/// <summary>
/// Connects an existing USER to an existing ASSESSMENT for the specified role.
/// TODO: Enforce no duplicates - a user should only be connected once.
/// If a new role is supplied, update the existing ASSESSMENT_CONTACTS role.
/// </summary>
public ContactDetail AddContactToAssessment(int assessmentId, int userId, int roleid, bool invited)
{
using (var db = new CSET_Context())
{
USERS user = db.USERS.Where(x => x.UserId == userId).First();
var dbAC = db.ASSESSMENT_CONTACTS.Where(ac => ac.Assessment_Id == assessmentId && ac.UserId == user.UserId).FirstOrDefault();
if (dbAC == null)
{
dbAC = new ASSESSMENT_CONTACTS
{
Assessment_Id = assessmentId,
UserId = user.UserId,
FirstName = user.FirstName,
LastName = user.LastName,
PrimaryEmail = user.PrimaryEmail,
};
}
dbAC.AssessmentRoleId = roleid;
dbAC.Invited = invited;
db.ASSESSMENT_CONTACTS.AddOrUpdate(dbAC, x => x.Assessment_Contact_Id);
db.SaveChanges();
AssessmentUtil.TouchAssessment(assessmentId);
// Return the full list of Contacts for the Assessment
return(new ContactDetail
{
FirstName = dbAC.FirstName,
LastName = dbAC.LastName,
PrimaryEmail = dbAC.PrimaryEmail,
AssessmentId = dbAC.Assessment_Id,
AssessmentRoleId = dbAC.AssessmentRoleId,
Invited = dbAC.Invited,
UserId = dbAC.UserId ?? null
});
}
}
/// <summary>
/// Creates or updates the rows necessary to attach a Contact to an Assessment.
/// Creates a new User based on email.
/// Creates or overwrites the ASSESSMENT_CONTACTS connection.
/// Creates a new Contact if needed. If a Contact already exists for the email, no
/// changes are made to the Contact row.
/// </summary>
public ContactDetail CreateAndAddContactToAssessment(ContactCreateParameters newContact)
{
int assessmentId = Auth.AssessmentForUser();
TokenManager tm = new TokenManager();
string app_code = tm.Payload(Constants.Token_Scope);
NotificationManager nm = new NotificationManager();
ASSESSMENT_CONTACTS existingContact = null;
using (var db = new CSET_Context())
{
// See if the Contact already exists
existingContact = db.ASSESSMENT_CONTACTS.Where(x => x.UserId == newContact.UserId && x.Assessment_Id == assessmentId).FirstOrDefault();
if (existingContact == null)
{
// Create Contact
var c = new ASSESSMENT_CONTACTS()
{
FirstName = newContact.FirstName,
LastName = newContact.LastName,
PrimaryEmail = newContact.PrimaryEmail,
Assessment_Id = assessmentId,
AssessmentRoleId = newContact.AssessmentRoleId,
Title = newContact.Title,
Phone = newContact.Phone
};
// Include the userid if such a user exists
USERS user = db.USERS.Where(u => !string.IsNullOrEmpty(u.PrimaryEmail) &&
u.PrimaryEmail == newContact.PrimaryEmail)
.FirstOrDefault();
if (user != null)
{
c.UserId = user.UserId;
}
db.ASSESSMENT_CONTACTS.AddOrUpdate(c, x => x.Assessment_Contact_Id);
// If there was no USER record for this new Contact, create one
if (user == null)
{
UserDetail userDetail = new UserDetail
{
Email = newContact.PrimaryEmail,
FirstName = newContact.FirstName,
LastName = newContact.LastName,
IsSuperUser = false,
PasswordResetRequired = true
};
UserManager um = new UserManager();
UserCreateResponse resp = um.CheckUserExists(userDetail);
if (!resp.IsExisting)
{
resp = um.CreateUser(userDetail);
// Send this brand-new user an email with their temporary password (if they have an email)
if (!string.IsNullOrEmpty(userDetail.Email))
{
if (!UserAuthentication.IsLocalInstallation(app_code))
{
nm.SendInviteePassword(userDetail.Email, userDetail.FirstName, userDetail.LastName, resp.TemporaryPassword);
}
}
}
c.UserId = resp.UserId;
}
db.SaveChanges();
AssessmentUtil.TouchAssessment(assessmentId);
existingContact = c;
}
}
// Flip the 'invite' flag to true, if they are a contact on the current Assessment
ContactsManager cm = new ContactsManager();
cm.MarkContactInvited(newContact.UserId, assessmentId);
// Tell the user that they have been invited to participate in an Assessment (if they have an email)
if (!string.IsNullOrEmpty(newContact.PrimaryEmail))
{
if (!UserAuthentication.IsLocalInstallation(app_code))
{
nm.InviteToAssessment(newContact);
}
}
// Return the full list of Contacts for the Assessment
return(new ContactDetail
{
FirstName = existingContact.FirstName,
LastName = existingContact.LastName,
PrimaryEmail = existingContact.PrimaryEmail,
AssessmentId = existingContact.Assessment_Id,
AssessmentRoleId = existingContact.AssessmentRoleId,
Invited = existingContact.Invited,
UserId = existingContact.UserId ?? null,
Title = existingContact.Title,
Phone = existingContact.Phone
});
}
public ContactsListResponse RemoveContactFromAssessment([FromBody] ContactRemoveParameters contactRemove)
{
if (contactRemove == null)
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The input parameters are not valid"),
ReasonPhrase = "The input parameters are not valid"
};
throw new HttpResponseException(err);
}
int currentUserId = Auth.GetUserId();
ASSESSMENT_CONTACTS ac = null;
using (var db = new CSET_Context())
{
// explicit removal using the ID of the connection
if (contactRemove.AssessmentContactId > 0)
{
ac = db.ASSESSMENT_CONTACTS.Where(x => x.Assessment_Contact_Id == contactRemove.AssessmentContactId).FirstOrDefault();
}
// implied removal of the current user's connection to the assessment
if (contactRemove.AssessmentId > 0)
{
ac = db.ASSESSMENT_CONTACTS.Where(x => x.Assessment_Id == contactRemove.AssessmentId && x.UserId == currentUserId).FirstOrDefault();
}
}
if (ac == null)
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The input parameters are not valid"),
ReasonPhrase = "The input parameters are not valid"
};
throw new HttpResponseException(err);
}
// Determine the current user's role.
ContactsManager cm = new ContactsManager();
int currentUserRole = cm.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, ac.Assessment_Id) ?? 0;
// If they are a USER and are trying to remove anyone but themself, forbid it
if (currentUserRole == (int)ContactsManager.ContactRole.RoleUser && ac.UserId != currentUserId)
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The current user does not have administrative authority for the Assessment."),
ReasonPhrase = "The only contact that a user role can remove is themself."
};
throw new HttpResponseException(err);
}
// Do not allow the user to remove themself if they are the last Admin on the assessment and there are other users
if (ac.UserId == currentUserId &&
Auth.AmILastAdminWithUsers(ac.Assessment_Id))
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The current user is the only Administrator contact on the Assessment"),
ReasonPhrase = "An Assessment must have at least one Administrator contact."
};
throw new HttpResponseException(err);
}
List <ContactDetail> newList;
try
{
newList = cm.RemoveContact(ac.Assessment_Contact_Id);
}
catch (NoSuchUserException)
{
// This could happen if they try to remove a contact that wasn't on the assessment.
// It's not critical.
//Are we sure this is the ONLY CASE that could ever happen?
//changing it to catch specific instance just in case there could be
//anything else that could ever happen
}
ContactsManager contactManager = new ContactsManager();
ContactsListResponse resp = new ContactsListResponse
{
ContactList = contactManager.GetContacts(ac.Assessment_Id),
CurrentUserRole = contactManager.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, ac.Assessment_Id) ?? 0
};
return(resp);
}
