using System.Collections.Generic; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using Oqtane.Repository; using Oqtane.Models; using Oqtane.Shared; using System.Linq; using Oqtane.Infrastructure; using Oqtane.Security; namespace Oqtane.Controllers { [Route("{site}/api/[controller]")] public class FolderController : Controller { private readonly IFolderRepository Folders; private readonly IUserPermissions UserPermissions; private readonly ILogManager logger; public FolderController(IFolderRepository Folders, IUserPermissions UserPermissions, ILogManager logger) { this.Folders = Folders; this.UserPermissions = UserPermissions; this.logger = logger; } // GET: api/?siteid=x [HttpGet] public IEnumerable Get(string siteid) { List folders = new List(); foreach(Folder folder in Folders.GetFolders(int.Parse(siteid))) { if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions)) { folders.Add(folder); } } return folders; } // GET api//5 [HttpGet("{id}")] public Folder Get(int id) { Folder folder = Folders.GetFolder(id); if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions)) { return folder; } else { logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {Folder}", folder); HttpContext.Response.StatusCode = 401; return null; } } // POST api/ [HttpPost] [Authorize(Roles = Constants.RegisteredRole)] public Folder Post([FromBody] Folder Folder) { if (ModelState.IsValid) { string permissions; if (Folder.ParentId != null) { permissions = Folders.GetFolder(Folder.ParentId.Value).Permissions; } else { permissions = UserSecurity.SetPermissionStrings(new List { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } }); } if (UserPermissions.IsAuthorized(User, "Edit", permissions)) { if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null) { Folder parent = Folders.GetFolder(Folder.ParentId.Value); Folder.Path = parent.Path + Folder.Name + "\\"; } Folder = Folders.AddFolder(Folder); logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder); } else { logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", Folder); HttpContext.Response.StatusCode = 401; Folder = null; } } return Folder; } // PUT api//5 [HttpPut("{id}")] [Authorize(Roles = Constants.RegisteredRole)] public Folder Put(int id, [FromBody] Folder Folder) { if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit")) { if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null) { Folder parent = Folders.GetFolder(Folder.ParentId.Value); Folder.Path = parent.Path + Folder.Name + "\\"; } Folder = Folders.UpdateFolder(Folder); logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder); } else { logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", Folder); HttpContext.Response.StatusCode = 401; Folder = null; } return Folder; } // PUT api//?siteid=x&folderid=y&parentid=z [HttpPut] [Authorize(Roles = Constants.RegisteredRole)] public void Put(int siteid, int folderid, int? parentid) { if (UserPermissions.IsAuthorized(User, "Folder", folderid, "Edit")) { int order = 1; List folders = Folders.GetFolders(siteid).ToList(); foreach (Folder folder in folders.Where(item => item.ParentId == parentid).OrderBy(item => item.Order)) { if (folder.Order != order) { folder.Order = order; Folders.UpdateFolder(folder); } order += 2; } logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Order Updated {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid); } else { logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder Order {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid); HttpContext.Response.StatusCode = 401; } } // DELETE api//5 [HttpDelete("{id}")] [Authorize(Roles = Constants.RegisteredRole)] public void Delete(int id) { if (UserPermissions.IsAuthorized(User, "Folder", id, "Edit")) { Folders.DeleteFolder(id); logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id); } else { logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Folder {FolderId}", id); HttpContext.Response.StatusCode = 401; } } } }