From 7f91dabd7ad3febaa231b93c4b924c99d356ebb8 Mon Sep 17 00:00:00 2001 From: tschumpr Date: Wed, 31 Jul 2024 15:34:42 +0200 Subject: [PATCH 01/10] Migrate API --- src/api/BdmsContext.cs | 6 + src/api/Controllers/UserController.cs | 146 +++++++++++++++++++++--- src/api/Models/TermsAccepted.cs | 38 ++++++ src/api/Models/User.cs | 17 +++ src/api/Models/UserWorkgroupRole.cs | 10 ++ tests/Controllers/UserControllerTest.cs | 111 +++++++++++++++++- 6 files changed, 308 insertions(+), 20 deletions(-) create mode 100644 src/api/Models/TermsAccepted.cs diff --git a/src/api/BdmsContext.cs b/src/api/BdmsContext.cs index be5b35619..e700a9062 100644 --- a/src/api/BdmsContext.cs +++ b/src/api/BdmsContext.cs @@ -18,6 +18,11 @@ public class BdmsContext : DbContext public DbSet Stratigraphies { get; set; } public DbSet Terms { get; set; } public DbSet Users { get; set; } + public IQueryable UsersWithIncludes => Users + .Include(u => u.WorkgroupRoles) + .ThenInclude(wr => wr.Workgroup) + .Include(u => u.TermsAccepted) + .ThenInclude(ta => ta.Term); public DbSet UserWorkgroupRoles { get; set; } public DbSet Workflows { get; set; } public DbSet Workgroups { get; set; } @@ -88,6 +93,7 @@ protected override void OnModelCreating(ModelBuilder modelBuilder) { modelBuilder.HasDefaultSchema("bdms"); modelBuilder.Entity().HasKey(k => new { k.UserId, k.WorkgroupId, k.Role }); + modelBuilder.Entity().HasKey(k => new { k.UserId, k.TermId }); modelBuilder.Entity() .HasMany(b => b.Files) diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs index 6eee3fbba..13e0e30bf 100644 --- a/src/api/Controllers/UserController.cs +++ b/src/api/Controllers/UserController.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; +using Swashbuckle.AspNetCore.Annotations; namespace BDMS.Controllers; @@ -11,33 +12,60 @@ namespace BDMS.Controllers; public class UserController : ControllerBase { private readonly BdmsContext context; + private ILogger logger; /// /// Initializes a new instance of the class. /// /// The EF database context containing data for the BDMS application. - public UserController(BdmsContext context) + /// The logger used by the controller. + public UserController(BdmsContext context, ILogger logger) { this.context = context; + this.logger = logger; } /// - /// Gets the current authenticated and authorized bdms user. + /// Gets the currently authenticated and authorized bdms user. /// [HttpGet("self")] [Authorize(Policy = PolicyNames.Viewer)] - public async Task> GetUserInformationAsync() => - await context.Users.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId()).ConfigureAwait(false); + [SwaggerResponse(StatusCodes.Status200OK, "Returns the currently logged in user.", typeof(IEnumerable), new[] { "application/json" })] + public async Task GetSelf() + { + var user = await context.UsersWithIncludes.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId()).ConfigureAwait(false); + user.Deletable = IsDeletable(user); + return user; + } /// - /// Gets the user list. + /// Gets the user with the specified . + /// + [HttpGet("{id}")] + [SwaggerResponse(StatusCodes.Status200OK, "Returns the user with the specified id.", typeof(IEnumerable), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] + public async Task GetUserById(int id) + { + var user = await context.UsersWithIncludes.SingleOrDefaultAsync(u => u.Id == id).ConfigureAwait(false); + + if (user == null) + { + return NotFound(); + } + + user.Deletable = IsDeletable(user); + return Ok(user); + } + + /// + /// Gets a list of users. /// [HttpGet] + [SwaggerResponse(StatusCodes.Status200OK, "Returns a list of users.", typeof(IEnumerable), new[] { "application/json" })] public async Task> GetAll() { var users = await context - .Users - .Include(x => x.WorkgroupRoles) + .UsersWithIncludes .AsNoTracking() .OrderBy(x => x.Name) .ToListAsync() @@ -45,22 +73,17 @@ public async Task> GetAll() foreach (var user in users) { - user.Deletable = !(context.Workflows.Any(x => x.UserId == user.Id) - || context.Layers.Any(x => x.CreatedById == user.Id) - || context.Layers.Any(x => x.UpdatedById == user.Id) - || context.Boreholes.Any(x => x.UpdatedById == user.Id) - || context.Boreholes.Any(x => x.CreatedById == user.Id) - || context.Boreholes.Any(x => x.LockedById == user.Id) - || context.Stratigraphies.Any(x => x.CreatedById == user.Id) - || context.Stratigraphies.Any(x => x.UpdatedById == user.Id) - || context.Files.Any(x => x.CreatedById == user.Id) - || context.BoreholeFiles.Any(x => x.UserId == user.Id)); + user.Deletable = IsDeletable(user); } return users; } + /// + /// Resets all settings to initial state. + /// [HttpPost("resetAllSettings")] + [SwaggerResponse(StatusCodes.Status200OK, "All settings were reset successfully.")] public ActionResult ResetAllSettings() { // Reset admin settings to initial state @@ -72,4 +95,93 @@ public ActionResult ResetAllSettings() return Ok(); } + + + /// + /// Updates the . + /// + [HttpPut] + [SwaggerResponse(StatusCodes.Status200OK, "The user was updated successfully.")] + [SwaggerResponse(StatusCodes.Status400BadRequest, "The user could not be updated due to invalid input.")] + [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] + [SwaggerResponse(StatusCodes.Status401Unauthorized, "The current user is not authorized to update users.")] + [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ", typeof(ProblemDetails), new[] { "application/json" })] + public async Task Edit(User user) + { + try + { + if (user == null) + { + return BadRequest(); + } + + var userToEdit = await context.Users.SingleOrDefaultAsync(u => u.Id == user.Id).ConfigureAwait(false); + if (userToEdit == null) + { + return NotFound(); + } + + userToEdit.IsAdmin = user.IsAdmin; + userToEdit.DisabledAt = user.DisabledAt; + + await context.SaveChangesAsync().ConfigureAwait(false); + var result = await context.UsersWithIncludes.AsNoTracking().SingleOrDefaultAsync(u => u.Id == user.Id).ConfigureAwait(false); + result.Deletable = IsDeletable(result); + return Ok(result); + } + catch (Exception e) + { + logger.LogError(e, "Error while updating user."); + return Problem(e.Message); + } + } + + /// + /// Deletes the user with the specified . + /// + [HttpDelete("{id}")] + [SwaggerResponse(StatusCodes.Status200OK, "The user was deleted successfully.")] + [SwaggerResponse(StatusCodes.Status400BadRequest, "The user could not be updated due to invalid input.")] + [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] + [SwaggerResponse(StatusCodes.Status401Unauthorized, "The current user is not authorized to delete users.")] + [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ", typeof(ProblemDetails), new[] { "application/json" })] + public async Task Delete(int id) + { + try + { + var user = await context.Users.SingleOrDefaultAsync(u => u.Id == id).ConfigureAwait(false); + if (user == null) + { + return NotFound(); + } + + if (!IsDeletable(user)) + { + return Problem("The user is associated with boreholes, layers, stratigraphies, workflows, files or borehole files and cannot be deleted."); + } + + context.Users.Remove(user); + await context.SaveChangesAsync().ConfigureAwait(false); + return Ok(); + } + catch (Exception e) + { + logger.LogError(e, "Error while deleting user."); + return Problem(e.Message); + } + } + + private bool IsDeletable(User user) + { + return !(context.Workflows.Any(x => x.UserId == user.Id) + || context.Layers.Any(x => x.CreatedById == user.Id) + || context.Layers.Any(x => x.UpdatedById == user.Id) + || context.Boreholes.Any(x => x.UpdatedById == user.Id) + || context.Boreholes.Any(x => x.CreatedById == user.Id) + || context.Boreholes.Any(x => x.LockedById == user.Id) + || context.Stratigraphies.Any(x => x.CreatedById == user.Id) + || context.Stratigraphies.Any(x => x.UpdatedById == user.Id) + || context.Files.Any(x => x.CreatedById == user.Id) + || context.BoreholeFiles.Any(x => x.UserId == user.Id)); + } } diff --git a/src/api/Models/TermsAccepted.cs b/src/api/Models/TermsAccepted.cs new file mode 100644 index 000000000..3e937b770 --- /dev/null +++ b/src/api/Models/TermsAccepted.cs @@ -0,0 +1,38 @@ +using System.ComponentModel.DataAnnotations.Schema; + +namespace BDMS.Models; + +/// +/// Represents a terms_accepted entity in the database. +/// +[Table("terms_accepted")] +public class TermsAccepted +{ + /// + /// Gets or sets the foreign key to the entity. + /// + [Column("id_usr_fk")] + public int UserId { get; set; } + + /// + /// Gets or sets the . + /// + public User? User { get; set; } + + /// + /// Gets or sets the foreign key to the entity. + /// + [Column("id_tes_fk")] + public int TermId { get; set; } + + /// + /// Gets or sets the . + /// + public Term? Term { get; set; } + + /// + /// Gets or sets the timestamp from the moment the terms got accepted. + /// + [Column("accepted_tea")] + public DateTime AcceptedAt { get; set; } +} diff --git a/src/api/Models/User.cs b/src/api/Models/User.cs index 77a3f71bf..11badb28b 100644 --- a/src/api/Models/User.cs +++ b/src/api/Models/User.cs @@ -55,11 +55,28 @@ public class User : IIdentifyable [Column("disabled_usr")] public DateTime? DisabledAt { get; set; } + /// + /// Gets or sets the timestamp from the moment a got disabled. + /// + [Column("created_usr")] + public DateTime? CreatedAt { get; set; } + + /// + /// Gets or sets the s settings. + /// + [Column("settings_usr")] + public string? Settings { get; set; } + /// /// Gets the WorkgroupRoles. /// public IEnumerable WorkgroupRoles { get; } + /// + /// Gets the TermsAccepted. + /// + public IEnumerable TermsAccepted { get; } + /// /// Gets or sets whether this user can be deleted. /// diff --git a/src/api/Models/UserWorkgroupRole.cs b/src/api/Models/UserWorkgroupRole.cs index 9c174769c..7d652846d 100644 --- a/src/api/Models/UserWorkgroupRole.cs +++ b/src/api/Models/UserWorkgroupRole.cs @@ -14,12 +14,22 @@ public class UserWorkgroupRole [Column("id_usr_fk")] public int UserId { get; set; } + /// + /// Gets or sets the . + /// + public User? User { get; set; } + /// /// Gets or sets the foreign key to the entity. /// [Column("id_wgp_fk")] public int WorkgroupId { get; set; } + /// + /// Gets or sets the . + /// + public Workgroup? Workgroup { get; set; } + /// /// Gets or sets the . /// diff --git a/tests/Controllers/UserControllerTest.cs b/tests/Controllers/UserControllerTest.cs index e2e87c76a..fe27e77b9 100644 --- a/tests/Controllers/UserControllerTest.cs +++ b/tests/Controllers/UserControllerTest.cs @@ -1,4 +1,9 @@ -using Microsoft.VisualStudio.TestTools.UnitTesting; +using Microsoft.AspNetCore.Mvc; +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Logging; +using Microsoft.VisualStudio.TestTools.UnitTesting; +using Moq; +using static BDMS.Helpers; namespace BDMS.Controllers; @@ -6,9 +11,14 @@ namespace BDMS.Controllers; public class UserControllerTest { private BdmsContext context; + private UserController userController; [TestInitialize] - public void TestInitialize() => context = ContextFactory.GetTestContext(); + public void TestInitialize() + { + context = ContextFactory.GetTestContext(); + userController = new UserController(context, new Mock>().Object) { ControllerContext = GetControllerContextAdmin() }; + } [TestCleanup] public async Task TestCleanup() => await context.DisposeAsync(); @@ -16,7 +26,7 @@ public class UserControllerTest [TestMethod] public async Task GetAll() { - var users = await new UserController(context).GetAll().ConfigureAwait(false); + var users = await userController.GetAll(); Assert.AreEqual(8, users.Count()); foreach (var user in users) @@ -24,4 +34,99 @@ public async Task GetAll() Assert.AreEqual(user.SubjectId == "sub_deletableUser" || user.SubjectId == "sub_viewer", user.Deletable); } } + + [TestMethod] + public async Task GetSelf() + { + var user = await userController.GetSelf(); + Assert.IsNotNull(user); + Assert.AreEqual("sub_admin", user.SubjectId); + Assert.IsTrue(user.IsAdmin); + Assert.IsFalse(user.Deletable); + Assert.AreEqual(5, user.WorkgroupRoles.Count()); + } + + [TestMethod] + public async Task GetUserById() + { + var user = await context.UsersWithIncludes.AsNoTracking().SingleOrDefaultAsync(u => u.SubjectId == "sub_editor"); + Assert.IsNotNull(user); + + var result = await userController.GetUserById(user.Id); + ActionResultAssert.IsOk(result); + + var returnedUser = (result as OkObjectResult).Value as Models.User; + Assert.AreEqual("e. user", returnedUser.Name); + Assert.AreEqual("sub_editor", returnedUser.SubjectId); + Assert.AreEqual("editor", returnedUser.FirstName); + Assert.AreEqual("user", returnedUser.LastName); + Assert.IsFalse(returnedUser.IsAdmin); + Assert.IsFalse(returnedUser.IsDisabled); + Assert.IsFalse(returnedUser.Deletable); + Assert.AreEqual(1, returnedUser.WorkgroupRoles.Count()); + Assert.AreEqual(Models.Role.Editor, returnedUser.WorkgroupRoles.First().Role); + } + + [TestMethod] + public async Task GetUserByIdNotFound() + { + var result = await userController.GetUserById(0); + ActionResultAssert.IsNotFound(result); + } + + [TestMethod] + public async Task EditUser() + { + var user = await context.UsersWithIncludes.AsNoTracking().SingleOrDefaultAsync(u => u.SubjectId == "sub_validator"); + Assert.IsNotNull(user); + Assert.IsFalse(user.IsAdmin); + Assert.IsFalse(user.IsDisabled); + + user.IsAdmin = true; + user.DisabledAt = DateTime.UtcNow; + user.FirstName = "Updated"; + + var result = await userController.Edit(user); + ActionResultAssert.IsOk(result); + + var updatedUser = (result as OkObjectResult).Value as Models.User; + Assert.AreEqual(user.Id, updatedUser.Id); + Assert.IsTrue(updatedUser.IsAdmin); + Assert.IsTrue(updatedUser.IsDisabled); + Assert.AreNotEqual("Updated", updatedUser.FirstName); + } + + [TestMethod] + public async Task EditUserNotFound() + { + var result = await userController.Edit(new Models.User { Id = 0 }); + ActionResultAssert.IsNotFound(result); + } + + [TestMethod] + public async Task DeleteUser() + { + var user = await context.Users.AsNoTracking().SingleOrDefaultAsync(u => u.SubjectId == "sub_deletableUser"); + Assert.IsNotNull(user); + + var result = await userController.Delete(user.Id); + ActionResultAssert.IsOk(result); + } + + [TestMethod] + public async Task DeleteUserNotFound() + { + var result = await userController.Delete(0); + ActionResultAssert.IsNotFound(result); + } + + [TestMethod] + public async Task DeleteUserNotDeletable() + { + var user = await context.Users.AsNoTracking().SingleOrDefaultAsync(u => u.SubjectId == "sub_filesUser"); + Assert.IsNotNull(user); + + var result = await userController.Delete(user.Id); + ActionResultAssert.IsInternalServerError(result, "The user is associated with boreholes, layers, stratigraphies, workflows, files or borehole files and cannot be deleted."); + } } From 716e3168c3d1637a41080349246d1343365ab715 Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 09:55:23 +0200 Subject: [PATCH 02/10] Use new api requests for user admin --- src/api/Models/User.cs | 4 +- src/client/src/api-lib/actions/user.js | 35 ----------- src/client/src/api-lib/index.js | 10 ---- src/client/src/api/apiInterfaces.ts | 60 +++++++++++++++++++ src/client/src/api/fetchApiV2.js | 2 - src/client/src/api/user.ts | 21 +++++++ .../pages/settings/admin/adminSettings.jsx | 27 ++++----- 7 files changed, 95 insertions(+), 64 deletions(-) create mode 100644 src/client/src/api/apiInterfaces.ts create mode 100644 src/client/src/api/user.ts diff --git a/src/api/Models/User.cs b/src/api/Models/User.cs index 11badb28b..6f4811ca3 100644 --- a/src/api/Models/User.cs +++ b/src/api/Models/User.cs @@ -70,12 +70,12 @@ public class User : IIdentifyable /// /// Gets the WorkgroupRoles. /// - public IEnumerable WorkgroupRoles { get; } + public IEnumerable? WorkgroupRoles { get; } /// /// Gets the TermsAccepted. /// - public IEnumerable TermsAccepted { get; } + public IEnumerable? TermsAccepted { get; } /// /// Gets or sets whether this user can be deleted. diff --git a/src/client/src/api-lib/actions/user.js b/src/client/src/api-lib/actions/user.js index 754a63e5f..d676e678e 100644 --- a/src/client/src/api-lib/actions/user.js +++ b/src/client/src/api-lib/actions/user.js @@ -20,38 +20,3 @@ export function loadUser() { type: "GET", }); } - -export function reloadUser() { - return fetch("/user", { - type: "RELOAD", - }); -} - -export function updateUser(id, admin = false) { - return fetch("/user/edit", { - action: "UPDATE", - user_id: id, - admin: admin, - }); -} - -export function enableUser(id) { - return fetch("/user/edit", { - action: "ENABLE", - id: id, - }); -} - -export function disableUser(id) { - return fetch("/user/edit", { - action: "DISABLE", - id: id, - }); -} - -export function deleteUser(id) { - return fetch("/user/edit", { - action: "DELETE", - id: id, - }); -} diff --git a/src/client/src/api-lib/index.js b/src/client/src/api-lib/index.js index ca7baac8d..da20b6406 100644 --- a/src/client/src/api-lib/index.js +++ b/src/client/src/api-lib/index.js @@ -8,11 +8,6 @@ import { setAuthentication, unsetAuthentication, loadUser, - reloadUser, - updateUser, - disableUser, - deleteUser, - enableUser, } from "./actions/user"; import { @@ -74,11 +69,6 @@ export { setAuthentication, unsetAuthentication, loadUser, - reloadUser, - updateUser, - disableUser, - deleteUser, - enableUser, createWorkgroup, enableWorkgroup, disableWorkgroup, diff --git a/src/client/src/api/apiInterfaces.ts b/src/client/src/api/apiInterfaces.ts new file mode 100644 index 000000000..5552b554e --- /dev/null +++ b/src/client/src/api/apiInterfaces.ts @@ -0,0 +1,60 @@ +export enum Role { + View, + Editor, + Controller, + Validator, + Publisher, +} + +export interface Workgroup { + // TODO: Add boreholes + id: number; + name: string; + created?: Date; + disabled?: Date; + settings?: string; + isSupplier?: boolean; +} + +export interface WorkgroupRole { + userId: number; + user: User; + workgroupId: number; + workgroup: Workgroup; + role: Role; +} + +export interface Term { + id: number; + isDraft: boolean; + textEn: string; + textDe?: string; + textFr?: string; + textIt?: string; + textRo?: string; + creation: Date; + expiration?: Date; +} + +export interface TermsAccepted { + userId: number; + user: User; + termId: number; + term: Term; + acceptedAt: Date; +} + +export interface User { + id: number; + subjectId: string; + name: string; + firstName: string; + lastName: string; + isAdmin: boolean; + isDisabled?: boolean; + disabledAt?: Date | string; + createdAt?: Date | string; + settings?: string; + workgroupRoles?: WorkgroupRole[]; + acceptedTerms?: TermsAccepted[]; +} diff --git a/src/client/src/api/fetchApiV2.js b/src/client/src/api/fetchApiV2.js index 6ae1fd37e..d6e858681 100644 --- a/src/client/src/api/fetchApiV2.js +++ b/src/client/src/api/fetchApiV2.js @@ -120,8 +120,6 @@ export const deleteFaciesDescription = async id => { return await fetchApiV2(`faciesdescription?id=${id}`, "DELETE"); }; -export const fetchUsers = async () => await fetchApiV2("user", "GET"); - // stratigraphy export const fetchStratigraphy = async id => { return await fetchApiV2(`stratigraphy/${id}`, "GET"); diff --git a/src/client/src/api/user.ts b/src/client/src/api/user.ts new file mode 100644 index 000000000..bb3d6f9fc --- /dev/null +++ b/src/client/src/api/user.ts @@ -0,0 +1,21 @@ +import { fetchApiV2 } from "./fetchApiV2"; +import { User } from "./apiInterfaces.ts"; + +export const fetchCurrentUser = async () => await fetchApiV2("user/self", "GET"); + +export const fetchUser = async (id: number) => await fetchApiV2(`user/${id}`, "GET"); + +export const fetchUsers = async () => await fetchApiV2("user", "GET"); + +export const updateUser = async (user: User) => { + if (user.disabledAt) { + user.disabledAt = new Date(user.disabledAt).toISOString(); + } + user.isDisabled = undefined; + user.acceptedTerms = undefined; + user.workgroupRoles = undefined; + + return await fetchApiV2("user", "PUT", user); +}; + +export const deleteUser = async (id: number) => await fetchApiV2(`user/${id}`, "DELETE"); diff --git a/src/client/src/pages/settings/admin/adminSettings.jsx b/src/client/src/pages/settings/admin/adminSettings.jsx index 8f6e70582..f2cf7ade3 100644 --- a/src/client/src/pages/settings/admin/adminSettings.jsx +++ b/src/client/src/pages/settings/admin/adminSettings.jsx @@ -3,22 +3,17 @@ import { connect } from "react-redux"; import PropTypes from "prop-types"; import { withTranslation } from "react-i18next"; import { AlertContext } from "../../../components/alert/alertContext"; -import { fetchUsers } from "../../../api/fetchApiV2"; +import { deleteUser, fetchUser, fetchUsers, updateUser } from "../../../api/user"; import { Button, Checkbox, Form, Icon, Input, Label, Loader, Modal, Table } from "semantic-ui-react"; import { createWorkgroup, - deleteUser, deleteWorkgroup, - disableUser, disableWorkgroup, - enableUser, enableWorkgroup, listWorkgroups, - reloadUser, setRole, - updateUser, updateWorkgroup, } from "../../../api-lib/index"; @@ -242,7 +237,9 @@ class AdminSettings extends React.Component { label=" " disabled={this.state.uId == null} onClick={() => { - updateUser(this.state.uId, this.state.uAdmin).then(response => { + const user = this.state.user; + user.isAdmin = this.state.uAdmin; + updateUser(user).then(response => { if (response.data.success === false) { this.context.showAlert(response.data.message, "error"); } else { @@ -425,11 +422,13 @@ class AdminSettings extends React.Component {
- {this.state.deleteUser === null ? null : this.state.deleteUser.disabledAt !== null ? ( + {this.state.deleteUser === null ? null : this.state.deleteUser.isDisabled ? (
[HttpGet("self")] [Authorize(Policy = PolicyNames.Viewer)] - [SwaggerResponse(StatusCodes.Status200OK, "Returns the currently logged in user.", typeof(IEnumerable), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status200OK, "Returns the currently logged in user.")] public async Task GetSelf() { var user = await context.UsersWithIncludes.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId()).ConfigureAwait(false); @@ -42,7 +42,7 @@ public UserController(BdmsContext context, ILogger logger) /// Gets the user with the specified . /// [HttpGet("{id}")] - [SwaggerResponse(StatusCodes.Status200OK, "Returns the user with the specified id.", typeof(IEnumerable), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status200OK, "Returns the user with the specified id.")] [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] public async Task GetUserById(int id) { @@ -61,7 +61,7 @@ public async Task GetUserById(int id) /// Gets a list of users. /// [HttpGet] - [SwaggerResponse(StatusCodes.Status200OK, "Returns a list of users.", typeof(IEnumerable), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status200OK, "Returns a list of users.")] public async Task> GetAll() { var users = await context @@ -96,7 +96,6 @@ public ActionResult ResetAllSettings() return Ok(); } - /// /// Updates the . /// @@ -105,7 +104,7 @@ public ActionResult ResetAllSettings() [SwaggerResponse(StatusCodes.Status400BadRequest, "The user could not be updated due to invalid input.")] [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] [SwaggerResponse(StatusCodes.Status401Unauthorized, "The current user is not authorized to update users.")] - [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ", typeof(ProblemDetails), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ")] public async Task Edit(User user) { try @@ -144,7 +143,7 @@ public async Task Edit(User user) [SwaggerResponse(StatusCodes.Status400BadRequest, "The user could not be updated due to invalid input.")] [SwaggerResponse(StatusCodes.Status404NotFound, "The user could not be found.")] [SwaggerResponse(StatusCodes.Status401Unauthorized, "The current user is not authorized to delete users.")] - [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ", typeof(ProblemDetails), new[] { "application/json" })] + [SwaggerResponse(StatusCodes.Status500InternalServerError, "The server encountered an unexpected condition that prevented it from fulfilling the request. ")] public async Task Delete(int id) { try From 28a5e6ad3ff5c5630343cf0a2993587306f56405 Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 14:49:08 +0200 Subject: [PATCH 04/10] Fix setting admin right --- src/client/src/pages/settings/admin/adminSettings.jsx | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/client/src/pages/settings/admin/adminSettings.jsx b/src/client/src/pages/settings/admin/adminSettings.jsx index f2cf7ade3..798249139 100644 --- a/src/client/src/pages/settings/admin/adminSettings.jsx +++ b/src/client/src/pages/settings/admin/adminSettings.jsx @@ -239,12 +239,8 @@ class AdminSettings extends React.Component { onClick={() => { const user = this.state.user; user.isAdmin = this.state.uAdmin; - updateUser(user).then(response => { - if (response.data.success === false) { - this.context.showAlert(response.data.message, "error"); - } else { - this.listUsers(); - } + updateUser(user).then(() => { + this.listUsers(); }); }}> From 558d884b12ee6c19a30d17566c62941bc240cb88 Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 14:51:17 +0200 Subject: [PATCH 05/10] Format code --- src/client/src/api-lib/index.js | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/src/client/src/api-lib/index.js b/src/client/src/api-lib/index.js index da20b6406..612a288de 100644 --- a/src/client/src/api-lib/index.js +++ b/src/client/src/api-lib/index.js @@ -4,36 +4,32 @@ import { loadSettings, patchSettings } from "./actions/settings"; import { acceptTerms, draftTerms, getTerms, getTermsDraft, publishTerms } from "./actions/terms"; -import { - setAuthentication, - unsetAuthentication, - loadUser, -} from "./actions/user"; +import { loadUser, setAuthentication, unsetAuthentication } from "./actions/user"; import { createWorkgroup, - enableWorkgroup, - disableWorkgroup, deleteWorkgroup, + disableWorkgroup, + enableWorkgroup, listWorkgroups, setRole, updateWorkgroup, } from "./actions/workgroups"; import { - updateBorehole, + createBorehole, + deleteBorehole, + deleteBoreholes, + getdBoreholeIds, + getGeojson, loadBorehole, loadBoreholes, - getdBoreholeIds, loadEditingBoreholes, - createBorehole, lockBorehole, - unlockBorehole, - deleteBorehole, - deleteBoreholes, patchBorehole, patchBoreholes, - getGeojson, + unlockBorehole, + updateBorehole, } from "./actions/borehole"; import { addIdentifier, removeIdentifier } from "./actions/identifier"; @@ -41,10 +37,10 @@ import { addIdentifier, removeIdentifier } from "./actions/identifier"; import { loadWorkflows, patchWorkflow, - updateWorkflow, - submitWorkflow, rejectWorkflow, resetWorkflow, + submitWorkflow, + updateWorkflow, } from "./actions/workflow"; import { createLayer, deleteLayer, gapLayer } from "./actions/stratigraphy"; @@ -55,7 +51,7 @@ import { loadDomains, patchCodeConfig } from "./actions/domains"; import { getWms } from "./actions/geoapi"; -import store, { injectReducer, configureStore, createReducer } from "./reducers"; +import store, { configureStore, createReducer, injectReducer } from "./reducers"; export { getHeight, From 01a8c01bcd618e23c5b57ff7032c08bbbd65436e Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 15:09:19 +0200 Subject: [PATCH 06/10] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b7667c3d..0a8acdce4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,7 @@ - Upgraded to PostgreSQL 15 and PostGIS 3.4. - Removed unused `IsViewer` flag from user. - Removed unused `UserEvent` from user. +- Migrated `User` API endpoints to .NET API. ### Fixed From c0a77f40da816838c30efe685ad34f7dcc7e62ad Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 16:12:40 +0200 Subject: [PATCH 07/10] Prevent admin user to remove own admin rights --- src/api/Controllers/UserController.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs index bb2c02991..989609952 100644 --- a/src/api/Controllers/UserController.cs +++ b/src/api/Controllers/UserController.cs @@ -120,7 +120,11 @@ public async Task Edit(User user) return NotFound(); } - userToEdit.IsAdmin = user.IsAdmin; + if (userToEdit.SubjectId != HttpContext.GetUserSubjectId()) + { + userToEdit.IsAdmin = user.IsAdmin; + } + userToEdit.DisabledAt = user.DisabledAt; await context.SaveChangesAsync().ConfigureAwait(false); From d8241126c435a0377f02d14f803f4e343d62d3bb Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 16:12:52 +0200 Subject: [PATCH 08/10] Remove unused code --- src/api-legacy/__init__.py | 1 - src/api-legacy/main.py | 2 - src/api-legacy/v1/user/__init__.py | 6 -- src/api-legacy/v1/user/admin.py | 74 ------------------- src/api-legacy/v1/user/delete.py | 115 ----------------------------- src/api-legacy/v1/user/disable.py | 23 ------ src/api-legacy/v1/user/enable.py | 23 ------ src/api-legacy/v1/user/handler.py | 2 +- src/api-legacy/v1/user/update.py | 28 ------- 9 files changed, 1 insertion(+), 273 deletions(-) delete mode 100644 src/api-legacy/v1/user/__init__.py delete mode 100644 src/api-legacy/v1/user/admin.py delete mode 100644 src/api-legacy/v1/user/delete.py delete mode 100644 src/api-legacy/v1/user/disable.py delete mode 100644 src/api-legacy/v1/user/enable.py delete mode 100644 src/api-legacy/v1/user/update.py diff --git a/src/api-legacy/__init__.py b/src/api-legacy/__init__.py index 22fc05f9c..cbde09dff 100644 --- a/src/api-legacy/__init__.py +++ b/src/api-legacy/__init__.py @@ -62,7 +62,6 @@ # User actions from bms.v1.user.handler import UserHandler -from bms.v1.user.admin import AdminHandler # Workgroup actions from bms.v1.user.workgrpup.admin import WorkgroupAdminHandler diff --git a/src/api-legacy/main.py b/src/api-legacy/main.py index 77effce35..6865fe830 100644 --- a/src/api-legacy/main.py +++ b/src/api-legacy/main.py @@ -88,7 +88,6 @@ async def close(application): # user handlers SettingHandler, UserHandler, - AdminHandler, WorkgroupAdminHandler, # Borehole handlers @@ -132,7 +131,6 @@ async def close(application): # User handlers (r'/api/v1/user', UserHandler), - (r'/api/v1/user/edit', AdminHandler), (r'/api/v1/user/workgroup/edit', WorkgroupAdminHandler), diff --git a/src/api-legacy/v1/user/__init__.py b/src/api-legacy/v1/user/__init__.py deleted file mode 100644 index 91fcf5553..000000000 --- a/src/api-legacy/v1/user/__init__.py +++ /dev/null @@ -1,6 +0,0 @@ -# -*- coding: utf-8 -*- - -from bms.v1.user.delete import DeleteUser -from bms.v1.user.disable import DisableUser -from bms.v1.user.enable import EnableUser -from bms.v1.user.update import UpdateUser diff --git a/src/api-legacy/v1/user/admin.py b/src/api-legacy/v1/user/admin.py deleted file mode 100644 index feb678da6..000000000 --- a/src/api-legacy/v1/user/admin.py +++ /dev/null @@ -1,74 +0,0 @@ -# -*- coding: utf-8 -*- -from bms import ( - AuthorizationException -) -from bms.v1.handlers.admin import Admin -from bms.v1.user import ( - DeleteUser, - DisableUser, - EnableUser, - UpdateUser -) - - -class AdminHandler(Admin): - async def execute(self, request): - - action = request.pop('action', None) - - if action in [ - 'CREATE', - 'DISABLE', - 'DELETE', - 'ENABLE', - 'UPDATE' - ]: - - async with self.pool.acquire() as conn: - - exe = None - - if action in [ - 'CREATE', - 'DELETE', - 'DISABLE', - 'ENABLE', - 'UPDATE' - ]: - if self.user['admin'] is False: - raise AuthorizationException() - - # Admin user cannot remove his own admin flag - if ( - action == 'UPDATE' and - self.user['id'] == request['user_id'] - ): - was_admin = await conn.fetchval(""" - SELECT admin_usr - FROM - bdms.users - WHERE - id_usr = $1 - """, request['user_id']) - - if was_admin and request['admin'] is False: - request['admin'] = True - - if action == 'UPDATE': - exe = UpdateUser(conn) - - elif action == 'DISABLE': - exe = DisableUser(conn) - - elif action == 'ENABLE': - exe = EnableUser(conn) - - elif action == 'DELETE': - exe = DeleteUser(conn) - - if exe is not None: - return ( - await exe.execute(**request) - ) - - raise Exception("Action '%s' unknown" % action) diff --git a/src/api-legacy/v1/user/delete.py b/src/api-legacy/v1/user/delete.py deleted file mode 100644 index 72bb0d1ff..000000000 --- a/src/api-legacy/v1/user/delete.py +++ /dev/null @@ -1,115 +0,0 @@ -# -*- coding: utf-8 -*- -from bms.v1.action import Action - - -class DeleteUser(Action): - - async def execute(self, id): - - # Check if user has done contributions - contributions = await self.conn.fetchval(""" - SELECT - ( - COALESCE(workflows, 0) - + COALESCE(layers, 0) - + COALESCE(borehole_author, 0) - + COALESCE(borehole_updater, 0) - + COALESCE(borehole_locker, 0) - + COALESCE(stratigraphy_author, 0) - + COALESCE(stratigraphy_updater, 0) - ) as contributions - - FROM - bdms.users - - LEFT JOIN ( - SELECT - id_usr_fk, - count(id_usr_fk) as workflows - FROM - bdms.workflow - GROUP BY - id_usr_fk - ) as wf - ON id_usr = wf.id_usr_fk - - LEFT JOIN ( - SELECT - creator_lay, - count(creator_lay) as layers - FROM - bdms.layer - GROUP BY - creator_lay - ) as ly - ON id_usr = ly.creator_lay - - LEFT JOIN ( - SELECT - created_by_bho, - count(created_by_bho) as borehole_author - FROM - bdms.borehole - GROUP BY - created_by_bho - ) as bha - ON id_usr = bha.created_by_bho - - LEFT JOIN ( - SELECT - updated_by_bho, - count(updated_by_bho) as borehole_updater - FROM - bdms.borehole - GROUP BY - updated_by_bho - ) as bhu - ON id_usr = bhu.updated_by_bho - - LEFT JOIN ( - SELECT - locked_by_bho, - count(locked_by_bho) as borehole_locker - FROM - bdms.borehole - GROUP BY - locked_by_bho - ) as bhl - ON id_usr = bhl.locked_by_bho - - LEFT JOIN ( - SELECT - author_sty, - count(author_sty) as stratigraphy_author - FROM - bdms.stratigraphy - GROUP BY - author_sty - ) as stc - ON id_usr = stc.author_sty - - LEFT JOIN ( - SELECT - updater_sty, - count(updater_sty) as stratigraphy_updater - FROM - bdms.stratigraphy - GROUP BY - updater_sty - ) as stu - ON id_usr = stu.updater_sty - - WHERE id_usr = $1 - """, id) - - if contributions > 0: - raise Exception( - f"User cannot be deleted because of {contributions} contributions" - ) - - await self.conn.execute(""" - DELETE FROM bdms.users - WHERE id_usr = $1 - """, id) - - return None diff --git a/src/api-legacy/v1/user/disable.py b/src/api-legacy/v1/user/disable.py deleted file mode 100644 index 3e4c14c28..000000000 --- a/src/api-legacy/v1/user/disable.py +++ /dev/null @@ -1,23 +0,0 @@ -# -*- coding: utf-8 -*- -from bms.v1.action import Action - - -class DisableUser(Action): - - async def execute(self, id): - return { - "id": ( - await self.conn.fetchval(""" - UPDATE - bdms.users - - SET - disabled_usr = now() - - WHERE - id_usr = $1 - """, - id - ) - ) - } diff --git a/src/api-legacy/v1/user/enable.py b/src/api-legacy/v1/user/enable.py deleted file mode 100644 index 02d333a60..000000000 --- a/src/api-legacy/v1/user/enable.py +++ /dev/null @@ -1,23 +0,0 @@ -# -*- coding: utf-8 -*- -from bms.v1.action import Action - - -class EnableUser(Action): - - async def execute(self, id): - return { - "id": ( - await self.conn.fetchval(""" - UPDATE - bdms.users - - SET - disabled_usr = NULL - - WHERE - id_usr = $1 - """, - id - ) - ) - } diff --git a/src/api-legacy/v1/user/handler.py b/src/api-legacy/v1/user/handler.py index 6080d7086..c217df755 100644 --- a/src/api-legacy/v1/user/handler.py +++ b/src/api-legacy/v1/user/handler.py @@ -11,7 +11,7 @@ async def execute(self, request): action = request.pop('action', None) if action in [ - 'GET', 'RELOAD' + 'GET' ]: workgroups = [] diff --git a/src/api-legacy/v1/user/update.py b/src/api-legacy/v1/user/update.py deleted file mode 100644 index 65a339fea..000000000 --- a/src/api-legacy/v1/user/update.py +++ /dev/null @@ -1,28 +0,0 @@ -# -*- coding: utf-8 -*- -from bms.v1.action import Action -from bms.v1.exceptions import DuplicateException - - -class UpdateUser(Action): - - async def execute( - self, user_id, admin = False - ): - - return { - "id": ( - await self.conn.fetchval(""" - UPDATE - bdms.users - - SET - admin_usr = $1 - - WHERE - id_usr = $2 - """, - admin, - user_id - ) - ) - } From 0186bfd457fbe2081e23562b61926ac10f4f897c Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 16:17:07 +0200 Subject: [PATCH 09/10] Update error message --- src/api/Controllers/UserController.cs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs index 989609952..48c883e1a 100644 --- a/src/api/Controllers/UserController.cs +++ b/src/api/Controllers/UserController.cs @@ -134,8 +134,9 @@ public async Task Edit(User user) } catch (Exception e) { - logger.LogError(e, "Error while updating user."); - return Problem(e.Message); + var message = "Error while updating user."; + logger.LogError(e, message); + return Problem(message); } } @@ -169,8 +170,9 @@ public async Task Delete(int id) } catch (Exception e) { - logger.LogError(e, "Error while deleting user."); - return Problem(e.Message); + var message = "Error while deleting user."; + logger.LogError(e, message); + return Problem(message); } } From 91926999498bba6a1982bb8b9c0cc8679c6b70ea Mon Sep 17 00:00:00 2001 From: tschumpr Date: Mon, 5 Aug 2024 16:24:00 +0200 Subject: [PATCH 10/10] Reuse code --- src/api/Controllers/UserController.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs index 48c883e1a..1e10f246a 100644 --- a/src/api/Controllers/UserController.cs +++ b/src/api/Controllers/UserController.cs @@ -128,9 +128,7 @@ public async Task Edit(User user) userToEdit.DisabledAt = user.DisabledAt; await context.SaveChangesAsync().ConfigureAwait(false); - var result = await context.UsersWithIncludes.AsNoTracking().SingleOrDefaultAsync(u => u.Id == user.Id).ConfigureAwait(false); - result.Deletable = IsDeletable(result); - return Ok(result); + return await GetUserById(userToEdit.Id).ConfigureAwait(false); } catch (Exception e) {