Example #1
0
        public IHttpActionResult GetByUserName([FromUri] string username)
        {
            ParentDto parent = new ParentDto();

            try
            {
                parent = db.GetByUserName(username);
            }
            catch (NullReferenceException e)
            {
                logger.Error(e.Message);
                return(NotFound());
            }
            logger.Info("Search by username");
            return(Ok(parent));
        }
Example #2
0
        public HttpResponseMessage GetParentByUserName(string username)
        {
            string userId   = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
            string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;

            logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Parnet by username: "******"The parent with username: "******" was not found.");
                    return(Request.CreateResponse(HttpStatusCode.BadRequest, "The parent with username: "******" was not found."));
                }
                if (userRole == "admin")
                {
                    logger.Info("Requesting found parent convert for " + userRole + "role.");
                    ParentDTOForAdmin dto = toDTO.ConvertToParentDTOForAdmin(parent, (List <IdentityUserRole>)parent.Roles);
                    if (dto == null)
                    {
                        logger.Info("Failed!");
                        return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, dto));
                }
                else if (userRole == "teacher")
                {
                    logger.Info("Requesting found parent convert for " + userRole + "role.");
                    ParentDTOForTeacher dto = toDTO.ConvertToParentDTOForTeacher(parent);
                    if (dto == null)
                    {
                        logger.Info("Failed!");
                        return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, dto));
                }
                else if (userId == parent.Id ||
                         parent.Students.Any(x => x.Id == userId) == true ||
                         parent.Students.Any(x => x.Form.Students.Any(y => y.Id == userId)) == true ||
                         parent.Students.Any(x => x.Form.Students.Any(y => y.Parent.Id == userId)) == true)
                {
                    logger.Info("Requesting found parent convert for " + userRole + "role.");
                    ParentDTOForStudentAndParents dto = toDTO.ConvertToParentDTOForStudentAndParent(parent);
                    if (dto == null)
                    {
                        logger.Info("Failed!");
                        return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
                    }
                    logger.Info("Success!");
                    return(Request.CreateResponse(HttpStatusCode.OK, dto));
                }
                else
                {
                    logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
                    return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
                                                       "We’re sorry, but you are not authorized to perform the requested operation."));
                }
            }
            catch (Exception e)
            {
                logger.Error(e);
                return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
            }
        }