Suspectus/gandalf-reborn
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

filter tenents based on invokers relations

Browse Source
This commit is contained in:
Christian Werner 2025-10-29 20:49:31 +01:00
parent e86cff786d
commit 2645de2e9f
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/dotnet/Suspectus.Gandalf.Palantir.Api/Controllers/TenantController.cs
View File

@ -2,9 +2,9 @@ using HashidsNet;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Suspectus.Gandalf.Palantir.Abstractions;
using Suspectus.Gandalf.Palantir.Data.Database;
using Suspectus.Gandalf.Palantir.Data.Dto.Tenant;
using Suspectus.Gandalf.Palantir.Data.Entities.Base;
namespace Suspectus.Gandalf.Palantir.Api.Controllers;
@ -23,14 +23,19 @@ public class TenantController : ControllerBase
}
[HttpGet]
public async Task<IActionResult> Get(CancellationToken cancellationToken)
public async Task<IActionResult> Get(InvokerContext invokerContext, CancellationToken cancellationToken)
{
var tenantEntities = await _context.Tenants.ToListAsync(cancellationToken: cancellationToken);
var tenantEntities = await _context.Subjects
.Where(x => x.Id!.Value == invokerContext.Invoker!.SubjectId)
.SelectMany(x => x.Tenants)
.ToListAsync(cancellationToken);
var dtos = tenantEntities.Select(x => new TenantGridViewDto
{
Id = _hashids.EncodeLong(x.Id!.Value),
Name = x.Name,
IsMaster = x.IsMaster,
IsOwner = invokerContext.Invoker!.SubjectId == x.OwnerId,
OwnerId = _hashids.EncodeLong(x.OwnerId),
Visibility = x.Visibility
});
@ -38,25 +43,33 @@ public class TenantController : ControllerBase
}
[HttpGet("{idHash}")]
public async Task<IActionResult> Get(CancellationToken cancellationToken, string idHash)
public async Task<IActionResult> Get(CancellationToken cancellationToken, string idHash, InvokerContext invokerContext)
{
if (!_hashids.TryDecodeSingleLong(idHash, out var id))
{
return BadRequest();
}
var tenant = await _context.Tenants.SingleOrDefaultAsync(x => x.Id!.Value == id, cancellationToken: cancellationToken);
var tenant = await _context.Tenants.SingleOrDefaultAsync(x => x.Id == id, cancellationToken);
if (tenant is null)
{
return NotFound();
}
var userHasRelation = await _context.TenantSubjectRelations.AnyAsync(x => x.SubjectId == invokerContext.Invoker!.SubjectId && x.TenantId == id, cancellationToken: cancellationToken);
if (!userHasRelation)
{
return Forbid();
}
var dto = new TenantGridViewDto
{
Id = _hashids.EncodeLong(tenant.Id!.Value),
Name = tenant.Name,
IsMaster = tenant.IsMaster,
IsOwner = invokerContext.Invoker!.SubjectId == tenant.OwnerId,
OwnerId = _hashids.EncodeLong(tenant.OwnerId),
Visibility = tenant.Visibility
};