autoryzacja
This commit is contained in:
parent
ccef96c6da
commit
e2cab45690
@ -17,11 +17,13 @@
|
|||||||
|
|
||||||
using FirmTracker_Server.nHibernate.Expenses;
|
using FirmTracker_Server.nHibernate.Expenses;
|
||||||
using FirmTracker_Server.nHibernate.Products;
|
using FirmTracker_Server.nHibernate.Products;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
namespace FirmTracker_Server.Controllers
|
namespace FirmTracker_Server.Controllers
|
||||||
{
|
{
|
||||||
[Route("api/[controller]")]
|
[Route("api/[controller]")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
|
[Authorize]
|
||||||
public class ExpensesController : ControllerBase
|
public class ExpensesController : ControllerBase
|
||||||
{
|
{
|
||||||
private readonly ExpenseCRUD _expenseCrud;
|
private readonly ExpenseCRUD _expenseCrud;
|
||||||
@ -34,6 +36,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPost]
|
[HttpPost]
|
||||||
[ProducesResponseType(201)] // Created
|
[ProducesResponseType(201)] // Created
|
||||||
[ProducesResponseType(400)] // Bad Request
|
[ProducesResponseType(400)] // Bad Request
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult CreateExpense([FromBody] Expense expense) {
|
public IActionResult CreateExpense([FromBody] Expense expense) {
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
@ -59,6 +62,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
[ProducesResponseType(200)] // Created
|
[ProducesResponseType(200)] // Created
|
||||||
[ProducesResponseType(404)] // Bad Request
|
[ProducesResponseType(404)] // Bad Request
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetExpense(int id)
|
public IActionResult GetExpense(int id)
|
||||||
{
|
{
|
||||||
var expense = _expenseCrud.GetExpense(id);
|
var expense = _expenseCrud.GetExpense(id);
|
||||||
@ -73,6 +77,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPut("{id}")]
|
[HttpPut("{id}")]
|
||||||
[ProducesResponseType(204)]
|
[ProducesResponseType(204)]
|
||||||
[ProducesResponseType(400)]
|
[ProducesResponseType(400)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult UpdateExpense(int id, [FromBody] Expense expense)
|
public IActionResult UpdateExpense(int id, [FromBody] Expense expense)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -103,6 +108,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
[ProducesResponseType(204)]
|
[ProducesResponseType(204)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult DeleteExpense(int id)
|
public IActionResult DeleteExpense(int id)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -123,6 +129,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet]
|
[HttpGet]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(400)]
|
[ProducesResponseType(400)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetAllExpenses()
|
public IActionResult GetAllExpenses()
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|||||||
@ -42,7 +42,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPost]
|
[HttpPost]
|
||||||
[ProducesResponseType(200)] // Created
|
[ProducesResponseType(200)] // Created
|
||||||
[ProducesResponseType(400)] // Bad Request
|
[ProducesResponseType(400)] // Bad Request
|
||||||
[Authorize(Roles = Roles.User)]
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult CreateProduct([FromBody] Product product)
|
public IActionResult CreateProduct([FromBody] Product product)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -81,6 +81,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
[ProducesResponseType(200)] // Created
|
[ProducesResponseType(200)] // Created
|
||||||
[ProducesResponseType(400)] // Bad Request
|
[ProducesResponseType(400)] // Bad Request
|
||||||
|
[Authorize(Roles=Roles.Admin+","+Roles.User)]
|
||||||
public IActionResult GetProduct(int id)
|
public IActionResult GetProduct(int id)
|
||||||
{
|
{
|
||||||
var product = _productCrud.GetProduct(id);
|
var product = _productCrud.GetProduct(id);
|
||||||
@ -92,6 +93,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("name/{name}")]
|
[HttpGet("name/{name}")]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult GetProductByName(string name)
|
public IActionResult GetProductByName(string name)
|
||||||
{
|
{
|
||||||
var product = _productCrud.GetProductByName(name);
|
var product = _productCrud.GetProductByName(name);
|
||||||
@ -104,6 +106,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPut("{id}")]
|
[HttpPut("{id}")]
|
||||||
[ProducesResponseType(200)] // Created
|
[ProducesResponseType(200)] // Created
|
||||||
[ProducesResponseType(400)] // Bad Request
|
[ProducesResponseType(400)] // Bad Request
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult UpdateProduct(int id, [FromBody] Product product)
|
public IActionResult UpdateProduct(int id, [FromBody] Product product)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -145,6 +148,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
[ProducesResponseType(200)] // Created
|
[ProducesResponseType(200)] // Created
|
||||||
[ProducesResponseType(400)] // Bad Request
|
[ProducesResponseType(400)] // Bad Request
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult DeleteProduct(int id)
|
public IActionResult DeleteProduct(int id)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|||||||
@ -24,12 +24,14 @@ using FirmTracker_Server.nHibernate.Expenses;
|
|||||||
using FirmTracker_Server.nHibernate.Products;
|
using FirmTracker_Server.nHibernate.Products;
|
||||||
using FirmTracker_Server.nHibernate;
|
using FirmTracker_Server.nHibernate;
|
||||||
using NHibernate.Linq;
|
using NHibernate.Linq;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
|
|
||||||
namespace FirmTracker_Server.Controllers
|
namespace FirmTracker_Server.Controllers
|
||||||
{
|
{
|
||||||
[Route("api/[controller]")]
|
[Route("api/[controller]")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
|
[Authorize]
|
||||||
public class ReportController : ControllerBase
|
public class ReportController : ControllerBase
|
||||||
{
|
{
|
||||||
private readonly ReportCRUD _reportCRUD;
|
private readonly ReportCRUD _reportCRUD;
|
||||||
@ -43,6 +45,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPost]
|
[HttpPost]
|
||||||
[ProducesResponseType(201)] //Created
|
[ProducesResponseType(201)] //Created
|
||||||
[ProducesResponseType(400)] //Bad request
|
[ProducesResponseType(400)] //Bad request
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult CreateReport([FromBody] Report.DateRangeDto dateRange)
|
public IActionResult CreateReport([FromBody] Report.DateRangeDto dateRange)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -118,6 +121,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetReport(int id)
|
public IActionResult GetReport(int id)
|
||||||
{
|
{
|
||||||
var report = _reportCRUD.GetReport(id);
|
var report = _reportCRUD.GetReport(id);
|
||||||
@ -136,6 +140,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}/transactions")]
|
[HttpGet("{id}/transactions")]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetReportTransactions(int id)
|
public IActionResult GetReportTransactions(int id)
|
||||||
{
|
{
|
||||||
var transactions = _reportCRUD.GetReportTransactions(id);
|
var transactions = _reportCRUD.GetReportTransactions(id);
|
||||||
@ -149,6 +154,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}/expenses")]
|
[HttpGet("{id}/expenses")]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetReportExpenses(int id)
|
public IActionResult GetReportExpenses(int id)
|
||||||
{
|
{
|
||||||
var expenses = _reportCRUD.GetReportExpenses(id);
|
var expenses = _reportCRUD.GetReportExpenses(id);
|
||||||
@ -163,6 +169,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet]
|
[HttpGet]
|
||||||
[ProducesResponseType(200)]
|
[ProducesResponseType(200)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult GetAllReports()
|
public IActionResult GetAllReports()
|
||||||
{
|
{
|
||||||
var reports = _reportCRUD.GetAllReports();
|
var reports = _reportCRUD.GetAllReports();
|
||||||
@ -176,6 +183,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[ProducesResponseType(204)]
|
[ProducesResponseType(204)]
|
||||||
[ProducesResponseType(400)]
|
[ProducesResponseType(400)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult UpdateReport(int id, [FromBody] Report.DateRangeDto dateRange)
|
public IActionResult UpdateReport(int id, [FromBody] Report.DateRangeDto dateRange)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -244,6 +252,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
[ProducesResponseType(204)]
|
[ProducesResponseType(204)]
|
||||||
[ProducesResponseType(404)]
|
[ProducesResponseType(404)]
|
||||||
|
[Authorize(Roles = Roles.Admin)]
|
||||||
public IActionResult DeleteReport(int id)
|
public IActionResult DeleteReport(int id)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|||||||
@ -24,11 +24,13 @@ using System.Transactions;
|
|||||||
using FirmTracker_Server.nHibernate.Products;
|
using FirmTracker_Server.nHibernate.Products;
|
||||||
using FirmTracker_Server.nHibernate;
|
using FirmTracker_Server.nHibernate;
|
||||||
using Microsoft.AspNetCore.Http.HttpResults;
|
using Microsoft.AspNetCore.Http.HttpResults;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
|
||||||
namespace FirmTracker_Server.Controllers
|
namespace FirmTracker_Server.Controllers
|
||||||
{
|
{
|
||||||
[Route("api/[controller]")]
|
[Route("api/[controller]")]
|
||||||
[ApiController]
|
[ApiController]
|
||||||
|
[Authorize]
|
||||||
public class TransactionController : ControllerBase
|
public class TransactionController : ControllerBase
|
||||||
{
|
{
|
||||||
private readonly TransactionCRUD _transactionCRUD;
|
private readonly TransactionCRUD _transactionCRUD;
|
||||||
@ -48,6 +50,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPost]
|
[HttpPost]
|
||||||
[ProducesResponseType(StatusCodes.Status201Created)]
|
[ProducesResponseType(StatusCodes.Status201Created)]
|
||||||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult CreateTransaction([FromBody] nHibernate.Transactions.Transaction transaction)
|
public IActionResult CreateTransaction([FromBody] nHibernate.Transactions.Transaction transaction)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -106,6 +109,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
[ProducesResponseType(StatusCodes.Status200OK)]
|
[ProducesResponseType(StatusCodes.Status200OK)]
|
||||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult GetTransaction(int id)
|
public IActionResult GetTransaction(int id)
|
||||||
{
|
{
|
||||||
var transaction = _transactionCRUD.GetTransaction(id);
|
var transaction = _transactionCRUD.GetTransaction(id);
|
||||||
@ -118,6 +122,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpPut("{id}")]
|
[HttpPut("{id}")]
|
||||||
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
||||||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult UpdateTransaction(int id, [FromBody] nHibernate.Transactions.Transaction transaction)
|
public IActionResult UpdateTransaction(int id, [FromBody] nHibernate.Transactions.Transaction transaction)
|
||||||
{
|
{
|
||||||
if (id != transaction.Id)
|
if (id != transaction.Id)
|
||||||
@ -160,6 +165,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[HttpDelete("{id}")]
|
[HttpDelete("{id}")]
|
||||||
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
||||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult DeleteTransaction(int id)
|
public IActionResult DeleteTransaction(int id)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -182,6 +188,7 @@ namespace FirmTracker_Server.Controllers
|
|||||||
[ProducesResponseType(StatusCodes.Status200OK)]
|
[ProducesResponseType(StatusCodes.Status200OK)]
|
||||||
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
[ProducesResponseType(StatusCodes.Status400BadRequest)]
|
||||||
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
[ProducesResponseType(StatusCodes.Status404NotFound)]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
public IActionResult GetAllTransactions()
|
public IActionResult GetAllTransactions()
|
||||||
{
|
{
|
||||||
var transactions = _transactionCRUD.GetAllTransactions();
|
var transactions = _transactionCRUD.GetAllTransactions();
|
||||||
|
|||||||
@ -4,6 +4,7 @@ using FirmTracker_Server;
|
|||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using FirmTracker_Server.Entities;
|
using FirmTracker_Server.Entities;
|
||||||
|
using System.Security.Claims;
|
||||||
|
|
||||||
namespace FirmTracker_Server.Controllers
|
namespace FirmTracker_Server.Controllers
|
||||||
{
|
{
|
||||||
@ -38,6 +39,17 @@ namespace FirmTracker_Server.Controllers
|
|||||||
var token = UserService.CreateTokenJwt(dto);
|
var token = UserService.CreateTokenJwt(dto);
|
||||||
return Ok(token);
|
return Ok(token);
|
||||||
}
|
}
|
||||||
|
[HttpGet("role")]
|
||||||
|
[Authorize(Roles = Roles.Admin + "," + Roles.User)]
|
||||||
|
public ActionResult<string> GetUserRole()
|
||||||
|
{
|
||||||
|
var roleClaim = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
|
||||||
|
if (roleClaim == null)
|
||||||
|
{
|
||||||
|
return NotFound("Role not found for the logged-in user.");
|
||||||
|
}
|
||||||
|
return Ok(roleClaim);
|
||||||
|
}
|
||||||
// New method to get all users
|
// New method to get all users
|
||||||
/* [HttpGet("all")]
|
/* [HttpGet("all")]
|
||||||
[AllowAnonymous]
|
[AllowAnonymous]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user