From e56d8f70585fe84fa7eeb6e3689186f3b449eed8 Mon Sep 17 00:00:00 2001 From: fede Date: Sat, 23 Nov 2024 20:37:58 -0300 Subject: [PATCH] Fix: Bug VerduleriaVendeFacturas --- Aspnet/Controllers/GruposController.cs | 6 +++++- Aspnet/Controllers/InquilinoController.cs | 9 ++++++--- Aspnet/Controllers/LoginController.cs | 1 - Aspnet/Controllers/PermisosController.cs | 6 +++++- Aspnet/Controllers/PropiedadesController.cs | 18 +++++++++--------- Aspnet/Controllers/PropietarioController.cs | 6 +++--- Modelo/RepositorioPermisos.cs | 13 +++++++++---- 7 files changed, 37 insertions(+), 22 deletions(-) diff --git a/Aspnet/Controllers/GruposController.cs b/Aspnet/Controllers/GruposController.cs index dd8f26b..31f8ffa 100644 --- a/Aspnet/Controllers/GruposController.cs +++ b/Aspnet/Controllers/GruposController.cs @@ -6,7 +6,11 @@ namespace AlquilaFacil.Controllers; [ApiController] public class GruposController: ControllerBase { [HttpPost("api/admin/grupos")] - public IActionResult CrearGrupo([FromBody] AdminGrupo grupo) { + public IActionResult CrearGrupo([FromBody] AdminGrupo grupo, [FromHeader(Name = "Auth")] string Auth) { + if (!string.IsNullOrEmpty(Auth)) return BadRequest(); + var ret2 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 10); + if (ret2 == false) return BadRequest(ret2); + if (String.IsNullOrEmpty(grupo.descripcion)) return BadRequest(); bool ret = RepositorioGrupos.Singleton.CrearGrupo(grupo.descripcion); diff --git a/Aspnet/Controllers/InquilinoController.cs b/Aspnet/Controllers/InquilinoController.cs index 255ae7e..ef55739 100644 --- a/Aspnet/Controllers/InquilinoController.cs +++ b/Aspnet/Controllers/InquilinoController.cs @@ -15,9 +15,8 @@ public class InquilinoController: ControllerBase [HttpGet("api/inquilino")] public IActionResult Get([FromHeader(Name = "Auth")] string Auth) { if (!string.IsNullOrEmpty(Auth)) return BadRequest(); - string path = Request.Path; + var ret = RepositorioPermisos.Singleton.CheckPermisos(Auth, 9); - var ret = RepositorioPermisos.Singleton.CheckPermisos(Auth, path); if (ret == false) return BadRequest(ret); var list = RepositorioInquilinos.Singleton.GetInquilinos(); @@ -26,7 +25,11 @@ public class InquilinoController: ControllerBase } [HttpPost("api/inquilino")] - public IActionResult Post([FromBody] CrearClienteDto cid) { + public IActionResult Post([FromBody] CrearClienteDto cid, [FromHeader(Name = "Auth")] string Auth) { + if (!string.IsNullOrEmpty(Auth)) return BadRequest(); + var ret3 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 4); + if (ret3 == false) return BadRequest(ret3); + var ret = verificarCrearUsuario(cid); if (ret != "") return BadRequest(ret); diff --git a/Aspnet/Controllers/LoginController.cs b/Aspnet/Controllers/LoginController.cs index 2667370..b4efd38 100644 --- a/Aspnet/Controllers/LoginController.cs +++ b/Aspnet/Controllers/LoginController.cs @@ -53,7 +53,6 @@ public class LoginController: ControllerBase } - private string GenerarToken(LoginDto loginDto){ var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes("ffb2cdc15d472e41a5b626e294c45020"); diff --git a/Aspnet/Controllers/PermisosController.cs b/Aspnet/Controllers/PermisosController.cs index 3ec45df..a63f9a1 100644 --- a/Aspnet/Controllers/PermisosController.cs +++ b/Aspnet/Controllers/PermisosController.cs @@ -7,7 +7,11 @@ namespace AlquilaFacil.Controllers; [ApiController] public class PermisosController: ControllerBase { [HttpPost("api/admin/permisos")] - public IActionResult CrearPermisos([FromBody] AdminPermiso permiso) { + public IActionResult CrearPermisos([FromBody] AdminPermiso permiso, [FromHeader(Name = "Auth")] string Auth) { + if (!string.IsNullOrEmpty(Auth)) return BadRequest(); + var ret2 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 11); + if (ret2 == false) return BadRequest(ret2); + if (String.IsNullOrEmpty(permiso.descripcion)) return BadRequest(); bool ret = RepositorioPermisos.Singleton.CrearPermiso(permiso.descripcion); diff --git a/Aspnet/Controllers/PropiedadesController.cs b/Aspnet/Controllers/PropiedadesController.cs index 40d872e..8f62418 100644 --- a/Aspnet/Controllers/PropiedadesController.cs +++ b/Aspnet/Controllers/PropiedadesController.cs @@ -9,9 +9,9 @@ namespace AlquilaFacil.Controllers; [ApiController] public class PropiedadesController: ControllerBase { [HttpGet("api/propiedades")] - public IActionResult ListarPropietarios([FromHeader(Name = "Auth")] string Auth) { + public IActionResult ListarPropiedades([FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 12); if (validacion1 == false) return Unauthorized(); var ret = RepositorioPropiedades.Singleton.ListarPropiedades(); @@ -21,7 +21,7 @@ public class PropiedadesController: ControllerBase { [HttpGet("api/propiedad")] public IActionResult ObtenerPropiedadPorId(int Id, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 12); if (validacion1 == false) return Unauthorized(); if (Id < 0) return BadRequest("la id de propiedad no puede ser negativa"); @@ -32,12 +32,12 @@ public class PropiedadesController: ControllerBase { } [HttpGet("api/propiedades/Propietario")] - public IActionResult ObtenerPropiedadesPorPropietario( + public IActionResult ObtenerPropiedadesPorPropietario ( [FromBody] string email, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 12); if (validacion1 == false) return Unauthorized(); email = email.Trim(); @@ -51,7 +51,7 @@ public class PropiedadesController: ControllerBase { [HttpPost("api/propiedad")] public IActionResult AltaPropiedad([FromBody] AltaPropiedadDto propiedad, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 1); if (validacion1 == false) return Unauthorized(); string validacion2 = ValidarPropiedad(propiedad); @@ -78,7 +78,7 @@ public class PropiedadesController: ControllerBase { [HttpDelete("api/propiedad")] public IActionResult BajaPropiedad(int id, [FromHeader(Name = "Auth")] string Auth){ if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 2); if (validacion1 == false) return Unauthorized(); if (id <= 0) return BadRequest("No es una id valida"); @@ -93,7 +93,7 @@ public class PropiedadesController: ControllerBase { [HttpPut("api/propiedades/addServicio")] public IActionResult AñadirServicio([FromBody] ServicioAPropiedadDto Servicios, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 8); if (validacion1 == false) return Unauthorized(); if (Servicios.propiedadid <= 0) return BadRequest("No puede tener una id negativa o cero"); @@ -117,7 +117,7 @@ public class PropiedadesController: ControllerBase { [HttpPut("api/propiedades/RmServicio")] public IActionResult EliminarServicio([FromBody] ServicioAPropiedadDto servicio, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 13); if (validacion1 == false) return Unauthorized(); if (servicio.propiedadid <= 0) return BadRequest("No puede tener una id negativa o cero"); diff --git a/Aspnet/Controllers/PropietarioController.cs b/Aspnet/Controllers/PropietarioController.cs index 0023501..9291d41 100644 --- a/Aspnet/Controllers/PropietarioController.cs +++ b/Aspnet/Controllers/PropietarioController.cs @@ -14,7 +14,7 @@ public class PropietarioController: ControllerBase { [HttpGet("api/propietario")] public IActionResult ObtenerPropietarioPorDni(long Dni, [FromHeader(Name ="Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 14); if (validacion1 == false) return Unauthorized(); var ret = RepositorioPropietario.Singleton.ObtenerPropietarioPorDni(Dni); @@ -25,7 +25,7 @@ public class PropietarioController: ControllerBase { public IActionResult AltaPropietario([FromBody]CrearClienteDto Propietario, [FromHeader(Name = "Auth")] string Auth) { if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 5); if (validacion1 == false) return Unauthorized(); string validacion2 = verificarCrearUsuario(Propietario); @@ -49,7 +49,7 @@ public class PropietarioController: ControllerBase { [HttpPatch("api/propietarios")] public IActionResult PatchPropietario([FromBody]CrearClienteDto Propietario, [FromHeader(Name = "Auth")] string Auth){ if (String.IsNullOrEmpty(Auth)) return Unauthorized(); - var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, Request.Path); + var validacion1 = RepositorioPermisos.Singleton.CheckPermisos(Auth, 5); if (validacion1 == false) return Unauthorized(); string validacion2 = verificarCrearUsuario(Propietario); diff --git a/Modelo/RepositorioPermisos.cs b/Modelo/RepositorioPermisos.cs index d07b1ec..06b51a1 100644 --- a/Modelo/RepositorioPermisos.cs +++ b/Modelo/RepositorioPermisos.cs @@ -17,8 +17,10 @@ public class RepositorioPermisos: RepositorioBase { return list; } - public bool CheckPermisos(string token, string path){ + public bool CheckPermisos(string token, int idpermiso){ var con = Context; + bool tienePermiso = false; + //checkeo que el token corresponda a un usuario Cliente? cli = con.Clientes.FirstOrDefault(x => x.Token == token); if (cli == null || cli.Dni == 0) return false; @@ -30,10 +32,13 @@ public class RepositorioPermisos: RepositorioBase { .SelectMany(x => x.Idpermisos) .Distinct(); + ///////////////////////////////////////////////////////////////// + //Esto esta comentado porque antes pasaba el string del path de la url, es una mala idea a muchos niveles + ///////////////////////////////////////////////////////////////// //me inspiré y hice un regex pero si eliminaba los primeros 8(?) caracteres del string era lo mismo - Match match = Regex.Match(path, @"^/accion/(\d+)$"); - int.TryParse(match.Groups[1].Value, out int idpermiso); - bool tienePermiso = false; + //Match match = Regex.Match(path, @"^/accion/(\d+)$"); + //int.TryParse(match.Groups[1].Value, out int idpermiso); + ///////////////////////////////////////////////////////////////// Parallel.ForEach(permisos, (x, i) =>{ if (x.Id == idpermiso) {