Improved event creation command

src/RunnersMeet.Server/Controllers/EventsController.cs

@@ -1,8 +1,10 @@
 
+using LiteDB;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
 using RunnersMeet.Server.Domain;
+using RunnersMeet.Server.Persistence;
 
 namespace RunnersMeet.Server.Controllers;
 
@@ -38,13 +40,45 @@ public class EventsController : ControllerBase
 		return Ok(new ResultPage<Event>(events, eventsRequest.Page, _settings.PageSize));
 	}
 
+	[HttpGet("{id}")]
+	public ActionResult<Event> GetEvent(string id)
+	{
+		var anEvent = _requestRouter.For(new ObjectId(id)).Process<Event>();
+
+		return Ok(anEvent);
+	}
+
 	[HttpPost]
 	public ActionResult<Event> CreateEvent([FromBody] EventData eventData)
 	{
+		var user = _requestRouter.For(ApiUser.Current.UserId).Process<UserProfile>();
 		var createdEvent = _requestRouter
-			.For(new Event(eventData))
+			.For(new CreateEventRequest(user, eventData))
 			.Process<Event>();
 
 		return Ok(createdEvent);
 	}
+
+	[HttpPut("{id}")]
+	public ActionResult<Event> UpdateEvent(string id, [FromBody] Event anEvent)
+	{
+		if (id != anEvent.EventId.ToString())
+		{
+			throw new ArgumentException("Object ID in URL does not match event ID");
+		}
+
+		var result = _requestRouter.For(new EventUpdate(ApiUser.Current.UserId, anEvent)).Process<Event>();
+
+		return Ok(result);
+	}
+
+	[HttpDelete("{id}")]
+	public ActionResult DeleteEvent(string id)
+	{
+		_requestRouter
+			.For(new EventReference(ApiUser.Current.UserId, new ObjectId(id)))
+			.Process<bool>();
+
+		return Ok();
+	}
 }

src/RunnersMeet.Server/Domain/EventReference.cs

@@ -0,0 +1,5 @@
+using LiteDB;
+
+namespace RunnersMeet.Server.Domain;
+
+public sealed record EventReference(string Owner, ObjectId EventId);

src/RunnersMeet.Server/Persistence/CreateEventCommand.cs

@@ -1,9 +1,10 @@
 using RunnersMeet.Server.Domain;
-using RunnersMeet.Server.GpxFormat;
 
 namespace RunnersMeet.Server.Persistence;
 
-public class CreateEventCommand : IRequestHandler<Event, Event>
+public sealed record CreateEventRequest(UserProfile Owner, EventData EventData);
+
+public class CreateEventCommand : IRequestHandler<CreateEventRequest, Event>
 {
 	private readonly IDatabase _database;
 
@@ -12,8 +13,13 @@ public class CreateEventCommand : IRequestHandler<Event, Event>
 		_database = database;
 	}
 
-	public Event Handle(Event newEvent)
+	public Event Handle(CreateEventRequest eventRequest)
 	{
+		var newEvent = new Event(eventRequest.EventData)
+		{
+			Owner = eventRequest.Owner
+		};
+
 		_database.Events.Insert(newEvent);
 
 		return newEvent;

src/RunnersMeet.Server/Persistence/DeleteEventCommand.cs

@@ -0,0 +1,31 @@
+using System.Security;
+using RunnersMeet.Server.Domain;
+
+namespace RunnersMeet.Server.Persistence;
+
+public class DeleteEventCommand : IRequestHandler<EventReference, bool>
+{
+	private readonly IDatabase _database;
+
+	public DeleteEventCommand(IDatabase database)
+	{
+		_database = database;
+	}
+
+	public bool Handle(EventReference request)
+	{
+		var dbTrack = _database.Events.FindById(request.EventId);
+
+		if (dbTrack == null)
+		{
+			throw new ArgumentException($"Event with OID {request.EventId} does not exist", nameof(request.EventId));
+		}
+
+		if (dbTrack.Owner.UserId != request.Owner)
+		{
+			throw new SecurityException("Trying to delete an event owned by somebody else");
+		}
+
+		return _database.Events.Delete(request.EventId);
+	}
+}

src/RunnersMeet.Server/Persistence/EventQuery.cs

@@ -0,0 +1,19 @@
+using LiteDB;
+using RunnersMeet.Server.Domain;
+
+namespace RunnersMeet.Server.Persistence;
+
+public class EventQuery : IRequestHandler<ObjectId, Event>
+{
+	private readonly IDatabase _database;
+
+	public EventQuery(IDatabase database)
+	{
+		_database = database;
+	}
+
+	public Event Handle(ObjectId trackId)
+	{
+		return _database.Events.FindById(trackId);
+	}
+}

src/RunnersMeet.Server/Persistence/UpdateEventCommand.cs

@@ -0,0 +1,40 @@
+using System.Security;
+using RunnersMeet.Server.Domain;
+
+namespace RunnersMeet.Server.Persistence;
+
+public sealed record EventUpdate(string Owner, Event Event);
+
+public class UpdateEventCommand : IRequestHandler<EventUpdate, Event>
+{
+	private readonly IDatabase _database;
+
+	public UpdateEventCommand(IDatabase database)
+	{
+		_database = database;
+	}
+
+	public Event Handle(EventUpdate request)
+	{
+		var dbEvent = _database.Events.FindById(request.Event.EventId);
+
+		if (dbEvent == null)
+		{
+			throw new ArgumentException($"Event with OID {request.Event.EventId} does not exist", nameof(request.Event));
+		}
+
+		if (dbEvent.Owner.UserId != request.Owner)
+		{
+			throw new SecurityException("Trying to modify an event owned by somebody else");
+		}
+
+		dbEvent.Title = request.Event.Title;
+		dbEvent.Description = request.Event.Description;
+		dbEvent.StartTime = request.Event.StartTime;
+		dbEvent.Track = request.Event.Track;
+
+		_database.Events.Update(dbEvent);
+
+		return dbEvent;
+	}
+}