PluralKit/PluralKit.API/Controllers/v1/MemberController.cs

131 lines
4.5 KiB
C#
Raw Normal View History

using System;
2019-07-09 22:19:18 +00:00
using System.Threading.Tasks;
2020-06-29 12:54:11 +00:00
using Dapper;
using Microsoft.AspNetCore.Authorization;
2019-07-09 22:19:18 +00:00
using Microsoft.AspNetCore.Mvc;
using Newtonsoft.Json.Linq;
2019-07-09 22:19:18 +00:00
using PluralKit.Core;
namespace PluralKit.API
2019-07-09 22:19:18 +00:00
{
[ApiController]
[ApiVersion("1.0")]
[Route( "v{version:apiVersion}/m" )]
2019-07-09 22:19:18 +00:00
public class MemberController: ControllerBase
{
2020-08-29 11:46:27 +00:00
private readonly IDatabase _db;
private readonly ModelRepository _repo;
private readonly IAuthorizationService _auth;
2019-07-09 22:19:18 +00:00
2020-08-29 11:46:27 +00:00
public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)
2019-07-09 22:19:18 +00:00
{
_auth = auth;
2020-06-29 12:15:30 +00:00
_db = db;
2020-08-29 11:46:27 +00:00
_repo = repo;
2019-07-09 22:19:18 +00:00
}
[HttpGet("{hid}")]
public async Task<ActionResult<JObject>> GetMember(string hid)
2019-07-09 22:19:18 +00:00
{
2020-08-29 11:46:27 +00:00
var member = await _db.Execute(conn => _repo.GetMemberByHid(conn, hid));
2019-07-09 22:19:18 +00:00
if (member == null) return NotFound("Member not found.");
return Ok(member.ToJson(User.ContextFor(member)));
2019-07-09 22:19:18 +00:00
}
[HttpPost]
[Authorize]
public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)
{
if (!properties.ContainsKey("name"))
return BadRequest("Member name must be specified.");
var systemId = User.CurrentSystem();
2020-06-29 12:54:11 +00:00
await using var conn = await _db.Obtain();
var systemData = await _repo.GetSystem(conn, systemId);
2020-06-29 12:54:11 +00:00
// Enforce per-system member limit
var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System", new {System = systemId});
var memberLimit = systemData?.MemberLimitOverride ?? Limits.MaxMemberCount;
if (memberCount >= memberLimit)
return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");
await using var tx = await conn.BeginTransactionAsync();
var member = await _repo.CreateMember(conn, systemId, properties.Value<string>("name"), transaction: tx);
2020-06-29 12:15:30 +00:00
MemberPatch patch;
try
{
2020-06-29 12:15:30 +00:00
patch = JsonModelExt.ToMemberPatch(properties);
patch.CheckIsValid();
}
catch (JsonModelParseError e)
{
await tx.RollbackAsync();
return BadRequest(e.Message);
}
catch (InvalidPatchException e)
{
await tx.RollbackAsync();
return BadRequest($"Request field '{e.Message}' is invalid.");
}
member = await _repo.UpdateMember(conn, member.Id, patch, transaction: tx);
await tx.CommitAsync();
2020-06-29 12:54:11 +00:00
return Ok(member.ToJson(User.ContextFor(member)));
}
2019-07-09 22:19:18 +00:00
[HttpPatch("{hid}")]
[Authorize]
public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)
2019-07-09 22:19:18 +00:00
{
2020-06-29 12:54:11 +00:00
await using var conn = await _db.Obtain();
2020-08-29 11:46:27 +00:00
var member = await _repo.GetMemberByHid(conn, hid);
2019-07-09 22:19:18 +00:00
if (member == null) return NotFound("Member not found.");
var res = await _auth.AuthorizeAsync(User, member, "EditMember");
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
2019-07-09 22:19:18 +00:00
2020-06-29 12:15:30 +00:00
MemberPatch patch;
try
{
2020-06-29 12:15:30 +00:00
patch = JsonModelExt.ToMemberPatch(changes);
patch.CheckIsValid();
}
catch (JsonModelParseError e)
{
return BadRequest(e.Message);
}
catch (InvalidPatchException e)
{
2021-04-21 22:09:45 +00:00
return BadRequest($"Request field '{e.Message}' is invalid.");
}
2020-08-29 11:46:27 +00:00
var newMember = await _repo.UpdateMember(conn, member.Id, patch);
return Ok(newMember.ToJson(User.ContextFor(newMember)));
2019-07-09 22:19:18 +00:00
}
[HttpDelete("{hid}")]
[Authorize]
public async Task<ActionResult> DeleteMember(string hid)
{
2020-06-29 12:54:11 +00:00
await using var conn = await _db.Obtain();
2020-08-29 11:46:27 +00:00
var member = await _repo.GetMemberByHid(conn, hid);
if (member == null) return NotFound("Member not found.");
var res = await _auth.AuthorizeAsync(User, member, "EditMember");
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
2020-06-29 12:54:11 +00:00
2020-08-29 11:46:27 +00:00
await _repo.DeleteMember(conn, member.Id);
return Ok();
}
2019-07-09 22:19:18 +00:00
}
}