-
Andri Joos authoredba5f29c1
user.dart 1.58 KiB
import 'package:api/converter/request_response/user.dart';
import 'package:api/model/team.dart';
import 'package:api/model/user.dart';
import 'package:lib/lib.dart';
class UserApiEndpoint extends ApiEndpoint {
final User requestingUser;
final Future<User> Function(String) getUserFromId;
final Stream<Team> Function(User) getTeamsOfUser;
final Map<String, dynamic> Function(User) itemToResponse = UserRequestResponseConverter.toResponseData;
UserApiEndpoint({required this.requestingUser, required this.getUserFromId, required this.getTeamsOfUser});
@override
Future<Map<String, dynamic>> handleDelete(context) {
throw ApiActionForbiddenException("delete", "user");
}
@override
Future<Map<String, dynamic>> handleGet(context) async {
var requestedUserId = userIdFromContext(context);
var requestedUser = await getUserFromId(requestedUserId);
var requestedUserTeamIds = await getTeamsOfUser(requestedUser).map((e) => e.id).toList();
var requestingUserTeamIds = await getTeamsOfUser(requestingUser).map((e) => e.id).toList();
if(!requestedUserTeamIds.any((e) => requestingUserTeamIds.contains(e))) {
throw UnauthorizedException();
}
return context.res.json(itemToResponse(requestedUser));
}
@override
Future<Map<String, dynamic>> handlePost(context) {
throw ApiActionForbiddenException("post", "user");
}
@override
Future<Map<String, dynamic>> handlePut(context) {
throw ApiActionForbiddenException("put", "user");
}
String userIdFromContext(final context) {
return ApiHelper.fieldFromRequestBody(context, "userId");
}
}