public async Task <IActionResult> AddUserToProject([FromBody] AddUserToProjectForm form) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var email = User.Identity.Name; var isSuccess = await _db.AddUserToProjectAsync(email, form); if (!isSuccess) { return(BadRequest(_db.Projects.GetError())); } return(Ok("Success!")); }
public static async Task <bool> AddUserToProjectAsync(this ProjectContext db, string fromEmail, AddUserToProjectForm form) { var fromUser = await db.Users.FirstOrDefaultAsync(x => x.Email.Equals(fromEmail, StringComparison.OrdinalIgnoreCase)); var toUser = await db.Users.FirstOrDefaultAsync(x => x.Email.Equals(form.UserEmail, StringComparison.OrdinalIgnoreCase)); if (fromUser == null || toUser == null) { _code = ControllerErrorCode.UserNotFound; return(false); } var project = await db.Projects.FirstOrDefaultAsync(x => x.Id == form.ProjectId); if (project == null) { _code = ControllerErrorCode.ProjectNotFound; return(false); } var fromUserRole = db.Roles.AsNoTracking().FirstOrDefault(x => x.User.Id == fromUser.Id && x.Project.Id == project.Id); var toUserRole = db.Roles.FirstOrDefault(x => x.Project.Id == form.ProjectId && x.User.Id == toUser.Id); if (fromUserRole == null || fromUserRole.Type != ProjectUserRole.ProjectManager) { _code = ControllerErrorCode.PermissionsDenied; return(false); } if (toUserRole != null) { db.Remove(toUserRole); } var newRole = new Role() { Project = project, User = toUser, Type = form.Role }; await db.Roles.AddAsync(newRole); await db.SaveChangesAsync(); return(true); }