namespace GrossesMitainesAPI.Controllers; #region Dependencies using GrossesMitainesAPI.Data; using GrossesMitainesAPI.Models; using GrossesMitainesAPI.Services; using Microsoft.AspNet.Identity; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; #endregion [EnableCors("_myAllowSpecificOrigins"), ApiController, Route("api/[controller]"), Authorize(AuthenticationSchemes = "Identity.Application", Roles ="Client, Administrateur")] public class AddressController : Controller { #region DI Fields private readonly ILogger _logger; private readonly InventoryContext _context; private readonly SignInManager _signInMan; private readonly Microsoft.AspNetCore.Identity.UserManager _userMan; #endregion #region Ctor public AddressController(ILogger logger, InventoryContext context, SignInManager signInMan, Microsoft.AspNetCore.Identity.UserManager userMan) { _logger = logger; _context = context; _userMan = userMan; _signInMan = signInMan; } #endregion #region API Methods [EnableCors("_myAllowSpecificOrigins"), HttpGet] public async Task>> GetList(bool? all) { IList roles; InventoryUser user; string id; try { user = await _userMan.GetUserAsync(_signInMan.Context.User); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } try { // Trouver les rôles de l'utilisateur, assumer non-admin si impossible à trouver. roles = await _userMan.GetRolesAsync(user); } catch (Exception e) { _logger.LogError(10, e.Message); roles = new List(); } try { id = _signInMan.Context.User.Identity.GetUserId(); if (all is not null && all == true && roles.Contains("Administrateur")) return Ok(_context.Addresses.ToList()); else return Ok(_context.Users.Where(x=>x.Id == id).Include("Adresses").First().Adresses); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } } [EnableCors("_myAllowSpecificOrigins"), HttpGet("{id}")] public async Task> Get(int id) { IList roles; string userId; AddressModel ad; InventoryUser user; try { user = await _userMan.GetUserAsync(_signInMan.Context.User); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } try { roles = await _userMan.GetRolesAsync(user); } catch (Exception e) { _logger.LogError(10, e.Message); roles = new List(); } try { ad = _context.Addresses.First(a => a.Id == id); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } if (roles.Contains("Administrateur") || (user.Adresses.Contains(ad))) return ad; else return Unauthorized(); } [EnableCors("_myAllowSpecificOrigins"), HttpPost] public async Task> Post(AddressModel ad) { try { var user = await _userMan.GetUserAsync(_signInMan.Context.User); user.Adresses.Add(ad); _context.SaveChanges(); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } return ad; } [EnableCors("_myAllowSpecificOrigins"), HttpPatch] public async Task> Patch(AddressModel ad) { IList roles; InventoryUser user; try { user = await _userMan.GetUserAsync(_signInMan.Context.User); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } try { roles = await _userMan.GetRolesAsync(user); } catch (Exception e) { _logger.LogError(10, e.Message); roles = new List(); } if (roles.Contains("Administrateur") || user.Adresses.Contains(ad)) try { _context.Addresses.Update(ad); _context.SaveChanges(); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } else return Unauthorized(); return ad; } [EnableCors("_myAllowSpecificOrigins"), HttpDelete] public async Task> Delete(int id) { IList roles; AddressModel ad; InventoryUser user; int adId = 0; try { user = await _userMan.GetUserAsync(_signInMan.Context.User); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } try { roles = await _userMan.GetRolesAsync(user); } catch (Exception e) { _logger.LogError(10, e.Message); roles = new List(); } try { ad = _context.Addresses.First(a => a.Id == id); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } adId = ad.Id; if (roles.Contains("Administrateur") || user.Adresses.Contains(ad)) try { user.Adresses.Remove(ad); _context.SaveChanges(); } catch (Exception e) { _logger.LogError(10, e.Message); return BadRequest(); } else return Unauthorized(); return adId; } #endregion }