public HttpResponseMessage Register(ServiceModel.AddUserModel value)
{
if (!ModelState.IsValid)
{
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
var existingUser = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.EmailAddress.Equals(value.EmailAddress, StringComparison.OrdinalIgnoreCase));
if (existingUser != null)
{
ModelState.AddModelError("", "A user with this email address has already registered!");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
var user = new DomainModel.User(value.EmailAddress);
var defaultImage = new Uri(Request.RequestUri, "/images/GenericUserImage.gif");
user.ImagePath = defaultImage.ToString();
context.Add(user);
context.SaveChanges();
var sUser = user.MapToServiceModel();
var response = new HttpResponseMessage<ServiceModel.User>(sUser, HttpStatusCode.Created);
response.Headers.Location = new Uri(Request.RequestUri, "/api/user/" + sUser.Id.ToString());
return response;
}
public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel)
{
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
if (thing == null)
{
ModelState.AddModelError("", "Invalid Thing");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
if (!thing.AssignedTo.Any(at => at.AssignedToUserId == viewModel.UserId))
{
ModelState.AddModelError("", "A thing can only be removed by its owner.");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
thing.Complete(viewModel.UserId);
context.SaveChanges();
var sThing = thing.MapToServiceModel();
var response = new HttpResponseMessage<ServiceModel.Thing>(sThing, HttpStatusCode.OK);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage AddMember(int id, ServiceModel.AddMemberViewModel viewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson())); }
//get team
var team = GetTeam(id);
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.EmailAddress == viewModel.EmailAddress);
if (user == null)
{
user = new DomainModel.User(viewModel.EmailAddress);
context.Add(user);
}
if (user.Teams.Any(ut => ut.TeamId == team.Id)) throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User already added to team"));
var newTeamMember = new DomainModel.TeamUser(team, user);
var inviter = team.Members.FirstOrDefault(x => x.UserId == viewModel.AddedByUserId);
if (inviter == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User Not Allowed to Invite Members to this Team")); }
if (team.IsOpen || (inviter != null && inviter.Role== DomainModel.TeamUserRole.Administrator))
{
newTeamMember.Status = DomainModel.TeamUserStatus.Approved;
}
emailService.InvitedToTeam(user, inviter.User, team).Send();
team.Members.Add(newTeamMember);
context.SaveChanges();
return ResourceOkResponse(team.MapToBasicServiceModel());
}
public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel)
{
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
if (thing == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid thing"));
}
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == viewModel.UserId);
if (user == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user"));
}
if (thing.OwnerId != user.Id && !thing.AssignedTo.Any(at => at.AssignedToUserId == user.Id) && !thing.Team.Members.Admins().Any(a => a.Id == user.Id))
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "A thing can only be completed by someone assigned to it, the thing's owner, or a team administrator."));
}
thing.Complete(user);
context.SaveChanges();
emailService.ThingCompleted(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), user, thing).Send();
var sThing = thing.MapToServiceModel();
var response = Request.CreateResponse(HttpStatusCode.OK, sThing);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage Delete(int id, ServiceModel.DeleteThingViewModel viewModel)
{
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
//rest spec says we should not throw an error in this case ( delete requests should be idempotent)
if (thing == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Thing"));
}
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == viewModel.DeletedById);
if (user == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user"));
}
if (thing.OwnerId != viewModel.DeletedById)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "A thing can only be removed by its owner."));
}
thing.Delete(user);
context.SaveChanges();
return new HttpResponseMessage(HttpStatusCode.NoContent);
}
public HttpResponseMessage OAuth(ServiceModel.OAuthSignInModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
//validate user
var provider = AuthFactory.GetProvider(model.Provider, model.AuthToken);
var userInfo = provider.GetUser();
string userId = userInfo.UserId;
if (string.IsNullOrWhiteSpace(userId))
{
ModelState.AddModelError("", string.Format("{0} could not locate a user using the provided auth token."));
return Request.CreateResponse(HttpStatusCode.Unauthorized, ModelState.ToJson());
}
//get actual user
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.OAuthProvider.Equals(model.Provider, StringComparison.OrdinalIgnoreCase) && u.OAuthUserId.Equals(userId, StringComparison.OrdinalIgnoreCase));
if (user == null)
{
//try to find users by existing email address (mostly to clean up v1)
if (!string.IsNullOrWhiteSpace(userInfo.Email))
{
user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.EmailAddress.Equals(userInfo.Email, StringComparison.OrdinalIgnoreCase));
}
//user really is new, lets create them
if (user == null)
{
user = new DomainModel.User(model.Provider, userId);
context.Add(user);
}
user.EmailAddress = userInfo.Email;
user.ImagePath = userInfo.PictureUrl;
user.FirstName = userInfo.FirstName;
user.LastName = userInfo.LastName;
if (string.IsNullOrWhiteSpace(user.ImagePath))
{
var defaultImage = new Uri(Request.RequestUri, "/images/GenericUserImage.gif");
user.ImagePath = defaultImage.ToString();
}
context.SaveChanges();
}
//FormsAuthentication.SetAuthCookie(user.EmailAddress, true);
return Request.CreateResponse(HttpStatusCode.OK, user.MapToServiceModel());
}
public void ApproveMember(int id, ServiceModel.MemberApprovalViewModel viewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); }
//get team
var team = GetTeam(id);
var authorizer = team.Members.FirstOrDefault(tm => tm.UserId == viewModel.StatusChangedByUserId);
if (authorizer == null || (authorizer.Role != DomainModel.TeamUserRole.Administrator && team.OwnerId != authorizer.UserId))
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "Only team owners, and admins can approve members."));
}
var teamMember = team.Members.FirstOrDefault(t => t.UserId == viewModel.UserId);
if (teamMember == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid Team Member")); }
teamMember.Status = DomainModel.TeamUserStatus.Approved;
context.SaveChanges();
emailService.ApprovedForTeam(teamMember.User, team).Send();
}
public HttpResponseMessage Delete(int id, ServiceModel.DeleteTeamViewModel viewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); }
//get team
var team = GetTeam(id);
var editor = team.Members
.FirstOrDefault(tm => tm.Role == DomainModel.TeamUserRole.Administrator && tm.UserId == viewModel.UserId);
if (editor == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User does not have permissions to delete team")); }
context.Delete(team);
context.SaveChanges();
return new HttpResponseMessage(HttpStatusCode.NoContent);
}
public HttpResponseMessage Leave(int id, ServiceModel.JoinTeamViewModel joinTeamViewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); }
//get team
var team = GetTeam(id);
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == joinTeamViewModel.UserId);
if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid User")); }
if (user.Id == team.OwnerId) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Owner can not leave team")); }
var teamUser = user.Teams.FirstOrDefault(ut => ut.TeamId == team.Id);
if (teamUser != null)
{
team.Members.Remove(teamUser);
context.SaveChanges();
}
return ResourceOkResponse(team.MapToBasicServiceModel());
}
public HttpResponseMessage UpdateStatus(int id, ServiceModel.UpdateThingStatusViewModel viewModel)
{
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
DomainModel.ThingStatus realStatus;
if (!Enum.TryParse<DomainModel.ThingStatus>(viewModel.Status, true, out realStatus))
{
ModelState.AddModelError("", "Invalid Status");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
if (thing == null)
{
ModelState.AddModelError("", "Invalid Thing");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == viewModel.UserId);
if (user == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user"));
}
if (thing.OwnerId != user.Id && !thing.AssignedTo.Any(at => at.AssignedToUserId == user.Id) && !thing.Team.Members.Admins().Any(a => a.Id == user.Id))
{
ModelState.AddModelError("", "A thing's status can only be completed by someone assigned to it, the thing's owner, or a team administrator.");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
thing.UpdateStatus(user, realStatus);
context.SaveChanges();
if (thing.Status == DomainModel.ThingStatus.Completed)
{
emailService.ThingCompleted(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), user, thing).Send();
}
var sThing = thing.MapToServiceModel();
var response = Request.CreateResponse(HttpStatusCode.OK, sThing);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage Unstar(int id, ServiceModel.StarThingViewModel viewModel)
{
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
if (thing == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid thing"));
}
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == viewModel.UserId);
if (user == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user"));
}
user.StarredThings.Remove(thing);
context.SaveChanges();
var sThing = thing.MapToServiceModel();
var response = Request.CreateResponse(HttpStatusCode.OK, sThing);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage Put(int id, ServiceModel.UpdateThingViewModel viewModel)
{
var thingEditor = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == viewModel.EditedById);
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
if (thingEditor == null)
{
ModelState.AddModelError("", "Invalid Editor");
}
if (thing == null)
{
ModelState.AddModelError("", "Invalid Thing");
}
if (thing != null && thing.OwnerId != thingEditor.Id)
{
ModelState.AddModelError("", "A Thing can only be edited by its owner");
}
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
foreach (var userId in viewModel.AssignedTo)
{
//already assigned
if (thing.AssignedTo.Any(at => at.AssignedToUserId == userId)) continue;
var assignedTo = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == userId);
if (assignedTo == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid User Assigned to Thing"));
}
thing.AssignedTo.Add(new DomainModel.UserThing(thing, assignedTo, thingEditor));
}
//removed users
var removedUserIds = thing.AssignedTo.Select(at => at.AssignedToUserId).Except(viewModel.AssignedTo);
var addedUserIds = viewModel.AssignedTo.Except(thing.AssignedTo.Select(at => at.AssignedToUserId));
var removedUserThings = thing.AssignedTo.Where(at => removedUserIds.Contains(at.AssignedToUserId)).ToList();
var newUserThings = thing.AssignedTo.Where(at => addedUserIds.Contains(at.AssignedToUserId)).ToList();
context.Delete(removedUserThings);
thing.Description = viewModel.Description;
context.SaveChanges();
emailService.ThingAssigned(newUserThings.Select(x => x.AssignedToUser).ToArray(), thing, thingEditor).Send();
emailService.ThingUnassigned(newUserThings.Select(x => x.AssignedToUser).ToArray(), thing, thingEditor).Send();
var sThing = thing.MapToServiceModel();
var response = Request.CreateResponse(HttpStatusCode.OK, sThing);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage Post(ServiceModel.AddThingViewModel newThing)
{
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var thingCreator = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == newThing.CreatedById);
if (thingCreator == null)
{
ModelState.AddModelError("", "Invalid Creator");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var team = context.GetAll<DomainModel.Team>()
.FirstOrDefault(u => u.Id == newThing.TeamId);
if (team == null)
{
ModelState.AddModelError("", "Invalid Team");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var thing = new DomainModel.Thing(team, thingCreator);
thing.Description = newThing.Description;
foreach (var userId in newThing.AssignedTo)
{
var assignedTo = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == userId);
if (assignedTo == null)
{
ModelState.AddModelError("", "Invalid User Assigned to Thing");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
thing.AssignedTo.Add(new DomainModel.UserThing(thing, assignedTo, thingCreator));
}
emailService.ThingAssigned(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), thing, thingCreator).Send();
context.Add(thing);
context.SaveChanges();
var sThing = thing.MapToServiceModel();
var response = Request.CreateResponse(HttpStatusCode.Created, sThing);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
// POST /api/team/5
public HttpResponseMessage Post(ServiceModel.AddTeamViewModel addTeamViewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); }
var existingTeam = context.GetAll<DomainModel.Team>()
.FirstOrDefault(u => u.Name.Equals(addTeamViewModel.Name));
if (existingTeam != null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Team name already in use")); }
var teamCreator = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == addTeamViewModel.CreatedById);
if (teamCreator == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Team Owner Specified")); }
var team = new DomainModel.Team(addTeamViewModel.Name, teamCreator);
team.IsOpen = addTeamViewModel.IsPublic;
context.Add(team);
context.SaveChanges();
return ResourceOkResponse(team.MapToBasicServiceModel());
}
public HttpResponseMessage UpdateStatus(int id, ServiceModel.UpdateThingStatusViewModel updateStatusParameters)
{
var thing = context.GetAll<DomainModel.Thing>()
.FirstOrDefault(u => u.Id == id);
DomainModel.ThingStatus realStatus;
if (!Enum.TryParse<DomainModel.ThingStatus>(updateStatusParameters.Status, true, out realStatus))
{
ModelState.AddModelError("", "Invalid Status");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
if (thing == null)
{
ModelState.AddModelError("", "Invalid Thing");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
if (!thing.AssignedTo.Any(at => at.AssignedToUserId == updateStatusParameters.UserId))
{
ModelState.AddModelError("", "A thing can only be removed by its owner.");
return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest);
}
thing.UpdateStatus(updateStatusParameters.UserId, realStatus);
context.SaveChanges();
var sThing = thing.MapToServiceModel();
var response = new HttpResponseMessage<ServiceModel.Thing>(sThing, HttpStatusCode.OK);
response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString());
return response;
}
public HttpResponseMessage Join(int id, ServiceModel.JoinTeamViewModel joinTeamViewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson())); }
//get team
var team = GetTeam(id);
var user = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.Id == joinTeamViewModel.UserId);
if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid User")); }
if (user.Teams.Any(ut => ut.TeamId == team.Id)) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User already added to team")); }
var newTeamMember = new DomainModel.TeamUser(team, user);
if (team.IsOpen)
{
newTeamMember.Status = DomainModel.TeamUserStatus.Approved;
}
team.Members.Add(newTeamMember);
context.SaveChanges();
return ResourceOkResponse(team.MapToBasicServiceModel());
}
public HttpResponseMessage SignIn(ServiceModel.SignInViewModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
var existingUser = context.GetAll<DomainModel.User>()
.FirstOrDefault(u => u.EmailAddress.Equals(model.EmailAddress, StringComparison.OrdinalIgnoreCase));
if (existingUser == null)
{
ModelState.AddModelError("", "A user does not exist with this user name.");
return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson());
}
return Request.CreateResponse(HttpStatusCode.OK, existingUser.MapToServiceModel());
}
public HttpResponseMessage Put(int id, ServiceModel.UpdateTeamViewModel viewModel)
{
if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); }
var existingTeam = context.GetAll<DomainModel.Team>()
.FirstOrDefault(u => u.Name.Equals(viewModel.Name) && u.Id != id);
if (existingTeam != null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Team Name Already in Use")); }
//get team
var team = GetTeam(id);
var editor = team.Members
.FirstOrDefault(tm => tm.Role == DomainModel.TeamUserRole.Administrator && tm.UserId == viewModel.UpdatedById);
if (editor == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User does not have permissions to edit team")); }
team.Name = viewModel.Name;
team.IsOpen = viewModel.IsPublic;
context.SaveChanges();
return ResourceOkResponse(team.MapToServiceModel());
}
