Ejemplo n.º 1
0
        public HttpResponseMessage GetSortedStudentsNamesByFormId(int id)
        {
            string userId   = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
            string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;

            logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Sorted Students Names Collection For Form Id: " + id);

            try
            {
                if (userRole == "admin" || userRole == "teacher")
                {
                    FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id);
                    if (form == null)
                    {
                        logger.Info("Failed!");
                        return(Request.CreateResponse(HttpStatusCode.BadRequest, "Failed!"));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, form));
                }
                if (userRole == "student")
                {
                    FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id);
                    if (form == null || form.Students.Any(x => x.Id == userId) == false)
                    {
                        logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
                        return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
                                                           "We’re sorry, but you are not authorized to perform the requested operation."));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, form));
                }
                else
                {
                    //parent ulazi, ali bacamo exception ako nije roditelj nekog deteta odeljenja
                    FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormIdForParent(id, userId);
                    if (form == null)
                    {
                        logger.Info("Failed.");
                        return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed."));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, form));
                }
            }
            catch (Exception e)
            {
                logger.Error(e);
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
            }
        }