public void DenyMember(int id, ServiceModel.MemberApprovalViewModel viewModel)
{
var team = context.GetAll <DomainModel.Team>()
.FirstOrDefault(u => u.Id == id);
if (team == null)
{
throw new HttpResponseException("Invalid Team", HttpStatusCode.NotFound);
}
var teamMember = team.TeamMembers.FirstOrDefault(t => t.UserId == viewModel.UserId);
if (teamMember == null)
{
throw new HttpResponseException("Invalid Team Member", HttpStatusCode.NotFound);
}
if (team.OwnerId == teamMember.UserId)
{
throw new HttpResponseException("Can not deny access to the team owner", HttpStatusCode.BadRequest);
}
teamMember.Status = DomainModel.TeamUserStatus.Denyed;
context.SaveChanges();
}
public void DenyMember(int id, ServiceModel.MemberApprovalViewModel viewModel)
{
if (!ModelState.IsValid)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, ModelState.ToJson().ToString()));
}
//get team
var team = GetTeam(id);
var teamMember = team.Members.FirstOrDefault(t => t.UserId == viewModel.UserId);
if (teamMember == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid Team Member"));
}
if (team.OwnerId == teamMember.UserId)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest, "Can not deny access to the team owner"));
}
var authorizer = team.Members.FirstOrDefault(tm => tm.UserId == viewModel.StatusChangedByUserId);
if (authorizer == null || (authorizer.Role != DomainModel.TeamUserRole.Administrator && team.OwnerId != authorizer.UserId))
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "Only team owners, and admins can approve members."));
}
teamMember.Status = DomainModel.TeamUserStatus.Denied;
context.SaveChanges();
emailService.DeniedTeam(teamMember.User, team).Send();
}