admin attachment apis

2024-11-22 12:15:36 +01:00 · 2018-02-24 14:29:11 -05:00 · 2018-02-24 14:29:11 -05:00 · a5630f8af4
commit a5630f8af4
parent b8720be78f
1 changed files with 39 additions and 0 deletions
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@ -414,6 +414,29 @@ namespace Bit.Api.Controllers
            return new CipherResponseModel(cipher, _globalSettings);
        }

+        [HttpPost("{id}/attachment-admin")]
+        [DisableFormValueModelBinding]
+        public async Task<CipherResponseModel> PostAttachmentAdmin(string id)
+        {
+            ValidateAttachment();
+
+            var userId = _userService.GetProperUserId(User).Value;
+            var cipher = await _cipherRepository.GetDetailsByIdAsync(new Guid(id));
+            if(cipher == null || !cipher.OrganizationId.HasValue ||
+                !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
+            {
+                throw new NotFoundException();
+            }
+
+            await Request.GetFileAsync(async (stream, fileName) =>
+            {
+                await _cipherService.CreateAttachmentAsync(cipher, stream, fileName,
+                        Request.ContentLength.GetValueOrDefault(0), userId);
+            });
+
+            return new CipherResponseModel(cipher, _globalSettings);
+        }
+
        [HttpPost("{id}/attachment/{attachmentId}/share")]
        [RequestSizeLimit(105_906_176)]
        [DisableFormValueModelBinding]
@ -450,6 +473,22 @@ namespace Bit.Api.Controllers
            await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, false);
        }

+        [HttpDelete("{id}/attachment/{attachmentId}/admin")]
+        [HttpPost("{id}/attachment/{attachmentId}/delete-admin")]
+        public async Task DeleteAttachmentAdmin(string id, string attachmentId)
+        {
+            var idGuid = new Guid(id);
+            var userId = _userService.GetProperUserId(User).Value;
+            var cipher = await _cipherRepository.GetByIdAsync(idGuid);
+            if(cipher == null || !cipher.OrganizationId.HasValue ||
+                !_currentContext.OrganizationAdmin(cipher.OrganizationId.Value))
+            {
+                throw new NotFoundException();
+            }
+
+            await _cipherService.DeleteAttachmentAsync(cipher, attachmentId, userId, false);
+        }
+
        private void ValidateAttachment()
        {
            if(!Request?.ContentType.Contains("multipart/") ?? true)