public IList <StudentDTOForStudentAndParent> ConvertToStudentDTOListForStudentAndParent(List <Student> students)
{
IList <StudentDTOForStudentAndParent> dtos = new List <StudentDTOForStudentAndParent>();
foreach (var student in students)
{
StudentDTOForStudentAndParent dto = ConvertToStudentDTOForStudentAndParent(student);
dtos.Add(dto);
}
return(dtos);
}
public StudentDTOForStudentAndParent ConvertToStudentDTOForStudentAndParent(Student x)
{
StudentDTOForStudentAndParent dto = new StudentDTOForStudentAndParent
{
Id = x.Id,
UserName = x.UserName,
FirstName = x.FirstName,
LastName = x.LastName,
Email = x.Email,
PhoneNumber = x.PhoneNumber,
Parent = parentToDTO.ConvertToParentDTOForStudentAndParent(x.Parent),
Form = formToDTO.ConvertToFormDTOForStudentAndParent(x.Form)
};
return(dto);
}
public HttpResponseMessage GetStudentById(string id)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Student by id: " + id);
try
{
Student student = studentsService.GetByID(id);
if (student == null)
{
logger.Info("The student with id: " + id + " was not found.");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "The student with id: " + id + " was not found."));
}
if (userRole == "admin")
{
logger.Info("Requesting found student convert for " + userRole + "role.");
StudentDTOForAdmin dto = toDTO.ConvertToStudentDTOForAdmin(student, (List <IdentityUserRole>)student.Roles);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else if (userRole == "teacher")
{
logger.Info("Requesting found student convert for " + userRole + "role.");
StudentDTOForTeacher dto = toDTO.ConvertToStudentDTOForTeacher(student);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
//ukoliko pretrazuje ucenik ili roditelj za sebe, tj. svoje dete
//ili ukoliko pretrazuje za ucenika iz svog odeljenja ili odeljenja svog deteta
else if (userId == student.Id || userId == student.Parent.Id || student.Form.Students.Any(x => x.Id == userId) == true ||
student.Form.Students.Any(x => x.Parent.Id == userId) == true)
{
logger.Info("Requesting found student convert for " + userRole + "role.");
StudentDTOForStudentAndParent dto = toDTO.ConvertToStudentDTOForStudentAndParent(student);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}
