Blitblank
1a0bf385b6
All checks were successful
Build and Deploy API / build-and-deploy (push) Successful in 8s
73 lines
1.9 KiB
C#
73 lines
1.9 KiB
C#
|
|
// this is basically a demo on roles
|
|
// level 0 can't access the users endpoint at all
|
|
// level 1 has read permissions
|
|
// level 2 has modify permissions
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
using agologumApi.Models;
|
|
using agologumApi.Services;
|
|
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class UsersController : ControllerBase {
|
|
|
|
private readonly UserService service_;
|
|
|
|
public UsersController(UserService service) {
|
|
service_ = service;
|
|
}
|
|
|
|
[Authorize(Policy = "SensitiveDataRead")]
|
|
[HttpGet]
|
|
public async Task<ActionResult<List<User>>> getUsers() {
|
|
List<User> rawArray = await service_.GetAll();
|
|
|
|
List<UserDto> dtoArray = new List<UserDto>();
|
|
|
|
foreach(User user in rawArray) {
|
|
// TODO: can you operator overload a cast? if so cast<UserDto>(UserDto) would go hard
|
|
// if not then just a new custom cast function that returns a dto type will do
|
|
UserDto newDto = new UserDto{
|
|
CreatedAt = user.CreatedAt,
|
|
Email = user.Email,
|
|
Id = user.Id,
|
|
UserName = user.UserName
|
|
};
|
|
dtoArray.Add(newDto);
|
|
}
|
|
|
|
return Ok(dtoArray);
|
|
}
|
|
|
|
[Authorize(Policy = "SensitiveDataRead")]
|
|
[HttpGet("{id:int}")]
|
|
public async Task<ActionResult<User>> getUser(string id) {
|
|
|
|
var user = await service_.GetById(id);
|
|
|
|
if (user == null) return NotFound();
|
|
|
|
UserDto newDto = new UserDto{
|
|
CreatedAt = user.CreatedAt,
|
|
Email = user.Email,
|
|
Id = user.Id,
|
|
UserName = user.UserName
|
|
};
|
|
|
|
return Ok(newDto);
|
|
}
|
|
|
|
[Authorize(Policy = "SensitiveDataModify")]
|
|
[HttpDelete("{id}")]
|
|
public async Task<ActionResult> deleteUser(string id) {
|
|
|
|
var success = await service_.Delete(id);
|
|
|
|
if (!success) return NotFound();
|
|
|
|
return NoContent();
|
|
}
|
|
} |