From 8599edd3bb0064625f1e6225f7e7e1d9f43a7442 Mon Sep 17 00:00:00 2001 From: Filip Bekic Date: Mon, 30 Sep 2024 10:33:19 +0200 Subject: [PATCH] Fix exchange getters --- .../ResQueue/ResQueue/DataProtectionKey.cs | 4 ++-- .../ResQueue/Endpoints/ExchangeEndpoints.cs | 21 +++++++++++++------ .../Broker/SyncBroker/SyncBrokerFeature.cs | 1 - backend/ResQueue/ResQueue/Models/Exchange.cs | 1 - 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/backend/ResQueue/ResQueue/DataProtectionKey.cs b/backend/ResQueue/ResQueue/DataProtectionKey.cs index 1f7760b..6fd6fe4 100644 --- a/backend/ResQueue/ResQueue/DataProtectionKey.cs +++ b/backend/ResQueue/ResQueue/DataProtectionKey.cs @@ -5,6 +5,6 @@ namespace ResQueue; public class DataProtectionKey { public ObjectId Id { get; set; } - public string FriendlyName { get; set; } - public string XmlData { get; set; } + public string FriendlyName { get; set; } = null!; + public string XmlData { get; set; } = null!; } \ No newline at end of file diff --git a/backend/ResQueue/ResQueue/Endpoints/ExchangeEndpoints.cs b/backend/ResQueue/ResQueue/Endpoints/ExchangeEndpoints.cs index 6ea75ef..8d7d575 100644 --- a/backend/ResQueue/ResQueue/Endpoints/ExchangeEndpoints.cs +++ b/backend/ResQueue/ResQueue/Endpoints/ExchangeEndpoints.cs @@ -14,26 +14,35 @@ public static void MapExchangeEndpoints(this IEndpointRouteBuilder routes) .RequireAuthorization(); group.MapGet("{brokerId}", - async (IMongoCollection collection, UserManager userManager, HttpContext httpContext, + async (IMongoCollection exchangesCollection, + IMongoCollection brokersCollection, + UserManager userManager, + HttpContext httpContext, string brokerId) => { + // Get user var user = await userManager.GetUserAsync(httpContext.User); if (user == null) { return Results.Unauthorized(); } - if (!ObjectId.TryParse(brokerId, out var brokerObjectId)) + // Validate broker + var brokerFilter = Builders.Filter.And( + Builders.Filter.Eq(b => b.Id, ObjectId.Parse(brokerId)), + Builders.Filter.ElemMatch(b => b.AccessList, a => a.UserId == user.Id), + Builders.Filter.Eq(b => b.DeletedAt, null) + ); + if (!await brokersCollection.Find(brokerFilter).AnyAsync()) { - return Results.BadRequest("Invalid Broker ID format."); + return Results.Unauthorized(); } var filter = Builders.Filter.And( - Builders.Filter.Eq(q => q.UserId, user.Id), - Builders.Filter.Eq(q => q.BrokerId, brokerObjectId) + Builders.Filter.Eq(q => q.BrokerId, ObjectId.Parse(brokerId)) ); - var exchanges = await collection.Find(filter).ToListAsync(); + var exchanges = await exchangesCollection.Find(filter).ToListAsync(); return Results.Ok(exchanges.Select(q => new ExchangeDto() { diff --git a/backend/ResQueue/ResQueue/Features/Broker/SyncBroker/SyncBrokerFeature.cs b/backend/ResQueue/ResQueue/Features/Broker/SyncBroker/SyncBrokerFeature.cs index b43f8b3..bf34fc1 100644 --- a/backend/ResQueue/ResQueue/Features/Broker/SyncBroker/SyncBrokerFeature.cs +++ b/backend/ResQueue/ResQueue/Features/Broker/SyncBroker/SyncBrokerFeature.cs @@ -160,7 +160,6 @@ public async Task> ExecuteAsync(SyncB { exchangesToAdd.Add(new Exchange { - UserId = user.Id, BrokerId = ObjectId.Parse(request.Id), RawData = BsonDocument.Parse(element.GetRawText()) }); diff --git a/backend/ResQueue/ResQueue/Models/Exchange.cs b/backend/ResQueue/ResQueue/Models/Exchange.cs index 8ffaaa2..f6c967c 100644 --- a/backend/ResQueue/ResQueue/Models/Exchange.cs +++ b/backend/ResQueue/ResQueue/Models/Exchange.cs @@ -6,7 +6,6 @@ namespace ResQueue.Models; public class Exchange { [BsonId] public ObjectId Id { get; set; } - public ObjectId UserId { get; set; } public ObjectId BrokerId { get; set; } public BsonDocument RawData { get; set; } = null!; } \ No newline at end of file