damien/comissions-app-core-api
1
0
Fork 0
mirror of https://github.com/D4M13N-D3V/comissions-app-core-api.git synced 2025-10-31 17:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: updated permissions

Browse Source
This commit is contained in:
Damien Ostler 2024-02-19 19:22:38 -05:00
parent d0a1f041d4
commit 18e9606350
3 changed files with 35 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/comissions.app.api/Controllers/ArtistController.cs
View File

@ -30,7 +30,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("read:seller-profile")] [Authorize("read:artist")]
public async Task<IActionResult> GetArtist() public async Task<IActionResult> GetArtist()
{ {
var userId = User.GetUserId(); var userId = User.GetUserId();
@ -47,7 +47,7 @@ public class ArtistController : Controller
} }
[HttpPut] [HttpPut]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
public async Task<IActionResult> UpdateArtist(ArtistModel model) public async Task<IActionResult> UpdateArtist(ArtistModel model)
{ {
var userId = User.GetUserId(); var userId = User.GetUserId();
@ -71,7 +71,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("read:seller-profile")] [Authorize("read:artist")]
[Route("Request")] [Route("Request")]
public async Task<IActionResult> GetArtistRequest() public async Task<IActionResult> GetArtistRequest()
{ {
@ -84,7 +84,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("read:seller-profile")] [Authorize("read:artist")]
[Route("Page")] [Route("Page")]
public async Task<IActionResult> GetArtistPage() public async Task<IActionResult> GetArtistPage()
{ {
@ -97,7 +97,7 @@ public class ArtistController : Controller
} }
[HttpPut] [HttpPut]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
[Route("Page")] [Route("Page")]
public async Task<IActionResult> UpdateArtistPage([FromBody]ArtistPageSettingsModel model) public async Task<IActionResult> UpdateArtistPage([FromBody]ArtistPageSettingsModel model)
{ {
@ -119,7 +119,7 @@ public class ArtistController : Controller
} }
[HttpPost] [HttpPost]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
public async Task<IActionResult> RequestArtist([FromBody] string message) public async Task<IActionResult> RequestArtist([FromBody] string message)
{ {
var userId = User.GetUserId(); var userId = User.GetUserId();
@ -148,7 +148,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("read:seller-profile")] [Authorize("read:artist")]
[Route("{sellerServiceId:int}/Portfolio/{portfolioId:int}")] [Route("{sellerServiceId:int}/Portfolio/{portfolioId:int}")]
public async Task<IActionResult> GetPortfolio(int sellerServiceId, int portfolioId) public async Task<IActionResult> GetPortfolio(int sellerServiceId, int portfolioId)
{ {
@ -172,7 +172,7 @@ public class ArtistController : Controller
[HttpGet] [HttpGet]
[Route("Portfolio")] [Route("Portfolio")]
[Authorize("read:seller-profile")] [Authorize("read:artist")]
public async Task<IActionResult> GetPortfolio() public async Task<IActionResult> GetPortfolio()
{ {
var userId = User.GetUserId(); var userId = User.GetUserId();
@ -193,7 +193,7 @@ public class ArtistController : Controller
[HttpPost] [HttpPost]
[Route("Portfolio")] [Route("Portfolio")]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
public async Task<IActionResult> AddPortfolio() public async Task<IActionResult> AddPortfolio()
{ {
var userId = User.GetUserId(); var userId = User.GetUserId();
@ -219,7 +219,7 @@ public class ArtistController : Controller
} }
[HttpDelete] [HttpDelete]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
[Route("Portfolio/{portfolioId:int}")] [Route("Portfolio/{portfolioId:int}")]
public async Task<IActionResult> DeletePortfolio(int portfolioId) public async Task<IActionResult> DeletePortfolio(int portfolioId)
{ {
@ -245,7 +245,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
[Route("Onboard")] [Route("Onboard")]
public async Task<IActionResult> PaymentAccountStatus() public async Task<IActionResult> PaymentAccountStatus()
{ {
@ -266,7 +266,7 @@ public class ArtistController : Controller
} }
[HttpGet] [HttpGet]
[Authorize("write:seller-profile")] [Authorize("write:artist")]
[Route("Onboard/Url")] [Route("Onboard/Url")]
public async Task<IActionResult> GetPaymentAccount() public async Task<IActionResult> GetPaymentAccount()
{ {

9
src/comissions.app.api/Controllers/RequestsController.cs
View File

@ -1,8 +1,10 @@
using comissions.app.api.Extensions;
using comissions.app.api.Services.Payment; using comissions.app.api.Services.Payment;
using comissions.app.api.Services.Storage; using comissions.app.api.Services.Storage;
using comissions.app.database; using comissions.app.database;
using comissions.app.database.Entities; using comissions.app.database.Entities;
using comissions.app.database.Models.Request; using comissions.app.database.Models.Request;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
@ -24,11 +26,14 @@ public class RequestsController : Controller
_dbContext = dbContext; _dbContext = dbContext;
} }
[Authorize("read:request")]
[HttpGet] [HttpGet]
[Route("Requests")] [Route("Requests")]
public async Task<IActionResult> GetRequests(string search="",int offset = 0, int pageSize = 10) public async Task<IActionResult> GetRequests(string search="",int offset = 0, int pageSize = 10)
{ {
var userId = User.GetUserId();
var requests = await _dbContext.Requests var requests = await _dbContext.Requests
.Where(x=>x.UserId==userId)
.Include(x=>x.Artist) .Include(x=>x.Artist)
.Where(x=>x.Artist.Name.Contains(search) || x.Message.Contains(search)) .Where(x=>x.Artist.Name.Contains(search) || x.Message.Contains(search))
.Skip(offset).Take(pageSize).ToListAsync(); .Skip(offset).Take(pageSize).ToListAsync();
@ -36,11 +41,14 @@ public class RequestsController : Controller
return Ok(result); return Ok(result);
} }
[Authorize("read:request")]
[HttpGet] [HttpGet]
[Route("Requests/{requestId:int}")] [Route("Requests/{requestId:int}")]
public async Task<IActionResult> GetRequest(int requestId) public async Task<IActionResult> GetRequest(int requestId)
{ {
var userId = User.GetUserId();
var request = await _dbContext.Requests var request = await _dbContext.Requests
.Where(x=>x.UserId==userId)
.Include(x=>x.Artist) .Include(x=>x.Artist)
.FirstOrDefaultAsync(x=>x.Id==requestId); .FirstOrDefaultAsync(x=>x.Id==requestId);
if(request==null) if(request==null)
@ -49,6 +57,7 @@ public class RequestsController : Controller
return Ok(result); return Ok(result);
} }
[Authorize("write:request")]
[HttpPost] [HttpPost]
[Route("Requests")] [Route("Requests")]
public async Task<IActionResult> CreateRequest([FromBody] RequestModel model) public async Task<IActionResult> CreateRequest([FromBody] RequestModel model)

56
src/comissions.app.api/Program.cs
View File

@ -49,20 +49,12 @@ builder.Services.AddSwaggerGen(options =>
{ "openid", "OpenId" }, { "openid", "OpenId" },
{ "email", "Email" }, { "email", "Email" },
{ "profile", "Profile" }, { "profile", "Profile" },
{ "read:user", "Read your profile information." }, { "read:user", "Read your user information." },
{ "write:user", "Update your profile information." }, { "write:user", "Update your user information." },
{ "read:billing-information", "Read your billing information." }, { "read:artist", "Read settings and information about your artist profile."},
{ "write:billing-information", "Update your billing information." }, { "write:artist", "Update settings, page design, and other things about your artist profile."},
{ "read:seller-profile", "Read your seller profile information."}, { "read:request", "View existing requests and their artwork."},
{ "write:seller-profile", "Update your seller profile information."}, { "write:request", "Create new requests."},
{ "write:seller-profile-request", "Accept seller profile requests."},
{ "read:seller-profile-request", "Read seller profile requests."},
{ "read:seller-service", "Read services on your seller profile."},
{ "write:seller-service", "Update services on your seller profile."},
{ "write:orders", "Create new orders and take action against existing ones."},
{ "read:orders", "View your orders."},
{ "read:seller-orders", "View orders on your seller profile."},
{ "write:seller-orders", "Update orders on your seller profile."}
} }
} }
} }
@ -109,35 +101,15 @@ builder.Services.AddAuthorization(options =>
options.AddPolicy("write:user", policy => policy.Requirements.Add(new options.AddPolicy("write:user", policy => policy.Requirements.Add(new
HasScopeRequirement("write:user", builder.Configuration.GetValue<string>("Auth0:Domain")))); HasScopeRequirement("write:user", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:billing-information", policy => policy.Requirements.Add(new options.AddPolicy("read:artist", policy => policy.Requirements.Add(new
HasScopeRequirement("read:billing-information", builder.Configuration.GetValue<string>("Auth0:Domain")))); HasScopeRequirement("read:artist", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:billing-information", policy => policy.Requirements.Add(new options.AddPolicy("write:artist", policy => policy.Requirements.Add(new
HasScopeRequirement("write:billing-information", builder.Configuration.GetValue<string>("Auth0:Domain")))); HasScopeRequirement("write:artist", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-profile", policy => policy.Requirements.Add(new options.AddPolicy("read:request", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-profile", builder.Configuration.GetValue<string>("Auth0:Domain")))); HasScopeRequirement("read:request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-profile", policy => policy.Requirements.Add(new options.AddPolicy("write:request", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-profile", builder.Configuration.GetValue<string>("Auth0:Domain")))); HasScopeRequirement("write:request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-profile-request", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-profile-request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-profile-request", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-profile-request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-service", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-service", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-service", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-service", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:orders", policy => policy.Requirements.Add(new
HasScopeRequirement("write:orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:orders", policy => policy.Requirements.Add(new
HasScopeRequirement("read:orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-orders", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-orders", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
}); });
builder.Services.AddSingleton<IAuthorizationHandler, HasScopeHandler>(); builder.Services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();