using Authinator.Backend.Database; using Authinator.Backend.Database.Tables; using Authinator.Backend.Utils; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; using Microsoft.EntityFrameworkCore; namespace Authinator.Pages; public class AdminEditACLModel : PageModel { public ACL ModelACL = null!; public IActionResult OnGet() { var db = new DatabaseContext(); if (!Request.HttpContext.IsAdmin(db)) return StatusCode(StatusCodes.Status403Forbidden); var id = int.Parse((string)(RouteData.Values["id"] ?? string.Empty)); if (!db.ACLs.Any(p => p.Id == id)) { return BadRequest(); } ModelACL = db.ACLs.Include(p => p.Groups).First(p => p.Id == id); return Page(); } public async Task OnPost() { var db = new DatabaseContext(); if (!Request.HttpContext.IsAdmin(db)) return StatusCode(StatusCodes.Status403Forbidden); if (Request.Form["action"] == "save") { var id = int.Parse((string)(RouteData.Values["id"] ?? string.Empty)); if (!db.Users.Any(p => p.Id == id)) { return BadRequest(); } var user = db.Users.Include(p => p.Groups).First(p => p.Id == id); var newReference = Request.Form["reference"].ToString(); var newUsername = Request.Form["username"].ToString(); var newEmail = Request.Form["email"].ToString(); var newGroups = Request.Form["group"].Select(int.Parse!).Select(p => db.Groups.First(q => q.Id == p)).ToList(); if (!string.IsNullOrWhiteSpace(newReference) && newReference != user.Reference) { if (db.Users.Any(p => p.Reference == newReference)) { return BadRequest(); } user.Reference = newReference; } if (!string.IsNullOrWhiteSpace(newUsername) && newUsername != user.Username) { if (db.Users.Any(p => p.Username == newUsername)) { return BadRequest(); } user.Username = newUsername; } if (!string.IsNullOrWhiteSpace(newEmail) && newEmail != user.Email) { user.Email = newEmail; } user.Groups = newGroups; await db.SaveChangesAsync(); } return Redirect("/Admin"); } }