public HttpResponseMessage Register(ServiceModel.AddUserModel value) { if (!ModelState.IsValid) { return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } var existingUser = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.EmailAddress.Equals(value.EmailAddress, StringComparison.OrdinalIgnoreCase)); if (existingUser != null) { ModelState.AddModelError("", "A user with this email address has already registered!"); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } var user = new DomainModel.User(value.EmailAddress); var defaultImage = new Uri(Request.RequestUri, "/images/GenericUserImage.gif"); user.ImagePath = defaultImage.ToString(); context.Add(user); context.SaveChanges(); var sUser = user.MapToServiceModel(); var response = new HttpResponseMessage<ServiceModel.User>(sUser, HttpStatusCode.Created); response.Headers.Location = new Uri(Request.RequestUri, "/api/user/" + sUser.Id.ToString()); return response; }
public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel) { var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thing == null) { ModelState.AddModelError("", "Invalid Thing"); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } if (!thing.AssignedTo.Any(at => at.AssignedToUserId == viewModel.UserId)) { ModelState.AddModelError("", "A thing can only be removed by its owner."); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } thing.Complete(viewModel.UserId); context.SaveChanges(); var sThing = thing.MapToServiceModel(); var response = new HttpResponseMessage<ServiceModel.Thing>(sThing, HttpStatusCode.OK); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage AddMember(int id, ServiceModel.AddMemberViewModel viewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson())); } //get team var team = GetTeam(id); var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.EmailAddress == viewModel.EmailAddress); if (user == null) { user = new DomainModel.User(viewModel.EmailAddress); context.Add(user); } if (user.Teams.Any(ut => ut.TeamId == team.Id)) throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User already added to team")); var newTeamMember = new DomainModel.TeamUser(team, user); var inviter = team.Members.FirstOrDefault(x => x.UserId == viewModel.AddedByUserId); if (inviter == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User Not Allowed to Invite Members to this Team")); } if (team.IsOpen || (inviter != null && inviter.Role== DomainModel.TeamUserRole.Administrator)) { newTeamMember.Status = DomainModel.TeamUserStatus.Approved; } emailService.InvitedToTeam(user, inviter.User, team).Send(); team.Members.Add(newTeamMember); context.SaveChanges(); return ResourceOkResponse(team.MapToBasicServiceModel()); }
public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel) { var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thing == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid thing")); } var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user")); } if (thing.OwnerId != user.Id && !thing.AssignedTo.Any(at => at.AssignedToUserId == user.Id) && !thing.Team.Members.Admins().Any(a => a.Id == user.Id)) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "A thing can only be completed by someone assigned to it, the thing's owner, or a team administrator.")); } thing.Complete(user); context.SaveChanges(); emailService.ThingCompleted(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), user, thing).Send(); var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.OK, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage Delete(int id, ServiceModel.DeleteThingViewModel viewModel) { if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); //rest spec says we should not throw an error in this case ( delete requests should be idempotent) if (thing == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Thing")); } var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.DeletedById); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user")); } if (thing.OwnerId != viewModel.DeletedById) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "A thing can only be removed by its owner.")); } thing.Delete(user); context.SaveChanges(); return new HttpResponseMessage(HttpStatusCode.NoContent); }
public HttpResponseMessage OAuth(ServiceModel.OAuthSignInModel model) { if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } //validate user var provider = AuthFactory.GetProvider(model.Provider, model.AuthToken); var userInfo = provider.GetUser(); string userId = userInfo.UserId; if (string.IsNullOrWhiteSpace(userId)) { ModelState.AddModelError("", string.Format("{0} could not locate a user using the provided auth token.")); return Request.CreateResponse(HttpStatusCode.Unauthorized, ModelState.ToJson()); } //get actual user var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.OAuthProvider.Equals(model.Provider, StringComparison.OrdinalIgnoreCase) && u.OAuthUserId.Equals(userId, StringComparison.OrdinalIgnoreCase)); if (user == null) { //try to find users by existing email address (mostly to clean up v1) if (!string.IsNullOrWhiteSpace(userInfo.Email)) { user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.EmailAddress.Equals(userInfo.Email, StringComparison.OrdinalIgnoreCase)); } //user really is new, lets create them if (user == null) { user = new DomainModel.User(model.Provider, userId); context.Add(user); } user.EmailAddress = userInfo.Email; user.ImagePath = userInfo.PictureUrl; user.FirstName = userInfo.FirstName; user.LastName = userInfo.LastName; if (string.IsNullOrWhiteSpace(user.ImagePath)) { var defaultImage = new Uri(Request.RequestUri, "/images/GenericUserImage.gif"); user.ImagePath = defaultImage.ToString(); } context.SaveChanges(); } //FormsAuthentication.SetAuthCookie(user.EmailAddress, true); return Request.CreateResponse(HttpStatusCode.OK, user.MapToServiceModel()); }
public void ApproveMember(int id, ServiceModel.MemberApprovalViewModel viewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); } //get team var team = GetTeam(id); var authorizer = team.Members.FirstOrDefault(tm => tm.UserId == viewModel.StatusChangedByUserId); if (authorizer == null || (authorizer.Role != DomainModel.TeamUserRole.Administrator && team.OwnerId != authorizer.UserId)) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "Only team owners, and admins can approve members.")); } var teamMember = team.Members.FirstOrDefault(t => t.UserId == viewModel.UserId); if (teamMember == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid Team Member")); } teamMember.Status = DomainModel.TeamUserStatus.Approved; context.SaveChanges(); emailService.ApprovedForTeam(teamMember.User, team).Send(); }
public HttpResponseMessage Delete(int id, ServiceModel.DeleteTeamViewModel viewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); } //get team var team = GetTeam(id); var editor = team.Members .FirstOrDefault(tm => tm.Role == DomainModel.TeamUserRole.Administrator && tm.UserId == viewModel.UserId); if (editor == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User does not have permissions to delete team")); } context.Delete(team); context.SaveChanges(); return new HttpResponseMessage(HttpStatusCode.NoContent); }
public HttpResponseMessage Leave(int id, ServiceModel.JoinTeamViewModel joinTeamViewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); } //get team var team = GetTeam(id); var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == joinTeamViewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid User")); } if (user.Id == team.OwnerId) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Owner can not leave team")); } var teamUser = user.Teams.FirstOrDefault(ut => ut.TeamId == team.Id); if (teamUser != null) { team.Members.Remove(teamUser); context.SaveChanges(); } return ResourceOkResponse(team.MapToBasicServiceModel()); }
public HttpResponseMessage UpdateStatus(int id, ServiceModel.UpdateThingStatusViewModel viewModel) { var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); DomainModel.ThingStatus realStatus; if (!Enum.TryParse<DomainModel.ThingStatus>(viewModel.Status, true, out realStatus)) { ModelState.AddModelError("", "Invalid Status"); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } if (thing == null) { ModelState.AddModelError("", "Invalid Thing"); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user")); } if (thing.OwnerId != user.Id && !thing.AssignedTo.Any(at => at.AssignedToUserId == user.Id) && !thing.Team.Members.Admins().Any(a => a.Id == user.Id)) { ModelState.AddModelError("", "A thing's status can only be completed by someone assigned to it, the thing's owner, or a team administrator."); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } thing.UpdateStatus(user, realStatus); context.SaveChanges(); if (thing.Status == DomainModel.ThingStatus.Completed) { emailService.ThingCompleted(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), user, thing).Send(); } var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.OK, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage Unstar(int id, ServiceModel.StarThingViewModel viewModel) { var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thing == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid thing")); } var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user")); } user.StarredThings.Remove(thing); context.SaveChanges(); var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.OK, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage Put(int id, ServiceModel.UpdateThingViewModel viewModel) { var thingEditor = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.EditedById); var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thingEditor == null) { ModelState.AddModelError("", "Invalid Editor"); } if (thing == null) { ModelState.AddModelError("", "Invalid Thing"); } if (thing != null && thing.OwnerId != thingEditor.Id) { ModelState.AddModelError("", "A Thing can only be edited by its owner"); } if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } foreach (var userId in viewModel.AssignedTo) { //already assigned if (thing.AssignedTo.Any(at => at.AssignedToUserId == userId)) continue; var assignedTo = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == userId); if (assignedTo == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid User Assigned to Thing")); } thing.AssignedTo.Add(new DomainModel.UserThing(thing, assignedTo, thingEditor)); } //removed users var removedUserIds = thing.AssignedTo.Select(at => at.AssignedToUserId).Except(viewModel.AssignedTo); var addedUserIds = viewModel.AssignedTo.Except(thing.AssignedTo.Select(at => at.AssignedToUserId)); var removedUserThings = thing.AssignedTo.Where(at => removedUserIds.Contains(at.AssignedToUserId)).ToList(); var newUserThings = thing.AssignedTo.Where(at => addedUserIds.Contains(at.AssignedToUserId)).ToList(); context.Delete(removedUserThings); thing.Description = viewModel.Description; context.SaveChanges(); emailService.ThingAssigned(newUserThings.Select(x => x.AssignedToUser).ToArray(), thing, thingEditor).Send(); emailService.ThingUnassigned(newUserThings.Select(x => x.AssignedToUser).ToArray(), thing, thingEditor).Send(); var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.OK, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage Post(ServiceModel.AddThingViewModel newThing) { if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var thingCreator = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == newThing.CreatedById); if (thingCreator == null) { ModelState.AddModelError("", "Invalid Creator"); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var team = context.GetAll<DomainModel.Team>() .FirstOrDefault(u => u.Id == newThing.TeamId); if (team == null) { ModelState.AddModelError("", "Invalid Team"); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var thing = new DomainModel.Thing(team, thingCreator); thing.Description = newThing.Description; foreach (var userId in newThing.AssignedTo) { var assignedTo = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == userId); if (assignedTo == null) { ModelState.AddModelError("", "Invalid User Assigned to Thing"); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } thing.AssignedTo.Add(new DomainModel.UserThing(thing, assignedTo, thingCreator)); } emailService.ThingAssigned(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), thing, thingCreator).Send(); context.Add(thing); context.SaveChanges(); var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.Created, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
// POST /api/team/5 public HttpResponseMessage Post(ServiceModel.AddTeamViewModel addTeamViewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); } var existingTeam = context.GetAll<DomainModel.Team>() .FirstOrDefault(u => u.Name.Equals(addTeamViewModel.Name)); if (existingTeam != null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Team name already in use")); } var teamCreator = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == addTeamViewModel.CreatedById); if (teamCreator == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid Team Owner Specified")); } var team = new DomainModel.Team(addTeamViewModel.Name, teamCreator); team.IsOpen = addTeamViewModel.IsPublic; context.Add(team); context.SaveChanges(); return ResourceOkResponse(team.MapToBasicServiceModel()); }
public HttpResponseMessage UpdateStatus(int id, ServiceModel.UpdateThingStatusViewModel updateStatusParameters) { var thing = context.GetAll<DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); DomainModel.ThingStatus realStatus; if (!Enum.TryParse<DomainModel.ThingStatus>(updateStatusParameters.Status, true, out realStatus)) { ModelState.AddModelError("", "Invalid Status"); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } if (thing == null) { ModelState.AddModelError("", "Invalid Thing"); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } if (!thing.AssignedTo.Any(at => at.AssignedToUserId == updateStatusParameters.UserId)) { ModelState.AddModelError("", "A thing can only be removed by its owner."); return new HttpResponseMessage<JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest); } thing.UpdateStatus(updateStatusParameters.UserId, realStatus); context.SaveChanges(); var sThing = thing.MapToServiceModel(); var response = new HttpResponseMessage<ServiceModel.Thing>(sThing, HttpStatusCode.OK); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return response; }
public HttpResponseMessage Join(int id, ServiceModel.JoinTeamViewModel joinTeamViewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson())); } //get team var team = GetTeam(id); var user = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.Id == joinTeamViewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid User")); } if (user.Teams.Any(ut => ut.TeamId == team.Id)) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User already added to team")); } var newTeamMember = new DomainModel.TeamUser(team, user); if (team.IsOpen) { newTeamMember.Status = DomainModel.TeamUserStatus.Approved; } team.Members.Add(newTeamMember); context.SaveChanges(); return ResourceOkResponse(team.MapToBasicServiceModel()); }
public HttpResponseMessage SignIn(ServiceModel.SignInViewModel model) { if (!ModelState.IsValid) { return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } var existingUser = context.GetAll<DomainModel.User>() .FirstOrDefault(u => u.EmailAddress.Equals(model.EmailAddress, StringComparison.OrdinalIgnoreCase)); if (existingUser == null) { ModelState.AddModelError("", "A user does not exist with this user name."); return Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson()); } return Request.CreateResponse(HttpStatusCode.OK, existingUser.MapToServiceModel()); }
public HttpResponseMessage Put(int id, ServiceModel.UpdateTeamViewModel viewModel) { if (!ModelState.IsValid) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString())); } var existingTeam = context.GetAll<DomainModel.Team>() .FirstOrDefault(u => u.Name.Equals(viewModel.Name) && u.Id != id); if (existingTeam != null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Team Name Already in Use")); } //get team var team = GetTeam(id); var editor = team.Members .FirstOrDefault(tm => tm.Role == DomainModel.TeamUserRole.Administrator && tm.UserId == viewModel.UpdatedById); if (editor == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "User does not have permissions to edit team")); } team.Name = viewModel.Name; team.IsOpen = viewModel.IsPublic; context.SaveChanges(); return ResourceOkResponse(team.MapToServiceModel()); }