UserUpdate does not allow updating roles if not admin; HTTP Put now works properly; UserUpdate validates properly

9 files changed, 96 insertions, 79 deletions

diff --git a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
index 23bd46f..e61a107 100644
--- a/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/RoleMapings.cs
@@ -9,10 +9,10 @@ namespace DevHive.Services.Configurations.Mapping
 		public RoleMappings()
 		{
 			CreateMap<CreateRoleServiceModel, Role>();
-			CreateMap<ReadRoleServiceModel, Role>();
+			CreateMap<RoleServiceModel, Role>();
 			CreateMap<UpdateRoleServiceModel, Role>();
 
-			CreateMap<Role, ReadRoleServiceModel>();
+			CreateMap<Role, RoleServiceModel>();
 			CreateMap<Role, UpdateRoleServiceModel>();
 		}
 	}
diff --git a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
index 6797ce1..096af38 100644
--- a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
@@ -11,11 +11,10 @@ namespace DevHive.Services.Configurations.Mapping
 		{
 			CreateMap<UserServiceModel, User>();
 			CreateMap<RegisterServiceModel, User>();
+			CreateMap<FriendServiceModel, User>();
 			CreateMap<UpdateUserServiceModel, User>()
 				.AfterMap((src, dest) => dest.PasswordHash = PasswordModifications.GeneratePasswordHash(src.Password));
-			CreateMap<FriendServiceModel, User>();
-			CreateMap<UpdateFriendServiceModel, User>()
-				.ForMember(dest => dest.UserName, src => src.MapFrom(p => p.Name));
+			CreateMap<UpdateFriendServiceModel, User>();
 
 			CreateMap<User, UserServiceModel>();
 			CreateMap<User, UpdateUserServiceModel>()
diff --git a/src/DevHive.Services/Interfaces/IRoleService.cs b/src/DevHive.Services/Interfaces/IRoleService.cs
index d3a45e5..d47728c 100644
--- a/src/DevHive.Services/Interfaces/IRoleService.cs
+++ b/src/DevHive.Services/Interfaces/IRoleService.cs
@@ -8,7 +8,7 @@ namespace DevHive.Services.Interfaces
 	{
 		Task<Guid> CreateRole(CreateRoleServiceModel roleServiceModel);
 
-		Task<ReadRoleServiceModel> GetRoleById(Guid id);
+		Task<RoleServiceModel> GetRoleById(Guid id);
 
 		Task<bool> UpdateRole(UpdateRoleServiceModel roleServiceModel);
 
diff --git a/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs b/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
index 83fcc34..b0efe10 100644
--- a/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
+++ b/src/DevHive.Services/Models/Identity/User/UpdateFriendServiceModel.cs
@@ -5,6 +5,6 @@ namespace DevHive.Services.Models.Identity.User
 	public class UpdateFriendServiceModel
 	{
 		public Guid Id { get; set; }
-		public string Name { get; set; }
+		public string UserName { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs b/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
index 3e41057..7da54b8 100644
--- a/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
+++ b/src/DevHive.Services/Models/Identity/User/UserServiceModel.cs
@@ -7,12 +7,12 @@ namespace DevHive.Services.Models.Identity.User
 {
 	public class UserServiceModel : BaseUserServiceModel
 	{
-		public HashSet<ReadRoleServiceModel> Roles { get; set; } = new HashSet<ReadRoleServiceModel>();
+		public HashSet<RoleServiceModel> Roles { get; set; } = new();
 
-		public HashSet<FriendServiceModel> Friends { get; set; } = new HashSet<FriendServiceModel>();
+		public HashSet<FriendServiceModel> Friends { get; set; } = new();
 
-		public HashSet<LanguageServiceModel> Languages { get; set; } = new HashSet<LanguageServiceModel>();
+		public HashSet<LanguageServiceModel> Languages { get; set; } = new();
 
-		public HashSet<TechnologyServiceModel> Technologies { get; set; } = new HashSet<TechnologyServiceModel>();
+		public HashSet<TechnologyServiceModel> Technologies { get; set; } = new();
 	}
 }
diff --git a/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs b/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
index 8536693..84b7f27 100644
--- a/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
+++ b/src/DevHive.Services/Models/Language/UpdateLanguageServiceModel.cs
@@ -2,8 +2,10 @@ using System;
 
 namespace DevHive.Services.Models.Language
 {
-	public class UpdateLanguageServiceModel : LanguageServiceModel
+	public class UpdateLanguageServiceModel
 	{
+		public Guid Id { get; set; }
+
 		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs b/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
index a18e286..f4c7921 100644
--- a/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
+++ b/src/DevHive.Services/Models/Technology/UpdateTechnologyServiceModel.cs
@@ -2,8 +2,10 @@ using System;
 
 namespace DevHive.Services.Models.Technology
 {
-	public class UpdateTechnologyServiceModel : TechnologyServiceModel
+	public class UpdateTechnologyServiceModel
 	{
+		public Guid Id { get; set; }
+
 		public string Name { get; set; }
 	}
 }
diff --git a/src/DevHive.Services/Services/RoleService.cs b/src/DevHive.Services/Services/RoleService.cs
index 9f7a5ac..a8b8e17 100644
--- a/src/DevHive.Services/Services/RoleService.cs
+++ b/src/DevHive.Services/Services/RoleService.cs
@@ -38,12 +38,12 @@ namespace DevHive.Services.Services
 
 		}
 
-		public async Task<ReadRoleServiceModel> GetRoleById(Guid id)
+		public async Task<RoleServiceModel> GetRoleById(Guid id)
 		{
 			Role role = await this._roleRepository.GetByIdAsync(id)
 				?? throw new ArgumentException("Role does not exist!");
 
-			return this._roleMapper.Map<ReadRoleServiceModel>(role);
+			return this._roleMapper.Map<RoleServiceModel>(role);
 		}
 
 		public async Task<bool> UpdateRole(UpdateRoleServiceModel updateRoleServiceModel)
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index 1beb07f..960630e 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -111,61 +111,9 @@ namespace DevHive.Services.Services
 
 			await this.ValidateUserCollections(updateUserServiceModel);
 
-			/* Roles */
-			int roleCount = updateUserServiceModel.Roles.Count;
-			for (int i = 0; i < roleCount; i++)
-			{
-				Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid role name!");
-
-				UpdateRoleServiceModel updateRoleServiceModel = this._userMapper.Map<UpdateRoleServiceModel>(role);
-
-				updateUserServiceModel.Roles.Add(updateRoleServiceModel);
-			}
-
-			/* Languages */
-			int langCount = updateUserServiceModel.Languages.Count;
-			for (int i = 0; i < langCount; i++)
-			{
-				Language language = await this._languageRepository.GetByNameAsync(updateUserServiceModel.Languages.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid language name!");
-
-				UpdateLanguageServiceModel updateLanguageServiceModel = this._userMapper.Map<UpdateLanguageServiceModel>(language);
-
-				updateUserServiceModel.Languages.Add(updateLanguageServiceModel);
-			}
-			//Clean the already replaced languages
-			updateUserServiceModel.Languages.RemoveWhere(x => x.Id == Guid.Empty);
-
-			/* Technologies */
-			int techCount = updateUserServiceModel.Technologies.Count;
-			for (int i = 0; i < techCount; i++)
-			{
-				Technology technology = await this._technologyRepository.GetByNameAsync(updateUserServiceModel.Technologies.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid technology name!");
-
-				UpdateTechnologyServiceModel updateTechnologyServiceModel = this._userMapper.Map<UpdateTechnologyServiceModel>(technology);
-
-				updateUserServiceModel.Technologies.Add(updateTechnologyServiceModel);
-			}
-			//Clean the already replaced technologies
-			updateUserServiceModel.Technologies.RemoveWhere(x => x.Id == Guid.Empty);
-
-			/* Friends */
-			HashSet<User> friends = new();
-			int friendsCount = updateUserServiceModel.Friends.Count;
-			for (int i = 0; i < friendsCount; i++)
-			{
-				User friend = await this._userRepository.GetByUsernameAsync(updateUserServiceModel.Friends.ElementAt(i).Name) ??
-					throw new ArgumentException("Invalid friend's username!");
-
-				friends.Add(friend);
-			}
-			//Clean the already replaced technologies
-			updateUserServiceModel.Friends.RemoveWhere(x => x.Id == Guid.Empty);
+			updateUserServiceModel = await this.PopulateUpdateModelWithIds(updateUserServiceModel);
 
 			User user = this._userMapper.Map<User>(updateUserServiceModel);
-			user.Friends = friends;
 
 			bool successful = await this._userRepository.EditAsync(updateUserServiceModel.Id, user);
 
@@ -249,30 +197,49 @@ namespace DevHive.Services.Services
 
 		private async Task ValidateUserCollections(UpdateUserServiceModel updateUserServiceModel)
 		{
+			//Do NOT allow a user to change his roles, unless he is an Admin
+			bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id))
+				.Roles.Any(r => r.Name == Role.AdminRole);
+
+			if (isAdmin)
+			{
+				// Roles
+				foreach (var role in updateUserServiceModel.Roles)
+				{
+					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
+						throw new ArgumentException($"Role {role.Name} does not exist!");
+				}
+			}
+			//Preserve original user roles
+			else
+			{
+				HashSet<Role> roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles;
+
+				foreach (var role in roles)
+				{
+					Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ??
+						throw new ArgumentException($"Role {role.Name} does not exist!");
+				}
+			}
+
 			// Friends
 			foreach (var friend in updateUserServiceModel.Friends)
 			{
-				User returnedFriend = await this._userRepository.GetByUsernameAsync(friend.Name);
-
-				if (returnedFriend == null)
-					throw new ArgumentException($"User {friend.Name} does not exist!");
+				User returnedFriend = await this._userRepository.GetByUsernameAsync(friend.UserName) ??
+					throw new ArgumentException($"User {friend.UserName} does not exist!");
 			}
 
 			// Languages
 			foreach (var language in updateUserServiceModel.Languages)
 			{
-				Language returnedLanguage = await this._languageRepository.GetByNameAsync(language.Name);
-
-				if (returnedLanguage == null)
+				Language returnedLanguage = await this._languageRepository.GetByNameAsync(language.Name) ??
 					throw new ArgumentException($"Language {language.Name} does not exist!");
 			}
 
 			// Technology
 			foreach (var technology in updateUserServiceModel.Technologies)
 			{
-				Technology returnedTechnology = await this._technologyRepository.GetByNameAsync(technology.Name);
-
-				if (returnedTechnology == null)
+				Technology returnedTechnology = await this._technologyRepository.GetByNameAsync(technology.Name) ??
 					throw new ArgumentException($"Technology {technology.Name} does not exist!");
 			}
 		}
@@ -306,12 +273,13 @@ namespace DevHive.Services.Services
 		}
 		#endregion
 
+		#region Misc
 		public async Task<Guid> SuperSecretPromotionToAdmin(Guid userId)
 		{
 			User user = await this._userRepository.GetByIdAsync(userId) ??
 				throw new ArgumentException("User does not exist! Can't promote shit in this country...");
 
-			if(!await this._roleRepository.DoesNameExist("Admin"))
+			if (!await this._roleRepository.DoesNameExist("Admin"))
 			{
 				Role adminRole = new()
 				{
@@ -329,5 +297,51 @@ namespace DevHive.Services.Services
 
 			return admin.Id;
 		}
+
+		private async Task<UpdateUserServiceModel> PopulateUpdateModelWithIds(UpdateUserServiceModel updateUserServiceModel)
+		{
+			/* Roles */
+			int roleCount = updateUserServiceModel.Roles.Count;
+			for (int i = 0; i < roleCount; i++)
+			{
+				Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid role name!");
+
+				updateUserServiceModel.Roles.ElementAt(i).Id = role.Id;
+			}
+
+			/* Languages */
+			int langCount = updateUserServiceModel.Languages.Count;
+			for (int i = 0; i < langCount; i++)
+			{
+				Language language = await this._languageRepository.GetByNameAsync(updateUserServiceModel.Languages.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid language name!");
+
+				updateUserServiceModel.Languages.ElementAt(i).Id = language.Id;
+			}
+
+			/* Technologies */
+			int techCount = updateUserServiceModel.Technologies.Count;
+			for (int i = 0; i < techCount; i++)
+			{
+				Technology technology = await this._technologyRepository.GetByNameAsync(updateUserServiceModel.Technologies.ElementAt(i).Name) ??
+					throw new ArgumentException("Invalid technology name!");
+
+				updateUserServiceModel.Technologies.ElementAt(i).Id = technology.Id;
+			}
+
+			/* Friends */
+			int friendsCount = updateUserServiceModel.Friends.Count;
+			for (int i = 0; i < friendsCount; i++)
+			{
+				User friend = await this._userRepository.GetByUsernameAsync(updateUserServiceModel.Friends.ElementAt(i).UserName) ??
+					throw new ArgumentException("Invalid friend's username!");
+
+				updateUserServiceModel.Friends.ElementAt(i).Id = friend.Id;
+			}
+
+			return updateUserServiceModel;
+		}
+		#endregion
 	}
 }