diff --git a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs index 036b30d..ac789c4 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs @@ -1,5 +1,6 @@ using kabinizer_api.Dtos.BookingRequest; using kabinizer_api.Model; +using kabinizer_api.Services; using kabinizer_data; using kabinizer_data.Entities; using Microsoft.AspNetCore.Mvc; @@ -12,16 +13,19 @@ namespace kabinizer_api.Controllers; public class BookingRequestController : ControllerBase { private readonly EntityContext _entityContext; + private readonly ITokenService _tokenService; - public BookingRequestController(EntityContext entityContext) + public BookingRequestController(EntityContext entityContext, ITokenService tokenService) { _entityContext = entityContext; + _tokenService = tokenService; } [HttpGet] public IEnumerable GetBookingRequests() { - return _entityContext.BookingRequests.Select(BookingRequest.FromEntity); + var currentUserId = _tokenService.GetUserId(); + return _entityContext.BookingRequests.Where(b => b.UserId == currentUserId).Select(BookingRequest.FromModel); } [HttpGet] @@ -31,16 +35,16 @@ public IEnumerable GetBookingRequestsByUserId(Guid userId) return _entityContext.BookingRequests .Where(e => e.UserId == userId) .ToList() - .Select(BookingRequest.FromEntity); + .Select(BookingRequest.FromModel); } [HttpPost] public void AddBookingRequests([Required] IEnumerable r) { - // TODO: Use authenticated user + var currentUserId = _tokenService.GetUserId(); IEnumerable bookingRequestEntities = - r.Select(e => new BookingRequestEntity(e.UserId, e.FromDate, e.ToDate)); + r.Select(e => new BookingRequestEntity(currentUserId, e.FromDate, e.ToDate)); _entityContext.BookingRequests.AddRange(bookingRequestEntities); _entityContext.SaveChanges(); @@ -49,7 +53,15 @@ public void AddBookingRequests([Required] IEnumerable r [HttpDelete] public bool DeleteBookingRequest([Required] Guid bookingRequestId) { + var currentUserId = _tokenService.GetUserId(); + BookingRequestEntity entityToRemove = _entityContext.BookingRequests.Single(br => br.Id == bookingRequestId); + + if (entityToRemove.UserId != currentUserId) + { + throw new Exception("You cannot remove a booking request for another user"); + } + _entityContext.BookingRequests.Remove(entityToRemove); _entityContext.SaveChanges(); return true; diff --git a/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs b/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs index dc3bd79..130c96f 100644 --- a/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs +++ b/kabinizer-back-end/kabinizer-api/Dtos/BookingRequest/CreateBookingRequestDto.cs @@ -1,3 +1,3 @@ namespace kabinizer_api.Dtos.BookingRequest; -public record CreateBookingRequestDto(Guid UserId, DateOnly FromDate, DateOnly ToDate); \ No newline at end of file +public record CreateBookingRequestDto(DateOnly FromDate, DateOnly ToDate); \ No newline at end of file diff --git a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs index 61fa857..5908ab0 100644 --- a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs +++ b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs @@ -4,7 +4,7 @@ namespace kabinizer_api.Model; public record BookingRequest(Guid Id, Guid UserId, DateOnly FromDate, DateOnly ToDate) { - public static BookingRequest FromEntity(BookingRequestEntity e) + public static BookingRequest FromModel(BookingRequestEntity e) { return new BookingRequest(e.Id, e.UserId, DateOnly.FromDateTime(e.FromDate), DateOnly.FromDateTime(e.ToDate)); } diff --git a/kabinizer-back-end/kabinizer-api/Program.cs b/kabinizer-back-end/kabinizer-api/Program.cs index 6eb2a6e..22432e7 100644 --- a/kabinizer-back-end/kabinizer-api/Program.cs +++ b/kabinizer-back-end/kabinizer-api/Program.cs @@ -1,3 +1,4 @@ +using kabinizer_api.Services; using kabinizer_data; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; @@ -6,15 +7,16 @@ var builder = WebApplication.CreateBuilder(args); // Add services to the container. - builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("EntraID")); -builder.Services.AddControllers(); - builder.Services.AddDbContext(o => o.UseSqlServer(builder.Configuration.GetConnectionString("KabinizerConnection"))); +builder.Services.AddScoped(); + +builder.Services.AddControllers(); + builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); diff --git a/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs new file mode 100644 index 0000000..38fa658 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs @@ -0,0 +1,6 @@ +namespace kabinizer_api.Services; + +public interface ITokenService +{ + Guid GetUserId(); +} \ No newline at end of file diff --git a/kabinizer-back-end/kabinizer-api/Services/TokenService.cs b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs new file mode 100644 index 0000000..9eb7449 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs @@ -0,0 +1,17 @@ +namespace kabinizer_api.Services; + +public class TokenService : ITokenService +{ + private readonly IHttpContextAccessor _httpContextAccessor; + + public TokenService(IHttpContextAccessor httpContextAccessor) + { + _httpContextAccessor = httpContextAccessor; + } + + public Guid GetUserId() + { + var guid = _httpContextAccessor.HttpContext.User.Claims.First(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").Value; + return new Guid(guid); + } +}