first commit

2025-07-15 20:34:05 -05:00
commit f7eca4bad5
602 changed files with 158990 additions and 0 deletions
--- a/Filter/CollaboratorFilter.cs
+++ b/Filter/CollaboratorFilter.cs
@@ -0,0 +1,54 @@
+using MotoVaultPro.Helper;
+using MotoVaultPro.Logic;
+using MotoVaultPro.Models;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using System.Security.Claims;
+
+namespace MotoVaultPro.Filter
+{
+    public class CollaboratorFilter: ActionFilterAttribute
+    {
+        private readonly IUserLogic _userLogic;
+        private readonly IConfigHelper _config;
+        public CollaboratorFilter(IUserLogic userLogic, IConfigHelper config) {
+            _userLogic = userLogic;
+            _config = config;
+        }
+        public override void OnActionExecuting(ActionExecutingContext filterContext)
+        {
+            if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser)))
+            {
+                if (filterContext.ActionArguments.ContainsKey("vehicleId"))
+                {
+                    var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString());
+                    if (vehicleId != default)
+                    {
+                        var userId = int.Parse(filterContext.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier));
+                        if (!_userLogic.UserCanEditVehicle(userId, vehicleId))
+                        {
+                            filterContext.Result = new RedirectResult("/Error/Unauthorized");
+                        }
+                    }
+                    else
+                    {
+                        var shopSupplyEndpoints = new List<string> { "ImportToVehicleIdFromCsv", "GetSupplyRecordsByVehicleId", "ExportFromVehicleToCsv" };
+                        if (shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()) && !_config.GetServerEnableShopSupplies())
+                        {
+                            //user trying to access shop supplies but shop supplies is not enabled by root user.
+                            filterContext.Result = new RedirectResult("/Error/Unauthorized");
+                        }
+                        else if (!shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()))
+                        {
+                            //user trying to access any other endpoints using 0 as vehicle id.
+                            filterContext.Result = new RedirectResult("/Error/Unauthorized");
+                        }
+                    }
+                } else
+                {
+                    filterContext.Result = new RedirectResult("/Error/Unauthorized");
+                }
+            }
+        }
+    }
+}