public async Task <IActionResult> UpdateContact([FromBody] ViewModels.Contact item, string id)
{
if (id != null && item.id != null && id != item.id)
{
return(BadRequest());
}
var accessGranted = false;
// get the contact
// Allow access if the current user is the contact - for scenarios such as a worker update.
if (DynamicsExtensions.CurrentUserIsContact(id, _httpContextAccessor))
{
accessGranted = true;
}
else
{
var contact = await _dynamicsClient.GetContactById(id);
// get the related account and determine if the current user is allowed access
if (!string.IsNullOrEmpty(contact?._parentcustomeridValue))
{
var accountId = Guid.Parse(contact._parentcustomeridValue);
accessGranted =
DynamicsExtensions.CurrentUserHasAccessToAccount(accountId, _httpContextAccessor,
_dynamicsClient);
}
}
if (!accessGranted)
{
_logger.LogError(LoggingEvents.BadRequest, $"Current user has NO access to the contact record. Aborting update to contact {id} ");
return(NotFound());
}
var patchContact = new MicrosoftDynamicsCRMcontact();
patchContact.CopyValues(item);
try
{
await _dynamicsClient.Contacts.UpdateAsync(id, patchContact);
}
catch (HttpOperationException httpOperationException)
{
_logger.LogError(httpOperationException, "Error updating contact");
}
var result = await _dynamicsClient.GetContactById(id);
return(new JsonResult(result.ToViewModel()));
}
