Example #1
0
        public async Task <Response <WeekPictogramDTO> > CreatePictogram([FromBody] PictogramDTO pictogram)
        {
            var user = await _giraf.LoadUserWithResources(HttpContext.User);

            if (user == null)
            {
                return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotFound));
            }

            if (pictogram == null)
            {
                return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties,
                                                            "Could not read pictogram DTO. Please make sure not to include image data in this request. " +
                                                            "Use POST localhost/v1/pictogram/{id}/image instead."));
            }

            if (!ModelState.IsValid)
            {
                return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.InvalidProperties));
            }

            //Create the actual pictogram instance
            // if access level is not specified, missing properties
            if (pictogram.AccessLevel == null || !Enum.IsDefined(typeof(AccessLevel), pictogram.AccessLevel))
            {
                return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties, "access level, pictogram"));
            }

            Pictogram pict =
                new Pictogram(pictogram.Title, (AccessLevel)pictogram.AccessLevel);

            if (pictogram.AccessLevel == AccessLevel.PRIVATE)
            {
                //Add relation between pictogram and current user
                new UserResource(user, pict);
            }
            else if (pictogram.AccessLevel == AccessLevel.PROTECTED)
            {
                //Add the pictogram to the user's department
                new DepartmentResource(user.Department, pict);
            }

            await _giraf._context.Pictograms.AddAsync(pict);

            await _giraf._context.SaveChangesAsync();

            return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pict)));
        }
Example #2
0
        public async Task <Response <DepartmentDTO> > AddResource(long departmentId, long resourceId)
        {
            var usr = await _giraf.LoadUserWithResources(HttpContext.User);

            //Fetch the department and check that it exists no need to load ressources already on user
            var department = await _giraf._context.Departments.Where(d => d.Key == departmentId)
                             .Include(d => d.Members)
                             .FirstOrDefaultAsync();

            if (department == null)
            {
                return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentNotFound));
            }


            //Fetch the resource with the given id, check that it exists and that the user owns it.
            var resource = await _giraf._context.Pictograms.Where(f => f.Id == resourceId).FirstOrDefaultAsync();

            if (resource == null)
            {
                return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
            }

            var resourceOwned = await _giraf.CheckPrivateOwnership(resource, usr);

            if (!resourceOwned)
            {
                return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized));
            }

            //Check if the department already owns the resource
            var alreadyOwned = await _giraf._context.DepartmentResources
                               .Where(depres => depres.OtherKey == departmentId &&
                                      depres.PictogramKey == resourceId)
                               .AnyAsync();

            if (alreadyOwned)
            {
                return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentAlreadyOwnsResource));
            }

            //Remove resource from user
            var usrResource = await _giraf._context.UserResources
                              .Where(ur => ur.PictogramKey == resource.Id && ur.OtherKey == usr.Id)
                              .FirstOrDefaultAsync();

            if (usrResource == null)
            {
                return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
            }

            usr.Resources.Remove(usrResource);
            await _giraf._context.SaveChangesAsync();

            //Change resource AccessLevel to Protected from Private
            resource.AccessLevel = AccessLevel.PROTECTED;

            //Create a relationship between the department and the resource.
            var dr = new DepartmentResource(usr.Department, resource);
            await _giraf._context.DepartmentResources.AddAsync(dr);

            await _giraf._context.SaveChangesAsync();

            //Return Ok and the department - the resource is now visible in deparment.Resources
            var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf);

            return(new Response <DepartmentDTO>(new DepartmentDTO(usr.Department, members)));
        }