2021-04-21 21:57:19 +00:00
|
|
|
using System;
|
2019-07-09 22:19:18 +00:00
|
|
|
using System.Threading.Tasks;
|
2020-02-12 14:16:19 +00:00
|
|
|
|
2020-06-29 12:54:11 +00:00
|
|
|
using Dapper;
|
|
|
|
|
2020-06-15 23:15:59 +00:00
|
|
|
using Microsoft.AspNetCore.Authorization;
|
2019-07-09 22:19:18 +00:00
|
|
|
using Microsoft.AspNetCore.Mvc;
|
2019-12-28 14:52:59 +00:00
|
|
|
|
|
|
|
using Newtonsoft.Json.Linq;
|
|
|
|
|
2019-07-09 22:19:18 +00:00
|
|
|
using PluralKit.Core;
|
|
|
|
|
2020-02-12 14:16:19 +00:00
|
|
|
namespace PluralKit.API
|
2019-07-09 22:19:18 +00:00
|
|
|
{
|
|
|
|
[ApiController]
|
2020-05-07 02:39:49 +00:00
|
|
|
[ApiVersion("1.0")]
|
|
|
|
[Route( "v{version:apiVersion}/m" )]
|
2019-07-09 22:19:18 +00:00
|
|
|
public class MemberController: ControllerBase
|
|
|
|
{
|
2020-08-29 11:46:27 +00:00
|
|
|
private readonly IDatabase _db;
|
|
|
|
private readonly ModelRepository _repo;
|
|
|
|
private readonly IAuthorizationService _auth;
|
2019-07-09 22:19:18 +00:00
|
|
|
|
2020-08-29 11:46:27 +00:00
|
|
|
public MemberController(IAuthorizationService auth, IDatabase db, ModelRepository repo)
|
2019-07-09 22:19:18 +00:00
|
|
|
{
|
|
|
|
_auth = auth;
|
2020-06-29 12:15:30 +00:00
|
|
|
_db = db;
|
2020-08-29 11:46:27 +00:00
|
|
|
_repo = repo;
|
2019-07-09 22:19:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
[HttpGet("{hid}")]
|
2019-12-28 14:52:59 +00:00
|
|
|
public async Task<ActionResult<JObject>> GetMember(string hid)
|
2019-07-09 22:19:18 +00:00
|
|
|
{
|
2020-08-29 11:46:27 +00:00
|
|
|
var member = await _db.Execute(conn => _repo.GetMemberByHid(conn, hid));
|
2019-07-09 22:19:18 +00:00
|
|
|
if (member == null) return NotFound("Member not found.");
|
|
|
|
|
2020-06-15 23:15:59 +00:00
|
|
|
return Ok(member.ToJson(User.ContextFor(member)));
|
2019-07-09 22:19:18 +00:00
|
|
|
}
|
|
|
|
|
2019-07-27 03:37:23 +00:00
|
|
|
[HttpPost]
|
2020-06-15 23:15:59 +00:00
|
|
|
[Authorize]
|
2019-12-28 14:52:59 +00:00
|
|
|
public async Task<ActionResult<JObject>> PostMember([FromBody] JObject properties)
|
2019-07-27 03:37:23 +00:00
|
|
|
{
|
2019-12-28 14:52:59 +00:00
|
|
|
if (!properties.ContainsKey("name"))
|
|
|
|
return BadRequest("Member name must be specified.");
|
2020-10-09 10:18:29 +00:00
|
|
|
|
|
|
|
var systemId = User.CurrentSystem();
|
2019-07-27 03:37:23 +00:00
|
|
|
|
2020-06-29 12:54:11 +00:00
|
|
|
await using var conn = await _db.Obtain();
|
2020-10-09 10:18:29 +00:00
|
|
|
var systemData = await _repo.GetSystem(conn, systemId);
|
2020-06-29 12:54:11 +00:00
|
|
|
|
2019-10-20 07:16:57 +00:00
|
|
|
// Enforce per-system member limit
|
2020-10-09 10:18:29 +00:00
|
|
|
var memberCount = await conn.QuerySingleAsync<int>("select count(*) from members where system = @System", new {System = systemId});
|
|
|
|
var memberLimit = systemData?.MemberLimitOverride ?? Limits.MaxMemberCount;
|
|
|
|
if (memberCount >= memberLimit)
|
|
|
|
return BadRequest($"Member limit reached ({memberCount} / {memberLimit}).");
|
2019-10-20 07:16:57 +00:00
|
|
|
|
2021-04-21 21:57:19 +00:00
|
|
|
await using var tx = await conn.BeginTransactionAsync();
|
|
|
|
var member = await _repo.CreateMember(conn, systemId, properties.Value<string>("name"), transaction: tx);
|
|
|
|
|
2020-06-29 12:15:30 +00:00
|
|
|
MemberPatch patch;
|
2019-12-28 14:52:59 +00:00
|
|
|
try
|
|
|
|
{
|
2021-08-07 22:13:46 +00:00
|
|
|
patch = MemberPatch.FromJSON(properties);
|
2021-04-21 21:57:19 +00:00
|
|
|
patch.CheckIsValid();
|
2019-12-28 14:52:59 +00:00
|
|
|
}
|
2020-02-12 14:16:19 +00:00
|
|
|
catch (JsonModelParseError e)
|
2019-12-28 14:52:59 +00:00
|
|
|
{
|
2021-04-21 21:57:19 +00:00
|
|
|
await tx.RollbackAsync();
|
2019-12-28 14:52:59 +00:00
|
|
|
return BadRequest(e.Message);
|
|
|
|
}
|
2021-04-21 21:57:19 +00:00
|
|
|
catch (InvalidPatchException e)
|
|
|
|
{
|
|
|
|
await tx.RollbackAsync();
|
|
|
|
return BadRequest($"Request field '{e.Message}' is invalid.");
|
|
|
|
}
|
2019-12-28 14:52:59 +00:00
|
|
|
|
2021-04-21 21:57:19 +00:00
|
|
|
member = await _repo.UpdateMember(conn, member.Id, patch, transaction: tx);
|
|
|
|
await tx.CommitAsync();
|
2020-06-29 12:54:11 +00:00
|
|
|
return Ok(member.ToJson(User.ContextFor(member)));
|
2019-07-27 03:37:23 +00:00
|
|
|
}
|
|
|
|
|
2019-07-09 22:19:18 +00:00
|
|
|
[HttpPatch("{hid}")]
|
2020-06-15 23:15:59 +00:00
|
|
|
[Authorize]
|
2019-12-28 14:52:59 +00:00
|
|
|
public async Task<ActionResult<JObject>> PatchMember(string hid, [FromBody] JObject changes)
|
2019-07-09 22:19:18 +00:00
|
|
|
{
|
2020-06-29 12:54:11 +00:00
|
|
|
await using var conn = await _db.Obtain();
|
|
|
|
|
2020-08-29 11:46:27 +00:00
|
|
|
var member = await _repo.GetMemberByHid(conn, hid);
|
2019-07-09 22:19:18 +00:00
|
|
|
if (member == null) return NotFound("Member not found.");
|
2020-06-15 23:15:59 +00:00
|
|
|
|
|
|
|
var res = await _auth.AuthorizeAsync(User, member, "EditMember");
|
|
|
|
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
|
2019-07-09 22:19:18 +00:00
|
|
|
|
2020-06-29 12:15:30 +00:00
|
|
|
MemberPatch patch;
|
2019-12-28 14:52:59 +00:00
|
|
|
try
|
|
|
|
{
|
2021-08-07 22:13:46 +00:00
|
|
|
patch = MemberPatch.FromJSON(changes);
|
2021-04-21 21:57:19 +00:00
|
|
|
patch.CheckIsValid();
|
2019-12-28 14:52:59 +00:00
|
|
|
}
|
2020-02-12 14:16:19 +00:00
|
|
|
catch (JsonModelParseError e)
|
2019-12-28 14:52:59 +00:00
|
|
|
{
|
|
|
|
return BadRequest(e.Message);
|
|
|
|
}
|
2021-04-21 21:57:19 +00:00
|
|
|
catch (InvalidPatchException e)
|
|
|
|
{
|
2021-04-21 22:09:45 +00:00
|
|
|
return BadRequest($"Request field '{e.Message}' is invalid.");
|
2021-04-21 21:57:19 +00:00
|
|
|
}
|
2019-12-28 14:52:59 +00:00
|
|
|
|
2020-08-29 11:46:27 +00:00
|
|
|
var newMember = await _repo.UpdateMember(conn, member.Id, patch);
|
2020-07-05 10:54:51 +00:00
|
|
|
return Ok(newMember.ToJson(User.ContextFor(newMember)));
|
2019-07-09 22:19:18 +00:00
|
|
|
}
|
2019-07-28 22:03:50 +00:00
|
|
|
|
|
|
|
[HttpDelete("{hid}")]
|
2020-06-15 23:15:59 +00:00
|
|
|
[Authorize]
|
2019-12-28 14:52:59 +00:00
|
|
|
public async Task<ActionResult> DeleteMember(string hid)
|
2019-07-28 22:03:50 +00:00
|
|
|
{
|
2020-06-29 12:54:11 +00:00
|
|
|
await using var conn = await _db.Obtain();
|
|
|
|
|
2020-08-29 11:46:27 +00:00
|
|
|
var member = await _repo.GetMemberByHid(conn, hid);
|
2019-07-28 22:03:50 +00:00
|
|
|
if (member == null) return NotFound("Member not found.");
|
|
|
|
|
2020-06-15 23:15:59 +00:00
|
|
|
var res = await _auth.AuthorizeAsync(User, member, "EditMember");
|
|
|
|
if (!res.Succeeded) return Unauthorized($"Member '{hid}' is not part of your system.");
|
2020-06-29 12:54:11 +00:00
|
|
|
|
2020-08-29 11:46:27 +00:00
|
|
|
await _repo.DeleteMember(conn, member.Id);
|
2019-07-28 22:03:50 +00:00
|
|
|
return Ok();
|
|
|
|
}
|
2019-07-09 22:19:18 +00:00
|
|
|
}
|
2019-07-28 20:27:54 +00:00
|
|
|
}
|