gordon-cs · jsenning · May 23, 2024 · Jun 4, 2024 · Jun 4, 2024 · Jun 7, 2024
diff --git a/Gordon360/Authorization/StateYourBusiness.cs b/Gordon360/Authorization/StateYourBusiness.cs
@@ -698,7 +698,16 @@ private async Task<bool> CanUpdateAsync(string resource)
 
                     return false;
                 }
+            case Resource.PROFILE_PRIVACY:
+                {
+                    // Currently all users can change their privacy settings
+                    // in their profile.  To limit this functionality to
+                    // certian user types, change the return statement to be
+                    // something like:
+                    //      return user_groups.Contains(AuthGroup.FacStaff);
 
+                    return true;
+                }
             case Resource.ACTIVITY_INFO:
                 {
                     // User is admin

diff --git a/Gordon360/Controllers/AdvancedSearchController.cs b/Gordon360/Controllers/AdvancedSearchController.cs
@@ -125,28 +125,13 @@ public ActionResult<IEnumerable<string>> GetDepartments()
     /// <returns> All buildings</returns>
     [HttpGet]
     [Route("building")]
+    [Route("buildings")]
     public async Task<ActionResult<IEnumerable<BuildingViewModel>>> GetBuildingsAsync([FromServices] webSQLContext webSQLContext)
     {
         var buildings = await webSQLContext.Procedures.account_list_buildingsAsync();
         return Ok(buildings.Select(b => new BuildingViewModel(b.BLDG_CDE, b.BUILDING_DESC)));
     }
 
-    /// <summary>
-    /// Return a list of buildings.
-    /// </summary>
-    /// <returns> All buildings</returns>
-    [Obsolete("Use GetBuildingsAsync that gives structured building data")]
-    [HttpGet]
-    [Route("buildings")]
-    public ActionResult<IEnumerable<string>> GetBuildings()
-    {
-        var buildings = context.FacStaff.Select(fs => fs.BuildingDescription)
-                               .Distinct()
-                               .Where(d => d != null)
-                               .OrderBy(d => d);
-        return Ok(buildings);
-    }
-
     /// <summary>
     /// Return a list of involvements' descriptions.
     /// </summary>

diff --git a/Gordon360/Controllers/ProfilesController.cs b/Gordon360/Controllers/ProfilesController.cs
@@ -16,14 +16,16 @@
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.EntityFrameworkCore;
+using Gordon360.Models.CCT.Context;
 
 namespace Gordon360.Controllers;
 
 [Route("api/[controller]")]
 public class ProfilesController(IProfileService profileService,
                                 IAccountService accountService,
                                 IMembershipService membershipService,
-                                IConfiguration config) : GordonControllerBase
+                                IConfiguration config,
+                                CCTContext context) : GordonControllerBase
 {
 
     /// <summary>Get profile info of currently logged in user</summary>
@@ -44,66 +46,38 @@ public class ProfilesController(IProfileService profileService,
             return Ok(null);
         }
 
-        var profile = profileService.ComposeProfile(student, alumni, faculty, customInfo);
+        //var profile = profileService.ComposeProfile(student, alumni, faculty, customInfo);
+        var profile = (CombinedProfileViewModel) profileService.ComposeProfile(student, alumni, faculty, customInfo);
 
         return Ok(profile);
     }
 
-    /// <summary>Get public profile info for a user</summary>
+    /// <summary>Get another user's profile info.  The info returned depends
+    /// on the permissions of the current users, who is making the request.</summary>
     /// <param name="username">username of the profile info</param>
     /// <returns></returns>
     [HttpGet]
     [Route("{username}")]
-    public ActionResult<ProfileViewModel?> GetUserProfile(string username)
+    public ActionResult<ProfileViewModel?> GetUserProfileAsync(string username)
     {
         var viewerGroups = AuthUtils.GetGroups(User);
 
-        var _student = profileService.GetStudentProfileByUsername(username);
-        var _faculty = profileService.GetFacultyStaffProfileByUsername(username);
-        var _alumni = profileService.GetAlumniProfileByUsername(username);
+        StudentProfileViewModel? _student = profileService.GetStudentProfileByUsername(username);
+        FacultyStaffProfileViewModel? _facstaff = profileService.GetFacultyStaffProfileByUsername(username);
+        AlumniProfileViewModel? _alumni = profileService.GetAlumniProfileByUsername(username);
         var _customInfo = profileService.GetCustomUserInfo(username);
 
-        object? student = null;
-        object? faculty = null;
-        object? alumni = null;
+        var student = accountService.VisibleToMeStudent(viewerGroups, _student);
+        var facstaff = accountService.VisibleToMeFacstaff(viewerGroups, _facstaff);
+        var alumni = accountService.VisibleToMeAlumni(viewerGroups, _alumni);
 
-        if (viewerGroups.Contains(AuthGroup.SiteAdmin) || viewerGroups.Contains(AuthGroup.Police))
-        {
-            student = _student;
-            faculty = _faculty;
-            alumni = _alumni;
-        }
-        else if (viewerGroups.Contains(AuthGroup.FacStaff))
-        {
-            student = _student;
-            faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
-            alumni = _alumni == null ? null : (PublicAlumniProfileViewModel)_alumni;
-        }
-        else if (viewerGroups.Contains(AuthGroup.Student))
-        {
-            student = _student == null ? null : (PublicStudentProfileViewModel)_student;
-            faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
-            // If this student is also in Alumni AuthGroup, then s/he can see alumni's
-            // public profile; if not, return null.
-            alumni = (_alumni == null) ? null :
-                     viewerGroups.Contains(AuthGroup.Alumni) ?
-                         (PublicAlumniProfileViewModel)_alumni : null;
-        }
-        else if (viewerGroups.Contains(AuthGroup.Alumni))
-        {
-            student = null;
-            faculty = _faculty == null ? null : (PublicFacultyStaffProfileViewModel)_faculty;
-            alumni = _alumni == null ? null : (PublicAlumniProfileViewModel)_alumni;
-        }
-
-        if (student is null && alumni is null && faculty is null)
+        if (student is null && alumni is null && facstaff is null)
         {
             return Ok(null);
         }
-
-        var profile = profileService.ComposeProfile(student, alumni, faculty, _customInfo);
-
-        return Ok(profile);
+        var profile = profileService.ComposeProfile(student, alumni, facstaff, _customInfo);
+        var visible_profile = profileService.ImposePrivacySettings(viewerGroups, profile);
+        return Ok(visible_profile);
     }
 
     ///<summary>Get the advisor(s) of a particular student</summary>
@@ -121,6 +95,20 @@ public async Task<ActionResult<IEnumerable<AdvisorViewModel>>> GetAdvisorsAsync(
         return Ok(advisors);
     }
 
+    ///<summary>Get the privacy settings of a particular user</summary>
+    /// <returns>
+    /// All privacy settings of the given user.
+    /// </returns>
+    [HttpGet]
+    [Route("{username}/privacy_settings")]
+    [StateYourBusiness(operation = Operation.READ_ONE, resource = Resource.PROFILE)]
+    public ActionResult<IEnumerable<UserPrivacyViewModel>> GetPrivacySettingsAsync(string username)
+    {
+        var privacy = profileService.GetPrivacySettingsAsync(username);
+
+        return Ok(privacy);
+    }
+
     /// <summary> Gets the clifton strengths of a particular user </summary>
     /// <param name="username"> The username for which to retrieve info </param>
     /// <returns> Clifton strengths of the given user. </returns>
@@ -466,6 +454,35 @@ public async Task<ActionResult<FacultyStaffProfileViewModel>> UpdateOfficeHours(
         return Ok(result);
     }
 
+    /// <summary>
+    /// Set visibility group for some piece of personal data
+    /// </summary>
+    /// <param name="userPrivacy">Faculty Staff Privacy Decisions (see UserPrivacyUpdateViewModel)</param>
+    /// <returns></returns>
+    [HttpPut]
+    [Route("user_privacy")]
+    [StateYourBusiness(operation = Operation.UPDATE, resource = Resource.PROFILE_PRIVACY)]
+    public async Task<ActionResult<UserPrivacyUpdateViewModel>> UpdateUserPrivacyAsync(UserPrivacyUpdateViewModel userPrivacy)
+    {
+        var authenticatedUserUsername = AuthUtils.GetUsername(User);
+        await profileService.UpdateUserPrivacyAsync(authenticatedUserUsername, userPrivacy);
+        return Ok();
+    }
+
+    /// <summary>
+    /// Return a list visibility groups
+    /// </summary>
+    /// <returns> All visibility groups (Public, FacStaff, Private)</returns>
+    [HttpGet]
+    [Route("visibility_groups")]
+    public ActionResult<IEnumerable<string>> GetVisibilityGroup()
+    {
+        var groups = context.UserPrivacy_Visibility_Groups.Select(up_v_g => up_v_g.Group)
+                               .Distinct()
+                               .Where(g => g != null);
+        return Ok(groups);
+    }
+
     /// <summary>
     /// Update mail location
     /// </summary>

diff --git a/Gordon360/Controllers/ScheduleController.cs b/Gordon360/Controllers/ScheduleController.cs
@@ -12,7 +12,9 @@
 namespace Gordon360.Controllers;
 
 [Route("api/[controller]")]
-public class ScheduleController(IScheduleService scheduleService) : GordonControllerBase
+public class ScheduleController(IProfileService profileService,
+                                IScheduleService scheduleService,
+                                IAccountService accountService) : GordonControllerBase
 {
     /// <summary>
     ///  Gets all session objects for a user
@@ -24,22 +26,30 @@ public class ScheduleController(IScheduleService scheduleService) : GordonContro
     public async Task<ActionResult<CoursesBySessionViewModel>> GetAllCourses(string username)
     {
         var groups = AuthUtils.GetGroups(User);
-        var authenticatedUsername = AuthUtils.GetUsername(User);
+        FacultyStaffProfileViewModel? fac = profileService.GetFacultyStaffProfileByUsername(username);
+        StudentProfileViewModel? student = profileService.GetStudentProfileByUsername(username);
+        AlumniProfileViewModel? alumni = profileService.GetAlumniProfileByUsername(username);
 
-        IEnumerable<CoursesBySessionViewModel> result;
-        if (authenticatedUsername.EqualsIgnoreCase(username) || groups.Contains(AuthGroup.FacStaff))
+        // Some users can see schedules of courses taken, as well as taught,
+        // so check to see if this user can see all courses for this person.
+        if ((accountService.CanISeeStudentSchedule(groups) &&
+               student != null &&
+               accountService.CanISeeThisStudent(groups, student)) ||
+            (alumni != null && accountService.CanISeeAlumni(groups)))
         {
-            result = await scheduleService.GetAllCoursesAsync(username);
+            IEnumerable<CoursesBySessionViewModel> result = await scheduleService.GetAllCoursesAsync(username);
+            return Ok(result);
         }
         else
         {
-            result = await scheduleService.GetAllInstructorCoursesAsync(username);
+            // Everyone can see schedules of courses taught.
+            IEnumerable<CoursesBySessionViewModel> result = await scheduleService.GetAllInstructorCoursesAsync(username);
+            return Ok(result);
         }
-        return Ok(result);
     }
 
     /// <summary>
-    ///  Gets all term objects for a user
+    ///  Gets all visible course objects for a user, for all visible terms
     /// </summary>
     /// <returns>A IEnumerable of term objects as well as the schedules</returns>
     [HttpGet]
@@ -48,19 +58,25 @@ public async Task<ActionResult<CoursesBySessionViewModel>> GetAllCourses(string
     public async Task<ActionResult<IEnumerable<CoursesByTermViewModel>>> GetAllCoursesByTerm(string username)
     {
         var groups = AuthUtils.GetGroups(User);
-        var authenticatedUsername = AuthUtils.GetUsername(User);
+        FacultyStaffProfileViewModel? fac = profileService.GetFacultyStaffProfileByUsername(username);
+        StudentProfileViewModel? student = profileService.GetStudentProfileByUsername(username);
+        AlumniProfileViewModel? alumni = profileService.GetAlumniProfileByUsername(username);
 
-        IEnumerable<CoursesByTermViewModel> result;
-        if (authenticatedUsername.EqualsIgnoreCase(username) || groups.Contains(AuthGroup.FacStaff))
+        // Some users can see schedules of courses taken, as well as taught,
+        // so check to see if this user can see all courses for this person.
+        if ((accountService.CanISeeStudentSchedule(groups) &&
+               student != null && 
+               accountService.CanISeeThisStudent(groups, student)) ||
+            (alumni != null && accountService.CanISeeAlumni(groups)))
         {
-            result = await scheduleService.GetAllCoursesByTermAsync(username);
-        }
-        else
+            IEnumerable<CoursesByTermViewModel> result = await scheduleService.GetAllCoursesByTermAsync(username);
+            return Ok(result);
+        } else
         {
-            result = await scheduleService.GetAllInstructorCoursesByTermAsync(username);
+            // Everyone can see schedules of courses taught.
+            IEnumerable<CoursesByTermViewModel> result = await scheduleService.GetAllInstructorCoursesByTermAsync(username);
+            return Ok(result);
         }
-
-        return Ok(result);
     }
 
     /// <summary>
@@ -72,6 +88,6 @@ public async Task<ActionResult<IEnumerable<CoursesByTermViewModel>>> GetAllCours
     public async Task<ActionResult<bool>> GetCanReadStudentSchedules()
     {
         var groups = AuthUtils.GetGroups(User);
-        return groups.Contains(AuthGroup.Advisors);
+        return accountService.CanISeeStudentSchedule(groups);
     }
 }