public IHttpActionResult PostUser(UserDetailDTO userDTO)
{
User authorizedUser = new Authorize().GetAuthorizedUser(Request.Headers.GetCookies("user").FirstOrDefault());
if (!ModelState.IsValid || !userDTO.Validate(true, null))
{
return(BadRequest());
}
if (authorizedUser == null && !userDTO.NewRole.Equals("Student"))
{
return(Unauthorized());
}
User user = userDTO.Create();
userDTO.UpdateRole(user);
string error = db.Update(user, Added);
if (error != null)
{
return(BadRequest(error));
}
UserListDTO result = new UserListDTO(user);
return(CreatedAtRoute("DefaultApi", new { id = userDTO.Id }, result));
}
public IHttpActionResult PutUser(int id, UserDetailDTO userDTO)
{
User authorizedUser = new Authorize().GetAuthorizedUser(Request.Headers.GetCookies("user").FirstOrDefault());
if (userDTO == null)
{
return(BadRequest());
}
if (authorizedUser == null)
{
return(Unauthorized());
}
if (userDTO.NewUserIdentifier != null)
{
User otherUser = new Authorize().GetUserByIdentifier(userDTO.NewUserIdentifier);
if (otherUser == null)
{
return(NotFound());
}
id = otherUser.Id;
}
User user = db.Users.Find(id);
if (user == null || !ModelState.IsValid || !userDTO.Validate(false, authorizedUser.Id != id ? authorizedUser : null))
{
return(BadRequest(ModelState));
}
bool logoutNecessary = false;
if (authorizedUser.Id == id)
{
userDTO.Update(user);
}
if (userDTO.NewRole != null)
{
if (authorizedUser.GetTeacher() == null)
{
return(Unauthorized());
}
userDTO.UpdateRole(user);
}
string error = db.Update(user, Modified);
if (error != null)
{
return(BadRequest(error));
}
if (logoutNecessary)
{
return(Redirect("https://" + Request.RequestUri.Host + ":" + Request.RequestUri.Port + "/Logout"));
}
return(Redirect("https://" + Request.RequestUri.Host + ":" + Request.RequestUri.Port + "/Users/" + authorizedUser.Id));
}