public async Task <IActionResult> GetSchoolMeetings(int userId, int schoolId, [FromQuery] GetMeetingsParams getMeetingsParams)
{
int currentUserId = int.Parse(HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value);
if (!await meetingSystem.ValidateGetSchoolMeetings(currentUserId, userId, schoolId, getMeetingsParams))
{
return(this.Forbid("Nie masz uprawnień, żeby wykonać tą funkcję"));
}
var meetings = await database.UserRepository.GetSchoolMeetings(userId, schoolId, getMeetingsParams);
var meetingsToReturn = mapper.Map <ICollection <MeetingDetailsDto> >(meetings);
return(Ok(meetingsToReturn));
}
public async Task <bool> ValidateGetSchoolMeetings(int currentUserId, int userId, int schoolId, GetMeetingsParams getMeetingsParams)
{
var school = await database.SchoolRepository.Get <School>(schoolId);
if (currentUserId != userId && currentUserId != school.OwnerId)
{
return(false);
}
if (currentUserId != school.OwnerId && getMeetingsParams.AsOwner)
{
return(false);
}
if (currentUserId == school.OwnerId && !getMeetingsParams.AsOwner)
{
return(false);
}
return(true);
}
public async Task <IEnumerable <Meeting> > GetSchoolMeetings(int userId, int schoolId, GetMeetingsParams getMeetingsParams)
{
var meetings = await GetWhere <Meeting>(m => m.SchoolId == schoolId);
if (!getMeetingsParams.AsOwner)
{
meetings = meetings.Where(m => m.UserId == userId);
}
if (getMeetingsParams.OnlyAccepted)
{
meetings = meetings.Where(m => m.Accepted);
}
meetings = meetings.OrderBy(m => m.DateFrom);
return(meetings);
}