/// <summary> /// Connects an existing USER to an existing ASSESSMENT for the specified role. /// TODO: Enforce no duplicates - a user should only be connected once. /// If a new role is supplied, update the existing ASSESSMENT_CONTACTS role. /// </summary> public ContactDetail AddContactToAssessment(int assessmentId, int userId, int roleid, bool invited) { using (var db = new CSET_Context()) { USERS user = db.USERS.Where(x => x.UserId == userId).First(); var dbAC = db.ASSESSMENT_CONTACTS.Where(ac => ac.Assessment_Id == assessmentId && ac.UserId == user.UserId).FirstOrDefault(); if (dbAC == null) { dbAC = new ASSESSMENT_CONTACTS { Assessment_Id = assessmentId, UserId = user.UserId, FirstName = user.FirstName, LastName = user.LastName, PrimaryEmail = user.PrimaryEmail, }; } dbAC.AssessmentRoleId = roleid; dbAC.Invited = invited; db.ASSESSMENT_CONTACTS.AddOrUpdate(dbAC, x => x.Assessment_Contact_Id); db.SaveChanges(); AssessmentUtil.TouchAssessment(assessmentId); // Return the full list of Contacts for the Assessment return(new ContactDetail { FirstName = dbAC.FirstName, LastName = dbAC.LastName, PrimaryEmail = dbAC.PrimaryEmail, AssessmentId = dbAC.Assessment_Id, AssessmentRoleId = dbAC.AssessmentRoleId, Invited = dbAC.Invited, UserId = dbAC.UserId ?? null }); } }
/// <summary> /// Creates or updates the rows necessary to attach a Contact to an Assessment. /// Creates a new User based on email. /// Creates or overwrites the ASSESSMENT_CONTACTS connection. /// Creates a new Contact if needed. If a Contact already exists for the email, no /// changes are made to the Contact row. /// </summary> public ContactDetail CreateAndAddContactToAssessment(ContactCreateParameters newContact) { int assessmentId = Auth.AssessmentForUser(); TokenManager tm = new TokenManager(); string app_code = tm.Payload(Constants.Token_Scope); NotificationManager nm = new NotificationManager(); ASSESSMENT_CONTACTS existingContact = null; using (var db = new CSET_Context()) { // See if the Contact already exists existingContact = db.ASSESSMENT_CONTACTS.Where(x => x.UserId == newContact.UserId && x.Assessment_Id == assessmentId).FirstOrDefault(); if (existingContact == null) { // Create Contact var c = new ASSESSMENT_CONTACTS() { FirstName = newContact.FirstName, LastName = newContact.LastName, PrimaryEmail = newContact.PrimaryEmail, Assessment_Id = assessmentId, AssessmentRoleId = newContact.AssessmentRoleId, Title = newContact.Title, Phone = newContact.Phone }; // Include the userid if such a user exists USERS user = db.USERS.Where(u => !string.IsNullOrEmpty(u.PrimaryEmail) && u.PrimaryEmail == newContact.PrimaryEmail) .FirstOrDefault(); if (user != null) { c.UserId = user.UserId; } db.ASSESSMENT_CONTACTS.AddOrUpdate(c, x => x.Assessment_Contact_Id); // If there was no USER record for this new Contact, create one if (user == null) { UserDetail userDetail = new UserDetail { Email = newContact.PrimaryEmail, FirstName = newContact.FirstName, LastName = newContact.LastName, IsSuperUser = false, PasswordResetRequired = true }; UserManager um = new UserManager(); UserCreateResponse resp = um.CheckUserExists(userDetail); if (!resp.IsExisting) { resp = um.CreateUser(userDetail); // Send this brand-new user an email with their temporary password (if they have an email) if (!string.IsNullOrEmpty(userDetail.Email)) { if (!UserAuthentication.IsLocalInstallation(app_code)) { nm.SendInviteePassword(userDetail.Email, userDetail.FirstName, userDetail.LastName, resp.TemporaryPassword); } } } c.UserId = resp.UserId; } db.SaveChanges(); AssessmentUtil.TouchAssessment(assessmentId); existingContact = c; } } // Flip the 'invite' flag to true, if they are a contact on the current Assessment ContactsManager cm = new ContactsManager(); cm.MarkContactInvited(newContact.UserId, assessmentId); // Tell the user that they have been invited to participate in an Assessment (if they have an email) if (!string.IsNullOrEmpty(newContact.PrimaryEmail)) { if (!UserAuthentication.IsLocalInstallation(app_code)) { nm.InviteToAssessment(newContact); } } // Return the full list of Contacts for the Assessment return(new ContactDetail { FirstName = existingContact.FirstName, LastName = existingContact.LastName, PrimaryEmail = existingContact.PrimaryEmail, AssessmentId = existingContact.Assessment_Id, AssessmentRoleId = existingContact.AssessmentRoleId, Invited = existingContact.Invited, UserId = existingContact.UserId ?? null, Title = existingContact.Title, Phone = existingContact.Phone }); }
public ContactsListResponse RemoveContactFromAssessment([FromBody] ContactRemoveParameters contactRemove) { if (contactRemove == null) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The input parameters are not valid"), ReasonPhrase = "The input parameters are not valid" }; throw new HttpResponseException(err); } int currentUserId = Auth.GetUserId(); ASSESSMENT_CONTACTS ac = null; using (var db = new CSET_Context()) { // explicit removal using the ID of the connection if (contactRemove.AssessmentContactId > 0) { ac = db.ASSESSMENT_CONTACTS.Where(x => x.Assessment_Contact_Id == contactRemove.AssessmentContactId).FirstOrDefault(); } // implied removal of the current user's connection to the assessment if (contactRemove.AssessmentId > 0) { ac = db.ASSESSMENT_CONTACTS.Where(x => x.Assessment_Id == contactRemove.AssessmentId && x.UserId == currentUserId).FirstOrDefault(); } } if (ac == null) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The input parameters are not valid"), ReasonPhrase = "The input parameters are not valid" }; throw new HttpResponseException(err); } // Determine the current user's role. ContactsManager cm = new ContactsManager(); int currentUserRole = cm.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, ac.Assessment_Id) ?? 0; // If they are a USER and are trying to remove anyone but themself, forbid it if (currentUserRole == (int)ContactsManager.ContactRole.RoleUser && ac.UserId != currentUserId) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The current user does not have administrative authority for the Assessment."), ReasonPhrase = "The only contact that a user role can remove is themself." }; throw new HttpResponseException(err); } // Do not allow the user to remove themself if they are the last Admin on the assessment and there are other users if (ac.UserId == currentUserId && Auth.AmILastAdminWithUsers(ac.Assessment_Id)) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The current user is the only Administrator contact on the Assessment"), ReasonPhrase = "An Assessment must have at least one Administrator contact." }; throw new HttpResponseException(err); } List <ContactDetail> newList; try { newList = cm.RemoveContact(ac.Assessment_Contact_Id); } catch (NoSuchUserException) { // This could happen if they try to remove a contact that wasn't on the assessment. // It's not critical. //Are we sure this is the ONLY CASE that could ever happen? //changing it to catch specific instance just in case there could be //anything else that could ever happen } ContactsManager contactManager = new ContactsManager(); ContactsListResponse resp = new ContactsListResponse { ContactList = contactManager.GetContacts(ac.Assessment_Id), CurrentUserRole = contactManager.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, ac.Assessment_Id) ?? 0 }; return(resp); }