public async Task <CollectionGroupDetailsResponseModel> GetDetails(string orgId, string id)
{
var orgIdGuid = new Guid(orgId);
if (!await ViewAtLeastOneCollectionAsync(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid))
{
throw new NotFoundException();
}
var idGuid = new Guid(id);
if (await _currentContext.ViewAllCollections(orgIdGuid))
{
var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid);
if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid)
{
throw new NotFoundException();
}
return(new CollectionGroupDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2));
}
else
{
var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid,
_currentContext.UserId.Value);
if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid)
{
throw new NotFoundException();
}
return(new CollectionGroupDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2));
}
}
public async Task <OrganizationUserDetailsResponseModel> Get(string orgId, string id)
{
var organizationUser = await _organizationUserRepository.GetByIdWithCollectionsAsync(new Guid(id));
if (organizationUser == null || !await _currentContext.ManageUsers(organizationUser.Item1.OrganizationId))
{
throw new NotFoundException();
}
return(new OrganizationUserDetailsResponseModel(organizationUser.Item1, organizationUser.Item2));
}
public async Task<ListResponseModel<GroupResponseModel>> Get(string orgId)
{
var orgIdGuid = new Guid(orgId);
var canAccess = await _currentContext.ManageGroups(orgIdGuid) ||
await _currentContext.ViewAssignedCollections(orgIdGuid) ||
await _currentContext.ViewAllCollections(orgIdGuid) ||
await _currentContext.ManageUsers(orgIdGuid);
if (!canAccess)
{
throw new NotFoundException();
}
var groups = await _groupRepository.GetManyByOrganizationIdAsync(orgIdGuid);
var responses = groups.Select(g => new GroupResponseModel(g));
return new ListResponseModel<GroupResponseModel>(responses);
}
public async Task <IEnumerable <Collection> > GetOrganizationCollections(Guid organizationId)
{
if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId))
{
throw new NotFoundException();
}
IEnumerable <Collection> orgCollections;
if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId))
{
// Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them
orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId);
}
else
{
var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value);
orgCollections = collections.Where(c => c.OrganizationId == organizationId);
}
return(orgCollections);
}
