sillsdev
diff --git a/‎Backend.Tests/Controllers/UserControllerTests.cs
Lines changed: 11 additions & 11 deletions b/‎Backend.Tests/Controllers/UserControllerTests.cs
Lines changed: 11 additions & 11 deletions
diff --git a/‎Backend.Tests/Mocks/UserRepositoryMock.cs
Lines changed: 9 additions & 0 deletions b/‎Backend.Tests/Mocks/UserRepositoryMock.cs
Lines changed: 9 additions & 0 deletions
diff --git a/‎Backend/Controllers/ProjectController.cs
Lines changed: 8 additions & 5 deletions b/‎Backend/Controllers/ProjectController.cs
Lines changed: 8 additions & 5 deletions
diff --git a/‎Backend/Controllers/UserController.cs
Lines changed: 28 additions & 10 deletions b/‎Backend/Controllers/UserController.cs
Lines changed: 28 additions & 10 deletions
diff --git a/‎Backend/Interfaces/IUserRepository.cs
Lines changed: 1 addition & 0 deletions b/‎Backend/Interfaces/IUserRepository.cs
Lines changed: 1 addition & 0 deletions
diff --git a/‎Backend/Models/User.cs
Lines changed: 25 additions & 0 deletions b/‎Backend/Models/User.cs
Lines changed: 25 additions & 0 deletions
diff --git a/‎Backend/Repositories/UserRepository.cs
Lines changed: 10 additions & 0 deletions b/‎Backend/Repositories/UserRepository.cs
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/api/.openapi-generator/FILES
Lines changed: 1 addition & 0 deletions b/‎src/api/.openapi-generator/FILES
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/api/api/project-api.ts
Lines changed: 7 additions & 4 deletions b/‎src/api/api/project-api.ts
Lines changed: 7 additions & 4 deletions
@@ -83,48 +83,48 @@ public void TestGetMissingUser()
         }
 
         [Test]
-        public void TestGetUserByEmailOrUsernameWithEmail()
+        public void TestGetUserIdByEmailOrUsernameWithEmail()
         {
             const string email = "[email protected]";
             var user = _userRepo.Create(
                 new User { Email = email, Username = Util.RandString(10), Password = Util.RandString(10) }
             ).Result ?? throw new UserCreationException();
 
-            var result = _userController.GetUserByEmailOrUsername(email).Result;
+            var result = _userController.GetUserIdByEmailOrUsername(email).Result;
             Assert.That(result, Is.InstanceOf<ObjectResult>());
-            Assert.That(((ObjectResult)result).Value, Is.EqualTo(user).UsingPropertiesComparer());
+            Assert.That(((ObjectResult)result).Value, Is.EqualTo(user.Id));
         }
 
         [Test]
-        public void TestGetUserByEmailOrUsernameWithUsername()
+        public void TestGetUserIdByEmailOrUsernameWithUsername()
         {
             const string username = "example-name";
             var user = _userRepo.Create(
                 new User { Username = username, Password = Util.RandString(10) }
             ).Result ?? throw new UserCreationException();
 
-            var result = _userController.GetUserByEmailOrUsername(username).Result;
+            var result = _userController.GetUserIdByEmailOrUsername(username).Result;
             Assert.That(result, Is.InstanceOf<ObjectResult>());
-            Assert.That(((ObjectResult)result).Value, Is.EqualTo(user).UsingPropertiesComparer());
+            Assert.That(((ObjectResult)result).Value, Is.EqualTo(user.Id));
         }
 
         [Test]
-        public void TestGetUserByEmailOrUsernameMissing()
+        public void TestGetUserIdByEmailOrUsernameMissing()
         {
-            var result = _userController.GetUserByEmailOrUsername("[email protected]").Result;
-            Assert.That(result, Is.InstanceOf<NotFoundObjectResult>());
+            var result = _userController.GetUserIdByEmailOrUsername("[email protected]").Result;
+            Assert.That(result, Is.InstanceOf<NotFoundResult>());
         }
 
         [Test]
-        public void TestGetUserByEmailOrUsernameNoPermission()
+        public void TestGetUserIdByEmailOrUsernameNoPermission()
         {
             _userController.ControllerContext.HttpContext = PermissionServiceMock.UnauthorizedHttpContext();
             const string email = "[email protected]";
             var _ = _userRepo.Create(
                 new User { Email = email, Username = Util.RandString(10), Password = Util.RandString(10) }
             ).Result ?? throw new UserCreationException();
 
-            var result = _userController.GetUserByEmailOrUsername(email).Result;
+            var result = _userController.GetUserIdByEmailOrUsername(email).Result;
             Assert.That(result, Is.InstanceOf<ForbidResult>());
         }
 
 
@@ -22,6 +22,15 @@ public Task<List<User>> GetAllUsers()
             return Task.FromResult(_users.Select(user => user.Clone()).ToList());
         }
 
+        public Task<List<User>> GetAllUsersByFilter(string filter)
+        {
+            var filteredUsers = _users.Where(user =>
+                user.Name.Contains(filter, StringComparison.OrdinalIgnoreCase) ||
+                user.Email.Contains(filter, StringComparison.OrdinalIgnoreCase) ||
+                user.Username.Contains(filter, StringComparison.OrdinalIgnoreCase));
+            return Task.FromResult(filteredUsers.Select(user => user.Clone()).ToList());
+        }
+
         public Task<User?> GetUser(string userId, bool sanitize = true)
         {
             try
 
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using BackendFramework.Helper;
 using BackendFramework.Interfaces;
@@ -41,10 +42,11 @@ public async Task<IActionResult> GetAllProjects()
             return Ok(await _projRepo.GetAllProjects());
         }
 
-        /// <summary> Get a list of <see cref="User"/>s of a specific project </summary>
-        /// <returns> A list of <see cref="User"/>s </returns>
+        /// <summary> Get all users of a specific project. </summary>
+        /// <returns> A list of <see cref="UserStub"/>s. </returns>
         [HttpGet("{projectId}/users", Name = "GetAllProjectUsers")]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<User>))]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<UserStub>))]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> GetAllProjectUsers(string projectId)
         {
             if (!await _permissionService.HasProjectPermission(
@@ -54,9 +56,10 @@ public async Task<IActionResult> GetAllProjectUsers(string projectId)
             }
 
             var allUsers = await _userRepo.GetAllUsers();
-            var projectUsers = allUsers.FindAll(user => user.ProjectRoles.ContainsKey(projectId));
+            var projectUsers = allUsers.FindAll(u => u.ProjectRoles.ContainsKey(projectId))
+                .Select((u) => new UserStub(u) { RoleId = u.ProjectRoles[projectId] });
 
-            return Ok(projectUsers);
+            return Ok(projectUsers.ToList());
         }
 
         /// <summary> Deletes all <see cref="Project"/>s </summary>
 
@@ -1,4 +1,5 @@
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using BackendFramework.Helper;
 using BackendFramework.Interfaces;
@@ -105,15 +106,33 @@ public async Task<IActionResult> ResetPassword([FromBody, BindRequired] Password
         /// <summary> Returns all <see cref="User"/>s </summary>
         [HttpGet(Name = "GetAllUsers")]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<User>))]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<IActionResult> GetAllUsers()
         {
-            if (string.IsNullOrEmpty(_permissionService.GetUserId(HttpContext)))
+            if (!await _permissionService.IsSiteAdmin(HttpContext))
             {
                 return Forbid();
             }
             return Ok(await _userRepo.GetAllUsers());
         }
 
+        /// <summary> Gets all users with email, name, or username matching the given filter. </summary>
+        /// <remarks> Only site admins can use filters shorter than 3 characters long. </remarks>
+        /// <returns> A list of <see cref="UserStub"/>s. </returns>
+        [HttpGet("filter/{filter}", Name = "GetUsersByFilter")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(List<UserStub>))]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
+        public async Task<IActionResult> GetUsersByFilter(string filter)
+        {
+            filter = filter.Trim();
+            if (!await _permissionService.IsSiteAdmin(HttpContext) && filter.Length < 3)
+            {
+                return Forbid();
+            }
+
+            return Ok((await _userRepo.GetAllUsersByFilter(filter)).Select(u => new UserStub(u)).ToList());
+        }
+
         /// <summary> Logs in a <see cref="User"/> and gives a token </summary>
         [AllowAnonymous]
         [HttpPost("authenticate", Name = "Authenticate")]
@@ -152,21 +171,20 @@ public async Task<IActionResult> GetUser(string userId)
             return Ok(user);
         }
 
-        /// <summary> Returns <see cref="User"/> with the specified email address or username. </summary>
-        [HttpPut("getbyemailorusername", Name = "GetUserByEmailOrUsername")]
-        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(User))]
-        public async Task<IActionResult> GetUserByEmailOrUsername([FromBody, BindRequired] string emailOrUsername)
+        /// <summary> Gets id of user with the specified email address or username. </summary>
+        [HttpPut("getbyemailorusername", Name = "GetUserIdByEmailOrUsername")]
+        [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(string))]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        [ProducesResponseType(StatusCodes.Status403Forbidden)]
+        public async Task<IActionResult> GetUserIdByEmailOrUsername([FromBody, BindRequired] string emailOrUsername)
         {
             if (!_permissionService.IsCurrentUserAuthorized(HttpContext))
             {
                 return Forbid();
             }
+
             var user = await _userRepo.GetUserByEmailOrUsername(emailOrUsername);
-            if (user is null)
-            {
-                return NotFound(emailOrUsername);
-            }
-            return Ok(user);
+            return user is null ? NotFound() : Ok(user.Id);
         }
 
         /// <summary> Creates specified <see cref="User"/>. </summary>
 
@@ -8,6 +8,7 @@ namespace BackendFramework.Interfaces
     public interface IUserRepository
     {
         Task<List<User>> GetAllUsers();
+        Task<List<User>> GetAllUsersByFilter(string filter);
         Task<User?> GetUser(string userId, bool sanitize = true);
         Task<ResultOfUpdate> ChangePassword(string userId, string password);
         Task<User?> Create(User user);
 
@@ -137,6 +137,31 @@ public void Sanitize()
         }
     }
 
+    public class UserStub
+    {
+        [Required]
+        public string Id { get; set; }
+
+        [Required]
+        public string Name { get; set; }
+
+        [Required]
+        public string Username { get; set; }
+
+        [Required]
+        public bool HasAvatar { get; set; }
+
+        public string? RoleId { get; set; }
+
+        public UserStub(User user)
+        {
+            Id = user.Id;
+            Name = user.Name;
+            Username = user.Username;
+            HasAvatar = user.HasAvatar;
+        }
+    }
+
     /// <summary> Contains email/username and password for authentication. </summary>
     /// <remarks>
     /// This is used in a [FromBody] serializer, so its attributes cannot be set to readonly.
 
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
+using System.Linq;
 using System.Threading.Tasks;
 using BackendFramework.Helper;
 using BackendFramework.Interfaces;
@@ -28,6 +29,15 @@ public async Task<List<User>> GetAllUsers()
             return users;
         }
 
+        /// <summary> Finds all <see cref="User"/>s matching a given filter </summary>
+        public async Task<List<User>> GetAllUsersByFilter(string filter)
+        {
+            return (await GetAllUsers()).Where(u =>
+                u.Email.Contains(filter, StringComparison.OrdinalIgnoreCase) ||
+                u.Name.Contains(filter, StringComparison.OrdinalIgnoreCase) ||
+                u.Username.Contains(filter, StringComparison.OrdinalIgnoreCase)).ToList();
+        }
+
         /// <summary> Removes all <see cref="User"/>s </summary>
         /// <returns> A bool: success of operation </returns>
         public async Task<bool> DeleteAllUsers()
 
@@ -64,6 +64,7 @@ models/user-created-project.ts
 models/user-edit-step-wrapper.ts
 models/user-edit.ts
 models/user-role.ts
+models/user-stub.ts
 models/user.ts
 models/word.ts
 models/words-per-day-per-user-count.ts
 
@@ -39,9 +39,9 @@ import {
 // @ts-ignore
 import { Project } from "../models";
 // @ts-ignore
-import { User } from "../models";
-// @ts-ignore
 import { UserCreatedProject } from "../models";
+// @ts-ignore
+import { UserStub } from "../models";
 /**
  * ProjectApi - axios parameter creator
  * @export
@@ -551,7 +551,10 @@ export const ProjectApiFp = function (configuration?: Configuration) {
       projectId: string,
       options?: any
     ): Promise<
-      (axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<User>>
+      (
+        axios?: AxiosInstance,
+        basePath?: string
+      ) => AxiosPromise<Array<UserStub>>
     > {
       const localVarAxiosArgs =
         await localVarAxiosParamCreator.getAllProjectUsers(projectId, options);
@@ -738,7 +741,7 @@ export const ProjectApiFactory = function (
     getAllProjectUsers(
       projectId: string,
       options?: any
-    ): AxiosPromise<Array<User>> {
+    ): AxiosPromise<Array<UserStub>> {
       return localVarFp
         .getAllProjectUsers(projectId, options)
         .then((request) => request(axios, basePath));
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ namespace BackendFramework.Interfaces`
`8`	`8`	`public interface IUserRepository`
`9`	`9`	`{`
`10`	`10`	`Task<List<User>> GetAllUsers();`
	`11`	`+ Task<List<User>> GetAllUsersByFilter(string filter);`
`11`	`12`	`Task<User?> GetUser(string userId, bool sanitize = true);`
`12`	`13`	`Task<ResultOfUpdate> ChangePassword(string userId, string password);`
`13`	`14`	`Task<User?> Create(User user);`