null/promiscuity
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: null:88e376797146a1ceef7431c28cf4e8f4ac55b987
Branches Tags
null:main
null:character-movement
null:LAWDev
..
compare: null:f1ae24f6278d3954866d6c5132edac1a7fbacc8f
Branches Tags
null:character-movement
null:main
null:LAWDev

No commits in common. "88e376797146a1ceef7431c28cf4e8f4ac55b987" and "f1ae24f6278d3954866d6c5132edac1a7fbacc8f" have entirely different histories.
88e3767971 ... f1ae24f627

5 changed files with 35 additions and 7 deletions
Show Stats Expand all files Collapse all files

21
microservices/LocationsApi/Controllers/LocationsController.cs
View File

@ -2,6 +2,7 @@ using LocationsApi.Models;
using LocationsApi.Services; using LocationsApi.Services;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;
namespace LocationsApi.Controllers; namespace LocationsApi.Controllers;
@ -23,8 +24,13 @@ public class LocationsController : ControllerBase
if (string.IsNullOrWhiteSpace(req.Name)) if (string.IsNullOrWhiteSpace(req.Name))
return BadRequest("Name required"); return BadRequest("Name required");
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (string.IsNullOrWhiteSpace(userId))
return Unauthorized();
var location = new Location var location = new Location
{ {
OwnerUserId = userId,
Name = req.Name.Trim(), Name = req.Name.Trim(),
CreatedUtc = DateTime.UtcNow CreatedUtc = DateTime.UtcNow
}; };
@ -34,10 +40,14 @@ public class LocationsController : ControllerBase
} }
[HttpGet] [HttpGet]
[Authorize(Roles = "SUPER")] [Authorize(Roles = "USER,SUPER")]
public async Task<IActionResult> ListMine() public async Task<IActionResult> ListMine()
{ {
var locations = await _locations.GetAllAsync(); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (string.IsNullOrWhiteSpace(userId))
return Unauthorized();
var locations = await _locations.GetForOwnerAsync(userId);
return Ok(locations); return Ok(locations);
} }
@ -45,7 +55,12 @@ public class LocationsController : ControllerBase
[Authorize(Roles = "SUPER")] [Authorize(Roles = "SUPER")]
public async Task<IActionResult> Delete(string id) public async Task<IActionResult> Delete(string id)
{ {
var deleted = await _locations.DeleteAsync(id); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if (string.IsNullOrWhiteSpace(userId))
return Unauthorized();
var allowAnyOwner = User.IsInRole("SUPER");
var deleted = await _locations.DeleteForOwnerAsync(id, userId, allowAnyOwner);
if (!deleted) if (!deleted)
return NotFound(); return NotFound();

1
microservices/LocationsApi/DOCUMENTS.md
View File

@ -22,6 +22,7 @@ Stored documents (MongoDB)
```json ```json
{ {
"id": "string (ObjectId)", "id": "string (ObjectId)",
"ownerUserId": "string",
"name": "string", "name": "string",
"createdUtc": "string (ISO-8601 datetime)" "createdUtc": "string (ISO-8601 datetime)"
} }

2
microservices/LocationsApi/Models/Location.cs
View File

@ -9,6 +9,8 @@ public class Location
[BsonRepresentation(BsonType.ObjectId)] [BsonRepresentation(BsonType.ObjectId)]
public string? Id { get; set; } public string? Id { get; set; }
public string OwnerUserId { get; set; } = string.Empty;
public string Name { get; set; } = string.Empty; public string Name { get; set; } = string.Empty;
public DateTime CreatedUtc { get; set; } = DateTime.UtcNow; public DateTime CreatedUtc { get; set; } = DateTime.UtcNow;

2
microservices/LocationsApi/README.md
View File

@ -5,6 +5,6 @@ See `DOCUMENTS.md` for request payloads and stored document shapes.
## Endpoints ## Endpoints
- `POST /api/locations` Create a location (SUPER only). - `POST /api/locations` Create a location (SUPER only).
- `GET /api/locations` List all locations (SUPER only). - `GET /api/locations` List locations for the current user.
- `DELETE /api/locations/{id}` Delete a location (SUPER only). - `DELETE /api/locations/{id}` Delete a location (SUPER only).
- `PUT /api/locations/{id}` Update a location name (SUPER only). - `PUT /api/locations/{id}` Update a location name (SUPER only).

16
microservices/LocationsApi/Services/LocationStore.cs
View File

@ -15,16 +15,26 @@ public class LocationStore
var db = client.GetDatabase(dbName); var db = client.GetDatabase(dbName);
_col = db.GetCollection<Location>("Locations"); _col = db.GetCollection<Location>("Locations");
var ownerIndex = Builders<Location>.IndexKeys.Ascending(l => l.OwnerUserId);
_col.Indexes.CreateOne(new CreateIndexModel<Location>(ownerIndex));
} }
public Task CreateAsync(Location location) => _col.InsertOneAsync(location); public Task CreateAsync(Location location) => _col.InsertOneAsync(location);
public Task<List<Location>> GetAllAsync() => public Task<List<Location>> GetForOwnerAsync(string ownerUserId) =>
_col.Find(Builders<Location>.Filter.Empty).ToListAsync(); _col.Find(l => l.OwnerUserId == ownerUserId).ToListAsync();
public async Task<bool> DeleteAsync(string id) public async Task<bool> DeleteForOwnerAsync(string id, string ownerUserId, bool allowAnyOwner)
{ {
var filter = Builders<Location>.Filter.Eq(l => l.Id, id); var filter = Builders<Location>.Filter.Eq(l => l.Id, id);
if (!allowAnyOwner)
{
filter = Builders<Location>.Filter.And(
filter,
Builders<Location>.Filter.Eq(l => l.OwnerUserId, ownerUserId)
);
}
var result = await _col.DeleteOneAsync(filter); var result = await _col.DeleteOneAsync(filter);
return result.DeletedCount > 0; return result.DeletedCount > 0;
} }