diff --git a/Xpirit.BeerXchange/Controllers/BeerAdditionController.cs b/Xpirit.BeerXchange/Controllers/BeerAdditionController.cs index 0b0477a..2a7317c 100644 --- a/Xpirit.BeerXchange/Controllers/BeerAdditionController.cs +++ b/Xpirit.BeerXchange/Controllers/BeerAdditionController.cs @@ -10,7 +10,7 @@ namespace Xpirit.BeerXchange.Controllers { - //[Authorize] + [Authorize] [Route("api/[controller]")] [ApiController] public class BeerAdditionController : ControllerBase @@ -38,7 +38,7 @@ public async Task Post([FromBody]BeerAddition beerAdditionRequest beer.Country = beerAdditionRequest.Country; beer.AddedDate = DateTime.Now; - if (beerAdditionRequest.switchedBeer.HasValue) + if (beerAdditionRequest.switchedBeer.HasValue && beerAdditionRequest.switchedBeer.Value != -1) { var switchedBeer = await beerService.GetBeerById(beerAdditionRequest.switchedBeer.Value); if (switchedBeer.RemovedDate.HasValue || !string.IsNullOrEmpty(switchedBeer.RemovedBy)) diff --git a/Xpirit.BeerXchange/Controllers/BeerController.cs b/Xpirit.BeerXchange/Controllers/BeerController.cs index 06cd057..7e91628 100644 --- a/Xpirit.BeerXchange/Controllers/BeerController.cs +++ b/Xpirit.BeerXchange/Controllers/BeerController.cs @@ -7,13 +7,11 @@ using Xpirit.BeerXchange.Model; using Xpirit.BeerXchange.Services; -// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860 - namespace Xpirit.BeerXchange.Controllers { [Authorize] [Route("api/[controller]")] - + [ApiController] public class BeerController : Controller { private readonly IBeerService beerService; diff --git a/Xpirit.BeerXchange/Controllers/BeerRemovalController.cs b/Xpirit.BeerXchange/Controllers/BeerRemovalController.cs index 6867377..cfa1241 100644 --- a/Xpirit.BeerXchange/Controllers/BeerRemovalController.cs +++ b/Xpirit.BeerXchange/Controllers/BeerRemovalController.cs @@ -10,7 +10,7 @@ namespace Xpirit.BeerXchange.Controllers { - //[Authorize] + [Authorize] [Route("api/[controller]")] [ApiController] public class BeerRemovalController : ControllerBase @@ -30,11 +30,14 @@ public async Task Post([FromBody]BeerRemoval beerRemovalRequest) { return BadRequest("Not a valid Beer removal request"); } - var user = $"{User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.GivenName).FirstOrDefault().Value} {User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Surname).FirstOrDefault().Value}"; + if (!(await beerService.GetUserCredits(user) > 0)) + { + return BadRequest("User does not have enough credits to remove beer"); + } + - //User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Name).FirstOrDefault(); var beer = await beerService.GetBeerById(beerRemovalRequest.BeerId); beer.RemovedDate = DateTime.Now; beer.RemovedBy = user; diff --git a/Xpirit.BeerXchange/Controllers/CreditController.cs b/Xpirit.BeerXchange/Controllers/CreditController.cs index d14c3f1..3a5d97d 100644 --- a/Xpirit.BeerXchange/Controllers/CreditController.cs +++ b/Xpirit.BeerXchange/Controllers/CreditController.cs @@ -7,12 +7,11 @@ using Xpirit.BeerXchange.Model; using Xpirit.BeerXchange.Services; -// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860 - namespace Xpirit.BeerXchange.Controllers { - [Route("api/[controller]")] [Authorize] + [Route("api/[controller]")] + [ApiController] public class CreditController : Controller { private readonly IBeerService beerService; diff --git a/Xpirit.BeerXchange/Controllers/CreditTransferController.cs b/Xpirit.BeerXchange/Controllers/CreditTransferController.cs index 29b27d4..97eabc3 100644 --- a/Xpirit.BeerXchange/Controllers/CreditTransferController.cs +++ b/Xpirit.BeerXchange/Controllers/CreditTransferController.cs @@ -10,7 +10,7 @@ namespace Xpirit.BeerXchange.Controllers { - //[Authorize] + [Authorize] [Route("api/[controller]")] [ApiController] public class CreditTransferController : ControllerBase @@ -32,6 +32,13 @@ public async Task Post([FromBody]CreditTransfer creditTransfer) return BadRequest("invalid beerId"); } + var user = $"{User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.GivenName).FirstOrDefault().Value} {User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Surname).FirstOrDefault().Value}"; + + if (beer.CreatedBy != user) + { + return BadRequest($"Invalid beerId, Beer not owned by user {user}"); + } + beer.CreatedBy = creditTransfer.CreditReceiver; await beerService.UpdateBeer(beer); diff --git a/Xpirit.BeerXchange/Controllers/UserController.cs b/Xpirit.BeerXchange/Controllers/UserController.cs index ba5f9d6..0eb5d47 100644 --- a/Xpirit.BeerXchange/Controllers/UserController.cs +++ b/Xpirit.BeerXchange/Controllers/UserController.cs @@ -2,12 +2,14 @@ using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Xpirit.BeerXchange.Services; namespace Xpirit.BeerXchange.Controllers { + [Authorize] [Route("api/[controller]")] [ApiController] public class UserController : ControllerBase diff --git a/frontend/xpirit-beerxchange/package-lock.json b/frontend/xpirit-beerxchange/package-lock.json index 4677e55..0a3553f 100644 --- a/frontend/xpirit-beerxchange/package-lock.json +++ b/frontend/xpirit-beerxchange/package-lock.json @@ -1117,6 +1117,7 @@ "resolved": "https://registry.npmjs.org/are-we-there-yet/-/are-we-there-yet-1.1.5.tgz", "integrity": "sha512-5hYdAkZlcG8tOLujVDTgCT+uPX0VnpAH28gWsLfzpXYm7wP6mp5Q/gYyR7YQ0cKVJcXJnl3j2kpBan13PtQf6w==", "dev": true, + "optional": true, "requires": { "delegates": "^1.0.0", "readable-stream": "^2.0.6" @@ -2333,7 +2334,8 @@ "version": "1.1.0", "resolved": "https://registry.npmjs.org/console-control-strings/-/console-control-strings-1.1.0.tgz", "integrity": "sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=", - "dev": true + "dev": true, + "optional": true }, "constants-browserify": { "version": "1.0.0", @@ -2732,7 +2734,8 @@ "version": "1.0.0", "resolved": "https://registry.npmjs.org/delegates/-/delegates-1.0.0.tgz", "integrity": "sha1-hMbhWbgZBP3KWaDvRM2HDTElD5o=", - "dev": true + "dev": true, + "optional": true }, "depd": { "version": "1.1.2", @@ -3677,7 +3680,8 @@ "ansi-regex": { "version": "2.1.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "aproba": { "version": "1.2.0", @@ -3698,12 +3702,14 @@ "balanced-match": { "version": "1.0.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "brace-expansion": { "version": "1.1.11", "bundled": true, "dev": true, + "optional": true, "requires": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" @@ -3718,17 +3724,20 @@ "code-point-at": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "concat-map": { "version": "0.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "console-control-strings": { "version": "1.1.0", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "core-util-is": { "version": "1.0.2", @@ -3845,7 +3854,8 @@ "inherits": { "version": "2.0.3", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "ini": { "version": "1.3.5", @@ -3857,6 +3867,7 @@ "version": "1.0.0", "bundled": true, "dev": true, + "optional": true, "requires": { "number-is-nan": "^1.0.0" } @@ -3871,6 +3882,7 @@ "version": "3.0.4", "bundled": true, "dev": true, + "optional": true, "requires": { "brace-expansion": "^1.1.7" } @@ -3878,12 +3890,14 @@ "minimist": { "version": "0.0.8", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "minipass": { "version": "2.3.5", "bundled": true, "dev": true, + "optional": true, "requires": { "safe-buffer": "^5.1.2", "yallist": "^3.0.0" @@ -3902,6 +3916,7 @@ "version": "0.5.1", "bundled": true, "dev": true, + "optional": true, "requires": { "minimist": "0.0.8" } @@ -3982,7 +3997,8 @@ "number-is-nan": { "version": "1.0.1", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "object-assign": { "version": "4.1.1", @@ -3994,6 +4010,7 @@ "version": "1.4.0", "bundled": true, "dev": true, + "optional": true, "requires": { "wrappy": "1" } @@ -4079,7 +4096,8 @@ "safe-buffer": { "version": "5.1.2", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "safer-buffer": { "version": "2.1.2", @@ -4115,6 +4133,7 @@ "version": "1.0.2", "bundled": true, "dev": true, + "optional": true, "requires": { "code-point-at": "^1.0.0", "is-fullwidth-code-point": "^1.0.0", @@ -4134,6 +4153,7 @@ "version": "3.0.1", "bundled": true, "dev": true, + "optional": true, "requires": { "ansi-regex": "^2.0.0" } @@ -4177,12 +4197,14 @@ "wrappy": { "version": "1.0.2", "bundled": true, - "dev": true + "dev": true, + "optional": true }, "yallist": { "version": "3.0.3", "bundled": true, - "dev": true + "dev": true, + "optional": true } } }, @@ -4191,6 +4213,7 @@ "resolved": "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz", "integrity": "sha512-WvJ193OHa0GHPEL+AycEJgxvBEwyfRkN1vhjca23OaPVMCaLCXTd5qAu82AjTcgP1UJmytkOKb63Ypde7raDIg==", "dev": true, + "optional": true, "requires": { "graceful-fs": "^4.1.2", "inherits": "~2.0.0", @@ -4203,6 +4226,7 @@ "resolved": "https://registry.npmjs.org/gauge/-/gauge-2.7.4.tgz", "integrity": "sha1-LANAXHU4w51+s3sxcCLjJfsBi/c=", "dev": true, + "optional": true, "requires": { "aproba": "^1.0.3", "console-control-strings": "^1.0.0", @@ -4240,7 +4264,8 @@ "version": "4.0.1", "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-4.0.1.tgz", "integrity": "sha1-uWjGsKBDhDJJAui/Gl3zJXmkUP4=", - "dev": true + "dev": true, + "optional": true }, "get-stream": { "version": "3.0.0", @@ -4420,7 +4445,8 @@ "version": "2.0.1", "resolved": "https://registry.npmjs.org/has-unicode/-/has-unicode-2.0.1.tgz", "integrity": "sha1-4Ob+aijPUROIVeCG0Wkedx3iqLk=", - "dev": true + "dev": true, + "optional": true }, "has-value": { "version": "1.0.0", @@ -5179,7 +5205,8 @@ "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz", "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI=", - "dev": true + "dev": true, + "optional": true }, "is-windows": { "version": "1.0.2", @@ -5807,6 +5834,7 @@ "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz", "integrity": "sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=", "dev": true, + "optional": true, "requires": { "graceful-fs": "^4.1.2", "parse-json": "^2.2.0", @@ -5819,7 +5847,8 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true + "dev": true, + "optional": true } } }, @@ -6092,7 +6121,8 @@ "version": "1.0.1", "resolved": "https://registry.npmjs.org/map-obj/-/map-obj-1.0.1.tgz", "integrity": "sha1-2TPOuSBdgr3PSIb2dCvcK03qFG0=", - "dev": true + "dev": true, + "optional": true }, "map-visit": { "version": "1.0.0", @@ -6744,6 +6774,7 @@ "resolved": "https://registry.npmjs.org/npmlog/-/npmlog-4.1.2.tgz", "integrity": "sha512-2uUqazuKlTaSI/dC8AzicUck7+IrEaOnN/e0jd3Xtt1KcGpwx30v50mL7oPyr/h9bL3E4aZccVwpwP+5W9Vjkg==", "dev": true, + "optional": true, "requires": { "are-we-there-yet": "~1.1.2", "console-control-strings": "~1.1.0", @@ -7779,6 +7810,7 @@ "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz", "integrity": "sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=", "dev": true, + "optional": true, "requires": { "load-json-file": "^1.0.0", "normalize-package-data": "^2.3.2", @@ -7790,6 +7822,7 @@ "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz", "integrity": "sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=", "dev": true, + "optional": true, "requires": { "graceful-fs": "^4.1.2", "pify": "^2.0.0", @@ -7800,7 +7833,8 @@ "version": "2.3.0", "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", - "dev": true + "dev": true, + "optional": true } } }, @@ -7809,6 +7843,7 @@ "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz", "integrity": "sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=", "dev": true, + "optional": true, "requires": { "find-up": "^1.0.0", "read-pkg": "^1.0.0" @@ -7819,6 +7854,7 @@ "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz", "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=", "dev": true, + "optional": true, "requires": { "path-exists": "^2.0.0", "pinkie-promise": "^2.0.0" @@ -7829,6 +7865,7 @@ "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz", "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=", "dev": true, + "optional": true, "requires": { "pinkie-promise": "^2.0.0" } @@ -9157,6 +9194,7 @@ "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz", "integrity": "sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=", "dev": true, + "optional": true, "requires": { "is-utf8": "^0.2.0" } @@ -10496,6 +10534,7 @@ "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz", "integrity": "sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA==", "dev": true, + "optional": true, "requires": { "string-width": "^1.0.2 || 2" } diff --git a/frontend/xpirit-beerxchange/src/app/components/transfer-credit/transfer-credit.component.ts b/frontend/xpirit-beerxchange/src/app/components/transfer-credit/transfer-credit.component.ts index 791917a..bbe6062 100644 --- a/frontend/xpirit-beerxchange/src/app/components/transfer-credit/transfer-credit.component.ts +++ b/frontend/xpirit-beerxchange/src/app/components/transfer-credit/transfer-credit.component.ts @@ -4,6 +4,7 @@ import { FridgeService } from 'src/app/services/fridge.service'; import { Beer } from 'src/app/model/beer'; import { Router } from '@angular/router'; import { CreditTransfer } from '../../model/creditTransfer'; +import { MsalService } from '@azure/msal-angular'; @Component({ selector: 'app-transfer-credit', @@ -13,7 +14,7 @@ import { CreditTransfer } from '../../model/creditTransfer'; export class TransferCreditComponent implements OnInit { angForm: FormGroup; - constructor(private fb: FormBuilder, private fridgeService: FridgeService, private router: Router) { + constructor(private fb: FormBuilder, private fridgeService: FridgeService, private router: Router, private msal: MsalService) { this.createForm(); } @@ -29,11 +30,13 @@ export class TransferCreditComponent implements OnInit { } ngOnInit() { + var currentUser = this.msal.getUser(); + this.fridgeService.getFridgeUsers().subscribe((users: Array) => { this.users = users; }); - this.fridgeService.getCurrentBeers().subscribe((beers: Array) => { + this.fridgeService.getUserBeers(currentUser.name).subscribe((beers: Array) => { this.beers = beers; }); } diff --git a/frontend/xpirit-beerxchange/src/app/services/fridge.service.ts b/frontend/xpirit-beerxchange/src/app/services/fridge.service.ts index 77cd94c..467c1b9 100644 --- a/frontend/xpirit-beerxchange/src/app/services/fridge.service.ts +++ b/frontend/xpirit-beerxchange/src/app/services/fridge.service.ts @@ -24,6 +24,10 @@ export class FridgeService { return this.http.get>(`${AppConfig.settings.apiUrl}/beer`).map(beers => beers.filter(b => b.removedBy == null)); } + getUserBeers(user: string): Observable>{ + return this.http.get>(`${AppConfig.settings.apiUrl}/beer`).map(beers => beers.filter(b => b.createdBy === user)); + } + getHistoricalBeers(): Observable>{ return this.http.get>(`${AppConfig.settings.apiUrl}/beer`).map(beers => beers.filter(b => b.removedBy != null)); }