Merge pull request #60 from Purdue-ACM-SIGAPP/add-auth-events

Add auth events

Controllers/EventsController.cs

@@ -1,3 +1,5 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using SimpleWebAppReact.Entities;
 using Microsoft.Extensions.Logging;
@@ -75,7 +77,6 @@ public async Task<IEnumerable<Events>> Get([FromQuery] string? eventName = null,
         /// <param name="id"></param>
         /// <returns></returns>
         [HttpGet("{id}")]
-
         //deleted asyn
         public async Task<ActionResult<Events?>> GetById(string id)
         {
@@ -96,8 +97,18 @@ public async Task<IEnumerable<Events>> Get([FromQuery] string? eventName = null,
         /// <param name="events"></param>
         /// <returns></returns>
         [HttpPost]
+        [Authorize(Roles = "Student,ResidentAssistant,GreekLife,Admin")]
         public async Task<ActionResult> Post(Events events)
         {
+            var userId = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
+
+            if (userId == null)
+            {
+                return Unauthorized(new { Message = "User ID not found in claims." });
+            }
+
+            events.UserID = userId;
+
             await _events.InsertOneAsync(events);
             return CreatedAtAction(nameof(GetById), new { id = events.Id }, events);
 
@@ -109,9 +120,30 @@ public async Task<ActionResult> Post(Events events)
         /// <param name="events"></param>
         /// <returns></returns>
         [HttpPut]
+        [Authorize(Roles = "Student,ResidentAssistant,GreekLife,Admin")]
         public async Task<ActionResult> Update(Events events)
         {
+            var userId = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
+
+            if (userId == null)
+            {
+                return Unauthorized(new { Message = "User ID not found in claims." });
+            }
+
             var filter = Builders<Events>.Filter.Eq(x => x.Id, events.Id);
+
+            var roles = User.Claims
+                .Where(c => c.Type == ClaimTypes.Role) // Use ClaimTypes.Role to fetch role claims
+                .Select(c => c.Value)
+                .ToList();
+
+            var evt = await _events.Find(filter).FirstOrDefaultAsync();
+
+            if (!roles.Contains(UserType.Admin.ToString()) && !evt.UserID.Equals(userId))
+            {
+                return Unauthorized();
+            }
+
             await _events.ReplaceOneAsync(filter, events);
             return Ok();
         }
@@ -122,9 +154,30 @@ public async Task<ActionResult> Update(Events events)
         /// <param name="id"></param>
         /// <returns></returns>
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Student,ResidentAssistant,GreekLife,Admin")]
         public async Task<ActionResult> Delete(string id)
         {
+            var userId = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier)?.Value;
+
+            if (userId == null)
+            {
+                return Unauthorized(new { Message = "User ID not found in claims." });
+            }
+
             var filter = Builders<Events>.Filter.Eq(x => x.Id, id);
+
+            var roles = User.Claims
+                .Where(c => c.Type == ClaimTypes.Role) // Use ClaimTypes.Role to fetch role claims
+                .Select(c => c.Value)
+                .ToList();
+
+            var evt = await _events.Find(filter).FirstOrDefaultAsync();
+
+            if (!roles.Contains(UserType.Admin.ToString()) && !evt.UserID.Equals(userId))
+            {
+                return Unauthorized();
+            }
+
             await _events.DeleteOneAsync(filter);
             return Ok();
         }