// PUT api/EmployeeAPI/5
        public HttpResponseMessage PutEmployee(Guid id, EmployeeDTO employeeDTO)
        {
            if (!ModelState.IsValid)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
            }

            if (id != employeeDTO.Id)
            {
                return(Request.CreateResponse(HttpStatusCode.BadRequest));
            }

            if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5)
            {
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added"));
            }

            try
            {
                bool sendEmailNotification = false;

                var employee = db.Employees.Find(id);

                if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString()))
                {
                    throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission"));
                }

                //Do not allow modification of email addresses which are linked to userprofiles already
                if (employee.UserProfile != null && employeeDTO.Email != employee.Email)
                {
                    throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "You can not modify email address for an employee which is linked to a registered user"));
                }

                //If the email address is being updated then send notification to new address
                if (employee.Email != employeeDTO.Email && !String.IsNullOrEmpty(employeeDTO.Email))
                {
                    sendEmailNotification = true;
                }

                //Map the updates across to original object
                employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO, employee);

                //Check to see if there is already an employee with this same email address registered for the business location.
                var employeeExistingEmail = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employee.Email && emp.Id != employee.Id && emp.BusinessLocation.Id == employee.BusinessLocation.Id);
                if (employeeExistingEmail != null)
                {
                    throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business"));
                }


                //Lookup BusinessLocation and attach, so that no updates or inserts are performed on BusinessType lookup table
                var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId);
                employee.BusinessLocation = busLoc;

                if (employee.IsAdmin)
                {
                    employee.ManagerBusinessLocations.Add(busLoc);
                }
                else
                {
                    //if not admin but currently linked
                    if (employee.ManagerBusinessLocations.Contains(busLoc))
                    {
                        employee.ManagerBusinessLocations.Remove(busLoc);
                    }
                }
                //Hook up any roles selected
                employee.Roles.Clear(); //Clear first so we can hook up correct DB items
                if (employeeDTO.Roles != null)
                {
                    foreach (RoleDTO roleDTO in employeeDTO.Roles)
                    {
                        Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id);
                        if (role == null)
                        {
                            return(Request.CreateResponse(HttpStatusCode.NotFound));
                        }
                        employee.Roles.Add(role);
                    }
                }

                //If user email has been updated then send notification and request
                if (sendEmailNotification)
                {
                    //Remove any old employee requests
                    if (employee.EmployeeRequest != null)
                    {
                        db.Entry(employee.EmployeeRequest).State = EntityState.Deleted;
                    }

                    //Create an entry in the EMployeeRequest table
                    EmployeeRequest empRequest = new EmployeeRequest()
                    {
                        Id               = Guid.NewGuid(),
                        CreatedDate      = WebUI.Common.Common.DateTimeNowLocal(),
                        Status           = RequestStatus.Pending,
                        BusinessLocation = employee.BusinessLocation
                    };
                    employee.EmployeeRequest = empRequest;

                    //If an existing user profile exists with matching email address
                    if (db.UserProfiles.Any(usr => usr.Email == employee.Email))
                    {
                        //Send user email notifying them that a business has registered their email and they need to approve to link
                        MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, employee.Email, employee.MobilePhone);
                    }
                    else //Send email notifying them that they have been registered with a business and invite to register an account
                    {
                        MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone);
                    }
                }

                db.Entry(employee).State = EntityState.Modified;

                db.SaveChanges();
            }
            catch (DbUpdateConcurrencyException ex)
            {
                return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
            }

            return(Request.CreateResponse(HttpStatusCode.OK));
        }
        internal EmployeeDTO CreateNewEmployee(EmployeeDTO employeeDTO, bool insertNewRoles = false)
        {
            if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employeeDTO.BusinessLocationId.ToString()))
            {
                throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission"));
            }

            if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5)
            {
                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added"));
            }

            //Check to see if there is already an employee with this same email address registered for the business location.
            var employeeExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employeeDTO.Email && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId);

            if (employeeExisting != null)
            {
                throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business"));
            }

            //Check to see if there is already an employee with this same mobile phone registered for the business location.
            var employeeMobileExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.MobilePhone) && emp.MobilePhone == employeeDTO.MobilePhone && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId);

            if (employeeMobileExisting != null)
            {
                throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this Mobile Phone already exists for this business"));
            }

            var employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO);

            employee.Id = Guid.NewGuid(); //Assign new ID on save.

            //Create QR code for the employee
            System.Drawing.Bitmap qrCodeImage = WebUI.Common.Common.GenerateQR(employee.Id.ToString());

            using (System.IO.MemoryStream memory = new System.IO.MemoryStream())
            {
                qrCodeImage.Save(memory, System.Drawing.Imaging.ImageFormat.Jpeg);
                employee.QRCode = memory.ToArray();
            }

            //Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table
            var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId);

            employee.BusinessLocation = busLoc;

            if (employee.IsAdmin)
            {
                employee.ManagerBusinessLocations.Add(busLoc);
            }


            //Hook up any roles selected
            employee.Roles.Clear(); //Clear first so we can hook up correct DB items
            if (employeeDTO.Roles != null)
            {
                foreach (RoleDTO roleDTO in employeeDTO.Roles)
                {
                    //Find the role by specific ID or else by matching businessId AND name
                    Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id || (r.Business.Id == employeeDTO.BusinessId && r.Name == roleDTO.Name));
                    if (role == null)
                    {
                        if (!insertNewRoles)
                        {
                            throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Role does not exist"));
                        }
                        else
                        {
                            role = new Role
                            {
                                Id      = Guid.NewGuid(), //Assign new ID on save.
                                Name    = roleDTO.Name,
                                Enabled = true
                            };

                            //Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table
                            role.Business = db.Businesses.Find(employeeDTO.BusinessId);
                            db.Roles.Add(role);
                            //  employee.Roles.Add(role);
                        }
                    }
                    employee.Roles.Add(role);
                }
            }

            //If user email or mobile phone is entered then set up an employee request
            if (!String.IsNullOrEmpty(employee.Email) || !String.IsNullOrEmpty(employee.MobilePhone))
            {
                //Create an entry in the EMployeeRequest table
                EmployeeRequest empRequest = new EmployeeRequest()
                {
                    Id               = Guid.NewGuid(),
                    CreatedDate      = WebUI.Common.Common.DateTimeNowLocal(),
                    Status           = RequestStatus.Pending,
                    BusinessLocation = employee.BusinessLocation
                };
                employee.EmployeeRequest = empRequest;

                var existingUserProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == employee.Email || usr.MobilePhone == employee.MobilePhone);

                //If an existing user profile exists with matching email address or a matching mobile phone number
                if (existingUserProfile != null)
                {
                    //Send user email notifying them that a business has registered their email and they need to approve to link
                    MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, existingUserProfile.Email, employee.MobilePhone);
                }
                else //Send email notifying them that they have been registered with a business and invite to register an account
                {
                    MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone);
                }
            }

            db.Employees.Add(employee);
            db.SaveChanges();

            employeeDTO = MapperFacade.MapperConfiguration.Map <Employee, EmployeeDTO>(employee);

            return(employeeDTO);
        }