diff --git a/src/Yavsc/ApiControllers/ChatRoomAccessApiController.cs b/src/Yavsc/ApiControllers/ChatRoomAccessApiController.cs new file mode 100644 index 00000000..86a6580a --- /dev/null +++ b/src/Yavsc/ApiControllers/ChatRoomAccessApiController.cs @@ -0,0 +1,186 @@ +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; +using Microsoft.AspNet.Authorization; +using Microsoft.AspNet.Http; +using Microsoft.AspNet.Mvc; +using Microsoft.Data.Entity; +using Yavsc.Models; +using Yavsc.Models.Chat; + +namespace Yavsc.Controllers +{ + [Produces("application/json")] + [Route("api/ChatRoomAccessApi")] + public class ChatRoomAccessApiController : Controller + { + private ApplicationDbContext _context; + + public ChatRoomAccessApiController(ApplicationDbContext context) + { + _context = context; + } + + // GET: api/ChatRoomAccessApi + [HttpGet, Authorize("AdministratorOnly")] + public IEnumerable GetChatRoomAccess() + { + return _context.ChatRoomAccess; + } + + // GET: api/ChatRoomAccessApi/5 + [HttpGet("{id}", Name = "GetChatRoomAccess"), Authorize("AdministratorOnly")] + public async Task GetChatRoomAccess([FromRoute] string id) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + ChatRoomAccess chatRoomAccess = await _context.ChatRoomAccess.SingleAsync(m => m.ChannelName == id); + + + + if (chatRoomAccess == null) + { + return HttpNotFound(); + } + + var uid = User.GetUserId(); + if (uid != chatRoomAccess.UserId && uid != chatRoomAccess.Room.OwnerId + && ! User.IsInRole(Constants.AdminGroupName)) + + { + ModelState.AddModelError("UserId","get refused"); + return HttpBadRequest(ModelState); + } + + return Ok(chatRoomAccess); + } + + // PUT: api/ChatRoomAccessApi/5 + [HttpPut("{id}")] + public async Task PutChatRoomAccess([FromRoute] string id, [FromBody] ChatRoomAccess chatRoomAccess) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + var uid = User.GetUserId(); + + if (id != chatRoomAccess.ChannelName) + { + return HttpBadRequest(); + } + var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName ); + + if (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName)) + { + ModelState.AddModelError("ChannelName", "access put refused"); + return HttpBadRequest(ModelState); + } + + _context.Entry(chatRoomAccess).State = EntityState.Modified; + + try + { + await _context.SaveChangesAsync(); + } + catch (DbUpdateConcurrencyException) + { + if (!ChatRoomAccessExists(id)) + { + return HttpNotFound(); + } + else + { + throw; + } + } + + return new HttpStatusCodeResult(StatusCodes.Status204NoContent); + } + + // POST: api/ChatRoomAccessApi + [HttpPost] + public async Task PostChatRoomAccess([FromBody] ChatRoomAccess chatRoomAccess) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + var uid = User.GetUserId(); + var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName ); + if (room == null || (uid != room.OwnerId && ! User.IsInRole(Constants.AdminGroupName))) + { + ModelState.AddModelError("ChannelName", "access post refused"); + return HttpBadRequest(ModelState); + } + + _context.ChatRoomAccess.Add(chatRoomAccess); + try + { + await _context.SaveChangesAsync(); + } + + catch (DbUpdateException) + { + if (ChatRoomAccessExists(chatRoomAccess.ChannelName)) + { + return new HttpStatusCodeResult(StatusCodes.Status409Conflict); + } + else + { + throw; + } + } + + return CreatedAtRoute("GetChatRoomAccess", new { id = chatRoomAccess.ChannelName }, chatRoomAccess); + } + + // DELETE: api/ChatRoomAccessApi/5 + [HttpDelete("{id}")] + public async Task DeleteChatRoomAccess([FromRoute] string id) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + ChatRoomAccess chatRoomAccess = await _context.ChatRoomAccess.Include(acc => acc.Room).SingleAsync(m => m.ChannelName == id); + if (chatRoomAccess == null) + { + return HttpNotFound(); + } + + var uid = User.GetUserId(); + var room = _context.ChatRoom.First(channel => channel.Name == chatRoomAccess.ChannelName ); + if (room == null || (uid != room.OwnerId && chatRoomAccess.UserId != uid && ! User.IsInRole(Constants.AdminGroupName))) + { + ModelState.AddModelError("UserId", "access drop refused"); + return HttpBadRequest(ModelState); + } + + _context.ChatRoomAccess.Remove(chatRoomAccess); + await _context.SaveChangesAsync(); + + return Ok(chatRoomAccess); + } + + protected override void Dispose(bool disposing) + { + if (disposing) + { + _context.Dispose(); + } + base.Dispose(disposing); + } + + private bool ChatRoomAccessExists(string id) + { + return _context.ChatRoomAccess.Count(e => e.ChannelName == id) > 0; + } + } +} \ No newline at end of file diff --git a/src/Yavsc/ApiControllers/ChatRoomApiController.cs b/src/Yavsc/ApiControllers/ChatRoomApiController.cs new file mode 100644 index 00000000..03876e90 --- /dev/null +++ b/src/Yavsc/ApiControllers/ChatRoomApiController.cs @@ -0,0 +1,167 @@ +using System.Collections.Generic; +using System.Linq; +using System.Security.Claims; +using System.Threading.Tasks; +using Microsoft.AspNet.Http; +using Microsoft.AspNet.Mvc; +using Microsoft.Data.Entity; +using Yavsc.Models; +using Yavsc.Models.Chat; + +namespace Yavsc.Controllers +{ + [Produces("application/json")] + [Route("api/ChatRoomApi")] + public class ChatRoomApiController : Controller + { + private ApplicationDbContext _context; + + public ChatRoomApiController(ApplicationDbContext context) + { + _context = context; + } + + // GET: api/ChatRoomApi + [HttpGet] + public IEnumerable GetChatRoom() + { + return _context.ChatRoom; + } + + // GET: api/ChatRoomApi/5 + [HttpGet("{id}", Name = "GetChatRoom")] + public async Task GetChatRoom([FromRoute] string id) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + ChatRoom chatRoom = await _context.ChatRoom.SingleAsync(m => m.Name == id); + + if (chatRoom == null) + { + return HttpNotFound(); + } + + return Ok(chatRoom); + } + + // PUT: api/ChatRoomApi/5 + [HttpPut("{id}")] + public async Task PutChatRoom([FromRoute] string id, [FromBody] ChatRoom chatRoom) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + if (id != chatRoom.Name) + { + return HttpBadRequest(); + } + + if (User.GetUserId() != chatRoom.OwnerId ) + { + return HttpBadRequest(new {error = "OwnerId"}); + } + + _context.Entry(chatRoom).State = EntityState.Modified; + + try + { + await _context.SaveChangesAsync(); + } + catch (DbUpdateConcurrencyException) + { + if (!ChatRoomExists(id)) + { + return HttpNotFound(); + } + else + { + throw; + } + } + + return new HttpStatusCodeResult(StatusCodes.Status204NoContent); + } + + // POST: api/ChatRoomApi + [HttpPost] + public async Task PostChatRoom([FromBody] ChatRoom chatRoom) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + + if (User.GetUserId() != chatRoom.OwnerId ) + { + return HttpBadRequest(new {error = "OwnerId"}); + } + + _context.ChatRoom.Add(chatRoom); + try + { + await _context.SaveChangesAsync(); + } + catch (DbUpdateException) + { + if (ChatRoomExists(chatRoom.Name)) + { + return new HttpStatusCodeResult(StatusCodes.Status409Conflict); + } + else + { + throw; + } + } + + return CreatedAtRoute("GetChatRoom", new { id = chatRoom.Name }, chatRoom); + } + + // DELETE: api/ChatRoomApi/5 + [HttpDelete("{id}")] + public async Task DeleteChatRoom([FromRoute] string id) + { + if (!ModelState.IsValid) + { + return HttpBadRequest(ModelState); + } + ChatRoom chatRoom = await _context.ChatRoom.SingleAsync(m => m.Name == id); + + + + if (chatRoom == null) + { + return HttpNotFound(); + } + + if (User.GetUserId() != chatRoom.OwnerId ) + { + if (!User.IsInRole(Constants.AdminGroupName)) + return HttpBadRequest(new {error = "OwnerId"}); + } + + _context.ChatRoom.Remove(chatRoom); + await _context.SaveChangesAsync(); + + return Ok(chatRoom); + } + + protected override void Dispose(bool disposing) + { + if (disposing) + { + _context.Dispose(); + } + base.Dispose(disposing); + } + + private bool ChatRoomExists(string id) + { + return _context.ChatRoom.Count(e => e.Name == id) > 0; + } + } +} \ No newline at end of file diff --git a/src/Yavsc/ApiControllers/Relationship/ChatApiController.cs b/src/Yavsc/ApiControllers/Relationship/ChatApiController.cs index 28a6f282..9a7e00fd 100644 --- a/src/Yavsc/ApiControllers/Relationship/ChatApiController.cs +++ b/src/Yavsc/ApiControllers/Relationship/ChatApiController.cs @@ -25,7 +25,8 @@ namespace Yavsc.Controllers public IEnumerable GetUserList() { List result = new List(); - var cxsQuery = dbContext.ChatConnection?.Include(c=>c.Owner).GroupBy( c => c.ApplicationUserId ); + var cxsQuery = dbContext.ChatConnection?.Include(c=>c.Owner) + .Where(cx => cx.Connected).GroupBy( c => c.ApplicationUserId ); // List result = new List(); if (cxsQuery!=null) @@ -48,5 +49,7 @@ namespace Yavsc.Controllers } return result; } + + } } diff --git a/src/Yavsc/Helpers/GoogleStoreHelpers.cs b/src/Yavsc/Helpers/ExternalAuthStoreHelper.cs similarity index 60% rename from src/Yavsc/Helpers/GoogleStoreHelpers.cs rename to src/Yavsc/Helpers/ExternalAuthStoreHelper.cs index 00a3fd3a..04d8cfbc 100644 --- a/src/Yavsc/Helpers/GoogleStoreHelpers.cs +++ b/src/Yavsc/Helpers/ExternalAuthStoreHelper.cs @@ -1,47 +1,47 @@ -using System; +using System; using System.Linq; using System.Threading.Tasks; using Microsoft.Data.Entity; using Newtonsoft.Json.Linq; -namespace Yavsc.Helpers.Google +namespace Yavsc.Helpers.Auth { using Yavsc.Models; using Yavsc.Models.Auth; - public static class GoogleStoreHelper { + public static class ExternalAuthStoreHelper { - public static Task GetTokensAsync(this ApplicationDbContext context, string googleUserId) + public static Task GetTokensAsync(this ApplicationDbContext context, string externalUserId) { - if (string.IsNullOrEmpty(googleUserId)) + if (string.IsNullOrEmpty(externalUserId)) { - throw new ArgumentException("email MUST have a value"); + throw new ArgumentException("externalUserId MUST have a value"); } - var item = context.Tokens.FirstOrDefault(x => x.UserId == googleUserId); + var item = context.OAuth2Tokens.FirstOrDefault(x => x.UserId == externalUserId); // TODO Refresh token return Task.FromResult(item); } - public static Task StoreTokenAsync(this ApplicationDbContext context, string googleUserId, JObject response, string accessToken, + public static Task StoreTokenAsync(this ApplicationDbContext context, string externalUserId, JObject response, string accessToken, string tokenType, string refreshToken, string expiresIn ) { - if (string.IsNullOrEmpty(googleUserId)) + if (string.IsNullOrEmpty(externalUserId)) { throw new ArgumentException("googleUserId MUST have a value"); } - var item = context.Tokens.SingleOrDefaultAsync(x => x.UserId == googleUserId).Result; + var item = context.OAuth2Tokens.SingleOrDefaultAsync(x => x.UserId == externalUserId).Result; if (item == null) { - context.Tokens.Add(new OAuth2Tokens + context.OAuth2Tokens.Add(new OAuth2Tokens { TokenType = "Bearer", AccessToken = accessToken, RefreshToken = refreshToken, Expiration = DateTime.Now.AddSeconds(int.Parse(expiresIn)), - UserId = googleUserId + UserId = externalUserId }); } else @@ -50,9 +50,9 @@ namespace Yavsc.Helpers.Google item.Expiration = DateTime.Now.AddMinutes(int.Parse(expiresIn)); if (refreshToken != null) item.RefreshToken = refreshToken; - context.Tokens.Update(item); + context.OAuth2Tokens.Update(item); } - context.SaveChanges(googleUserId); + context.SaveChanges(externalUserId); return Task.FromResult(0); } } diff --git a/src/Yavsc/Migrations/ApplicationDbContextModelSnapshot.cs b/src/Yavsc/Migrations/ApplicationDbContextModelSnapshot.cs index da9df443..4c145d59 100644 --- a/src/Yavsc/Migrations/ApplicationDbContextModelSnapshot.cs +++ b/src/Yavsc/Migrations/ApplicationDbContextModelSnapshot.cs @@ -1,8 +1,6 @@ using System; using Microsoft.Data.Entity; using Microsoft.Data.Entity.Infrastructure; -using Microsoft.Data.Entity.Metadata; -using Microsoft.Data.Entity.Migrations; using Yavsc.Models; namespace Yavsc.Migrations diff --git a/src/Yavsc/Models/ApplicationDbContext.cs b/src/Yavsc/Models/ApplicationDbContext.cs index 4e7cc5d6..33c4dc66 100644 --- a/src/Yavsc/Models/ApplicationDbContext.cs +++ b/src/Yavsc/Models/ApplicationDbContext.cs @@ -33,7 +33,7 @@ namespace Yavsc.Models using Attributes; using Bank; using Payment; - using Yavsc.Models.Calendar; + using Calendar; using Blog; using Yavsc.Abstract.Identity; using Yavsc.Server.Models.Blog; @@ -130,7 +130,7 @@ namespace Yavsc.Models /// open auth tokens /// /// tokens - public DbSet Tokens { get; set; } + public DbSet OAuth2Tokens { get; set; } /// /// References all declared external NativeConfidential devices @@ -255,7 +255,8 @@ namespace Yavsc.Models public DbSet Comment { get; set; } public DbSet Announce { get; set; } - + + // TODO useless, to drop public DbSet ChatConnection { get; set; } public DbSet ChatRoom { get; set; } @@ -270,5 +271,7 @@ namespace Yavsc.Models public DbSet LiveFlow { get; set; } + public DbSet ChatRoomAccess { get; set; } + } } diff --git a/src/Yavsc/Startup/Startup.OAuth.cs b/src/Yavsc/Startup/Startup.OAuth.cs index e6a15196..ace105fa 100644 --- a/src/Yavsc/Startup/Startup.OAuth.cs +++ b/src/Yavsc/Startup/Startup.OAuth.cs @@ -23,8 +23,8 @@ namespace Yavsc { using System.Threading.Tasks; using Auth; using Extensions; - using Helpers.Google; using Models; + using Yavsc.Helpers.Auth; public partial class Startup { public static CookieAuthenticationOptions ExternalCookieAppOptions { get; private set; }