public IActionResult DeleteOrArchiveUser([FromRoute] int userId)
{
try
{
if (HttpContext.Items["User"] == null)
{
throw new UnauthorizedException("Authorization failed!");
}
if (((User)HttpContext.Items["User"]).PermissionLevel < 3)
{
if (((User)HttpContext.Items["User"]).Id != userId)
{
throw new ForbiddenException("You don't have high enough security clearance for this operation!");
}
_persistence.DeleteUser(userId);
return(StatusCode(200));
}
if (((User)HttpContext.Items["User"]).PermissionLevel == 3)
{
var temp = _persistence.GetUserById(userId);
if (((User)HttpContext.Items["User"]).PermissionLevel <= temp.PermissionLevel || ((User)HttpContext.Items["User"]).OrganizationId != null && ((User)HttpContext.Items["User"]).OrganizationId != temp.OrganizationId)
{
throw new ForbiddenException("You don't have high enough security clearance for this operation!");
}
_persistence.DeleteUser(userId);
return(StatusCode(200));
}
if (((User)HttpContext.Items["User"]).PermissionLevel == 4)
{
var temp = _persistence.GetUserById(userId);
if (((User)HttpContext.Items["User"]).PermissionLevel <= temp.PermissionLevel)
{
throw new ForbiddenException("You don't have high enough security clearance for this operation!");
}
_persistence.DeleteUser(userId);
return(StatusCode(200));
}
if (((User)HttpContext.Items["User"]).PermissionLevel > 4)
{
_persistence.DeleteUser(userId);
return(StatusCode(200));
}
return(StatusCode(500));
}
catch (UnauthorizedException e)
{
return(StatusCode(401, e.Message));
}
catch (ForbiddenException e)
{
return(StatusCode(403, e.Message));
}
catch (NotFoundException e)
{
return(StatusCode(404, e.Message));
}
catch (Exception e)
{
return(StatusCode(500, e.Message));
}
}