source: ChapterX.API/Controllers/UsersController.cs@ b373fea

main
Last change on this file since b373fea was b373fea, checked in by kikisrbinoska <srbinoskakristina07@…>, 12 days ago

Fixes for authentication and auhtorization\

  • Property mode set to 100644
File size: 3.1 KB
Line 
1using ChapterX.Application.User.Commands;
2using ChapterX.Application.User.Queries;
3using MediatR;
4using Microsoft.AspNetCore.Authorization;
5using Microsoft.AspNetCore.Mvc;
6using Microsoft.Extensions.Logging;
7using System.IdentityModel.Tokens.Jwt;
8using System.Security.Claims;
9
10namespace ChapterX.API.Controllers
11{
12 [Route("api/[controller]")]
13 [ApiController]
14 public class UsersController : ControllerBase
15 {
16 private readonly IMediator _mediator;
17 private readonly ILogger<UsersController> _logger;
18
19 public UsersController(IMediator mediator, ILogger<UsersController> logger)
20 {
21 _mediator = mediator;
22 _logger = logger;
23 }
24
25 [HttpGet]
26 [AllowAnonymous]
27 public async Task<ActionResult> GetAll()
28 {
29 _logger.LogInformation("Fetching all users");
30 var response = await _mediator.Send(new GetAllRequest());
31 var result = response.Users.Select(u => new
32 {
33 id = u.Id,
34 username = u.Username,
35 name = u.Name,
36 surname = u.Surname,
37 email = u.Email,
38 role = u.Admin != null ? "admin" : u.Writer != null ? "writer" : "regular",
39 });
40 return Ok(result);
41 }
42
43 [HttpGet("{id:int}")]
44 [AllowAnonymous]
45 public async Task<ActionResult> GetById(int id)
46 {
47 _logger.LogInformation("Fetching user with ID: {UserId}", id);
48 var response = await _mediator.Send(new GetRequest(id));
49 return Ok(response);
50 }
51
52 [HttpPost]
53 [Authorize]
54 public async Task<ActionResult> Add([FromBody] AddRequest request)
55 {
56 _logger.LogInformation("Adding a new user with username: {Username}", request.Username);
57 var response = await _mediator.Send(request);
58 return Ok(response);
59 }
60
61 [HttpPut("{id:int}")]
62 [Authorize]
63 public async Task<ActionResult> Update(int id, [FromBody] UpdateRequest request)
64 {
65 _logger.LogInformation("Updating user with ID: {UserId}", id);
66 if (id != request.Id)
67 {
68 return BadRequest("Route ID and body ID must match.");
69 }
70
71 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
72 var isAdmin = User.IsInRole("Admin");
73 if (callerId != id && !isAdmin)
74 return Forbid();
75
76 var response = await _mediator.Send(request);
77 return Ok(response);
78 }
79
80 [HttpDelete("{id:int}")]
81 [Authorize]
82 public async Task<ActionResult> Delete(int id)
83 {
84 _logger.LogInformation("Deleting user with ID: {UserId}", id);
85 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
86 var isAdmin = User.IsInRole("Admin");
87 if (callerId != id && !isAdmin)
88 return Forbid();
89
90 var response = await _mediator.Send(new DeleteRequest(id));
91 return Ok(response);
92 }
93 }
94}
95
Note: See TracBrowser for help on using the repository browser.