simpleidserver
diff --git a/‎src/CaseManagement.CMMN.AspNetCore/Apis/CaseFilesController.cs‎
Lines changed: 102 additions & 33 deletions b/‎src/CaseManagement.CMMN.AspNetCore/Apis/CaseFilesController.cs‎
Lines changed: 102 additions & 33 deletions
diff --git a/‎src/CaseManagement.CMMN.AspNetCore/Apis/CaseFormInstancesController.cs‎
Lines changed: 2 additions & 8 deletions b/‎src/CaseManagement.CMMN.AspNetCore/Apis/CaseFormInstancesController.cs‎
Lines changed: 2 additions & 8 deletions
@@ -47,9 +47,106 @@ public async Task<IActionResult> Count()
             });
         }
 
+        [HttpPost("me")]
+        [Authorize("me_add_casefile")]
+        public Task<IActionResult> AddMe([FromBody] AddCaseFileCommand parameter)
+        {
+            parameter.Owner = this.GetNameIdentifier();
+            return InternalAdd(parameter);
+        }
+
         [HttpPost]
         [Authorize("add_casefile")]
-        public async Task<IActionResult> Create([FromBody] AddCaseFileCommand parameter)
+        public Task<IActionResult> Add([FromBody] AddCaseFileCommand parameter)
+        {
+            return InternalAdd(parameter);
+        }
+
+        [HttpPut("me/{id}")]
+        [Authorize("me_update_casefile")]
+        public Task<IActionResult> UpdateMe(string id, [FromBody] UpdateCaseFileCommand parameter)
+        {
+            parameter.Id = id;
+            parameter.BypassUserValidation = false;
+            parameter.Performer = this.GetNameIdentifier();
+            return InternalUpdate(parameter);
+        }
+
+        [HttpPut("{id}")]
+        [Authorize("update_casefile")]
+        public Task<IActionResult> Update(string id, [FromBody] UpdateCaseFileCommand parameter)
+        {
+            parameter.Id = id;
+            parameter.BypassUserValidation = true;
+            return InternalUpdate(parameter);
+        }
+
+        [HttpGet("me/{id}/publish")]
+        [Authorize("me_publish_casefile")]
+        public Task<IActionResult> PublishMe(string id)
+        {
+            var cmd = new PublishCaseFileCommand
+            {
+                Id = id,
+                BypassUserValidation = false,
+                Performer = this.GetNameIdentifier()
+            };
+            return InternalPublish(cmd);
+        }
+
+        [HttpGet("{id}/publish")]
+        [Authorize("publish_casefile")]
+        public Task<IActionResult> Publish(string id)
+        {
+            var cmd = new PublishCaseFileCommand
+            {
+                Id = id,
+                BypassUserValidation = true
+            };
+            return InternalPublish(cmd);
+        }
+
+        [HttpGet("search")]
+        [Authorize("get_casefile")]
+        public async Task<IActionResult> Search()
+        {
+            var query = HttpContext.Request.Query.ToEnumerable();
+            var result = await _queryRepository.Find(ExtractFindParameter(query));
+            return new OkObjectResult(ToDto(result));
+        }
+
+        [HttpGet("me/{id}")]
+        [Authorize("me_get_casefile")]
+        public async Task<IActionResult> GetMe(string id)
+        {
+            var result = await _queryRepository.FindById(id);
+            if (result == null)
+            {
+                return new NotFoundResult();
+            }
+
+            if (result.Owner != this.GetNameIdentifier())
+            {
+                return new UnauthorizedResult();
+            }
+
+            return new OkObjectResult(ToDto(result));
+        }
+
+        [HttpGet("{id}")]
+        [Authorize("get_casefile")]
+        public async Task<IActionResult> Get(string id)
+        {
+            var result = await _queryRepository.FindById(id);
+            if (result == null)
+            {
+                return new NotFoundResult();
+            }
+
+            return new OkObjectResult(ToDto(result));
+        }
+
+        private async Task<IActionResult> InternalAdd(AddCaseFileCommand parameter)
         {
             try
             {
@@ -70,21 +167,18 @@ public async Task<IActionResult> Create([FromBody] AddCaseFileCommand parameter)
             }
         }
 
-        [HttpPut("{id}")]
-        [Authorize("update_casefile")]
-        public async Task<IActionResult> Update(string id, [FromBody] UpdateCaseFileCommand parameter)
+        private async Task<IActionResult> InternalUpdate(UpdateCaseFileCommand parameter)
         {
             try
             {
-                parameter.Id = id;
                 await _updateCaseFileCommandHandler.Handle(parameter);
                 return new OkResult();
             }
-            catch(UnknownCaseFileException)
+            catch (UnknownCaseFileException)
             {
                 return new NotFoundResult();
             }
-            catch(UnauthorizedCaseFileException)
+            catch (UnauthorizedCaseFileException)
             {
                 return new UnauthorizedResult();
             }
@@ -94,13 +188,10 @@ public async Task<IActionResult> Update(string id, [FromBody] UpdateCaseFileComm
             }
         }
 
-        [HttpPost("{id}/publish")]
-        [Authorize("publish_casefile")]
-        public async Task<IActionResult> Publish(string id, [FromBody] PublishCaseFileCommand publishCaseFileCommand)
+        private async Task<IActionResult> InternalPublish(PublishCaseFileCommand publishCaseFileCommand)
         {
             try
             {
-                publishCaseFileCommand.Id = id;
                 var newCaseFileId = await _publishCaseFileCommandHandler.Handle(publishCaseFileCommand);
                 return new OkObjectResult(new JObject
                 {
@@ -121,28 +212,6 @@ public async Task<IActionResult> Publish(string id, [FromBody] PublishCaseFileCo
             }
         }
 
-        [HttpGet("search")]
-        [Authorize("get_casefile")]
-        public async Task<IActionResult> Search()
-        {
-            var query = HttpContext.Request.Query.ToEnumerable();
-            var result = await _queryRepository.Find(ExtractFindParameter(query));
-            return new OkObjectResult(ToDto(result));
-        }
-
-        [HttpGet("{id}")]
-        [Authorize("get_casefile")]
-        public async Task<IActionResult> Get(string id)
-        {
-            var result = await _queryRepository.FindById(id);
-            if (result == null)
-            {
-                return new NotFoundResult();
-            }
-
-            return new OkObjectResult(ToDto(result));
-        }
-
         private static JObject ToDto(FindResponse<CaseFileAggregate> resp)
         {
             return new JObject
 
@@ -4,6 +4,7 @@
 using CaseManagement.CMMN.Persistence;
 using CaseManagement.CMMN.Persistence.Parameters;
 using CaseManagement.CMMN.Persistence.Responses;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Newtonsoft.Json.Linq;
@@ -27,21 +28,14 @@ public CaseFormInstancesController(IFormInstanceQueryRepository formInstanceQuer
         }
 
         [HttpGet("search")]
+        [Authorize("get_forminstances")]
         public async Task<IActionResult> Search()
         {
             var query = HttpContext.Request.Query.ToEnumerable();
             var result = await _formInstanceQueryRepository.Find(ExtractFindFormInstanceParameter(query));
             return new OkObjectResult(ToDto(result));
         }
 
-        [HttpGet("me/search")]
-        public async Task<IActionResult> SearchMyCaseFormInstances()
-        {
-            var query = HttpContext.Request.Query.ToEnumerable();
-            var result = await _formInstanceQueryRepository.Find(ExtractFindFormInstanceParameter(query));
-            return new OkObjectResult(ToDto(result));
-        }
-
         private static JObject ToDto(FindResponse<FormInstanceAggregate> resp)
         {
             return new JObject