/// <summary>
/// Delete User
/// </summary>
/// <remarks>
/// Admin User can delete any user.
/// Non admin user an only delete its own user.
/// Deleting a user also deletes ssociated babies and associated memories.
/// </remarks>
/// <param name="id"></param>
/// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response>
/// <returns>null</returns>
// DELETE: api/User/5
public async Task <IHttpActionResult> Delete(string id)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser is null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
if (currentUser.Id != id && currentUser.Role != BabyMemoryConstants.AdminUserRole)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);
if (userBabies != null)
{
foreach (var baby in userBabies)
{
_context.Delete <Baby>(baby.Id);
}
}
_context.Delete <User>(id);
return(StatusCode(HttpStatusCode.NoContent));
}
// DELETE api/<controller>/5
/// <summary>Delete Memory</summary>
/// <remarks>
/// Admin User can delete any user
/// Basic User can only delete the authorized user
/// </remarks>
/// <example>where does this go</example>
/// <param name="id"></param>
public async Task <IHttpActionResult> Delete(string id)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var currentMemory = _context.Load <Memory>(id);
if (currentMemory == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var userMemories = new List <Memory>();
userMemories.AddRange(currentUser.Role == BabyMemoryConstants.AdminUserRole
? _context.Scan <Memory>()
: _dataHelpers.GetMemoriesForUser(currentUser));
if (!userMemories.Exists(m => m.Id == currentMemory.Id))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
_context.Delete <Memory>(id);
return(StatusCode(HttpStatusCode.NoContent));
}
// DELETE api/<controller>/5
/// <summary>
/// Deletes baby
/// </summary>
/// <remarks>
/// Deletes baby, removes baby from the user and deletes associated memories.
/// Admin can delete any baby
/// Basic user can only delete baby associated with the authorized user
/// </remarks>
/// <param name="id"></param>
/// <exception cref="HttpResponseException"></exception>
public async Task <IHttpActionResult> Delete(string id)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var babies = _dataHelpers.BabiesForUserAndRole(currentUser);
if (!(babies.Any(x => x.Id == id)))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var existingBaby = _context.Load <Baby>(id);
if (existingBaby == null)
{
return(StatusCode(HttpStatusCode.NoContent));
}
//delete memories
_dataHelpers.DeleteMemoresForBaby(id);
_context.Delete <Baby>(existingBaby.Id);
return(StatusCode(HttpStatusCode.NoContent));
}
public async Task RemoveRight(string userId, string resourceId, RightType type)
{
userId.ThrowInvalidDataExceptionIfNull("User cannot be empty");
resourceId.ThrowInvalidDataExceptionIfNullOrWhiteSpace("Resource id must be valid");
// KLUDGE: not sure how to do this with one query.
await _dbContext.Delete <UserRight>(new List <ScanCondition>
{
new ScanCondition(nameof(UserRight.UserId), ScanOperator.Equal, userId),
new ScanCondition(nameof(UserRight.ResourceId), ScanOperator.Equal, resourceId),
new ScanCondition(nameof(UserRight.Type), ScanOperator.Equal, type)
});
Log.TraceFormat(
"Remove right: user {0} to [{1:G},{2}]",
userId,
type,
resourceId);
}
public void Delete(string id)
{
_ddbcontext.Delete <T>(
id,
_applicationName,
new DynamoDBOperationConfig
{
OverrideTableName = _ddbTableName
}
);
}
