using Microsoft.AspNetCore.Mvc; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using zero.Core.Api; using zero.Core.Entities; using zero.Core.Identity; using zero.Web.Models; namespace zero.Web.Controllers { [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Read)] public class UsersController : BackofficeController { IUserApi Api; IAuthenticationApi AuthenticationApi; IPermissionsApi PermissionsApi; public UsersController(IUserApi api, IAuthenticationApi authenticationApi, IPermissionsApi permissionsApi) { Api = api; AuthenticationApi = authenticationApi; PermissionsApi = permissionsApi; IsCoreDatabase = true; } public async Task> GetById([FromQuery] string id) => Edit(await Api.GetUserById(id)); public async Task> GetAll([FromQuery] ListBackofficeQuery query) => await Api.GetByQuery(query); public IList GetAllPermissions() => PermissionsApi.GetAll(); public async Task> GetForPicker() => (await Api.GetAll()).Select(x => new SelectModel() { Id = x.Id, Name = x.Name, IsActive = x.IsActive }); public async Task> GetPreviews([FromQuery] List ids) { return Previews(await Api.GetByIds(ids.ToArray()), item => new PreviewModel() { Id = item.Id, Icon = item.AvatarId, Name = item.Name }); } [ZeroAuthorize] public async Task> UpdatePassword([FromBody] UserPasswordEditModel model) { EntityResult result; if (model.NewPassword != model.ConfirmNewPassword) { result = EntityResult.Fail(nameof(model.NewPassword), "@errors.changepassword.newpasswordsnotmatching"); } else { BackofficeUser user = await AuthenticationApi.GetUser(); result = await Api.UpdatePassword(user as BackofficeUser, model.CurrentPassword, model.NewPassword); if (result.IsSuccess) { await AuthenticationApi.Logout(); } } return result; } [ZeroAuthorize] public async Task> HashPassword([FromBody] UserPasswordEditModel model) { BackofficeUser user = await Api.GetUserById(model.UserId); return await Api.HashPassword(user, model.CurrentPassword, model.NewPassword, model.ConfirmNewPassword); } [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Update)] public async Task> Disable([FromBody] BackofficeUser model) { BackofficeUser entity = await Api.GetUserById(model.Id); return await Api.Disable(entity); } [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Update)] public async Task> Enable([FromBody] BackofficeUser model) { BackofficeUser entity = await Api.GetUserById(model.Id); return await Api.Enable(entity); } [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Update)] public async Task> Save([FromBody] BackofficeUser model) => await Api.Save(model); [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Update)] // TODO do not need settings.users authorization for editing current user profiles public async Task> SaveCurrent([FromBody] BackofficeUser model) => await Api.Save(model); [ZeroAuthorize(Permissions.Settings.Users, PermissionsValue.Update)] public async Task> Delete([FromQuery] string id) => await Api.Delete(id); } }