diff --git a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs index 76e2a67..0f143b4 100644 --- a/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs +++ b/kabinizer-back-end/kabinizer-api/Controllers/BookingRequestController.cs @@ -1,5 +1,6 @@ using kabinizer_api.Dtos.BookingRequest; using kabinizer_api.Model; +using kabinizer_api.Services; using kabinizer_api.Services.Export; using kabinizer_data; using kabinizer_data.Entities; @@ -13,38 +14,29 @@ namespace kabinizer_api.Controllers; public class BookingRequestController : ControllerBase { private readonly EntityContext entityContext; + private readonly ITokenService tokenService; - public BookingRequestController(EntityContext entityContext) + public BookingRequestController(EntityContext entityContext, ITokenService tokenService) { this.entityContext = entityContext; + this.tokenService = tokenService; } [HttpGet] public IEnumerable GetBookingRequests() { + var currentUserId = tokenService.GetUserId(); return entityContext.BookingRequests - .Select(BookingRequest.FromEntity); + .Where(b => b.UserId == currentUserId) + .AsEnumerable().Select(BookingRequest.FromModel); } - [HttpGet] - [Route("user")] - public IEnumerable GetBookingRequestsForUser() - { - // TODO: use authed user - return entityContext.BookingRequests - .Where(e => e.UserId == new Guid("EADD8F73-8B7A-4188-BFF8-8C80E6CB98FA")) - .ToList() - .Select(BookingRequest.FromEntity); - } - - [HttpPost] public void AddBookingRequests([Required] IEnumerable r) { - // TODO: use authed user + var currentUserId = tokenService.GetUserId(); IEnumerable bookingRequestEntities = - r.Select(e => new BookingRequestEntity(new Guid("EADD8F73-8B7A-4188-BFF8-8C80E6CB98FA"), e.PeriodId)); - //r.Select(e => new BookingRequestEntity(e.UserId, e.PeriodId)); + r.Select(e => new BookingRequestEntity(currentUserId, e.PeriodId)); entityContext.BookingRequests.AddRange(bookingRequestEntities); entityContext.SaveChanges(); @@ -53,7 +45,15 @@ public void AddBookingRequests([Required] IEnumerable r [HttpDelete] public bool DeleteBookingRequest([Required] Guid bookingRequestId) { + var currentUserId = tokenService.GetUserId(); + BookingRequestEntity entityToRemove = entityContext.BookingRequests.Single(br => br.Id == bookingRequestId); + + if (entityToRemove.UserId != currentUserId) + { + throw new Exception("You cannot remove a booking request for another user"); + } + entityContext.BookingRequests.Remove(entityToRemove); entityContext.SaveChanges(); return true; diff --git a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs index 5648042..6a453a1 100644 --- a/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs +++ b/kabinizer-back-end/kabinizer-api/Model/BookingRequest.cs @@ -4,7 +4,7 @@ namespace kabinizer_api.Model; public record BookingRequest(Guid Id, Guid UserId, Guid PeriodId) { - public static BookingRequest FromEntity(BookingRequestEntity e) + public static BookingRequest FromModel(BookingRequestEntity e) { return new BookingRequest(e.Id, e.UserId, e.PeriodId); } diff --git a/kabinizer-back-end/kabinizer-api/Program.cs b/kabinizer-back-end/kabinizer-api/Program.cs index d293880..f130c7d 100644 --- a/kabinizer-back-end/kabinizer-api/Program.cs +++ b/kabinizer-back-end/kabinizer-api/Program.cs @@ -1,7 +1,9 @@ using kabinizer_api.Services; using kabinizer_api.Services.Draw; using kabinizer_data; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.Identity.Web; var builder = WebApplication.CreateBuilder(args); @@ -9,12 +11,17 @@ builder.Services.AddScoped(); // Add services to the container. -builder.Services.AddControllers(); +builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("EntraID")); builder.Services.AddDbContext(o => o.UseSqlServer(builder.Configuration.GetConnectionString("KabinizerConnection"))); +builder.Services.AddScoped(); + +builder.Services.AddControllers(); + builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); @@ -26,9 +33,10 @@ app.UseHttpsRedirection(); +app.UseAuthentication(); app.UseAuthorization(); -app.MapControllers(); +app.MapControllers().RequireAuthorization(); // Migrate db using (var scope = app.Services.CreateScope()) diff --git a/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs new file mode 100644 index 0000000..38fa658 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/ITokenService.cs @@ -0,0 +1,6 @@ +namespace kabinizer_api.Services; + +public interface ITokenService +{ + Guid GetUserId(); +} \ No newline at end of file diff --git a/kabinizer-back-end/kabinizer-api/Services/TokenService.cs b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs new file mode 100644 index 0000000..9eb7449 --- /dev/null +++ b/kabinizer-back-end/kabinizer-api/Services/TokenService.cs @@ -0,0 +1,17 @@ +namespace kabinizer_api.Services; + +public class TokenService : ITokenService +{ + private readonly IHttpContextAccessor _httpContextAccessor; + + public TokenService(IHttpContextAccessor httpContextAccessor) + { + _httpContextAccessor = httpContextAccessor; + } + + public Guid GetUserId() + { + var guid = _httpContextAccessor.HttpContext.User.Claims.First(c => c.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier").Value; + return new Guid(guid); + } +} diff --git a/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj b/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj index 32ebe9b..9fec283 100644 --- a/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj +++ b/kabinizer-back-end/kabinizer-api/kabinizer-api.csproj @@ -5,6 +5,7 @@ enable enable kabinizer_api + ae423604-4603-4f57-a55b-f051618b4e17 @@ -14,6 +15,7 @@ all runtime; build; native; contentfiles; analyzers; buildtransitive +