paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

droits d'accès

Browse Source
This commit is contained in:
Paul Schneider
2016-09-05 00:21:48 +02:00
parent 52f86841c2
commit fbefa91fb0
1 changed files with 18 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Yavsc/ApiControllers/BookQueryApiController.cs
View File

@ -1,5 +1,6 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Http; using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Mvc;
@ -24,19 +25,22 @@ namespace Yavsc.Controllers
[HttpGet] [HttpGet]
public IEnumerable<BookQuery> GetCommands() public IEnumerable<BookQuery> GetCommands()
{ {
return _context.Commands; var uid = User.GetUserId();
return _context.Commands.Where(c=>c.ClientId == uid || c.PerformerId == uid);
} }
// GET: api/BookQueryApi/5 // GET: api/BookQueryApi/5
[HttpGet("{id}", Name = "GetBookQuery")] [HttpGet("{id}", Name = "GetBookQuery")]
public IActionResult GetBookQuery([FromRoute] long id) public IActionResult GetBookQuery([FromRoute] long id)
{ {
if (!ModelState.IsValid) if (!ModelState.IsValid)
{ {
return HttpBadRequest(ModelState); return HttpBadRequest(ModelState);
} }
var uid = User.GetUserId();
BookQuery bookQuery = _context.Commands.Single(m => m.Id == id); BookQuery bookQuery = _context.Commands.Where(c=>c.ClientId == uid || c.PerformerId == uid).Single(m => m.Id == id);
if (bookQuery == null) if (bookQuery == null)
{ {
@ -59,6 +63,9 @@ namespace Yavsc.Controllers
{ {
return HttpBadRequest(); return HttpBadRequest();
} }
var uid = User.GetUserId();
if (bookQuery.ClientId != uid)
return HttpNotFound();
_context.Entry(bookQuery).State = EntityState.Modified; _context.Entry(bookQuery).State = EntityState.Modified;
@ -89,7 +96,11 @@ namespace Yavsc.Controllers
{ {
return HttpBadRequest(ModelState); return HttpBadRequest(ModelState);
} }
var uid = User.GetUserId();
if (bookQuery.ClientId != uid) {
ModelState.AddModelError("ClientId","You must be the client at creating a book query");
return new BadRequestObjectResult(ModelState);
}
_context.Commands.Add(bookQuery); _context.Commands.Add(bookQuery);
try try
{ {
@ -118,12 +129,14 @@ namespace Yavsc.Controllers
{ {
return HttpBadRequest(ModelState); return HttpBadRequest(ModelState);
} }
var uid = User.GetUserId();
BookQuery bookQuery = _context.Commands.Single(m => m.Id == id); BookQuery bookQuery = _context.Commands.Single(m => m.Id == id);
if (bookQuery == null) if (bookQuery == null)
{ {
return HttpNotFound(); return HttpNotFound();
} }
if (bookQuery.ClientId != uid) return HttpNotFound();
_context.Commands.Remove(bookQuery); _context.Commands.Remove(bookQuery);
_context.SaveChanges(); _context.SaveChanges();