Added a new policy to require being an admin. Implemented ability to delete a user.

2025-05-24 00:52:23 -04:00 · 2020-12-24 08:13:58 -06:00 · 2020-12-24 08:13:58 -06:00 · f0919042b0
commit f0919042b0
parent bb276a5984
6 changed files with 44 additions and 5 deletions
--- a/API/Controllers/AdminController.cs
+++ b/API/Controllers/AdminController.cs
@ -26,10 +26,18 @@ namespace API.Controllers
        }

        [Authorize(Policy = "RequireAdminRole")]
-        [HttpDelete]
+        [HttpDelete("delete-user")]
        public async Task<ActionResult> DeleteUser(string username)
        {
-            return BadRequest("Not Implemented");
+            var user = await _userRepository.GetUserByUsernameAsync(username);
+            _userRepository.Delete(user);
+
+            if (await _userRepository.SaveAllAsync())
+            {
+                return Ok();
+            }
+            
+            return BadRequest("Could not delete the user.");
        }
        
        
--- a/API/Controllers/LibraryController.cs
+++ b/API/Controllers/LibraryController.cs
@ -77,14 +77,13 @@ namespace API.Controllers
        //     return Ok(await _libraryRepository.GetLibrariesForUserAsync(user));
        // }
        
+        [Authorize(Policy = "RequireAdminRole")]
        [HttpPut("update-for")]
        public async Task<ActionResult<MemberDto>> UpdateLibrary(UpdateLibraryDto updateLibraryDto)
        {
-            // TODO: Only admins can do this
            var user = await _userRepository.GetUserByUsernameAsync(updateLibraryDto.Username);

            if (user == null) return BadRequest("Could not validate user");
-            if (!user.IsAdmin) return Unauthorized("Only admins are permitted");

            user.Libraries = new List<Library>();

--- a/API/DTOs/MemberDto.cs
+++ b/API/DTOs/MemberDto.cs
@ -15,5 +15,6 @@ namespace API.DTOs
        public DateTime Created { get; set; }
        public DateTime LastActive { get; set; }
        public IEnumerable<LibraryDto> Libraries { get; set; }
+        public IEnumerable<string> Roles { get; set; }
    }
 }
--- a/API/Data/UserRepository.cs
+++ b/API/Data/UserRepository.cs
@ -6,6 +6,7 @@ using API.Entities;
 using API.Interfaces;
 using AutoMapper;
 using AutoMapper.QueryableExtensions;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;

 namespace API.Data
@ -14,11 +15,13 @@ namespace API.Data
    {
        private readonly DataContext _context;
        private readonly IMapper _mapper;
+        private readonly UserManager<AppUser> _userManager;

-        public UserRepository(DataContext context, IMapper mapper)
+        public UserRepository(DataContext context, IMapper mapper, UserManager<AppUser> userManager)
        {
            _context = context;
            _mapper = mapper;
+            _userManager = userManager;
        }

        public void Update(AppUser user)
@ -26,6 +29,11 @@ namespace API.Data
            _context.Entry(user).State = EntityState.Modified;
        }

+        public void Delete(AppUser user)
+        {
+            _context.Users.Remove(user);
+        }
+
        public async Task<bool> SaveAllAsync()
        {
            return await _context.SaveChangesAsync() > 0;
@ -49,6 +57,23 @@ namespace API.Data

        public async Task<IEnumerable<MemberDto>> GetMembersAsync()
        {
+            return await _userManager.Users
+                .Include(x => x.Libraries)
+                .Include(r => r.UserRoles)
+                .ThenInclude(r => r.Role)
+                .OrderBy(u => u.UserName)
+                .Select(u => new MemberDto
+                {
+                    Id = u.Id,
+                    Username = u.UserName,
+                    Created = u.Created,
+                    LastActive = u.LastActive,
+                    Roles = u.UserRoles.Select(r => r.Role.Name).ToList()
+                })
+                .ToListAsync();
+            
+            //return await _context.Users.Include(x => x.Libraries)
+                
            return await _context.Users.Include(x => x.Libraries)
                .Include(x => x.Libraries)
                .ProjectTo<MemberDto>(_mapper.ConfigurationProvider)
--- a/API/Extensions/IdentityServiceExtensions.cs
+++ b/API/Extensions/IdentityServiceExtensions.cs
@ -35,6 +35,11 @@ namespace API.Extensions
                        ValidateAudience = false
                    };
                });
+            services.AddAuthorization(opt =>
+            {
+                opt.AddPolicy("RequireAdminRole", policy => policy.RequireRole("Admin"));
+            });
+            
            return services;
        }
    }
--- a/API/Interfaces/IUserRepository.cs
+++ b/API/Interfaces/IUserRepository.cs
@ -15,5 +15,6 @@ namespace API.Interfaces
        Task<AppUser> GetUserByUsernameAsync(string username);
        Task<IEnumerable<MemberDto>>  GetMembersAsync();
        Task<MemberDto> GetMemberAsync(string username);
+        public void Delete(AppUser user);
    }
 }