cesnimda
144 lines
5.3 KiB
C#
144 lines
5.3 KiB
C#
using JobTrackerApi.Models;
|
|
using JobTrackerApi.Services;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Identity;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace JobTrackerApi.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("api/users")]
|
|
[Authorize(Roles = "Admin")]
|
|
public sealed class UsersController : ControllerBase
|
|
{
|
|
private readonly UserManager<ApplicationUser> _users;
|
|
private readonly RoleManager<IdentityRole> _roles;
|
|
private readonly IAppEmailSender _email;
|
|
private readonly IConfiguration _cfg;
|
|
public UsersController(UserManager<ApplicationUser> users, RoleManager<IdentityRole> roles, IAppEmailSender email, IConfiguration cfg)
|
|
{
|
|
_users = users;
|
|
_roles = roles;
|
|
_email = email;
|
|
_cfg = cfg;
|
|
}
|
|
|
|
public sealed record UserDto(string Id, string? Email, string? UserName, bool EmailConfirmed, List<string> Roles);
|
|
|
|
[HttpGet]
|
|
public async Task<ActionResult<List<UserDto>>> List(CancellationToken cancellationToken)
|
|
{
|
|
var items = await _users.Users
|
|
.OrderBy(u => u.Email)
|
|
.ToListAsync(cancellationToken);
|
|
|
|
var outList = new List<UserDto>(items.Count);
|
|
foreach (var u in items)
|
|
{
|
|
var rs = await _users.GetRolesAsync(u);
|
|
outList.Add(new UserDto(u.Id, u.Email, u.UserName, u.EmailConfirmed, rs.ToList()));
|
|
}
|
|
|
|
return Ok(outList);
|
|
}
|
|
|
|
public sealed record CreateUserRequest(string Email, string Password, string[]? Roles);
|
|
|
|
[HttpPost]
|
|
public async Task<ActionResult<UserDto>> Create([FromBody] CreateUserRequest request, CancellationToken cancellationToken)
|
|
{
|
|
var email = (request.Email ?? "").Trim();
|
|
var password = request.Password ?? "";
|
|
|
|
if (email.Length == 0) return BadRequest("Email is required.");
|
|
if (password.Length == 0) return BadRequest("Password is required.");
|
|
|
|
var existing = await _users.FindByEmailAsync(email);
|
|
if (existing is not null) return BadRequest("User already exists.");
|
|
|
|
var u = new ApplicationUser { UserName = email, Email = email, EmailConfirmed = true };
|
|
var res = await _users.CreateAsync(u, password);
|
|
if (!res.Succeeded)
|
|
return BadRequest(string.Join("; ", res.Errors.Select(e => e.Description)));
|
|
|
|
var roles = (request.Roles ?? Array.Empty<string>()).Select(r => (r ?? "").Trim()).Where(r => r.Length > 0).Distinct(StringComparer.OrdinalIgnoreCase).ToList();
|
|
foreach (var r in roles)
|
|
{
|
|
if (!await _roles.RoleExistsAsync(r))
|
|
await _roles.CreateAsync(new IdentityRole(r));
|
|
await _users.AddToRoleAsync(u, r);
|
|
}
|
|
|
|
var rs = await _users.GetRolesAsync(u);
|
|
return Ok(new UserDto(u.Id, u.Email, u.UserName, u.EmailConfirmed, rs.ToList()));
|
|
}
|
|
|
|
public sealed record SetRolesRequest(string[] Roles);
|
|
|
|
[HttpPut("{id}/roles")]
|
|
public async Task<IActionResult> SetRoles([FromRoute] string id, [FromBody] SetRolesRequest request, CancellationToken cancellationToken)
|
|
{
|
|
var u = await _users.FindByIdAsync(id);
|
|
if (u is null) return NotFound();
|
|
|
|
var desired = (request.Roles ?? Array.Empty<string>()).Select(r => (r ?? "").Trim()).Where(r => r.Length > 0).Distinct(StringComparer.OrdinalIgnoreCase).ToList();
|
|
var current = await _users.GetRolesAsync(u);
|
|
|
|
var toRemove = current.Where(r => !desired.Contains(r, StringComparer.OrdinalIgnoreCase)).ToList();
|
|
var toAdd = desired.Where(r => !current.Contains(r, StringComparer.OrdinalIgnoreCase)).ToList();
|
|
|
|
if (toRemove.Count > 0)
|
|
await _users.RemoveFromRolesAsync(u, toRemove);
|
|
|
|
foreach (var r in toAdd)
|
|
{
|
|
if (!await _roles.RoleExistsAsync(r))
|
|
await _roles.CreateAsync(new IdentityRole(r));
|
|
await _users.AddToRoleAsync(u, r);
|
|
}
|
|
|
|
return NoContent();
|
|
}
|
|
|
|
[HttpDelete("{id}")]
|
|
public async Task<IActionResult> Delete([FromRoute] string id, CancellationToken cancellationToken)
|
|
{
|
|
var u = await _users.FindByIdAsync(id);
|
|
if (u is null) return NotFound();
|
|
|
|
var res = await _users.DeleteAsync(u);
|
|
if (!res.Succeeded)
|
|
return BadRequest(string.Join("; ", res.Errors.Select(e => e.Description)));
|
|
|
|
return NoContent();
|
|
}
|
|
[HttpPost("{id}/send-password-reset")]
|
|
public async Task<IActionResult> SendPasswordReset([FromRoute] string id, CancellationToken cancellationToken)
|
|
{
|
|
var u = await _users.FindByIdAsync(id);
|
|
if (u is null) return NotFound();
|
|
if (string.IsNullOrWhiteSpace(u.Email)) return BadRequest("User has no email.");
|
|
|
|
var token = await _users.GeneratePasswordResetTokenAsync(u);
|
|
|
|
var baseUrl = (_cfg["App:PublicBaseUrl"] ?? "").Trim().TrimEnd('/');
|
|
if (string.IsNullOrWhiteSpace(baseUrl))
|
|
{
|
|
baseUrl = $"{Request.Scheme}://{Request.Host}";
|
|
}
|
|
|
|
var link = $"{baseUrl}/reset-password?email={Uri.EscapeDataString(u.Email)}&token={Uri.EscapeDataString(token)}";
|
|
|
|
await _email.SendAsync(
|
|
u.Email,
|
|
"Password reset",
|
|
$"An admin initiated a password reset for your Job Tracker account.\n\nReset link:\n{link}\n",
|
|
cancellationToken
|
|
);
|
|
|
|
return NoContent();
|
|
}
|
|
}
|
|
|