStringComponents["redirect_uri"];
}
var username = User.GetUserName();
var model = new AuthorisationView {
Scopes = (Constants.SiteScopes.Where(s=> scopes.Contains(s.Id))).ToArray(),
Message = $"Bienvenue {username}."
} ;
if (Request.Method == "POST")
{
if (!string.IsNullOrEmpty(Request.Form["submit.Grant"]))
{
principal = new ClaimsPrincipal(principal.Identities);
ClaimsIdentity primaryIdentity = (ClaimsIdentity)principal.Identity;
foreach (var scope in scopes)
{
primaryIdentity.AddClaim(new Claim("urn:oauth:scope", scope));
}
await authentication.SignInAsync(OAuthDefaults.AuthenticationType, principal);
}
if (!string.IsNullOrEmpty(Request.Form["submit.Deny"]))
{
await authentication.SignOutAsync(appAuthSheme);
if (redirect_uri!=null)
return Redirect(redirect_uri+"?error=scope-denied");
return Redirect("/");
}
if (!string.IsNullOrEmpty(Request.Form["submit.Login"]))
{
await authentication.SignOutAsync(appAuthSheme);
await authentication.ChallengeAsync(appAuthSheme);
return new HttpUnauthorizedResult();
}
}
if (Request.Headers.Keys.Contains("Accept")) {
var accepted = Request.Headers["Accept"];
if (accepted.Contains("application/json"))
{
_logger.LogInformation("serving available scopes");
return Ok(model);
}
}
return View(model);
}
[HttpGet("~/oauth/success")]
public IActionResult NativeAuthSuccess ()
{
return RedirectToAction("Index","Home");
}
}
}

20
src/Yavsc/Controllers/Accounting/UsersController.cs
View File

@ -1,8 +1,8 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
namespace Yavsc.Controllers
@ -29,13 +29,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ApplicationUser applicationUser = await _context.ApplicationUser.SingleAsync(m => m.Id == id);
if (applicationUser == null)
{
return HttpNotFound();
return NotFound();
}
return View(applicationUser);
@ -68,13 +68,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ApplicationUser applicationUser = await _context.ApplicationUser.SingleAsync(m => m.Id == id);
if (applicationUser == null)
{
return HttpNotFound();
return NotFound();
}
ViewData["PostalAddressId"] = new SelectList(_context.Locations, "Id", "PostalAddress", applicationUser.PostalAddressId);
return View(applicationUser);
@ -101,13 +101,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ApplicationUser applicationUser = await _context.ApplicationUser.SingleAsync(m => m.Id == id);
if (applicationUser == null)
{
return HttpNotFound();
return NotFound();
}
return View(applicationUser);

51
src/Yavsc/Controllers/Administration/AdministrationController.cs
View File

@ -1,14 +1,11 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Abstract.Identity;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.ViewModels;
using Yavsc.ViewModels.Administration;
@ -75,7 +72,7 @@ namespace Yavsc.Controllers
return Ok(new { message = "you already got it." });
}
return HttpNotFound();
return NotFound();
}
var user = await _userManager.FindByIdAsync(User.GetUserId());
@ -105,12 +102,10 @@ namespace Yavsc.Controllers
var youAreAdmin = await _userManager.IsInRoleAsync(
await _userManager.FindByIdAsync(User.GetUserId()),
Constants.AdminGroupName);
var roles = _roleManager.Roles.Include(
x => x.Users
).Select(x => new RoleInfo {
throw new NotImplementedException();
var roles = _roleManager.Roles.Select(x => new RoleInfo {
Id = x.Id,
Name = x.Name,
Users = x.Users.Select(u=>u.UserId).ToArray()
Name = x.Name
});
var assembly = GetType().Assembly;
ViewBag.ThisAssembly = assembly.FullName;
@ -125,26 +120,6 @@ namespace Yavsc.Controllers
});
}
public IActionResult Role(string id)
{
IdentityRole role = _roleManager.Roles
.Include(r=>r.Users).FirstOrDefault
( r=> r.Id == id );
var ri = GetRoleUserCollection(role);
return View("Role",ri);
}
public RoleUserCollection GetRoleUserCollection(IdentityRole role)
{
var result = new RoleUserCollection {
Id = role.Id,
Name = role.Name,
Users = _dbContext.Users.Where(u=>role.Users.Any(ru => u.Id == ru.UserId))
.Select( u => new UserInfo { UserName = u.UserName, Avatar = u.Avatar, UserId = u.Id } )
.ToArray()
};
return result;
}
[Authorize("AdministratorOnly")]
public IActionResult Enroll(string roleName)
@ -160,7 +135,7 @@ namespace Yavsc.Controllers
if (ModelState.IsValid)
{
var newAdmin = await _dbContext.Users.FirstOrDefaultAsync(u=>u.Id==model.EnroledUserId);
if (newAdmin==null) return HttpNotFound();
if (newAdmin==null) return NotFound();
var addToRoleResult = await _userManager.AddToRoleAsync(newAdmin, model.RoleName);
if (addToRoleResult.Succeeded)
{
@ -176,7 +151,7 @@ namespace Yavsc.Controllers
public async Task<IActionResult> Fire(string roleName, string userId)
{
var user = await _dbContext.Users.FirstOrDefaultAsync(u=>u.Id==userId);
if (user == null) return HttpNotFound();
if (user == null) return NotFound();
return View(new FireViewModel{ RoleName = roleName, EnroledUserId = userId, EnroledUserName = user.UserName });
}
@ -188,7 +163,7 @@ namespace Yavsc.Controllers
if (ModelState.IsValid)
{
var oldEnroled = await _dbContext.Users.FirstOrDefaultAsync(u=>u.Id==model.EnroledUserId);
if (oldEnroled==null) return HttpNotFound();
if (oldEnroled==null) return NotFound();
var removeFromRole = await _userManager.RemoveFromRoleAsync(oldEnroled, model.RoleName);
if (removeFromRole.Succeeded)
{

29
src/Yavsc/Controllers/Administration/MailingTemplateController.cs
View File

@ -1,18 +1,13 @@
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using System.Security.Claims;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Yavsc.Models;
using Yavsc.Models.Calendar;
using Yavsc.Server.Models.EMailing;
using Microsoft.AspNet.Authorization;
using Yavsc.Templates;
using System.Linq;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Authorization;
using Yavsc.Server.Settings;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
namespace Yavsc.Controllers
{
@ -42,13 +37,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MailingTemplate mailingTemplate = await _context.MailingTemplate.SingleAsync(m => m.Id == id);
if (mailingTemplate == null)
{
return HttpNotFound();
return NotFound();
}
return View(mailingTemplate);
@ -101,13 +96,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MailingTemplate mailingTemplate = await _context.MailingTemplate.SingleAsync(m => m.Id == id);
if (mailingTemplate == null)
{
return HttpNotFound();
return NotFound();
}
SetupViewBag();
return View(mailingTemplate);
@ -135,13 +130,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MailingTemplate mailingTemplate = await _context.MailingTemplate.SingleAsync(m => m.Id == id);
if (mailingTemplate == null)
{
return HttpNotFound();
return NotFound();
}
return View(mailingTemplate);

22
src/Yavsc/Controllers/Communicating/AnnouncesController.cs
View File

@ -1,13 +1,13 @@
using System.Threading.Tasks;
using Yavsc.ViewModels.Auth;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Models;
using Yavsc.Models.Messaging;
using Microsoft.Extensions.Localization;
using System.Collections.Generic;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
namespace Yavsc.Controllers
{
@ -37,13 +37,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Announce announce = await _context.Announce.SingleAsync(m => m.Id == id);
if (announce == null)
{
return HttpNotFound();
return NotFound();
}
return View(announce);
@ -60,7 +60,7 @@ namespace Yavsc.Controllers
{
ViewBag.IsAdmin = User.IsInRole(Constants.AdminGroupName);
ViewBag.IsPerformer = User.IsInRole(Constants.PerformerGroupName);
ViewBag.AllowEdit = announce==null || announce.Id<=0 || await _authorizationService.AuthorizeAsync(User,announce,new EditRequirement());
ViewBag.AllowEdit = announce==null || announce.Id<=0 || !_authorizationService.AuthorizeAsync(User,announce,new EditRequirement()).IsFaulted;
List<SelectListItem> dl = new List<SelectListItem>();
var rnames = System.Enum.GetNames(typeof(Reason));
var rvalues = System.Enum.GetValues(typeof(Reason));
@ -107,13 +107,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Announce announce = await _context.Announce.SingleAsync(m => m.Id == id);
if (announce == null)
{
return HttpNotFound();
return NotFound();
}
return View(announce);
}
@ -138,13 +138,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Announce announce = await _context.Announce.SingleAsync(m => m.Id == id);
if (announce == null)
{
return HttpNotFound();
return NotFound();
}
return View(announce);

46
src/Yavsc/Controllers/Communicating/BlogspotController.cs
View File

@ -2,18 +2,18 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Microsoft.AspNet.Authorization;
using Microsoft.Data.Entity;
using Microsoft.Extensions.OptionsModel;
using Microsoft.AspNetCore.Authorization;
using Yavsc.Models;
using Yavsc.ViewModels.Auth;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.AspNetCore.Mvc.Rendering;
using Yavsc.Models.Blog;
using Yavsc.Helpers;
using Microsoft.AspNet.Localization;
using Microsoft.AspNetCore.Localization;
using Microsoft.Extensions.Options;
using Microsoft.EntityFrameworkCore;
// For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860
@ -52,7 +52,7 @@ namespace Yavsc.Controllers
[AllowAnonymous]
public IActionResult Title(string id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
ViewData["Title"] = id;
return View("Title", _context.Blogspot.Include(
b => b.Author
@ -75,7 +75,7 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
BlogPost blog = _context.Blogspot
@ -86,9 +86,9 @@ namespace Yavsc.Controllers
.Single(m => m.Id == id);
if (blog == null)
{
return HttpNotFound();
return NotFound();
}
if (!await _authorizationService.AuthorizeAsync(User, blog, new ViewRequirement()))
if ( _authorizationService.AuthorizeAsync(User, blog, new ViewRequirement()).IsFaulted)
{
return new ChallengeResult();
}
@ -141,7 +141,7 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ViewData["PostTarget"]="Edit";
@ -150,9 +150,9 @@ namespace Yavsc.Controllers
if (blog == null)
{
return HttpNotFound();
return NotFound();
}
if (await _authorizationService.AuthorizeAsync(User, blog, new EditRequirement()))
if (!_authorizationService.AuthorizeAsync(User, blog, new EditRequirement()).IsFaulted)
{
ViewBag.ACL = _context.Circle.Where(
c=>c.OwnerId == blog.AuthorId)
@ -181,7 +181,7 @@ namespace Yavsc.Controllers
if (ModelState.IsValid)
{
var auth = _authorizationService.AuthorizeAsync(User, blog, new EditRequirement());
if (auth.Result)
if (!auth.IsFaulted)
{
// saves the change
_context.Update(blog);
@ -205,7 +205,7 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
BlogPost blog = _context.Blogspot.Include(
@ -213,7 +213,7 @@ namespace Yavsc.Controllers
).Single(m => m.Id == id);
if (blog == null)
{
return HttpNotFound();
return NotFound();
}
return View(blog);
@ -224,13 +224,11 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public IActionResult DeleteConfirmed(long id)
{
BlogPost blog = _context.Blogspot.Single(m => m.Id == id);
var auth = _authorizationService.AuthorizeAsync(User, blog, new EditRequirement());
if (auth.Result)
{
_context.Blogspot.Remove(blog);
_context.SaveChanges(User.GetUserId());
}
BlogPost blog = _context.Blogspot.Single(m => m.Id == id && m.GetOwnerId()== User.GetUserId());
_context.Blogspot.Remove(blog);
_context.SaveChanges(User.GetUserId());
return RedirectToAction("Index");
}
}

43
src/Yavsc/Controllers/Communicating/CircleController.cs
View File

@ -1,9 +1,8 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Relationship;
@ -29,16 +28,16 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != circle.OwnerId) return this.Unauthorized();
return View(circle);
}
@ -53,11 +52,11 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(Circle circle)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (ModelState.IsValid)
{
if (uid != circle.OwnerId)
return this.HttpUnauthorized();
return this.Unauthorized();
_context.Circle.Add(circle);
await _context.SaveChangesAsync(uid);
@ -71,18 +70,18 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != circle.OwnerId)
return this.HttpUnauthorized();
return Unauthorized();
return View(circle);
}
@ -94,8 +93,8 @@ namespace Yavsc.Controllers
if (ModelState.IsValid)
{
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != circle.OwnerId) return Unauthorized();
_context.Update(circle);
await _context.SaveChangesAsync(uid);
return RedirectToAction("Index");
@ -109,16 +108,16 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != circle.OwnerId) return Unauthorized();
return View(circle);
}
@ -129,8 +128,8 @@ namespace Yavsc.Controllers
public async Task<IActionResult> DeleteConfirmed(long id)
{
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (uid != circle.OwnerId) return Unauthorized();
_context.Circle.Remove(circle);
await _context.SaveChangesAsync(uid);
return RedirectToAction("Index");

28
src/Yavsc/Controllers/Communicating/CircleMembersController.cs
View File

@ -1,9 +1,9 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Relationship;
@ -21,7 +21,7 @@ namespace Yavsc.Controllers
// GET: CircleMembers
public async Task<IActionResult> Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var applicationDbContext = _context.CircleMembers.Include(c => c.Circle).Include(c => c.Member)
.Where(c=>c.Circle.OwnerId == uid);
return View(await applicationDbContext.ToListAsync());
@ -30,14 +30,14 @@ namespace Yavsc.Controllers
// GET: CircleMembers/Details/5
public async Task<IActionResult> Details(long id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
CircleMember circleMember = await _context.CircleMembers
.Include(m=>m.Circle)
.FirstOrDefaultAsync(c=>c.CircleId == id);
if (circleMember == null)
{
return HttpNotFound();
return NotFound();
}
return View(circleMember);
@ -46,7 +46,7 @@ namespace Yavsc.Controllers
// GET: CircleMembers/Create
public IActionResult Create()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
ViewBag.CircleId = new SelectList(_context.Circle.Where(c=>c.OwnerId == uid), "Id", "Name");
ViewBag.MemberId = new SelectList(_context.Users, "Id", "UserName");
return View();
@ -57,7 +57,7 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CircleMember circleMember)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var circle = _context.Circle.SingleOrDefault(c=>c.OwnerId == uid && c.Id == circleMember.CircleId);
if (circle==null)
return new BadRequestResult();
@ -76,13 +76,13 @@ namespace Yavsc.Controllers
// GET: CircleMembers/Edit/5
public async Task<IActionResult> Edit(long id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
CircleMember circleMember = await _context.CircleMembers
.Include(m=>m.Member)
.SingleOrDefaultAsync(m => m.CircleId == id && m.MemberId == uid);
if (circleMember == null)
{
return HttpNotFound();
return NotFound();
}
return View(circleMember);
}
@ -107,7 +107,7 @@ namespace Yavsc.Controllers
[ActionName("Delete")]
public async Task<IActionResult> Delete(long id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
CircleMember circleMember = await _context.CircleMembers
.Include(m=>m.Circle)
@ -115,7 +115,7 @@ namespace Yavsc.Controllers
.SingleOrDefaultAsync(m => m.CircleId == id && m.MemberId == uid);
if (circleMember == null)
{
return HttpNotFound();
return NotFound();
}
return View(circleMember);

22
src/Yavsc/Controllers/Communicating/CommentsController.cs
View File

@ -1,8 +1,8 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Blog;
@ -32,13 +32,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Comment comment = await _context.Comment.SingleAsync(m => m.Id == id);
if (comment == null)
{
return HttpNotFound();
return NotFound();
}
return View(comment);
@ -73,13 +73,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Comment comment = await _context.Comment.SingleAsync(m => m.Id == id);
if (comment == null)
{
return HttpNotFound();
return NotFound();
}
ViewData["PostId"] = new SelectList(_context.Blogspot, "Id", "Post", comment.PostId);
return View(comment);
@ -106,13 +106,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Comment comment = await _context.Comment.SingleAsync(m => m.Id == id);
if (comment == null)
{
return HttpNotFound();
return NotFound();
}
return View(comment);

18
src/Yavsc/Controllers/Communicating/DevicesController.cs
View File

@ -1,13 +1,11 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Security.Claims;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.Controllers
{
using Microsoft.EntityFrameworkCore;
using Models;
using Models.Identity;
public class DevicesController : Controller
@ -22,7 +20,7 @@ namespace Yavsc.Controllers
// GET: GCMDevices
public async Task<IActionResult> Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var applicationDbContext = _context.DeviceDeclaration.Include(g => g.DeviceOwner).Where(d=>d.DeviceOwnerId == uid);
return View(await applicationDbContext.ToListAsync());
@ -33,13 +31,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
DeviceDeclaration googleCloudMobileDeclaration = await _context.DeviceDeclaration.SingleAsync(m => m.DeviceId == id);
if (googleCloudMobileDeclaration == null)
{
return HttpNotFound();
return NotFound();
}
return View(googleCloudMobileDeclaration);
@ -51,13 +49,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
DeviceDeclaration googleCloudMobileDeclaration = await _context.DeviceDeclaration.SingleAsync(m => m.DeviceId == id);
if (googleCloudMobileDeclaration == null)
{
return HttpNotFound();
return NotFound();
}
return View(googleCloudMobileDeclaration);

21
src/Yavsc/Controllers/Communicating/HyperLinkController.cs
View File

@ -1,7 +1,6 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Relationship;
@ -28,13 +27,13 @@ namespace Yavsc.Controllers
{
if (href == null || method ==null)
{
return HttpNotFound();
return NotFound();
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == href && m.Method == method);
if (hyperLink == null)
{
return HttpNotFound();
return NotFound();
}
return View(hyperLink);
@ -65,13 +64,13 @@ namespace Yavsc.Controllers
{
if (href == null || method ==null)
{
return HttpNotFound();
return NotFound();
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == href && m.Method == method);
if (hyperLink == null)
{
return HttpNotFound();
return NotFound();
}
return View(hyperLink);
}
@ -96,14 +95,14 @@ namespace Yavsc.Controllers
{
if (href == null || method ==null)
{
return HttpNotFound();
return NotFound();
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == href && m.Method == method);
if (hyperLink == null)
{
return HttpNotFound();
return NotFound();
}
return View(hyperLink);
@ -116,7 +115,7 @@ namespace Yavsc.Controllers
{
if (HRef == null || Method ==null)
{
return HttpNotFound();
return NotFound();
}
HyperLink hyperLink = await _context.HyperLink.SingleAsync(m => m.HRef == HRef && m.Method == Method);

19
src/Yavsc/Controllers/Communicating/NotificationsController.cs
View File

@ -1,7 +1,6 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Messaging;
@ -27,13 +26,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Notification notification = await _context.Notification.SingleAsync(m => m.Id == id);
if (notification == null)
{
return HttpNotFound();
return NotFound();
}
return View(notification);
@ -64,13 +63,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Notification notification = await _context.Notification.SingleAsync(m => m.Id == id);
if (notification == null)
{
return HttpNotFound();
return NotFound();
}
return View(notification);
}
@ -95,13 +94,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Notification notification = await _context.Notification.SingleAsync(m => m.Id == id);
if (notification == null)
{
return HttpNotFound();
return NotFound();
}
return View(notification);

25
src/Yavsc/Controllers/Contracting/ActivityController.cs
View File

@ -1,17 +1,14 @@
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging;
namespace Yavsc.Controllers
{
using System.Security.Claims;
using Microsoft.EntityFrameworkCore;
using Models;
using Models.Workflow;
using Yavsc.Helpers;
[Authorize("AdministratorOnly")]
public class ActivityController : Controller
@ -105,13 +102,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Activity activity = _context.Activities.Single(m => m.Code == id);
if (activity == null)
{
return HttpNotFound();
return NotFound();
}
return View(activity);
@ -150,13 +147,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Activity activity = _context.Activities.Single(m => m.Code == id);
if (activity == null)
{
return HttpNotFound();
return NotFound();
}
ViewBag.ParentCode = GetEligibleParent(id);
SetSettingClasseInfo();
@ -187,13 +184,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Activity activity = _context.Activities.Single(m => m.Code == id);
if (activity == null)
{
return HttpNotFound();
return NotFound();
}
return View(activity);

23
src/Yavsc/Controllers/Contracting/ClientController.cs
View File

@ -1,12 +1,9 @@
using System;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Auth;
using System.Security.Claims;
namespace Yavsc.Controllers
{
@ -30,13 +27,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
return NotFound();
}
return View(client);
}
@ -81,13 +78,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
return NotFound();
}
SetAppTypesInputValues();
return View(client);
@ -113,13 +110,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Client client = await _context.Applications.SingleAsync(m => m.Id == id);
if (client == null)
{
return HttpNotFound();
return NotFound();
}
return View(client);

22
src/Yavsc/Controllers/Contracting/CoWorkingController.cs
View File

@ -1,9 +1,7 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Workflow;
@ -30,13 +28,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CoWorking coWorking = await _context.CoWorking.SingleAsync(m => m.Id == id);
if (coWorking == null)
{
return HttpNotFound();
return NotFound();
}
return View(coWorking);
@ -71,13 +69,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CoWorking coWorking = await _context.CoWorking.SingleAsync(m => m.Id == id);
if (coWorking == null)
{
return HttpNotFound();
return NotFound();
}
ViewData["PerformerId"] = new SelectList(_context.Performers, "PerformerId", "Performer", coWorking.PerformerId);
ViewData["WorkingForId"] = new SelectList(_context.Users, "Id", "WorkingFor", coWorking.WorkingForId);
@ -106,13 +104,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CoWorking coWorking = await _context.CoWorking.SingleAsync(m => m.Id == id);
if (coWorking == null)
{
return HttpNotFound();
return NotFound();
}
return View(coWorking);

32
src/Yavsc/Controllers/Contracting/CommandController.cs
View File

@ -1,18 +1,14 @@
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
namespace Yavsc.Controllers
{
using Helpers;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Models;
using Models.Google.Messaging;
using Models.Relationship;
@ -58,7 +54,7 @@ namespace Yavsc.Controllers
[Authorize]
public virtual async Task<IActionResult> Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
return View(await _context.RdvQueries
.Include(x => x.Client)
.Include(x => x.PerformerProfile)
@ -77,7 +73,7 @@ namespace Yavsc.Controllers
.SingleAsync(m => m.Id == id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
return View(command);
@ -105,7 +101,7 @@ namespace Yavsc.Controllers
x => x.PerformerId == proId
);
if (pro == null)
return HttpNotFound();
return NotFound();
ViewBag.Activity = _context.Activities.FirstOrDefault(a => a.Code == activityCode);
ViewBag.GoogleSettings = _googleSettings;
var userid = User.GetUserId();
@ -126,7 +122,7 @@ namespace Yavsc.Controllers
public async Task<IActionResult> Create(RdvQuery command)
{
// TODO validate BillingCode value
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var prid = command.PerformerId;
if (string.IsNullOrWhiteSpace(uid)
|| string.IsNullOrWhiteSpace(prid))
@ -156,7 +152,7 @@ namespace Yavsc.Controllers
command.Location = existingLocation;
}
else _context.Attach<Location>(command.Location);
_context.RdvQueries.Add(command, GraphBehavior.IncludeDependents);
_context.RdvQueries.Add(command);
_context.SaveChanges(User.GetUserId());
var yaev = command.CreateEvent("NewCommand");
@ -213,13 +209,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
RdvQuery command = _context.RdvQueries.Single(m => m.Id == id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
return View(command);
}
@ -244,13 +240,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
RdvQuery command = _context.RdvQueries.Single(m => m.Id == id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
return View(command);

22
src/Yavsc/Controllers/Contracting/CommandFormsController.cs
View File

@ -1,9 +1,7 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Workflow;
@ -30,13 +28,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CommandForm commandForm = await _context.CommandForm.SingleAsync(m => m.Id == id);
if (commandForm == null)
{
return HttpNotFound();
return NotFound();
}
return View(commandForm);
@ -73,13 +71,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CommandForm commandForm = await _context.CommandForm.SingleAsync(m => m.Id == id);
if (commandForm == null)
{
return HttpNotFound();
return NotFound();
}
SetViewBag(commandForm);
return View(commandForm);
@ -106,13 +104,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
CommandForm commandForm = await _context.CommandForm.SingleAsync(m => m.Id == id);
if (commandForm == null)
{
return HttpNotFound();
return NotFound();
}
return View(commandForm);

17
src/Yavsc/Controllers/Contracting/DjSettingsController.cs
View File

@ -1,6 +1,5 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Musical.Profiles;
@ -26,13 +25,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
DjSettings djSettings = await _context.DjSettings.SingleAsync(m => m.UserId == id);
if (djSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(djSettings);
@ -63,13 +62,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
DjSettings djSettings = await _context.DjSettings.SingleAsync(m => m.UserId == id);
if (djSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(djSettings);
}
@ -94,13 +93,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
DjSettings djSettings = await _context.DjSettings.SingleAsync(m => m.UserId == id);
if (djSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(djSettings);

24
src/Yavsc/Controllers/Contracting/DoController.cs
View File

@ -1,9 +1,7 @@
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
namespace Yavsc.Controllers
{
@ -13,6 +11,8 @@ namespace Yavsc.Controllers
using Yavsc.ViewModels.Workflow;
using Yavsc.Services;
using System.Threading.Tasks;
using Yavsc.Helpers;
using Microsoft.EntityFrameworkCore;
[Authorize]
public class DoController : Controller
@ -49,14 +49,14 @@ namespace Yavsc.Controllers
if (id == null || activityCode == null)
{
return HttpNotFound();
return NotFound();
}
UserActivity userActivity = dbContext.UserActivities.Include(m=>m.Does)
.Include(m=>m.User).Single(m => m.DoesCode == activityCode && m.UserId == id);
if (userActivity == null)
{
return HttpNotFound();
return NotFound();
}
bool hasConfigurableSettings = (userActivity.Does.SettingsClassName != null);
var settings = await billing.GetPerformerSettingsAsync(activityCode,id);
@ -88,7 +88,7 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public IActionResult Create(UserActivity userActivity)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (!User.IsInRole("Administrator"))
if (uid != userActivity.UserId)
ModelState.AddModelError("User","You're not admin.");
@ -110,7 +110,7 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
UserActivity userActivity = dbContext.UserActivities.Include(
@ -120,7 +120,7 @@ namespace Yavsc.Controllers
).Single(m => m.DoesCode == activityCode && m.UserId == id);
if (userActivity == null)
{
return HttpNotFound();
return NotFound();
}
ViewData["DoesCode"] = new SelectList(dbContext.Activities, "Code", "Does", userActivity.DoesCode);
ViewData["UserId"] = new SelectList(dbContext.Performers, "PerformerId", "User", userActivity.UserId);
@ -152,14 +152,14 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
UserActivity userActivity = dbContext.UserActivities.Single(m => m.UserId == id && m.DoesCode == activityCode);
if (userActivity == null)
{
return HttpNotFound();
return NotFound();
}
if (!User.IsInRole("Administrator"))
if (User.GetUserId() != userActivity.UserId)

43
src/Yavsc/Controllers/Contracting/EstimateController.cs
View File

@ -1,18 +1,13 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net.Mime;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.Extensions.OptionsModel;
using Yavsc.Helpers;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Helpers;
namespace Yavsc.Controllers
{
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Options;
using Models;
using Models.Billing;
using Models.Workflow;
@ -36,7 +31,7 @@ namespace Yavsc.Controllers
public IActionResult Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
return View(_context.Estimates.Include(e=>e.Query)
.Include(e=>e.Query.PerformerProfile)
.Include(e=>e.Query.PerformerProfile.Performer)
@ -49,10 +44,10 @@ namespace Yavsc.Controllers
// GET: Estimate/Details/5
public async Task<IActionResult> Details(long? id)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Estimate estimate = _context.Estimates
@ -66,9 +61,9 @@ namespace Yavsc.Controllers
.Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
return NotFound();
}
if (!await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()))
if (authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()).IsFaulted)
{
return new ChallengeResult();
}
@ -80,7 +75,7 @@ namespace Yavsc.Controllers
[Authorize]
public IActionResult Create()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
IQueryable<RdvQuery> queries = _context.RdvQueries.Include(q=>q.Location).Where(bq=>bq.PerformerId == uid);
//.Select(bq=>new SelectListItem{ Text = bq.Client.UserName, Value = bq.Client.Id });
ViewBag.Clients = queries.Select(q=>q.Client).Distinct();
@ -147,15 +142,15 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
Estimate estimate = _context.Estimates
.Where(e=>e.OwnerId==uid||e.ClientId==uid).Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
return NotFound();
}
ViewBag.Files = Yavsc.Helpers.FileSystemHelpers.GetFileName(null);
@ -170,9 +165,9 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public IActionResult Edit(Estimate estimate)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (estimate.OwnerId!=uid&&estimate.ClientId!=uid
) return new HttpNotFoundResult();
) return NotFound();
if (ModelState.IsValid)
{
_context.Update(estimate);
@ -188,15 +183,15 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
Estimate estimate = _context.Estimates
.Where(e=>e.OwnerId==uid||e.ClientId==uid) .Single(m => m.Id == id);
if (estimate == null)
{
return HttpNotFound();
return NotFound();
}
return View(estimate);

19
src/Yavsc/Controllers/Contracting/FormsController.cs
View File

@ -1,7 +1,6 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Forms;
@ -27,13 +26,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Form form = await _context.Form.SingleAsync(m => m.Id == id);
if (form == null)
{
return HttpNotFound();
return NotFound();
}
return View(form);
@ -64,13 +63,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Form form = await _context.Form.SingleAsync(m => m.Id == id);
if (form == null)
{
return HttpNotFound();
return NotFound();
}
return View(form);
}
@ -95,13 +94,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Form form = await _context.Form.SingleAsync(m => m.Id == id);
if (form == null)
{
return HttpNotFound();
return NotFound();
}
return View(form);

14
src/Yavsc/Controllers/Contracting/FrontOfficeController.cs
View File

@ -1,19 +1,15 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using System;
using System.Linq;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using System.Security.Claims;
namespace Yavsc.Controllers
{
using Helpers;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Localization;
using Models;
using ViewModels.FrontOffice;
using Yavsc.Abstract.FileSystem;
using Yavsc.Services;
public class FrontOfficeController : Controller
@ -38,7 +34,7 @@ namespace Yavsc.Controllers
}
public ActionResult Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var now = DateTime.Now;
var model = new FrontOfficeIndexViewModel

17
src/Yavsc/Controllers/Contracting/GeneralSettingsController.cs
View File

@ -1,6 +1,5 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Musical.Profiles;
@ -26,13 +25,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
GeneralSettings generalSettings = await _context.GeneralSettings.SingleAsync(m => m.UserId == id);
if (generalSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(generalSettings);
@ -63,13 +62,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
GeneralSettings generalSettings = await _context.GeneralSettings.SingleAsync(m => m.UserId == id);
if (generalSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(generalSettings);
}
@ -94,13 +93,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
GeneralSettings generalSettings = await _context.GeneralSettings.SingleAsync(m => m.UserId == id);
if (generalSettings == null)
{
return HttpNotFound();
return NotFound();
}
return View(generalSettings);

18
src/Yavsc/Controllers/Contracting/MusicalTendenciesController.cs
View File

@ -1,11 +1,11 @@
using System.Linq;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.Controllers
{
using System.Security.Claims;
using Models;
using Models.Musical;
using Yavsc.Helpers;
public class MusicalTendenciesController : Controller
{
private readonly ApplicationDbContext _context;
@ -26,13 +26,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MusicalTendency musicalTendency = _context.MusicalTendency.Single(m => m.Id == id);
if (musicalTendency == null)
{
return HttpNotFound();
return NotFound();
}
return View(musicalTendency);
@ -63,13 +63,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MusicalTendency musicalTendency = _context.MusicalTendency.Single(m => m.Id == id);
if (musicalTendency == null)
{
return HttpNotFound();
return NotFound();
}
return View(musicalTendency);
}
@ -94,13 +94,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
MusicalTendency musicalTendency = _context.MusicalTendency.Single(m => m.Id == id);
if (musicalTendency == null)
{
return HttpNotFound();
return NotFound();
}
return View(musicalTendency);

19
src/Yavsc/Controllers/Contracting/SIRENExceptionsController.cs
View File

@ -1,7 +1,6 @@
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Billing;
@ -28,13 +27,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ExceptionSIREN exceptionSIREN = _context.ExceptionsSIREN.Single(m => m.SIREN == id);
if (exceptionSIREN == null)
{
return HttpNotFound();
return NotFound();
}
return View(exceptionSIREN);
@ -65,13 +64,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ExceptionSIREN exceptionSIREN = _context.ExceptionsSIREN.Single(m => m.SIREN == id);
if (exceptionSIREN == null)
{
return HttpNotFound();
return NotFound();
}
return View(exceptionSIREN);
}
@ -96,13 +95,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
ExceptionSIREN exceptionSIREN = _context.ExceptionsSIREN.Single(m => m.SIREN == id);
if (exceptionSIREN == null)
{
return HttpNotFound();
return NotFound();
}
return View(exceptionSIREN);

2
src/Yavsc/Controllers/FileSystemController.cs
View File

@ -1,4 +1,4 @@
using Microsoft.AspNet.Mvc;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using Yavsc.Helpers;

15
src/Yavsc/Controllers/Generic/SettingsController.cs
View File

@ -1,13 +1,12 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Yavsc.Controllers.Generic
{
using System.Linq;
using Microsoft.EntityFrameworkCore;
using Models;
using Yavsc.Helpers;
using Yavsc.Services;
[Authorize]
@ -48,7 +47,7 @@ namespace Yavsc.Controllers.Generic
var profile = await Settings.SingleAsync(m => m.UserId == id);
if (profile == null)
{
return HttpNotFound();
return NotFound();
}
return View(profile);
@ -85,13 +84,13 @@ namespace Yavsc.Controllers.Generic
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
var brusherProfile = await Settings.SingleAsync(m => m.UserId == id);
if (brusherProfile == null)
{
return HttpNotFound();
return NotFound();
}
return View(brusherProfile);

2
src/Yavsc/Controllers/Haircut/BrusherProfileController.cs
View File

@ -1,6 +1,6 @@
using Yavsc.Models;
using Yavsc.Models.Haircut;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNetCore.Authorization;
using Yavsc.Controllers.Generic;
namespace Yavsc.Controllers

19
src/Yavsc/Controllers/Haircut/ColorsController.cs
View File

@ -1,7 +1,6 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Drawing;
@ -27,13 +26,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Color color = await _context.Color.SingleAsync(m => m.Id == id);
if (color == null)
{
return HttpNotFound();
return NotFound();
}
return View(color);
@ -64,13 +63,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Color color = await _context.Color.SingleAsync(m => m.Id == id);
if (color == null)
{
return HttpNotFound();
return NotFound();
}
return View(color);
}
@ -95,13 +94,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
Color color = await _context.Color.SingleAsync(m => m.Id == id);
if (color == null)
{
return HttpNotFound();
return NotFound();
}
return View(color);

38
src/Yavsc/Controllers/Haircut/HairCutCommandController.cs
View File

@ -1,14 +1,8 @@
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
namespace Yavsc.Controllers
{
@ -18,14 +12,16 @@ namespace Yavsc.Controllers
using Yavsc.Models.Relationship;
using Yavsc.Services;
using Newtonsoft.Json;
using Microsoft.AspNet.Http;
using Microsoft.AspNetCore.Http;
using Yavsc.Extensions;
using Yavsc.Models.Haircut;
using System.Globalization;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.AspNetCore.Mvc.Rendering;
using System.Collections.Generic;
using Yavsc.Models.Messaging;
using PayPal.PayPalAPIInterfaceService.Model;
using Microsoft.Extensions.Options;
using Microsoft.EntityFrameworkCore;
public class HairCutCommandController : CommandController
{
@ -65,7 +61,7 @@ namespace Yavsc.Controllers
HairCutQuery command = await GetQuery(id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
SetViewBagPaymentUrls(id);
return View(command);
@ -75,7 +71,7 @@ namespace Yavsc.Controllers
HairCutQuery command = await GetQuery(id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
var paymentInfo = await _context.ConfirmPayment(User.GetUserId(), PayerID, token);
ViewData["paymentinfo"] = paymentInfo;
@ -139,9 +135,9 @@ namespace Yavsc.Controllers
{
var query = await GetQuery(id); if (query == null)
{
return HttpNotFound();
return NotFound();
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (query.ClientId != uid)
return new ChallengeResult();
_context.HairCutQueries.Remove(query);
@ -154,7 +150,7 @@ namespace Yavsc.Controllers
/// <returns></returns>
public override async Task<IActionResult> Index()
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
return View("Index", await _context.HairCutQueries
.Include(x => x.Client)
.Include(x => x.PerformerProfile)
@ -175,7 +171,7 @@ namespace Yavsc.Controllers
.SingleOrDefaultAsync(m => m.Id == id);
if (command == null)
{
return HttpNotFound();
return NotFound();
}
SetViewBagPaymentUrls(id);
return View(command);
@ -194,7 +190,7 @@ namespace Yavsc.Controllers
public async Task<IActionResult> CreateHairCutQuery(HairCutQuery model, string taintIds)
{
// TODO utiliser Markdown-av+tags
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
model.ClientId = uid;
var prid = model.PerformerId;
@ -335,7 +331,7 @@ namespace Yavsc.Controllers
pPrestation = new HairPrestation { };
}
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var user = await _userManager.FindByIdAsync(uid);
SetViewData(activityCode, performerId, pPrestation);
@ -381,7 +377,7 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken]
public async Task<IActionResult> CreateHairMultiCutQuery(HairMultiCutQuery command)
{
var uid = User.GetUserId();
var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
var prid = command.PerformerId;
if (string.IsNullOrWhiteSpace(uid)
|| string.IsNullOrWhiteSpace(prid))
@ -415,7 +411,7 @@ namespace Yavsc.Controllers
}
else _context.Attach<Location>(command.Location);
_context.HairMultiCutQueries.Add(command, GraphBehavior.IncludeDependents);
_context.HairMultiCutQueries.Add(command);
_context.SaveChanges(User.GetUserId());
var brSettings = await _context.BrusherProfile.SingleAsync(
bp => bp.UserId == command.PerformerId

17
src/Yavsc/Controllers/Haircut/HairPrestationsController.cs
View File

@ -1,6 +1,5 @@
using System.Threading.Tasks;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Haircut;
@ -26,13 +25,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairPrestation hairPrestation = await _context.HairPrestation.SingleAsync(m => m.Id == id);
if (hairPrestation == null)
{
return HttpNotFound();
return NotFound();
}
return View(hairPrestation);
@ -63,13 +62,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairPrestation hairPrestation = await _context.HairPrestation.SingleAsync(m => m.Id == id);
if (hairPrestation == null)
{
return HttpNotFound();
return NotFound();
}
return View(hairPrestation);
}
@ -94,13 +93,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairPrestation hairPrestation = await _context.HairPrestation.SingleAsync(m => m.Id == id);
if (hairPrestation == null)
{
return HttpNotFound();
return NotFound();
}
return View(hairPrestation);

23
src/Yavsc/Controllers/Haircut/HairTaintsController.cs
View File

@ -1,9 +1,8 @@
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Rendering;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Haircut;
@ -31,13 +30,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairTaint hairTaint = await _context.HairTaint.SingleAsync(m => m.Id == id);
if (hairTaint == null)
{
return HttpNotFound();
return NotFound();
}
return View(hairTaint);
@ -70,13 +69,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairTaint hairTaint = await _context.HairTaint.SingleAsync(m => m.Id == id);
if (hairTaint == null)
{
return HttpNotFound();
return NotFound();
}
ViewBag.ColorId = new SelectList(_context.Color, "Id", "Name",hairTaint.ColorId);
return View(hairTaint);
@ -103,13 +102,13 @@ namespace Yavsc.Controllers
{
if (id == null)
{
return HttpNotFound();
return NotFound();
}
HairTaint hairTaint = await _context.HairTaint.SingleAsync(m => m.Id == id);
if (hairTaint == null)
{
return HttpNotFound();
return NotFound();
}
return View(hairTaint);

Some files were not shown because too many files have changed in this diff Show More