S23 user privacy setting

Gordon360/Authorization/StateYourBusiness.cs

@@ -657,7 +657,11 @@ private async Task<bool> CanUpdateAsync(string resource)
 
  return false;
  }
-
+ case Resource.PROFILE_PRIVACY:
+ {
+ // current implementation only allows for facstaff implementation. 
+ return user_groups.Contains(AuthGroup.FacStaff);
+ }
  case Resource.ACTIVITY_INFO:
  {
  // User is admin

Gordon360/Controllers/ProfilesController.cs

@@ -18,6 +18,7 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.EntityFrameworkCore;
+using Gordon360.Models.CCT.Context;
 
 namespace Gordon360.Controllers
 {
@@ -29,13 +30,16 @@ public class ProfilesController : GordonControllerBase
  private readonly IMembershipService _membershipService;
  private readonly IConfiguration _config;
  private readonly webSQLContext _webSQLContext;
+ private readonly CCTContext _context;
 
- public ProfilesController(IProfileService profileService, IAccountService accountService, IMembershipService membershipService, IConfiguration config, webSQLContext webSQLContext)
+ public ProfilesController(IProfileService profileService, IAccountService accountService, 
+ IMembershipService membershipService, IConfiguration config, CCTContext context, webSQLContext webSQLContext)
  {
  _profileService = profileService;
  _accountService = accountService;
  _membershipService = membershipService;
  _config = config;
+ _context = context;
  _webSQLContext = webSQLContext;
  }
 
@@ -67,7 +71,7 @@ public ProfilesController(IProfileService profileService, IAccountService accoun
  /// <returns></returns>
  [HttpGet]
  [Route("{username}")]
- public ActionResult<ProfileViewModel?> GetUserProfile(string username)
+ public ActionResult<ProfileViewModel?> GetUserProfileAsync(string username)
  {
  var viewerGroups = AuthUtils.GetGroups(User);
 
@@ -79,7 +83,7 @@ public ProfilesController(IProfileService profileService, IAccountService accoun
  object? student = null;
  object? faculty = null;
  object? alumni = null;
-
+ 
  if (viewerGroups.Contains(AuthGroup.SiteAdmin) || viewerGroups.Contains(AuthGroup.Police))
  {
  student = _student;
@@ -89,23 +93,26 @@ public ProfilesController(IProfileService profileService, IAccountService accoun
  else if (viewerGroups.Contains(AuthGroup.FacStaff))
  {
  student = _student;
- faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
+ faculty = _faculty == null ? null : 
+ _profileService.ToPublicFacultyStaffProfileViewModel(username, "fac", _faculty);
  alumni = _alumni == null ? null : (PublicAlumniProfileViewModel)_alumni;
  }
  else if (viewerGroups.Contains(AuthGroup.Student))
  {
- student = _student == null ? null : (PublicStudentProfileViewModel)_student;
- faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
- // If this student is also in Alumni AuthGroup, then s/he can see alumni's
- // public profile; if not, return null.
+ student = _student == null ? null :
+ _profileService.ToPublicStudentProfileViewModel(username, "stu", _student);
+ faculty = _faculty == null ? null : 
+ _profileService.ToPublicFacultyStaffProfileViewModel(username, "stu", _faculty);
+ // If this student is also in Alumni AuthGroup, then s/he can see alumni's public profile; if not, return null.
  alumni = (_alumni == null) ? null :
-  viewerGroups.Contains(AuthGroup.Alumni) ? 
-  (PublicAlumniProfileViewModel)_alumni : null;
+ viewerGroups.Contains(AuthGroup.Alumni) ? 
+ (PublicAlumniProfileViewModel)_alumni : null;
  }
  else if (viewerGroups.Contains(AuthGroup.Alumni))
  {
  student = null;
- faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
+ faculty = _faculty == null ? null : 
+ _profileService.ToPublicFacultyStaffProfileViewModel(username, "alu", _faculty);
  alumni = _alumni == null ? null : (PublicAlumniProfileViewModel)_alumni;
  }
 
@@ -134,6 +141,20 @@ public async Task<ActionResult<IEnumerable<AdvisorViewModel>>> GetAdvisorsAsync(
  return Ok(advisors);
  }
 
+ ///<summary>Get the privacy settings of a particular user</summary>
+ /// <returns>
+ /// All privacy settings of the given user.
+ /// </returns>
+ [HttpGet]
+ [Route("privacy_setting/{username}")]
+ [StateYourBusiness(operation = Operation.READ_ONE, resource = Resource.PROFILE)]
+ public ActionResult<IEnumerable<UserPrivacyGetViewModel>> GetPrivacySettingAsync(string username)
+ {
+ var privacy = _profileService.GetPrivacySettingAsync(username);
+
+ return Ok(privacy);
+ }
+
  /// <summary> Gets the clifton strengths of a particular user </summary>
  /// <param name="username"> The username for which to retrieve info </param>
  /// <returns> Clifton strengths of the given user. </returns>
@@ -479,6 +500,36 @@ public async Task<ActionResult<FacultyStaffProfileViewModel>> UpdateOfficeHours(
  return Ok(result);
  }
 
+ /// <summary>
+ /// Set visibility of some piece of personal data for user.
+ /// </summary>
+ /// <param name="userPrivacy">Faculty Staff Privacy Decisions (see UserPrivacyUpdateViewModel)</param>
+ /// <returns></returns>
+ [HttpPut]
+ [Route("user_privacy")]
+ // [StateYourBusiness(operation = Operation.UPDATE, resource = Resource.PROFILE_PRIVACY)]
+ public async Task<ActionResult<UserPrivacyUpdateViewModel>> UpdateUserPrivacyAsync(UserPrivacyUpdateViewModel userPrivacy)
+ {
+ var authenticatedUserUsername = AuthUtils.GetUsername(User);
+ await _profileService.UpdateUserPrivacyAsync(authenticatedUserUsername, userPrivacy);
+ return Ok();
+ }
+
+ /// <summary>
+ /// Return a list visibility groups.
+ /// </summary>
+ /// <returns> All visibility groups (Public, FacStaff, Private)</returns>
+ [HttpGet]
+ [Route("visibility_group")]
+ public ActionResult<IEnumerable<string>> GetVisibilityGroup()
+ {
+ var groups = _context.UserPrivacy_Visibility_Groups.Select(up_v_g => up_v_g.Group)
+ .Distinct()
+ .Where(g => g != null)
+ .OrderBy(g => g);
+ return Ok(groups);
+ }
+
  /// <summary>
  /// Update mail location
  /// </summary>

Gordon360/Models/CCT/Context/CCTContext.cs

@@ -103,6 +103,9 @@
  public virtual DbSet<Team> Team { get; set; }
  public virtual DbSet<TeamStatus> TeamStatus { get; set; }
  public virtual DbSet<Timesheets_Clock_In_Out> Timesheets_Clock_In_Out { get; set; }
+ public virtual DbSet<UserPrivacy_Fields> UserPrivacy_Fields { get; set; }
+ public virtual DbSet<UserPrivacy_Settings> UserPrivacy_Settings { get; set; }
+ public virtual DbSet<UserPrivacy_Visibility_Groups> UserPrivacy_Visibility_Groups { get; set; }
  public virtual DbSet<UserCourses> UserCourses { get; set; }
  public virtual DbSet<User_Connection_Ids> User_Connection_Ids { get; set; }
  public virtual DbSet<User_Rooms> User_Rooms { get; set; }
@@ -729,6 +732,31 @@
  .HasConstraintName("FK_Team_TeamStatus");
  });
 
+ modelBuilder.Entity<UserPrivacy_Fields>(entity =>
+ {
+ entity.Property(e => e.ID).ValueGeneratedOnAdd();
+ });
+
+ modelBuilder.Entity<UserPrivacy_Settings>(entity =>
+ {
+ entity.HasKey(e => new { e.gordon_id, e.Field });
+
+ entity.HasOne(d => d.FieldNavigation)
+ .WithMany(p => p.UserPrivacy_Settings)
+ .HasForeignKey(d => d.Field)
+ .OnDelete(DeleteBehavior.ClientSetNull)
+ .HasConstraintName("FK_UserPrivacy_Settings_UserPrivacy_Fields");
+
+ entity.HasOne(d => d.VisibilityNavigation)
+ .WithMany(p => p.UserPrivacy_Settings)
+ .HasForeignKey(d => d.Visibility)
+ .OnDelete(DeleteBehavior.ClientSetNull)
+ .HasConstraintName("FK_UserPrivacy_Settings_UserPrivacy_Visibility_Groups");
+ });
+
+ modelBuilder.Entity<UserPrivacy_Visibility_Groups>(entity =>
+ {
+ entity.Property(e => e.ID).ValueGeneratedOnAdd();
  modelBuilder.Entity<UserCourses>(entity =>
  {
  entity.ToView("UserCourses", "dbo");
@@ -768,7 +796,7 @@
 
  OnModelCreatingGeneratedProcedures(modelBuilder);
  OnModelCreatingPartial(modelBuilder);
  }
 
  partial void OnModelCreatingPartial(ModelBuilder modelBuilder);
  }

Gordon360/Models/CCT/Context/efpt.CCT.config.json

@@ -130,6 +130,18 @@
  "Name": "[dbo].[User_Rooms]",
  "ObjectType": 0
  },
+ {
+ "Name": "[dbo].[UserPrivacy_Fields]",
+ "ObjectType": 0
+ },
+ {
+ "Name": "[dbo].[UserPrivacy_Settings]",
+ "ObjectType": 0
+ },
+ {
+ "Name": "[dbo].[UserPrivacy_Visibility_Groups]",
+ "ObjectType": 0
+ },
  {
  "Name": "[dbo].[Users]",
  "ObjectType": 0
@@ -799,7 +811,7 @@
  "ObjectType": 1
  }
  ],
- "UiHint": "SQLTrain1.CCT",
+ "UiHint": "sqltrain1.CCT.dbo",
  "UseBoolPropertiesWithoutDefaultSql": false,
  "UseDatabaseNames": true,
  "UseDbContextSplitting": false,

Gordon360/Models/CCT/dbo/FacStaff.cs

@@ -77,6 +77,9 @@ public partial class FacStaff
  public string HomePhone { get; set; }
  [StringLength(15)]
  [Unicode(false)]
+ public string MobilePhone { get; set; }
+ [StringLength(1)]
+ [Unicode(false)]
  public string HomeFax { get; set; }
  [Required]
  [StringLength(1)]

Gordon360/Models/CCT/dbo/UserPrivacy_Fields.cs

@@ -0,0 +1,28 @@
+// <auto-generated> This file has been auto generated by EF Core Power Tools. </auto-generated>
+#nullable disable
+using System;
+using System.Collections.Generic;
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+using Microsoft.EntityFrameworkCore;
+
+namespace Gordon360.Models.CCT
+{
+ [Table("UserPrivacy_Fields", Schema = "dbo")]
+ public partial class UserPrivacy_Fields
+ {
+ public UserPrivacy_Fields()
+ {
+ UserPrivacy_Settings = new HashSet<UserPrivacy_Settings>();
+ }
+
+ public int ID { get; set; }
+ [Key]
+ [StringLength(50)]
+ [Unicode(false)]
+ public string Field { get; set; }
+
+ [InverseProperty("FieldNavigation")]
+ public virtual ICollection<UserPrivacy_Settings> UserPrivacy_Settings { get; set; }
+ }
+}