public async Task <CollectionGroupDetailsResponseModel> GetDetails(string orgId, string id) { var orgIdGuid = new Guid(orgId); if (!await ViewAtLeastOneCollectionAsync(orgIdGuid) && !await _currentContext.ManageUsers(orgIdGuid)) { throw new NotFoundException(); } var idGuid = new Guid(id); if (await _currentContext.ViewAllCollections(orgIdGuid)) { var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid); if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid) { throw new NotFoundException(); } return(new CollectionGroupDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2)); } else { var collectionDetails = await _collectionRepository.GetByIdWithGroupsAsync(idGuid, _currentContext.UserId.Value); if (collectionDetails?.Item1 == null || collectionDetails.Item1.OrganizationId != orgIdGuid) { throw new NotFoundException(); } return(new CollectionGroupDetailsResponseModel(collectionDetails.Item1, collectionDetails.Item2)); } }
public async Task <OrganizationUserDetailsResponseModel> Get(string orgId, string id) { var organizationUser = await _organizationUserRepository.GetByIdWithCollectionsAsync(new Guid(id)); if (organizationUser == null || !await _currentContext.ManageUsers(organizationUser.Item1.OrganizationId)) { throw new NotFoundException(); } return(new OrganizationUserDetailsResponseModel(organizationUser.Item1, organizationUser.Item2)); }
public async Task<ListResponseModel<GroupResponseModel>> Get(string orgId) { var orgIdGuid = new Guid(orgId); var canAccess = await _currentContext.ManageGroups(orgIdGuid) || await _currentContext.ViewAssignedCollections(orgIdGuid) || await _currentContext.ViewAllCollections(orgIdGuid) || await _currentContext.ManageUsers(orgIdGuid); if (!canAccess) { throw new NotFoundException(); } var groups = await _groupRepository.GetManyByOrganizationIdAsync(orgIdGuid); var responses = groups.Select(g => new GroupResponseModel(g)); return new ListResponseModel<GroupResponseModel>(responses); }
public async Task <IEnumerable <Collection> > GetOrganizationCollections(Guid organizationId) { if (!await _currentContext.ViewAllCollections(organizationId) && !await _currentContext.ManageUsers(organizationId)) { throw new NotFoundException(); } IEnumerable <Collection> orgCollections; if (await _currentContext.OrganizationAdmin(organizationId) || await _currentContext.ViewAllCollections(organizationId)) { // Admins, Owners, Providers and Custom (with collection management permissions) can access all items even if not assigned to them orgCollections = await _collectionRepository.GetManyByOrganizationIdAsync(organizationId); } else { var collections = await _collectionRepository.GetManyByUserIdAsync(_currentContext.UserId.Value); orgCollections = collections.Where(c => c.OrganizationId == organizationId); } return(orgCollections); }