what da

api/src/Controllers/UsersController.cs

@@ -0,0 +1,50 @@
+
+// this is basically a demo on roles
+// level 0 can't access the users endpoint at all
+// level 1 has read permissions
+// level 2 has modify permissions
+
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+
+using agologumApi.Models;
+using agologumApi.Services;
+
+[ApiController]
+[Route("api/[controller]")]
+public class UsersController : ControllerBase {
+
+    private readonly UserService service_;
+
+    public UsersController(UserService service) {
+        service_ = service;
+    }
+
+    [Authorize(Roles = "Admin, Superuser")]
+    [HttpGet]
+    public async Task<ActionResult<List<User>>> getUsers() {
+        return Ok(await service_.GetAll());
+    }
+
+    [Authorize(Roles = "Admin, Superuser")]
+    [HttpGet("{id:int}")]
+    public async Task<ActionResult<User>> getUser(int id) {
+
+        var user = await service_.Get(id);
+
+        if (user == null) return NotFound();
+
+        return Ok(user);
+    }
+
+    [Authorize(Roles = "Superuser")]
+    [HttpDelete("{id}")]
+    public async Task<ActionResult> deleteUser(int id) {
+
+        var success = await service_.Delete(id);
+
+        if (!success) return NotFound();
+
+        return NoContent();
+    }
+}