damien/comissions-app-core-api
1
0
Fork 0
mirror of https://github.com/D4M13N-D3V/comissions-app-core-api.git synced 2025-10-31 17:45:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: updated permissions

Browse Source
This commit is contained in:
Damien Ostler 2024-02-19 19:22:38 -05:00
parent d0a1f041d4
commit 18e9606350
3 changed files with 35 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/comissions.app.api/Controllers/ArtistController.cs
View File

@ -30,7 +30,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("read:seller-profile")]
[Authorize("read:artist")]
public async Task<IActionResult> GetArtist()
{
var userId = User.GetUserId();
@ -47,7 +47,7 @@ public class ArtistController : Controller
}
[HttpPut]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
public async Task<IActionResult> UpdateArtist(ArtistModel model)
{
var userId = User.GetUserId();
@ -71,7 +71,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("read:seller-profile")]
[Authorize("read:artist")]
[Route("Request")]
public async Task<IActionResult> GetArtistRequest()
{
@ -84,7 +84,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("read:seller-profile")]
[Authorize("read:artist")]
[Route("Page")]
public async Task<IActionResult> GetArtistPage()
{
@ -97,7 +97,7 @@ public class ArtistController : Controller
}
[HttpPut]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
[Route("Page")]
public async Task<IActionResult> UpdateArtistPage([FromBody]ArtistPageSettingsModel model)
{
@ -119,7 +119,7 @@ public class ArtistController : Controller
}
[HttpPost]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
public async Task<IActionResult> RequestArtist([FromBody] string message)
{
var userId = User.GetUserId();
@ -148,7 +148,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("read:seller-profile")]
[Authorize("read:artist")]
[Route("{sellerServiceId:int}/Portfolio/{portfolioId:int}")]
public async Task<IActionResult> GetPortfolio(int sellerServiceId, int portfolioId)
{
@ -172,7 +172,7 @@ public class ArtistController : Controller
[HttpGet]
[Route("Portfolio")]
[Authorize("read:seller-profile")]
[Authorize("read:artist")]
public async Task<IActionResult> GetPortfolio()
{
var userId = User.GetUserId();
@ -193,7 +193,7 @@ public class ArtistController : Controller
[HttpPost]
[Route("Portfolio")]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
public async Task<IActionResult> AddPortfolio()
{
var userId = User.GetUserId();
@ -219,7 +219,7 @@ public class ArtistController : Controller
}
[HttpDelete]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
[Route("Portfolio/{portfolioId:int}")]
public async Task<IActionResult> DeletePortfolio(int portfolioId)
{
@ -245,7 +245,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
[Route("Onboard")]
public async Task<IActionResult> PaymentAccountStatus()
{
@ -266,7 +266,7 @@ public class ArtistController : Controller
}
[HttpGet]
[Authorize("write:seller-profile")]
[Authorize("write:artist")]
[Route("Onboard/Url")]
public async Task<IActionResult> GetPaymentAccount()
{

9
src/comissions.app.api/Controllers/RequestsController.cs
View File

@ -1,8 +1,10 @@
using comissions.app.api.Extensions;
using comissions.app.api.Services.Payment;
using comissions.app.api.Services.Storage;
using comissions.app.database;
using comissions.app.database.Entities;
using comissions.app.database.Models.Request;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
@ -24,11 +26,14 @@ public class RequestsController : Controller
_dbContext = dbContext;
}
[Authorize("read:request")]
[HttpGet]
[Route("Requests")]
public async Task<IActionResult> GetRequests(string search="",int offset = 0, int pageSize = 10)
{
var userId = User.GetUserId();
var requests = await _dbContext.Requests
.Where(x=>x.UserId==userId)
.Include(x=>x.Artist)
.Where(x=>x.Artist.Name.Contains(search) || x.Message.Contains(search))
.Skip(offset).Take(pageSize).ToListAsync();
@ -36,11 +41,14 @@ public class RequestsController : Controller
return Ok(result);
}
[Authorize("read:request")]
[HttpGet]
[Route("Requests/{requestId:int}")]
public async Task<IActionResult> GetRequest(int requestId)
{
var userId = User.GetUserId();
var request = await _dbContext.Requests
.Where(x=>x.UserId==userId)
.Include(x=>x.Artist)
.FirstOrDefaultAsync(x=>x.Id==requestId);
if(request==null)
@ -49,6 +57,7 @@ public class RequestsController : Controller
return Ok(result);
}
[Authorize("write:request")]
[HttpPost]
[Route("Requests")]
public async Task<IActionResult> CreateRequest([FromBody] RequestModel model)

56
src/comissions.app.api/Program.cs
View File

@ -49,20 +49,12 @@ builder.Services.AddSwaggerGen(options =>
{ "openid", "OpenId" },
{ "email", "Email" },
{ "profile", "Profile" },
{ "read:user", "Read your profile information." },
{ "write:user", "Update your profile information." },
{ "read:billing-information", "Read your billing information." },
{ "write:billing-information", "Update your billing information." },
{ "read:seller-profile", "Read your seller profile information."},
{ "write:seller-profile", "Update your seller profile information."},
{ "write:seller-profile-request", "Accept seller profile requests."},
{ "read:seller-profile-request", "Read seller profile requests."},
{ "read:seller-service", "Read services on your seller profile."},
{ "write:seller-service", "Update services on your seller profile."},
{ "write:orders", "Create new orders and take action against existing ones."},
{ "read:orders", "View your orders."},
{ "read:seller-orders", "View orders on your seller profile."},
{ "write:seller-orders", "Update orders on your seller profile."}
{ "read:user", "Read your user information." },
{ "write:user", "Update your user information." },
{ "read:artist", "Read settings and information about your artist profile."},
{ "write:artist", "Update settings, page design, and other things about your artist profile."},
{ "read:request", "View existing requests and their artwork."},
{ "write:request", "Create new requests."},
}
}
}
@ -109,35 +101,15 @@ builder.Services.AddAuthorization(options =>
options.AddPolicy("write:user", policy => policy.Requirements.Add(new
HasScopeRequirement("write:user", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:billing-information", policy => policy.Requirements.Add(new
HasScopeRequirement("read:billing-information", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:billing-information", policy => policy.Requirements.Add(new
HasScopeRequirement("write:billing-information", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:artist", policy => policy.Requirements.Add(new
HasScopeRequirement("read:artist", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:artist", policy => policy.Requirements.Add(new
HasScopeRequirement("write:artist", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-profile", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-profile", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-profile", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-profile", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-profile-request", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-profile-request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-profile-request", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-profile-request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-service", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-service", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-service", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-service", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:orders", policy => policy.Requirements.Add(new
HasScopeRequirement("write:orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:orders", policy => policy.Requirements.Add(new
HasScopeRequirement("read:orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:seller-orders", policy => policy.Requirements.Add(new
HasScopeRequirement("read:seller-orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:seller-orders", policy => policy.Requirements.Add(new
HasScopeRequirement("write:seller-orders", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("read:request", policy => policy.Requirements.Add(new
HasScopeRequirement("read:request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
options.AddPolicy("write:request", policy => policy.Requirements.Add(new
HasScopeRequirement("write:request", builder.Configuration.GetValue<string>("Auth0:Domain"))));
});
builder.Services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();