public async Task <IActionResult> UpdateBuilder(string builderId, [FromBody] BuilderUpdateModel builderUpdateModel) { var currentUserId = User.Identity.Name; try { if (User.IsInRole(Role.Admin)) { await _buildersService.UpdateBuilderFromAdminAsync(builderId, builderUpdateModel); } else if (User.IsInRole(Role.Builder)) { await _buildersService.UpdateBuilderFromBuilderAsync(currentUserId, builderId, builderUpdateModel); } else { return(Forbid("You must be part of the Buildup program")); } } catch (UnauthorizedAccessException e) { return(Forbid($"You are not authorized to update this builder: {e.Message}")); } catch (Exception e) { return(BadRequest($"Can't update the builder: {e.Message}")); } return(Ok()); }
private async Task UpdateBuilder(string id, BuilderUpdateModel builderUpdateModel) { var update = Builders <Builder> .Update .Set(dbBuilder => dbBuilder.CoachId, builderUpdateModel.CoachId) .Set(dbBuilder => dbBuilder.NtfReferentId, builderUpdateModel.NtfReferentId) .Set(dbBuilder => dbBuilder.Status, builderUpdateModel.Status) .Set(dbBuilder => dbBuilder.Step, builderUpdateModel.Step) .Set(dbBuilder => dbBuilder.Situation, builderUpdateModel.Situation) .Set(dbBuilder => dbBuilder.Description, builderUpdateModel.Description); string fileId = ""; if (builderUpdateModel.BuilderCard != null && builderUpdateModel.BuilderCard.Length >= 1) { fileId = await _filesService.UploadFile($"buildercard_{id}", builderUpdateModel.BuilderCard); update = update.Set(dbBuilder => dbBuilder.BuilderCardId, fileId); } if (builderUpdateModel.ProgramEndDate != DateTime.MinValue) { update = update.Set(dbBuilder => dbBuilder.ProgramEndDate, builderUpdateModel.ProgramEndDate); } else { update = update.Set(dbBuilder => dbBuilder.ProgramEndDate, DateTime.Now.AddMonths(3)); } await _builders.UpdateOneAsync(databaseBuilder => databaseBuilder.Id == id, update ); }
// Updating the builder public async Task UpdateBuilderFromAdminAsync(string builderId, BuilderUpdateModel builderUpdateModel) { Builder builder = await GetBuilderFromBuilderId(builderId); if (builder == null) { throw new Exception("This builder doesn't exist"); } User user = await GetUserFromAdminAsync(builderId); if (user == null) { throw new Exception("Their is no user for builder..."); } await UpdateBuilder(builderId, builderUpdateModel); // Only admins are supposed to be able to change the steps // Since we don't want to spam, we only check notifications // on admin side if (builderUpdateModel.Status == BuilderStatus.Deleted) { await _notificationService.NotifyRefusedBuilder(user.Email, user.FirstName); } if (builder.Step == BuilderSteps.Preselected && builderUpdateModel.Step == BuilderSteps.AdminMeeting) { await _notificationService.NotifyPreselectionBuilder(user.Email, user.FirstName); } if (builder.Step != BuilderSteps.CoachMeeting && builderUpdateModel.Step == BuilderSteps.CoachMeeting) { await _notificationService.NotifyAdminMeetingValidatedBuilder(user.Email, user.FirstName); } }
public async Task UpdateBuilderFromBuilderAsync(string currentUserId, string builderId, BuilderUpdateModel builderUpdateModel) { Builder builder = await GetBuilderFromBuilderId(builderId); if (builder == null || builder.UserId != currentUserId) { throw new UnauthorizedAccessException("You are not the builder you prettend to be"); } await UpdateBuilder(builderId, builderUpdateModel); }