sherl/hermes
1
0
Fork 0
mirror of https://github.com/GCMatters/hermes.git synced 2026-02-04 05:30:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
69c508ef84d65411c6df5f2c2efa272f89b93ff6
hermes/WebApp/Endpoints/EventsEndpoints.cs
AleksDw 69c508ef84 Get OrgId only from token
2025-05-18 18:16:26 +02:00

176 lines
7.2 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Http;
using Microsoft.EntityFrameworkCore;
using WebApp.Data;
using WebApp.DTOs;
using WebApp.Entities;
using WebApp.Mapping;
namespace WebApp.Endpoints
{
public static class EventsEndpoints
{
const string GetEventEndpointName = "GetEvent";
public static RouteGroupBuilder MapEventsEndpoints(this WebApplication app)
{
var group = app.MapGroup("api/events")
.WithParameterValidation();
// GET /events
group.MapGet("/",
async (ApplicationDbContext dbContext, HttpContext httpContext) =>
await dbContext.Events
.Include(Eve => Eve.Organisation)
.OrderByDescending(Eve => Eve.EventId)
.Select(Eve => Eve.ToEventSummaryDto()) //EventSummaryDto
.AsNoTracking()
.ToListAsync());
// GET /events/1
group.MapGet("/{id}",
async (int id, ApplicationDbContext dbContext, HttpContext httpContext, GeneralUseHelpers guhf) =>
{
Event? Eve = await dbContext.Events.FindAsync(id);
if (Eve is null) return Results.NotFound();
// Sprawdź, czy token należy do organizacji, a jeżeli tak, to do której.
Token? token = await guhf.GetTokenFromHTTPContext(httpContext);
Organisation? org = await guhf.GetOrganisationFromToken(token);
// Jeśli token należy do organizacji, która utworzyła to wydarzenie,
// to zwróć także EventRegistrations. W przeciwnym razie usuń to pole
// przed jego wysłaniem!
if (org is null || org.OrganisationId != Eve.OrganisationId) Eve.EventRegistrations = [];
EventDetailsDto EveDto = Eve.ToEventDetailsDto();
return Results.Ok(EveDto); //EventDetailsDto
})
.WithName(GetEventEndpointName);
// POST /events
group.MapPost("/",
async (EventCreateDto newEvent, ApplicationDbContext dbContext, HttpContext httpContext, GeneralUseHelpers guhf) =>
{
// Uzyskaj organizację z tokenu
Token? token = await guhf.GetTokenFromHTTPContext(httpContext);
Organisation? org = await guhf.GetOrganisationFromToken(token);
if (org is null) return Results.Unauthorized();
// dodajemy id organizacji z tokenu
Event Eve = newEvent.ToEntity();
Eve.OrganisationId = org.OrganisationId;
dbContext.Events.Add(Eve);
await dbContext.SaveChangesAsync();
return Results.CreatedAtRoute(
GetEventEndpointName,
new { id = Eve.EventId },
Eve.ToEventDetailsDto()); //EventDetailsDto
});
// PUT /events/1
group.MapPut("/{id}",
async (int id, EventUpdateDto updatedEvent, ApplicationDbContext dbContext, GeneralUseHelpers guhf, HttpContext httpContext) =>
{
// Uzyskaj organizację z tokenu
Token? token = await guhf.GetTokenFromHTTPContext(httpContext);
Organisation? org = await guhf.GetOrganisationFromToken(token);
if (org is null) return Results.Unauthorized();
Console.Write(org.OrganisationId);
var existingEvent = await dbContext.Events.FindAsync(id);
if (existingEvent is null)
{
return Results.NotFound();
}
// Sprawdź, czy organizacja ma prawo
// do zmodyfikowania tego (EventId = id) eventu.
if (org.OrganisationId != existingEvent.OrganisationId) return Results.StatusCode(403);
var originalOrgId = existingEvent.OrganisationId;
dbContext.Entry(existingEvent)
.CurrentValues
.SetValues(updatedEvent.ToEntity(id));
existingEvent.OrganisationId = originalOrgId;
dbContext.Entry(existingEvent)
.Collection(Eve => Eve.EventRegistrations)
.IsModified = false;
await dbContext.SaveChangesAsync();
return Results.NoContent();
});
// DELETE /events/1
group.MapDelete("/{id}",
async (int id, ApplicationDbContext dbContext, GeneralUseHelpers guhf, HttpContext httpContext) =>
{
// Uzyskaj organizację z tokenu
Token? token = await guhf.GetTokenFromHTTPContext(httpContext);
Organisation? org = await guhf.GetOrganisationFromToken(token);
if (org is null) return Results.StatusCode(403);
// Sprawdź, czy organizacja ma prawo
// do usunięcia tego (EventId = id) eventu.
Event? Eve = await dbContext.Events.FindAsync(id);
if (Eve is null) return Results.NotFound();
else if (org.OrganisationId != Eve.OrganisationId) return Results.StatusCode(403);
await dbContext.Events
.Where(Eve => Eve.EventId == id)
.ExecuteDeleteAsync();
return Results.NoContent();
});
// POST /events/search
group.MapPost("/search/",
async (EventSearchDto query, ApplicationDbContext dbContext, HttpContext httpContext, GeneralUseHelpers guhf) =>
{
// Uzyskaj organizację z tokenu
Token? token = await guhf.GetTokenFromHTTPContext(httpContext);
Organisation? org = await guhf.GetOrganisationFromToken(token);
List<EventSummaryDto> SearchResults = [];
List<Event> AllEvents = await dbContext.Events.ToListAsync();
foreach(Event e in AllEvents)
{
// Logika wyszukiwania
// Sprawdź wszystkie pola z EventSearchDto, np.
if (query.OrganisationId is not null)
{
// Sprawdź, czy Event należy do query.OrganisationId.
}
// ...
// Jeśli Event jest tym, czego szuka użytkownik,
// dodaj go do listy SearchResults.
//
// Uwaga! Zanim to zrobisz, sprawdź, czy użytkownik
// jest twórcą danego wydarzenia! Jeżeli nim nie jest,
// wyzeruj EventRegistrations!
if (org is null || e.Organisation != org)
{
e.EventRegistrations.Clear();
}
SearchResults.Add(e.ToEventSummaryDto());
}
return Results.Ok(SearchResults);
});
return group;
}
}
}
Reference in New Issue View Git Blame Copy Permalink