add comments for users [#145]

Disco.Web/Areas/API/Controllers/UserController.cs

@@ -1,4 +1,5 @@
-using Disco.Services;
+using Disco.Models.Repository;
+using Disco.Services;
 using Disco.Services.Authorization;
 using Disco.Services.Interop;
 using Disco.Services.Interop.ActiveDirectory;
@@ -8,7 +9,6 @@ using Disco.Services.Users;
 using Disco.Services.Web;
 using System;
 using System.Data.Entity;
-using System.DirectoryServices.ActiveDirectory;
 using System.Linq;
 using System.Threading.Tasks;
 using System.Web.Mvc;
@@ -17,6 +17,91 @@ namespace Disco.Web.Areas.API.Controllers
 {
     public partial class UserController : AuthorizedDatabaseController
     {
+        #region User Comments
+
+        [DiscoAuthorize(Claims.User.ShowComments)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult Comments(string id, string domain)
+        {
+            if (string.IsNullOrEmpty(id))
+                throw new ArgumentNullException(nameof(id));
+
+            var userId = ActiveDirectory.ParseDomainAccountId(id, domain);
+
+            var user = Database.Users
+                .Include(u => u.UserComments.Select(l => l.TechUser))
+                .Where(u => u.UserId == userId).FirstOrDefault();
+            if (user == null)
+                return BadRequest("Invalid User Id");
+
+            var results = user.UserComments.OrderByDescending(c => c.Timestamp).Select(c => Models.Shared.CommentModel.FromEntity(c)).ToList();
+            return Json(results);
+        }
+
+        [DiscoAuthorize(Claims.User.ShowComments)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult Comment(int id)
+        {
+            var entity = Database.UserComments
+                .Include(c => c.TechUser)
+                .FirstOrDefault(c => c.Id == id);
+
+            if (entity == null)
+                return BadRequest("Invalid User Comment Id");
+
+            var comment = Models.Shared.CommentModel.FromEntity(entity);
+            return Json(comment);
+        }
+
+        [DiscoAuthorize(Claims.User.Actions.AddComments)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult CommentAdd(string id, string domain, string comment = null)
+        {
+            if (string.IsNullOrEmpty(id))
+                throw new ArgumentNullException(nameof(id));
+
+            var userId = ActiveDirectory.ParseDomainAccountId(id, domain);
+
+            if (string.IsNullOrWhiteSpace(comment))
+                return BadRequest("Comment is required");
+
+            var user = Database.Users.Find(userId);
+            if (user == null)
+                return BadRequest("Invalid User Id");
+
+            var entity = new UserComment()
+            {
+                UserId = user.UserId,
+                TechUserId = CurrentUser.UserId,
+                Timestamp = DateTime.Now,
+                Comments = comment
+            };
+            Database.UserComments.Add(entity);
+            Database.SaveChanges();
+
+            return Json(entity.Id);
+        }
+
+        [DiscoAuthorizeAny(Claims.User.Actions.RemoveAnyComments, Claims.User.Actions.RemoveOwnComments)]
+        [HttpPost, ValidateAntiForgeryToken]
+        public virtual ActionResult CommentRemove(int id)
+        {
+            var entity = Database.UserComments.Find(id);
+            if (entity != null)
+            {
+                if (entity.TechUserId.Equals(CurrentUser.UserId, StringComparison.OrdinalIgnoreCase))
+                    Authorization.RequireAny(Claims.User.Actions.RemoveAnyComments, Claims.User.Actions.RemoveOwnComments);
+                else
+                    Authorization.Require(Claims.User.Actions.RemoveAnyComments);
+
+                Database.UserComments.Remove(entity);
+                Database.SaveChanges();
+            }
+            // Doesn't Exist/Already Deleted - OK
+            return Ok();
+        }
+        #endregion
+
         #region User Attachments
 
         [DiscoAuthorize(Claims.User.ShowAttachments)]
@@ -74,7 +159,7 @@ namespace Disco.Web.Areas.API.Controllers
                         if (string.IsNullOrWhiteSpace(comments))
                             comments = null;
 
-                        var ua = new Disco.Models.Repository.UserAttachment()
+                        var ua = new UserAttachment()
                         {
                             UserId = u.UserId,
                             TechUserId = CurrentUser.UserId,