diff options
15 files changed, 54 insertions, 71 deletions
diff --git a/src/DevHive.Data/Models/Post.cs b/src/DevHive.Data/Models/Post.cs index 2d144d3..bb22576 100644 --- a/src/DevHive.Data/Models/Post.cs +++ b/src/DevHive.Data/Models/Post.cs @@ -19,7 +19,7 @@ namespace DevHive.Data.Models public List<Comment> Comments { get; set; } = new(); public Guid RatingId { get; set; } - public Rating Rating { get; set; } + public Rating Rating { get; set; } = new(); public List<string> FileUrls { get; set; } = new(); } diff --git a/src/DevHive.Data/Repositories/UserRepository.cs b/src/DevHive.Data/Repositories/UserRepository.cs index 6c63244..6ff2ffa 100644 --- a/src/DevHive.Data/Repositories/UserRepository.cs +++ b/src/DevHive.Data/Repositories/UserRepository.cs @@ -62,13 +62,15 @@ namespace DevHive.Data.Repositories .CurrentValues .SetValues(newEntity); - user.Languages.Clear(); + HashSet<Language> languages = new(); foreach (var lang in newEntity.Languages) - user.Languages.Add(lang); + languages.Add(lang); + user.Languages = languages; - user.Roles.Clear(); + HashSet<Role> roles = new(); foreach (var role in newEntity.Roles) - user.Roles.Add(role); + roles.Add(role); + user.Roles = roles; // foreach (var friend in user.Friends) // { @@ -86,9 +88,10 @@ namespace DevHive.Data.Repositories .Where(x => x.FriendId == user.Id && x.UserId == user.Id)); - user.Technologies.Clear(); + HashSet<Technology> technologies = new(); foreach (var tech in newEntity.Technologies) - user.Technologies.Add(tech); + technologies.Add(tech); + user.Technologies = technologies; this._context.Entry(user).State = EntityState.Modified; diff --git a/src/DevHive.Services/Interfaces/IUserService.cs b/src/DevHive.Services/Interfaces/IUserService.cs index 700010c..b701e4a 100644 --- a/src/DevHive.Services/Interfaces/IUserService.cs +++ b/src/DevHive.Services/Interfaces/IUserService.cs @@ -19,6 +19,6 @@ namespace DevHive.Services.Interfaces Task<bool> ValidJWT(Guid id, string rawTokenData); - Task<Guid> SuperSecretPromotionToAdmin(Guid userId); + Task<TokenModel> SuperSecretPromotionToAdmin(Guid userId); } } diff --git a/src/DevHive.Services/Models/Cloud/CloudinaryService.cs b/src/DevHive.Services/Models/Cloud/CloudinaryService.cs index a9bc9bd..bbf9606 100644 --- a/src/DevHive.Services/Models/Cloud/CloudinaryService.cs +++ b/src/DevHive.Services/Models/Cloud/CloudinaryService.cs @@ -4,6 +4,7 @@ using System.IO; using System.Threading.Tasks; using CloudinaryDotNet; using CloudinaryDotNet.Actions; +using DevHive.Data.Migrations; using DevHive.Services.Interfaces; using Microsoft.AspNetCore.Http; @@ -25,22 +26,19 @@ namespace DevHive.Services.Services { string formFileId = Guid.NewGuid().ToString(); - if (formFile.Length > 0) + using (var ms = new MemoryStream()) { - using (var ms = new MemoryStream()) + formFile.CopyTo(ms); + byte[] formBytes = ms.ToArray(); + + RawUploadParams rawUploadParams = new() { - formFile.CopyTo(ms); - byte[] formBytes = ms.ToArray(); - - ImageUploadParams imageUploadParams = new() - { - File = new FileDescription(formFileId, new MemoryStream(formBytes)), - PublicId = formFileId - }; - - ImageUploadResult uploadResult = await this._cloudinary.UploadAsync(imageUploadParams); - fileUrls.Add(uploadResult.Url.AbsoluteUri); - } + File = new FileDescription(formFileId, new MemoryStream(formBytes)), + PublicId = formFileId + }; + + RawUploadResult rawUploadResult = await this._cloudinary.UploadAsync(rawUploadParams); + fileUrls.Add(rawUploadResult.Url.AbsoluteUri); } } diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs index c2c42e0..c8624ee 100644 --- a/src/DevHive.Services/Services/UserService.cs +++ b/src/DevHive.Services/Services/UserService.cs @@ -241,7 +241,7 @@ namespace DevHive.Services.Services User newUser = await this._userRepository.GetByIdAsync(userId); - return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles); + return new TokenModel(WriteJWTSecurityToken(newUser.Id, newUser.UserName, newUser.Roles)); } private async Task<User> PopulateModel(UpdateUserServiceModel updateUserServiceModel) @@ -249,16 +249,25 @@ namespace DevHive.Services.Services User user = this._userMapper.Map<User>(updateUserServiceModel); /* Fetch Roles and replace model's*/ - HashSet<Role> roles = new(); - int rolesCount = updateUserServiceModel.Roles.Count; - for (int i = 0; i < rolesCount; i++) + //Do NOT allow a user to change his roles, unless he is an Admin + bool isAdmin = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)) + .Roles.Any(r => r.Name == Role.AdminRole); + + if (isAdmin) { - Role role = await this._roleRepository.GetByNameAsync(updateUserServiceModel.Roles.ElementAt(i).Name) ?? - throw new ArgumentException("Invalid role name!"); + HashSet<Role> roles = new(); + foreach (var role in updateUserServiceModel.Roles) + { + Role returnedRole = await this._roleRepository.GetByNameAsync(role.Name) ?? + throw new ArgumentException($"Role {role.Name} does not exist!"); - roles.Add(role); + roles.Add(returnedRole); + } + user.Roles = roles; } - user.Roles = roles; + //Preserve original user roles + else + user.Roles = (await this._userRepository.GetByIdAsync(updateUserServiceModel.Id)).Roles; /* Fetch Friends and replace model's*/ HashSet<UserFriends> friends = new(); diff --git a/src/DevHive.Web/Attributes/OnlyAlphanumericsModelValidation.cs b/src/DevHive.Web/Attributes/OnlyAlphanumericsModelValidation.cs deleted file mode 100644 index 26e0733..0000000 --- a/src/DevHive.Web/Attributes/OnlyAlphanumericsModelValidation.cs +++ /dev/null @@ -1,20 +0,0 @@ -using System; -using System.ComponentModel.DataAnnotations; - -namespace DevHive.Web.Attributes -{ - public class OnlyAlphanumerics : ValidationAttribute - { - public override bool IsValid(object value) - { - var stringValue = (string)value; - - foreach (char ch in stringValue) - { - if (!Char.IsLetterOrDigit(ch)) - return false; - } - return true; - } - } -} diff --git a/src/DevHive.Web/Configurations/Extensions/ConfigureDependencyInjection.cs b/src/DevHive.Web/Configurations/Extensions/ConfigureDependencyInjection.cs index 22df311..5c0d378 100644 --- a/src/DevHive.Web/Configurations/Extensions/ConfigureDependencyInjection.cs +++ b/src/DevHive.Web/Configurations/Extensions/ConfigureDependencyInjection.cs @@ -7,7 +7,7 @@ using Microsoft.Extensions.DependencyInjection; namespace DevHive.Web.Configurations.Extensions { - public static class ConfigureDependencyInjection + public static class ConfigureDependencyInjection { public static void DependencyInjectionConfiguration(this IServiceCollection services, IConfiguration configuration) { diff --git a/src/DevHive.Web/Controllers/CommentController.cs b/src/DevHive.Web/Controllers/CommentController.cs index ebcb87a..150d622 100644 --- a/src/DevHive.Web/Controllers/CommentController.cs +++ b/src/DevHive.Web/Controllers/CommentController.cs @@ -9,10 +9,11 @@ using DevHive.Services.Interfaces; namespace DevHive.Web.Controllers { - [ApiController] + [ApiController] [Route("/api/[controller]")] [Authorize(Roles = "User,Admin")] - public class CommentController { + public class CommentController + { private readonly ICommentService _commentService; private readonly IMapper _commentMapper; @@ -50,9 +51,9 @@ namespace DevHive.Web.Controllers } [HttpPut] - public async Task<IActionResult> UpdateComment(Guid userId, [FromBody] UpdateCommentWebModel updateCommentWebModel, [FromHeader] string authorization) + public async Task<IActionResult> UpdateComment(Guid userId, Guid commentId, [FromBody] UpdateCommentWebModel updateCommentWebModel, [FromHeader] string authorization) { - if (!await this._commentService.ValidateJwtForComment(updateCommentWebModel.CommentId, authorization)) + if (!await this._commentService.ValidateJwtForComment(commentId, authorization)) return new UnauthorizedResult(); UpdateCommentServiceModel updateCommentServiceModel = diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs index 53adfce..ea9a1cd 100644 --- a/src/DevHive.Web/Controllers/PostController.cs +++ b/src/DevHive.Web/Controllers/PostController.cs @@ -9,7 +9,7 @@ using DevHive.Services.Interfaces; namespace DevHive.Web.Controllers { - [ApiController] + [ApiController] [Route("/api/[controller]")] [Authorize(Roles = "User,Admin")] public class PostController @@ -25,7 +25,7 @@ namespace DevHive.Web.Controllers #region Create [HttpPost] - public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) + public async Task<IActionResult> Create(Guid userId, [FromForm] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) { if (!await this._postService.ValidateJwtForCreating(userId, authorization)) return new UnauthorizedResult(); diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs index 2fe9c2f..fdf317c 100644 --- a/src/DevHive.Web/Controllers/UserController.cs +++ b/src/DevHive.Web/Controllers/UserController.cs @@ -13,7 +13,6 @@ namespace DevHive.Web.Controllers { [ApiController] [Route("/api/[controller]")] - [Authorize(Roles = "User,Admin")] public class UserController : ControllerBase { private readonly IUserService _userService; @@ -55,6 +54,7 @@ namespace DevHive.Web.Controllers #region Read [HttpGet] + [Authorize(Roles = "User,Admin")] public async Task<IActionResult> GetById(Guid id, [FromHeader] string authorization) { if (!await this._userService.ValidJWT(id, authorization)) @@ -80,6 +80,7 @@ namespace DevHive.Web.Controllers #region Update [HttpPut] + [Authorize(Roles = "User,Admin")] public async Task<IActionResult> Update(Guid id, [FromBody] UpdateUserWebModel updateUserWebModel, [FromHeader] string authorization) { if (!await this._userService.ValidJWT(id, authorization)) @@ -97,6 +98,7 @@ namespace DevHive.Web.Controllers #region Delete [HttpDelete] + [Authorize(Roles = "User,Admin")] public async Task<IActionResult> Delete(Guid id, [FromHeader] string authorization) { if (!await this._userService.ValidJWT(id, authorization)) @@ -111,16 +113,11 @@ namespace DevHive.Web.Controllers #endregion [HttpPost] + [Authorize(Roles = "User,Admin")] [Route("SuperSecretPromotionToAdmin")] public async Task<IActionResult> SuperSecretPromotionToAdmin(Guid userId) { - object obj = new - { - UserId = userId, - AdminRoleId = await this._userService.SuperSecretPromotionToAdmin(userId) - }; - - return new OkObjectResult(obj); + return new OkObjectResult(await this._userService.SuperSecretPromotionToAdmin(userId)); } } } diff --git a/src/DevHive.Web/Models/Comment/UpdateCommentWebModel.cs b/src/DevHive.Web/Models/Comment/UpdateCommentWebModel.cs index b5d7970..1e120fd 100644 --- a/src/DevHive.Web/Models/Comment/UpdateCommentWebModel.cs +++ b/src/DevHive.Web/Models/Comment/UpdateCommentWebModel.cs @@ -4,8 +4,6 @@ namespace DevHive.Web.Models.Comment { public class UpdateCommentWebModel { - public Guid CommentId { get; set; } - public Guid PostId { get; set; } public string NewMessage { get; set; } diff --git a/src/DevHive.Web/Models/Identity/User/BaseUserWebModel.cs b/src/DevHive.Web/Models/Identity/User/BaseUserWebModel.cs index d7d8d29..297e1a5 100644 --- a/src/DevHive.Web/Models/Identity/User/BaseUserWebModel.cs +++ b/src/DevHive.Web/Models/Identity/User/BaseUserWebModel.cs @@ -10,7 +10,6 @@ namespace DevHive.Web.Models.Identity.User [Required] [MinLength(3)] [MaxLength(50)] - [OnlyAlphanumerics(ErrorMessage = "Username can only contain letters and digits!")] public string UserName { get; set; } [NotNull] diff --git a/src/DevHive.Web/Models/Identity/User/LoginWebModel.cs b/src/DevHive.Web/Models/Identity/User/LoginWebModel.cs index 0395274..ccd806f 100644 --- a/src/DevHive.Web/Models/Identity/User/LoginWebModel.cs +++ b/src/DevHive.Web/Models/Identity/User/LoginWebModel.cs @@ -10,7 +10,6 @@ namespace DevHive.Web.Models.Identity.User [Required] [MinLength(3)] [MaxLength(50)] - [OnlyAlphanumerics(ErrorMessage = "Username can only contain letters and digits!")] public string UserName { get; set; } [NotNull] diff --git a/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs b/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs index a20c1bf..c533bba 100644 --- a/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs +++ b/src/DevHive.Web/Models/Identity/User/UsernameWebModel.cs @@ -10,7 +10,6 @@ namespace DevHive.Web.Models.Identity.User [Required] [MinLength(3)] [MaxLength(50)] - [OnlyAlphanumerics(ErrorMessage = "Username can only contain letters and digits!")] public string UserName { get; set; } } } diff --git a/src/DevHive.Web/Models/Post/CreatePostWebModel.cs b/src/DevHive.Web/Models/Post/CreatePostWebModel.cs index 256055a..237259d 100644 --- a/src/DevHive.Web/Models/Post/CreatePostWebModel.cs +++ b/src/DevHive.Web/Models/Post/CreatePostWebModel.cs @@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Http; namespace DevHive.Web.Models.Post { - public class CreatePostWebModel + public class CreatePostWebModel { [NotNull] [Required] |