Merge branch 'main' of https://git.ranaze.com/null/promiscuity into main

Updating initial Location crud endpoints to be global & restricted to SUPER role
2026-01-20 17:13:22 -06:00 · 2026-01-20 17:13:12 -06:00
5 changed files with 7 additions and 35 deletions
--- a/microservices/LocationsApi/Controllers/LocationsController.cs
+++ b/microservices/LocationsApi/Controllers/LocationsController.cs
@ -2,7 +2,6 @@ using LocationsApi.Models;
 using LocationsApi.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
-using System.Security.Claims;

 namespace LocationsApi.Controllers;

@ -24,13 +23,8 @@ public class LocationsController : ControllerBase
        if (string.IsNullOrWhiteSpace(req.Name))
            return BadRequest("Name required");

-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
        var location = new Location
        {
-            OwnerUserId = userId,
            Name = req.Name.Trim(),
            CreatedUtc = DateTime.UtcNow
        };
@ -40,14 +34,10 @@ public class LocationsController : ControllerBase
    }

    [HttpGet]
-    [Authorize(Roles = "USER,SUPER")]
+    [Authorize(Roles = "SUPER")]
    public async Task<IActionResult> ListMine()
    {
-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
-        var locations = await _locations.GetForOwnerAsync(userId);
+        var locations = await _locations.GetAllAsync();
        return Ok(locations);
    }

@ -55,12 +45,7 @@ public class LocationsController : ControllerBase
    [Authorize(Roles = "SUPER")]
    public async Task<IActionResult> Delete(string id)
    {
-        var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
-        if (string.IsNullOrWhiteSpace(userId))
-            return Unauthorized();
-
-        var allowAnyOwner = User.IsInRole("SUPER");
-        var deleted = await _locations.DeleteForOwnerAsync(id, userId, allowAnyOwner);
+        var deleted = await _locations.DeleteAsync(id);
        if (!deleted)
            return NotFound();

--- a/microservices/LocationsApi/DOCUMENTS.md
+++ b/microservices/LocationsApi/DOCUMENTS.md
@ -22,7 +22,6 @@ Stored documents (MongoDB)
  ```json
  {
    "id": "string (ObjectId)",
-    "ownerUserId": "string",
    "name": "string",
    "createdUtc": "string (ISO-8601 datetime)"
  }
--- a/microservices/LocationsApi/Models/Location.cs
+++ b/microservices/LocationsApi/Models/Location.cs
@ -9,8 +9,6 @@ public class Location
    [BsonRepresentation(BsonType.ObjectId)]
    public string? Id { get; set; }

-    public string OwnerUserId { get; set; } = string.Empty;
-
    public string Name { get; set; } = string.Empty;

    public DateTime CreatedUtc { get; set; } = DateTime.UtcNow;
--- a/microservices/LocationsApi/README.md
+++ b/microservices/LocationsApi/README.md
@ -5,6 +5,6 @@ See `DOCUMENTS.md` for request payloads and stored document shapes.

 ## Endpoints
 - `POST /api/locations` Create a location (SUPER only).
- `GET /api/locations` List locations for the current user.
+- `GET /api/locations` List all locations (SUPER only).
 - `DELETE /api/locations/{id}` Delete a location (SUPER only).
 - `PUT /api/locations/{id}` Update a location name (SUPER only).
--- a/microservices/LocationsApi/Services/LocationStore.cs
+++ b/microservices/LocationsApi/Services/LocationStore.cs
@ -15,26 +15,16 @@ public class LocationStore
        var db = client.GetDatabase(dbName);
        _col = db.GetCollection<Location>("Locations");

-        var ownerIndex = Builders<Location>.IndexKeys.Ascending(l => l.OwnerUserId);
-        _col.Indexes.CreateOne(new CreateIndexModel<Location>(ownerIndex));
    }

    public Task CreateAsync(Location location) => _col.InsertOneAsync(location);

-    public Task<List<Location>> GetForOwnerAsync(string ownerUserId) =>
-        _col.Find(l => l.OwnerUserId == ownerUserId).ToListAsync();
+    public Task<List<Location>> GetAllAsync() =>
+        _col.Find(Builders<Location>.Filter.Empty).ToListAsync();

-    public async Task<bool> DeleteForOwnerAsync(string id, string ownerUserId, bool allowAnyOwner)
+    public async Task<bool> DeleteAsync(string id)
    {
        var filter = Builders<Location>.Filter.Eq(l => l.Id, id);
-        if (!allowAnyOwner)
-        {
-            filter = Builders<Location>.Filter.And(
-                filter,
-                Builders<Location>.Filter.Eq(l => l.OwnerUserId, ownerUserId)
-            );
-        }
-
        var result = await _col.DeleteOneAsync(filter);
        return result.DeletedCount > 0;
    }
Author	SHA1	Message	Date
hz	88e3767971	Merge branch 'main' of https://git.ranaze.com/null/promiscuity into main All checks were successful Deploy Promiscuity Auth API / deploy (push) Successful in 1m15s Details Deploy Promiscuity Character API / deploy (push) Successful in 46s Details Deploy Promiscuity Locations API / deploy (push) Successful in 59s Details k8s smoke test / test (push) Successful in 8s Details	2026-01-20 17:13:22 -06:00
hz	cdeea60e52	Updating initial Location crud endpoints to be global & restricted to SUPER role	2026-01-20 17:13:12 -06:00