// PUT api/EmployeeAPI/5
public HttpResponseMessage PutEmployee(Guid id, EmployeeDTO employeeDTO)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != employeeDTO.Id)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added"));
}
try
{
bool sendEmailNotification = false;
var employee = db.Employees.Find(id);
if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString()))
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission"));
}
//Do not allow modification of email addresses which are linked to userprofiles already
if (employee.UserProfile != null && employeeDTO.Email != employee.Email)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "You can not modify email address for an employee which is linked to a registered user"));
}
//If the email address is being updated then send notification to new address
if (employee.Email != employeeDTO.Email && !String.IsNullOrEmpty(employeeDTO.Email))
{
sendEmailNotification = true;
}
//Map the updates across to original object
employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO, employee);
//Check to see if there is already an employee with this same email address registered for the business location.
var employeeExistingEmail = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employee.Email && emp.Id != employee.Id && emp.BusinessLocation.Id == employee.BusinessLocation.Id);
if (employeeExistingEmail != null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business"));
}
//Lookup BusinessLocation and attach, so that no updates or inserts are performed on BusinessType lookup table
var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId);
employee.BusinessLocation = busLoc;
if (employee.IsAdmin)
{
employee.ManagerBusinessLocations.Add(busLoc);
}
else
{
//if not admin but currently linked
if (employee.ManagerBusinessLocations.Contains(busLoc))
{
employee.ManagerBusinessLocations.Remove(busLoc);
}
}
//Hook up any roles selected
employee.Roles.Clear(); //Clear first so we can hook up correct DB items
if (employeeDTO.Roles != null)
{
foreach (RoleDTO roleDTO in employeeDTO.Roles)
{
Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id);
if (role == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
employee.Roles.Add(role);
}
}
//If user email has been updated then send notification and request
if (sendEmailNotification)
{
//Remove any old employee requests
if (employee.EmployeeRequest != null)
{
db.Entry(employee.EmployeeRequest).State = EntityState.Deleted;
}
//Create an entry in the EMployeeRequest table
EmployeeRequest empRequest = new EmployeeRequest()
{
Id = Guid.NewGuid(),
CreatedDate = WebUI.Common.Common.DateTimeNowLocal(),
Status = RequestStatus.Pending,
BusinessLocation = employee.BusinessLocation
};
employee.EmployeeRequest = empRequest;
//If an existing user profile exists with matching email address
if (db.UserProfiles.Any(usr => usr.Email == employee.Email))
{
//Send user email notifying them that a business has registered their email and they need to approve to link
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, employee.Email, employee.MobilePhone);
}
else //Send email notifying them that they have been registered with a business and invite to register an account
{
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone);
}
}
db.Entry(employee).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
internal EmployeeDTO CreateNewEmployee(EmployeeDTO employeeDTO, bool insertNewRoles = false)
{
if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employeeDTO.BusinessLocationId.ToString()))
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission"));
}
if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added"));
}
//Check to see if there is already an employee with this same email address registered for the business location.
var employeeExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employeeDTO.Email && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId);
if (employeeExisting != null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business"));
}
//Check to see if there is already an employee with this same mobile phone registered for the business location.
var employeeMobileExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.MobilePhone) && emp.MobilePhone == employeeDTO.MobilePhone && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId);
if (employeeMobileExisting != null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this Mobile Phone already exists for this business"));
}
var employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO);
employee.Id = Guid.NewGuid(); //Assign new ID on save.
//Create QR code for the employee
System.Drawing.Bitmap qrCodeImage = WebUI.Common.Common.GenerateQR(employee.Id.ToString());
using (System.IO.MemoryStream memory = new System.IO.MemoryStream())
{
qrCodeImage.Save(memory, System.Drawing.Imaging.ImageFormat.Jpeg);
employee.QRCode = memory.ToArray();
}
//Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table
var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId);
employee.BusinessLocation = busLoc;
if (employee.IsAdmin)
{
employee.ManagerBusinessLocations.Add(busLoc);
}
//Hook up any roles selected
employee.Roles.Clear(); //Clear first so we can hook up correct DB items
if (employeeDTO.Roles != null)
{
foreach (RoleDTO roleDTO in employeeDTO.Roles)
{
//Find the role by specific ID or else by matching businessId AND name
Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id || (r.Business.Id == employeeDTO.BusinessId && r.Name == roleDTO.Name));
if (role == null)
{
if (!insertNewRoles)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Role does not exist"));
}
else
{
role = new Role
{
Id = Guid.NewGuid(), //Assign new ID on save.
Name = roleDTO.Name,
Enabled = true
};
//Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table
role.Business = db.Businesses.Find(employeeDTO.BusinessId);
db.Roles.Add(role);
// employee.Roles.Add(role);
}
}
employee.Roles.Add(role);
}
}
//If user email or mobile phone is entered then set up an employee request
if (!String.IsNullOrEmpty(employee.Email) || !String.IsNullOrEmpty(employee.MobilePhone))
{
//Create an entry in the EMployeeRequest table
EmployeeRequest empRequest = new EmployeeRequest()
{
Id = Guid.NewGuid(),
CreatedDate = WebUI.Common.Common.DateTimeNowLocal(),
Status = RequestStatus.Pending,
BusinessLocation = employee.BusinessLocation
};
employee.EmployeeRequest = empRequest;
var existingUserProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == employee.Email || usr.MobilePhone == employee.MobilePhone);
//If an existing user profile exists with matching email address or a matching mobile phone number
if (existingUserProfile != null)
{
//Send user email notifying them that a business has registered their email and they need to approve to link
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, existingUserProfile.Email, employee.MobilePhone);
}
else //Send email notifying them that they have been registered with a business and invite to register an account
{
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone);
}
}
db.Employees.Add(employee);
db.SaveChanges();
employeeDTO = MapperFacade.MapperConfiguration.Map <Employee, EmployeeDTO>(employee);
return(employeeDTO);
}