UserUpdate does not allow updating roles if not admin; HTTP Put now works properly; UserUpdate validates properly

author: transtrike <transtrike@gmail.com> 2021-01-26 11:44:41 +0200
committer: transtrike <transtrike@gmail.com> 2021-01-26 11:44:41 +0200
commit: df52b1068e16adc50ffd365e2e8b8ea19b59fac3 (patch)
tree: 3636d4b3fe2d5f88817b11007ff573c1ea920e0a
parent: d2bc08c0dcd6f0dc0822333bbb00c9fc851f49cb (diff)
download: DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.tar
DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.tar.gz
DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.zip
16 files changed, 110 insertions, 97 deletions
diff --git a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
index 23bd46f..e61a107 100644
--- a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
@@ -9,10 +9,10 @@ namespace DevHive.Services.Configurations.Mapping
 		public RoleMappings()
 		{
 			CreateMap<CreateRoleServiceModel, Role>();
-			CreateMap<ReadRoleServiceModel, Role>();
+			CreateMap<RoleServiceModel, Role>();
 			CreateMap<UpdateRoleServiceModel, Role>();
 
-			CreateMap<Role, ReadRoleServiceModel>();
+			CreateMap<Role, RoleServiceModel>();
 			CreateMap<Role, UpdateRoleServiceModel>();
 		}
 	}
diff --git a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
index 6797ce1..096af38 100644
--- a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
@@ -11,11 +11,10 @@ namespace DevHive.Services.Configurations.Mapping
 		{
 			CreateMap<UserServiceModel, User>();
 			CreateMap<RegisterServiceModel, User>();
+			CreateMap<FriendServiceModel, User>();
 			CreateMap<UpdateUserServiceModel, User>()
 				.AfterMap((src, dest) => dest.PasswordHash = PasswordModifications.GeneratePasswordHash(src.Password));
-			CreateMap<FriendServiceModel, User>();
-			CreateMap<UpdateFriendServiceModel, User>()
-				.ForMember(dest => dest.UserName, src => src.MapFrom(p => p.Name));
+			CreateMap<UpdateFriendServiceModel, User>();
 
 			CreateMap<User, UserServiceModel>();
 			CreateMap<User, UpdateUserServiceModel>()
diff --git a/src/DevHive.Services/Interfaces/IRoleService.cs b/src/DevHive.Services/Interfaces/IRoleService.cs
index d3a45e5..d47728c 100644
--- a/src/DevHive.Services/Interfaces/IRoleService.cs
+++ b/src/DevHive.Services/Interfaces/IRoleService.cs
@@ -8,7 +8,7 @@ namespace DevHive.Services.Interfaces
 	{
 		Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel);
 
-		Task<ReadRoleServiceModel> GetRoleById(Guid id);
+		Task<RoleServiceModel> GetRoleById(Guid id);
 
 		Task<bool> UpdateRole(UpdateRoleServiceModel roleServiceModel);
 
diff --git a/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs b/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
index 83fcc34..b0efe10 100644
--- a/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
+++ b/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
@@ -5,6 +5,6 @@ namespace DevHive.Services.Models.Identity.User
 	public class UpdateFriendServiceModel
 	{
 		public Guid Id { get; set; }
-		public string Name { get; set; }
+		public string UserName { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs b/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
index 3e41057..7da54b8 100644
--- a/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
+++ b/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
@@ -7,12 +7,12 @@ namespace DevHive.Services.Models.Identity.User
 {
 	public class UserServiceModel : BaseUserServiceModel
 	{
-		public HashSet<ReadRoleServiceModel> Roles { get; set; } = new HashSet<ReadRoleServiceModel>();
+		public HashSet<RoleServiceModel> Roles { get; set; } = new();
 
-		public HashSet<FriendServiceModel> Friends { get; set; } = new HashSet<FriendServiceModel>();
+		public HashSet<FriendServiceModel> Friends { get; set; } = new();
 
-		public HashSet<LanguageServiceModel> Languages { get; set; } = new HashSet<LanguageServiceModel>();
+		public HashSet<LanguageServiceModel> Languages { get; set; } = new();
 
-		public HashSet<TechnologyServiceModel> Technologies { get; set; } = new HashSet<TechnologyServiceModel>();
+		public HashSet<TechnologyServiceModel> Technologies { get; set; } = new();
 	}
 }
diff --git a/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs b/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
index 8536693..84b7f27 100644
--- a/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
+++ b/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
@@ -2,8 +2,10 @@ using System;
 
 namespace DevHive.Services.Models.Language
 {
-	public class UpdateLanguageServiceModel : LanguageServiceModel
+	public class UpdateLanguageServiceModel
 	{
+		public Guid Id { get; set; }
+
 		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs b/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
index a18e286..f4c7921 100644
--- a/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
+++ b/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
@@ -2,8 +2,10 @@ using System;
 
 namespace DevHive.Services.Models.Technology
 {
-	public class UpdateTechnologyServiceModel : TechnologyServiceModel
+	public class UpdateTechnologyServiceModel
 	{
+		public Guid Id { get; set; }
+
 		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Services/RoleService.cs b/src/DevHive.Services/Services/RoleService.cs
index 9f7a5ac..a8b8e17 100644
--- a/src/DevHive.Services/Services/RoleService.cs
+++ b/src/DevHive.Services/Services/RoleService.cs
@@ -38,12 +38,12 @@ namespace DevHive.Services.Services
 
 		}
 
-		public async Task<ReadRoleServiceModel> GetRoleById(Guid id)
+		public async Task<RoleServiceModel> GetRoleById(Guid id)
 		{
 			Role role = await this._roleRepository.GetByIdAsync(id)
 				?? throw new ArgumentException("Role does not exist!");
 
-			return this._roleMapper.Map<ReadRoleServiceModel>(role);
+			return this._roleMapper.Map<RoleServiceModel>(role);
 		}
 
 		public async Task<bool> UpdateRole(UpdateRoleServiceModel updateRoleServiceModel)
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index 1beb07f..960630e 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -111,61 +111,9 @@ namespace DevHive.Services.Services
 
 			await this.ValidateUserCollections(updateUserServiceModel);
 
-			/* Roles */
-			int roleCount = updateUserServiceModel.Roles.Count;
-			for (int i = 0; i < roleCount; i++)
-			{
-				Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid role name!");
-
-				UpdateRoleServiceModel updateRoleServiceModel = this._userMapper.Map<UpdateRoleServiceModel>(role);
-
-				updateUserServiceModel.Roles.Add(updateRoleServiceModel);
-			}
-
-			/* Languages */
-			int langCount = updateUserServiceModel.Languages.Count;
-			for (int i = 0; i < langCount; i++)
-			{
-				Language language = await this._languageRepository.GetByNameAsync(updateUserServiceModel.Languages.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid language name!");
-
-				UpdateLanguageServiceModel updateLanguageServiceModel = this._userMapper.Map<UpdateLanguageServiceModel>(language);
-
-				updateUserServiceModel.Languages.Add(updateLanguageServiceModel);
-			}
-			//Clean the already replaced languages
-			updateUserServiceModel.Languages.RemoveWhere(x => x.Id == Guid.Empty);
-
-			/* Technologies */
-			int techCount = updateUserServiceModel.Technologies.Count;
-			for (int i = 0; i < techCount; i++)
-			{
-				Technology technology = await this._technologyRepository.GetByNameAsync(updateUserServiceModel.Technologies.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid technology name!");
-
-				UpdateTechnologyServiceModel updateTechnologyServiceModel = this._userMapper.Map<UpdateTechnologyServiceModel>(technology);
-
-				updateUserServiceModel.Technologies.Add(updateTechnologyServiceModel);
-			}
-			//Clean the already replaced technologies
-			updateUserServiceModel.Technologies.RemoveWhere(x => x.Id == Guid.Empty);
-
-			/* Friends */
-			HashSet<User> friends = new();
-			int friendsCount = updateUserServiceModel.Friends.Count;
-			for (int i = 0; i < friendsCount; i++)
-			{
-				User friend = await this._userRepository.GetByUsernameAsync(updateUserServiceModel.Friends.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid friend's username!");
-
-				friends.Add(friend);
-			}
-			//Clean the already replaced technologies
-			updateUserServiceModel.Friends.RemoveWhere(x => x.Id == Guid.Empty);
+			updateUserServiceModel = await this.PopulateUpdateModelWithIds(updateUserServiceModel);
 
 			User user = this._userMapper.Map<User>(updateUserServiceModel);
-			user.Friends = friends;
 
 			bool successful = await this._userRepository.EditAsync(updateUserServiceModel.Id, user);
 
@@ -249,30 +197,49 @@ namespace DevHive.Services.Services
 
 		private async Task ValidateUserCollections(UpdateUserServiceModel updateUserServiceModel)
 		{
+			//Do NOT allow a user to change his roles, unless he is an Admin
+			bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id))
+				.Roles.Any(r => r.Name == Role.AdminRole);
+
+			if (isAdmin)
+			{
+				// Roles
+				foreach (var role in updateUserServiceModel.Roles)
+				{
+					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
+						throw new ArgumentException($"Role {role.Name} does not exist!");
+				}
+			}
+			//Preserve original user roles
+			else
+			{
+				HashSet<Role> roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles;
+
+				foreach (var role in roles)
+				{
+					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
+						throw new ArgumentException($"Role {role.Name} does not exist!");
+				}
+			}
+
 			// Friends
 			foreach (var friend in updateUserServiceModel.Friends)
 			{
-				User returnedFriend = await this._userRepository.GetByUsernameAsync(friend.Name);
-
-				if (returnedFriend == null)
-					throw new ArgumentException($"User {friend.Name} does not exist!");
+				User returnedFriend = await this._userRepository.GetByUsernameAsync(friend.UserName) ??
+					throw new ArgumentException($"User {friend.UserName} does not exist!");
 			}
 
 			// Languages
 			foreach (var language in updateUserServiceModel.Languages)
 			{
-				Language returnedLanguage = await this._languageRepository.GetByNameAsync(language.Name);
-
-				if (returnedLanguage == null)
+				Language returnedLanguage = await this._languageRepository.GetByNameAsync(language.Name) ??
 					throw new ArgumentException($"Language {language.Name} does not exist!");
 			}
 
 			// Technology
 			foreach (var technology in updateUserServiceModel.Technologies)
 			{
-				Technology returnedTechnology = await this._technologyRepository.GetByNameAsync(technology.Name);
-
-				if (returnedTechnology == null)
+				Technology returnedTechnology = await this._technologyRepository.GetByNameAsync(technology.Name) ??
 					throw new ArgumentException($"Technology {technology.Name} does not exist!");
 			}
 		}
@@ -306,12 +273,13 @@ namespace DevHive.Services.Services
 		}
 		#endregion
 
+		#region Misc
 		public async Task<Guid> SuperSecretPromotionToAdmin(Guid userId)
 		{
 			User user = await this._userRepository.GetByIdAsync(userId) ??
 				throw new ArgumentException("User does not exist! Can't promote shit in this country...");
 
-			if(!await this._roleRepository.DoesNameExist("Admin"))
+			if (!await this._roleRepository.DoesNameExist("Admin"))
 			{
 				Role adminRole = new()
 				{
@@ -329,5 +297,51 @@ namespace DevHive.Services.Services
 
 			return admin.Id;
 		}
+
+		private async Task<UpdateUserServiceModel> PopulateUpdateModelWithIds(UpdateUserServiceModel updateUserServiceModel)
+		{
+			/* Roles */
+			int roleCount = updateUserServiceModel.Roles.Count;
+			for (int i = 0; i < roleCount; i++)
+			{
+				Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid role name!");
+
+				updateUserServiceModel.Roles.ElementAt(i).Id = role.Id;
+			}
+
+			/* Languages */
+			int langCount = updateUserServiceModel.Languages.Count;
+			for (int i = 0; i < langCount; i++)
+			{
+				Language language = await this._languageRepository.GetByNameAsync(updateUserServiceModel.Languages.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid language name!");
+
+				updateUserServiceModel.Languages.ElementAt(i).Id = language.Id;
+			}
+
+			/* Technologies */
+			int techCount = updateUserServiceModel.Technologies.Count;
+			for (int i = 0; i < techCount; i++)
+			{
+				Technology technology = await this._technologyRepository.GetByNameAsync(updateUserServiceModel.Technologies.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid technology name!");
+
+				updateUserServiceModel.Technologies.ElementAt(i).Id = technology.Id;
+			}
+
+			/* Friends */
+			int friendsCount = updateUserServiceModel.Friends.Count;
+			for (int i = 0; i < friendsCount; i++)
+			{
+				User friend = await this._userRepository.GetByUsernameAsync(updateUserServiceModel.Friends.ElementAt(i).UserName) ??
+					throw new ArgumentException("Invalid friend's username!");
+
+				updateUserServiceModel.Friends.ElementAt(i).Id = friend.Id;
+			}
+
+			return updateUserServiceModel;
+		}
+		#endregion
 	}
 }
diff --git a/src/DevHive.Web/Configurations/Mapping/RoleMappings.cs b/src/DevHive.Web/Configurations/Mapping/RoleMappings.cs
index 2f01f77..2ea2742 100644
--- a/src/DevHive.Web/Configurations/Mapping/RoleMappings.cs
+++ b/src/DevHive.Web/Configurations/Mapping/RoleMappings.cs
@@ -11,11 +11,11 @@ namespace DevHive.Web.Configurations.Mapping
 			CreateMap<CreateRoleWebModel, CreateRoleServiceModel>();
 			CreateMap<UpdateRoleWebModel, UpdateRoleServiceModel>()
 				.ForMember(src => src.Id, dest => dest.Ignore());
-			CreateMap<RoleWebModel, ReadRoleServiceModel>();
+			CreateMap<RoleWebModel, RoleServiceModel>();
 
 			CreateMap<CreateRoleServiceModel, CreateRoleWebModel>();
 			CreateMap<UpdateRoleServiceModel, UpdateRoleWebModel>();
-			CreateMap<ReadRoleServiceModel, RoleWebModel>();
+			CreateMap<RoleServiceModel, RoleWebModel>();
 		}
 	}
 }
diff --git a/src/DevHive.Web/Configurations/Mapping/UserMappings.cs b/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
index e80a69a..1b26cc9 100644
--- a/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
+++ b/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
@@ -2,8 +2,6 @@ using AutoMapper;
 using DevHive.Services.Models.Identity.User;
 using DevHive.Web.Models.Identity.User;
 using DevHive.Common.Models.Identity;
-using DevHive.Web.Models.Language;
-using DevHive.Web.Models.Technology;
 
 namespace DevHive.Web.Configurations.Mapping
 {
@@ -21,16 +19,12 @@ namespace DevHive.Web.Configurations.Mapping
 			CreateMap<TokenModel, TokenWebModel>();
 
 			//Update
-			CreateMap<UpdateUserWebModel, UpdateUserServiceModel>()
-				.ForMember(src => src.Id, dest => dest.Ignore());
-			CreateMap<FriendWebModel, FriendServiceModel>()
-				.ForMember(src => src.Id, dest => dest.Ignore());
-			CreateMap<FriendWebModel, UpdateFriendServiceModel>()
-				.ForMember(src => src.Id, dest => dest.Ignore())
-				.ForMember(src => src.Name, dest => dest.MapFrom(p => p.UserName));
+			CreateMap<UpdateUserWebModel, UpdateUserServiceModel>();
+			CreateMap<UsernameWebModel, FriendServiceModel>();
+			CreateMap<UsernameWebModel, UpdateFriendServiceModel>();
 
 			CreateMap<UpdateUserServiceModel, UpdateUserWebModel>();
-			CreateMap<FriendServiceModel, FriendWebModel>();
+			CreateMap<FriendServiceModel, UsernameWebModel>();
 		}
 	}
 }
diff --git a/src/DevHive.Web/Controllers/RoleController.cs b/src/DevHive.Web/Controllers/RoleController.cs
index d8bb60c..c68a32b 100644
--- a/src/DevHive.Web/Controllers/RoleController.cs
+++ b/src/DevHive.Web/Controllers/RoleController.cs
@@ -40,7 +40,7 @@ namespace DevHive.Web.Controllers
 		[Authorize(Policy = "User")]
 		public async Task<IActionResult> GetById(Guid id)
 		{
-			ReadRoleServiceModel roleServiceModel = await this._roleService.GetRoleById(id);
+			RoleServiceModel roleServiceModel = await this._roleService.GetRoleById(id);
 			RoleWebModel roleWebModel = this._roleMapper.Map<RoleWebModel>(roleServiceModel);
 
 			return new OkObjectResult(roleWebModel);
diff --git a/src/DevHive.Web/Models/Identity/Role/UpdateRoleWebModel.cs b/src/DevHive.Web/Models/Identity/Role/UpdateRoleWebModel.cs
index 254affc..3870481 100644
--- a/src/DevHive.Web/Models/Identity/Role/UpdateRoleWebModel.cs
+++ b/src/DevHive.Web/Models/Identity/Role/UpdateRoleWebModel.cs
@@ -4,10 +4,12 @@ using System.Diagnostics.CodeAnalysis;
 
 namespace DevHive.Web.Models.Identity.Role
 {
-	public class UpdateRoleWebModel : RoleWebModel
+	public class UpdateRoleWebModel
 	{
 		[NotNull]
 		[Required]
-		public Guid Id { get; set; }
+		[MinLength(3)]
+		[MaxLength(50)]
+		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs b/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
index 30c66fb..62901f6 100644
--- a/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
+++ b/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
@@ -17,7 +17,7 @@ namespace DevHive.Web.Models.Identity.User
 
 		[NotNull]
 		[Required]
-		public HashSet<FriendWebModel> Friends { get; set; }
+		public HashSet<UsernameWebModel> Friends { get; set; }
 
 		[NotNull]
 		[Required]
diff --git a/src/DevHive.Web/Models/Identity/User/UserWebModel.cs b/src/DevHive.Web/Models/Identity/User/UserWebModel.cs
index 5b80ba3..4097901 100644
--- a/src/DevHive.Web/Models/Identity/User/UserWebModel.cs
+++ b/src/DevHive.Web/Models/Identity/User/UserWebModel.cs
@@ -15,7 +15,7 @@ namespace DevHive.Web.Models.Identity.User
 
 		[NotNull]
 		[Required]
-		public HashSet<FriendWebModel> Friends { get; set; } = new HashSet<FriendWebModel>();
+		public HashSet<UsernameWebModel> Friends { get; set; } = new HashSet<UsernameWebModel>();
 
 		[NotNull]
 		[Required]
diff --git a/src/DevHive.Web/Models/Identity/User/FriendWebModel.cs b/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs
index d59bff5..a20c1bf 100644
--- a/src/DevHive.Web/Models/Identity/User/FriendWebModel.cs
+++ b/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs
@@ -4,7 +4,7 @@ using DevHive.Web.Attributes;
 
 namespace DevHive.Web.Models.Identity.User
 {
-	public class FriendWebModel
+	public class UsernameWebModel
 	{
 		[NotNull]
 		[Required]
author	transtrike <transtrike@gmail.com>	2021-01-26 11:44:41 +0200
committer	transtrike <transtrike@gmail.com>	2021-01-26 11:44:41 +0200
commit	df52b1068e16adc50ffd365e2e8b8ea19b59fac3 (patch)
tree	3636d4b3fe2d5f88817b11007ff573c1ea920e0a
parent	d2bc08c0dcd6f0dc0822333bbb00c9fc851f49cb (diff)
download	DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.tar DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.tar.gz DevHive-df52b1068e16adc50ffd365e2e8b8ea19b59fac3.zip