Diplomarbeit-Absolventenverein/Module.PremiumArea
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DB Migrtation geändert und PDF upload funktioniert

Browse Source
This commit is contained in:
Florian Edlmayer
2026-02-19 11:48:44 +01:00
parent 1e88a86be1
commit b51b37a6e8
13 changed files with 741 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
Server/Services/PremiumService.cs Normal file
View File

@@ -0,0 +1,98 @@
using System;
using SZUAbsolventenverein.Module.PremiumArea.Models;
using SZUAbsolventenverein.Module.PremiumArea.Repository;
using Oqtane.Infrastructure;
using Oqtane.Shared;
using Oqtane.Modules;
using Oqtane.Enums;
namespace SZUAbsolventenverein.Module.PremiumArea.Services
{
public interface IPremiumService
{
bool IsPremium(int userId);
DateTime? GetPremiumUntil(int userId);
void GrantPremium(int userId, int durationMonths, string source, string referenceId = null);
}
public class PremiumService : IPremiumService, ITransientService
{
private readonly IUserPremiumRepository _userPremiumRepository;
private readonly ILogManager _logger;
public PremiumService(IUserPremiumRepository userPremiumRepository, ILogManager logger)
{
_userPremiumRepository = userPremiumRepository;
_logger = logger;
}
public bool IsPremium(int userId)
{
var premium = _userPremiumRepository.GetUserPremium(userId);
return premium != null && premium.PremiumUntil.HasValue && premium.PremiumUntil.Value > DateTime.UtcNow;
}
public DateTime? GetPremiumUntil(int userId)
{
var premium = _userPremiumRepository.GetUserPremium(userId);
return premium?.PremiumUntil;
}
public void GrantPremium(int userId, int durationMonths, string source, string referenceId = null)
{
var current = _userPremiumRepository.GetUserPremium(userId);
var now = DateTime.UtcNow;
DateTime startBase = now;
if (current != null && current.PremiumUntil.HasValue && current.PremiumUntil.Value > now)
{
startBase = current.PremiumUntil.Value;
}
var newUntil = startBase.AddMonths(durationMonths);
// delta days for audit
int deltaDays = (newUntil - (current?.PremiumUntil ?? now)).Days;
// correction: actually we want to know how many days we ADDED to the existing flow.
// If they had 0 days separately, we added durationMonths * 30 approx.
// If they had existing time, we added durationMonths.
// Audit Log usually tracks "What did this action add?". It added 1 year.
// But let's calculate days added relative to "previous state".
// If expired: Added (NewUntil - Now) days.
// If active: Added (NewUntil - OldUntil) = durationMonths roughly.
// Simpler: Just store the DurationMonths converted to days roughly, or the stored delta.
int addedDays = (newUntil - startBase).Days;
if (current == null)
{
current = new UserPremium
{
UserId = userId,
CreatedOn = now,
ModifiedOn = now
};
}
current.PremiumUntil = newUntil;
current.Source = source;
current.ModifiedOn = now;
_userPremiumRepository.SaveUserPremium(current);
// Audit
var audit = new PremiumEvent
{
UserId = userId,
DeltaDays = addedDays,
Source = source,
ReferenceId = referenceId,
CreatedOn = now,
ModifiedOn = now
};
_userPremiumRepository.AddPremiumEvent(audit);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Granted Premium for User {UserId} until {Until}", userId, newUntil);
}
}
}

297
Server/Services/ServerEngineerApplicationService.cs
View File

@@ -22,7 +22,9 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
private readonly IHttpContextAccessor _accessor;
private readonly Alias _alias;
public ServerEngineerApplicationService(IEngineerApplicationRepository repository, IPremiumService premiumService, IUserPermissions userPermissions, ITenantManager tenantManager, ILogManager logger, IHttpContextAccessor accessor)
public ServerEngineerApplicationService(IEngineerApplicationRepository repository,
IPremiumService premiumService, IUserPermissions userPermissions, ITenantManager tenantManager,
ILogManager logger, IHttpContextAccessor accessor)
{
_repository = repository;
_premiumService = premiumService;
@@ -34,42 +36,43 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
public Task<List<EngineerApplication>> GetApplicationsAsync(int ModuleId)
{
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit)) // Admin/Edit
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId).ToList());
}
// Check if Premium
if (IsUserPremium(user))
{
// Return Approved AND Published
// Repository GetEngineerApplications(ModuleId, status) usually filters by status.
// If I want both, I might need 2 calls or update Repository.
// Simple approach: Get All and filter here? No, repository likely filters.
// Let's call twice and combine for now, or assume Repository supports "Published".
var approved = _repository.GetEngineerApplications(ModuleId, "Approved");
var published = _repository.GetEngineerApplications(ModuleId, "Published");
return Task.FromResult(approved.Union(published).ToList());
}
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId,
PermissionNames.Edit)) // Admin/Edit
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId).ToList());
}
return Task.FromResult(new List<EngineerApplication>());
// Check if Premium
if (IsUserPremium(user))
{
// Return Approved AND Published
// Repository GetEngineerApplications(ModuleId, status) usually filters by status.
// If I want both, I might need 2 calls or update Repository.
// Simple approach: Get All and filter here? No, repository likely filters.
// Let's call twice and combine for now, or assume Repository supports "Published".
var approved = _repository.GetEngineerApplications(ModuleId, "Approved");
var published = _repository.GetEngineerApplications(ModuleId, "Published");
return Task.FromResult(approved.Union(published).ToList());
}
return Task.FromResult(new List<EngineerApplication>());
}
public Task<List<EngineerApplication>> GetApplicationsAsync(int ModuleId, string status)
{
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId, status).ToList());
}
if ((status == "Approved" || status == "Published") && IsUserPremium(user))
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId, status).ToList());
}
return Task.FromResult(new List<EngineerApplication>());
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId, status).ToList());
}
if ((status == "Approved" || status == "Published") && IsUserPremium(user))
{
return Task.FromResult(_repository.GetEngineerApplications(ModuleId, status).ToList());
}
return Task.FromResult(new List<EngineerApplication>());
}
public Task<EngineerApplication> GetApplicationAsync(int ApplicationId, int ModuleId)
@@ -81,7 +84,8 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
var userId = _accessor.HttpContext.GetUserId();
// Allow if Admin OR Owner OR (Premium AND (Approved OR Published))
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit);
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId,
PermissionNames.Edit);
bool isOwner = (userId != -1 && app.UserId == userId);
bool isPremiumViewer = ((app.Status == "Approved" || app.Status == "Published") && IsUserPremium(user));
@@ -97,21 +101,22 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
{
var user = _accessor.HttpContext.User;
var userId = _accessor.HttpContext.GetUserId();
if (userId == -1) // Not logged in
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Add Attempt (Anonymous)");
return Task.FromResult<EngineerApplication>(null);
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Add Attempt (Anonymous)");
return Task.FromResult<EngineerApplication>(null);
}
// Check if allowed to view module (Registered Users usually can View)
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId, PermissionNames.View))
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId,
PermissionNames.View))
{
Application.UserId = userId;
// Auto-publish if file uploaded (Checked by Status=Published from client)
// If client sends "Published", we accept it.
if (string.IsNullOrEmpty(Application.Status)) Application.Status = "Draft";
if (string.IsNullOrEmpty(Application.Status)) Application.Status = "Draft";
// Set ApprovedOn if Published? user asked for removal of admin approval.
if (Application.Status == "Published")
{
@@ -120,9 +125,11 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
}
Application = _repository.AddEngineerApplication(Application);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Application Added {Application}", Application);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Application Added {Application}",
Application);
return Task.FromResult(Application);
}
return Task.FromResult<EngineerApplication>(null);
}
@@ -133,31 +140,27 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
var user = _accessor.HttpContext.User;
var userId = _accessor.HttpContext.GetUserId();
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId, PermissionNames.Edit);
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId,
PermissionNames.Edit);
if (isAdmin || (existing.UserId == userId && existing.Status == "Draft")) // Only owner can edit if Draft
{
if (!isAdmin)
{
Application.Status = existing.Status == "Draft" && Application.Status == "Submitted" ? "Published" : existing.Status; // Auto-publish on submit
Application.Status = existing.Status == "Draft" && Application.Status == "Submitted"
? "Published"
: existing.Status; // Auto-publish on submit
// If client sends "Published" (which Apply.razor does), apply it.
if (Application.Status == "Published" && existing.Status == "Draft")
{
Application.SubmittedOn = DateTime.UtcNow;
Application.ApprovedOn = DateTime.UtcNow;
}
Application.AdminNote = existing.AdminNote;
Application.AdminReviewedBy = existing.AdminReviewedBy;
Application.AdminReviewedAt = existing.AdminReviewedAt;
// Preserve report status if user editing
Application.IsReported = existing.IsReported;
Application.ReportReason = existing.ReportReason;
Application.ReportCount = existing.ReportCount;
}
Application = _repository.UpdateEngineerApplication(Application);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Updated {Application}", Application);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Updated {Application}",
Application);
return Task.FromResult(Application);
}
@@ -167,100 +170,97 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
public Task DeleteApplicationAsync(int ApplicationId, int ModuleId)
{
var existing = _repository.GetEngineerApplication(ApplicationId);
var user = _accessor.HttpContext.User;
var userId = _accessor.HttpContext.GetUserId();
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit);
var user = _accessor.HttpContext.User;
var userId = _accessor.HttpContext.GetUserId();
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId,
PermissionNames.Edit);
if (existing != null && (isAdmin || existing.UserId == userId))
{
_repository.DeleteEngineerApplication(ApplicationId);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Application Deleted {Id}", ApplicationId);
}
return Task.CompletedTask;
}
// Custom Methods not just CRUD
public Task ApproveApplicationAsync(int ApplicationId, int ModuleId)
{
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
var app = _repository.GetEngineerApplication(ApplicationId);
if (app != null)
{
app.Status = "Approved"; // Keep Approved status for Admin explicitly approving (locking)
app.ApprovedOn = DateTime.UtcNow;
app.AdminReviewedBy = _accessor.HttpContext.GetUserId();
app.AdminReviewedAt = DateTime.UtcNow;
// Clear Reports
app.IsReported = false;
// app.ReportReason = null; // Optional: keep history?
// app.ReportCount = 0;
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
var app = _repository.GetEngineerApplication(ApplicationId);
if (app != null)
{
app.Status = "Approved"; // Keep Approved status for Admin explicitly approving (locking)
app.ApprovedOn = DateTime.UtcNow;
// app.ReportReason = null; // Optional: keep history?
// app.ReportCount = 0;
_repository.UpdateEngineerApplication(app);
_repository.UpdateEngineerApplication(app);
// Grant Premium
_premiumService.GrantPremium(app.UserId, 12, "engineer_application", $"AppId:{app.ApplicationId}");
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Approved {Id}", ApplicationId);
}
}
return Task.CompletedTask;
// Grant Premium
_premiumService.GrantPremium(app.UserId, 12, "engineer_application", $"AppId:{app.ApplicationId}");
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Approved {Id}",
ApplicationId);
}
}
return Task.CompletedTask;
}
public Task RejectApplicationAsync(int ApplicationId, int ModuleId, string Reason)
{
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
var app = _repository.GetEngineerApplication(ApplicationId);
if (app != null)
{
app.Status = "Rejected";
app.AdminNote = Reason;
app.AdminReviewedBy = _accessor.HttpContext.GetUserId();
app.AdminReviewedAt = DateTime.UtcNow;
_repository.UpdateEngineerApplication(app);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Rejected {Id}", ApplicationId);
}
}
return Task.CompletedTask;
var user = _accessor.HttpContext.User;
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
{
var app = _repository.GetEngineerApplication(ApplicationId);
if (app != null)
{
app.Status = "Rejected";
_repository.UpdateEngineerApplication(app);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Rejected {Id}",
ApplicationId);
}
}
return Task.CompletedTask;
}
public Task ReportApplicationAsync(int ApplicationId, int ModuleId, string Reason)
{
// Allow any View authorized user to report?
// Or only Premium users?
// Users who can VIEW the application can report it.
// Since we restrict View to Premium (or Owner/Admin), we check that.
// First, get the application to check existence
var app = _repository.GetEngineerApplication(ApplicationId);
if (app == null || app.ModuleId != ModuleId) return Task.CompletedTask;
// Allow any View authorized user to report?
// Or only Premium users?
// Users who can VIEW the application can report it.
// Since we restrict View to Premium (or Owner/Admin), we check that.
var user = _accessor.HttpContext.User;
// Check if user is allowed to View this app
bool canView = false;
// Admin/Edit
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit)) canView = true;
// Premium
else if (IsUserPremium(user) && (app.Status == "Approved" || app.Status == "Published")) canView = true;
// First, get the application to check existence
var app = _repository.GetEngineerApplication(ApplicationId);
if (app == null || app.ModuleId != ModuleId) return Task.CompletedTask;
if (canView)
{
app.IsReported = true;
app.ReportReason = Reason;
app.ReportCount++;
_repository.UpdateEngineerApplication(app);
// Send Notification?
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Reported {Id}", ApplicationId);
}
return Task.CompletedTask;
var user = _accessor.HttpContext.User;
// Check if user is allowed to View this app
bool canView = false;
// Admin/Edit
if (_userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
canView = true;
// Premium
else if (IsUserPremium(user) && (app.Status == "Approved" || app.Status == "Published")) canView = true;
if (canView)
{
_repository.UpdateEngineerApplication(app);
// Send Notification?
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Application Reported {Id}", ApplicationId);
}
return Task.CompletedTask;
}
private bool IsUserPremium(System.Security.Claims.ClaimsPrincipal user)
@@ -274,55 +274,58 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
// In Oqtane.Shared.UserSecurity class? Or Oqtane.Extensions?
// Usually `_accessor.HttpContext.GlobalUserId()` ??
// Let's rely on standard DI/Context.
// NOTE: IsUserPremium check requires querying the DB via PremiumService.
// This could be expensive on every list call. Caching might be better but for now DB is fine.
// To get UserId from ClaimsPrincipal:
// var userId = int.Parse(user.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value);
// I will use `_accessor.HttpContext.GetUserId()` from `Oqtane.Infrastructure` or similar if available.
// Since I am already using `_accessor`, I'll rely on Oqtane extensions being available.
int userId = -1;
// Trying standard Oqtane way which is usually:
if (user.Identity.IsAuthenticated)
{
// Using Oqtane.Shared.PrincipalExtensions?
// Let's just try to parse NameIdentifier if GetUserId() is not available in my context.
// But wait, `ModuleControllerBase` has `User` property.
// Here I am in a Service.
// I will write a helper to safely get UserId.
var claim = user.Claims.FirstOrDefault(item => item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
if (claim != null)
{
int.TryParse(claim.Value, out userId);
}
// Using Oqtane.Shared.PrincipalExtensions?
// Let's just try to parse NameIdentifier if GetUserId() is not available in my context.
// But wait, `ModuleControllerBase` has `User` property.
// Here I am in a Service.
// I will write a helper to safely get UserId.
var claim = user.Claims.FirstOrDefault(item =>
item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
if (claim != null)
{
int.TryParse(claim.Value, out userId);
}
}
if (userId != -1)
{
return _premiumService.IsPremium(userId);
}
return false;
return false;
}
}
// Quick helper for GetUserId if not present in Usings
public static class ClaimsPrincipalExtensions
{
public static int GetUserId(this HttpContext context)
{
if (context?.User?.Identity?.IsAuthenticated == true)
{
var claim = context.User.Claims.FirstOrDefault(item => item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
public static int GetUserId(this HttpContext context)
{
if (context?.User?.Identity?.IsAuthenticated == true)
{
var claim = context.User.Claims.FirstOrDefault(item =>
item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
if (claim != null && int.TryParse(claim.Value, out int userId))
{
return userId;
}
}
return -1;
}
}
return -1;
}
}
}