public HttpResponseMessage PutWhoAmI(int id, Users users)
{
int uId = Auth.FB.GetUserId();
string fbId = Auth.FB.GetFbId();
Users _users = db.Users.Find(id);
if (_users == null) return Request.CreateResponse(HttpStatusCode.NotFound);
// You must be the user
if (_users.id == uId)
{
//update only the defaultOrg field
_users.defaultOrg = users.defaultOrg;
db.Entry(_users).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
return Request.CreateResponse(HttpStatusCode.OK);
}
else
{
return Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
public HttpResponseMessage PostFBUsers(IEnumerable<Users> usr)
{
//if (ModelState.IsValid)
//{
// loop users
foreach (Users users in usr)
{
if (Auth.FB.IsOrgAdmin(users.defaultOrg))
{
//Check to see FB ID already exists
Users existingUser = db.Users.FirstOrDefault(u => u.fbUserId == users.fbUserId);
if (existingUser == null)
{
// new user
// create account
Users newUser = new Users();
var now = DateTime.Now.ToString("O");
newUser.defaultOrg = 1;
newUser.fbUserId = users.fbUserId;
newUser.created_at = now;
newUser.isSystemAdmin = false;
newUser.updated_at = now;
newUser.name = users.name;
db.Users.Add(newUser);
db.SaveChanges();
// add the user to an org with there name as the orgName
Orgs newOrg = new Orgs();
newOrg.created_at = now;
newOrg.orgName = users.name;
newOrg.updated_at = now;
// save new org to the Org DB
db.Orgs.Add(newOrg);
db.SaveChanges();
// Map user to the org that was just created and make him the admin
db.OrgUserMappings.Add(new OrgUserMappings { usersId = newUser.id, isOrgAdmin = true, orgsId = newOrg.id });
// add an org user mapping
db.OrgUserMappings.Add(new OrgUserMappings { usersId = newUser.id, isOrgAdmin = users.isSystemAdmin, orgsId = users.defaultOrg });
db.SaveChanges();
// set the default org for the user
newUser.defaultOrg = newOrg.id;
db.Entry(newUser).State = EntityState.Modified;
db.SaveChanges();
}
else
{
// if usr exists
// add an org user mapping, if one does not already exist
OrgUserMappings existingMapping = db.OrgUserMappings.FirstOrDefault(ou => ou.orgsId == users.defaultOrg && ou.usersId == existingUser.id);
if (existingMapping != null)
{
// update mapping
existingMapping.isOrgAdmin = users.isSystemAdmin;
db.Entry(existingMapping).State = EntityState.Modified;
}
else
{
// create mapping
db.OrgUserMappings.Add(new OrgUserMappings { isOrgAdmin = users.isSystemAdmin, orgsId = users.defaultOrg, usersId = existingUser.id });
}
db.SaveChanges();
}
}
}
return Request.CreateResponse(HttpStatusCode.OK);
//}
//else
//{
// return Request.CreateResponse(HttpStatusCode.BadRequest);
//}
//else
//{
// throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
//}
}
/// POST api/Users
/// <summary>
/// CREATE's a new user
/// </summary>
public HttpResponseMessage PostUsers(Users users)
{
if (Auth.FB.IsOrgAdmin())
{
if (ModelState.IsValid)
{
//Check to see FB ID already exists
var existingUser = db.Users.Where(u => u.fbUserId == users.fbUserId).Count();
if (existingUser == 0)
{
// make the default org 1 if none is passed in
int defaultOrgId = users.defaultOrg;
if (defaultOrgId == 0)
{
users.defaultOrg = 1;
}
db.Users.Add(users);
db.SaveChanges();
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, users);
response.Headers.Location = new Uri(Url.Link("DefaultApi", new { id = users.id }));
return response;
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
}
}
else
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
/// PUT api/Users/5
/// <summary>
/// UPDATE's user information like the users Name, defaultOrg, and isSystemAdmin
/// You must be a system administrator to use this
/// </summary>
public HttpResponseMessage PutUsers(int id, Users users)
{
// You must be a system admin to perform these actions
if (Auth.FB.IsSystemAdmin())
{
if (ModelState.IsValid)
{
db.Entry(users).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
return Request.CreateResponse(HttpStatusCode.OK);
}
else
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
}
else
{
return Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
public override void OnAuthorization(HttpActionContext actionContext)
{
MyDatabase db = new MyDatabase();
try
{
// get api token from the user header ApiToken
IEnumerable<string> token = actionContext.Request.Headers.GetValues("ApiToken");
_apiToken = token.First();
// get facebook credential based on fb token passed in
IEnumerable<string> fbToken = actionContext.Request.Headers.GetValues("FbToken");
Debug.Write(fbToken.First());
_fbToken = fbToken.First();
// Check is user is Legit
// authenicated
if (_apiToken == _apiTokenSecret)
{
// the api token is good, is the facebook token valid ? and who are you ?
var client = new FacebookClient(_fbToken);
dynamic result = client.Get("me", new { fields = "name,id" });
// set the users identity
_fbUserid = result.id;
var _fbName = result.name;
if (_fbUserid != "")
{
// get the userid (internal id ) from the db - user.Id
var user = db.Users.Where(u => u.fbUserId == _fbUserid).FirstOrDefault();
// Brand new user to add
if (user == null)
{
//_isAuth = false;
// add user to db
Users newUser = new Users();
var now = DateTime.Now.ToString("O");
newUser.defaultOrg = 1;
newUser.fbUserId = _fbUserid;
newUser.created_at = now;
newUser.isSystemAdmin = false;
newUser.updated_at = now;
newUser.name = _fbName;
db.Users.Add(newUser);
db.SaveChanges();
// add the user to an org with there name as the orgName
Orgs newOrg = new Orgs();
newOrg.created_at = now;
newOrg.orgName = _fbName;
newOrg.updated_at = now;
// save new org to the Org DB
db.Orgs.Add(newOrg);
db.SaveChanges();
// Map user to the org that was just created and make him the admin
db.OrgUserMappings.Add(new OrgUserMappings { usersId = newUser.id, isOrgAdmin = true, orgsId = newOrg.id});
db.SaveChanges();
// set the default org for the user
newUser.defaultOrg = newOrg.id;
db.SaveChanges();
_userId = newUser.id;
// Set up the identity object that our Controllers can use
GenericIdentity identity = new GenericIdentity(_fbUserid);
System.Threading.Thread.CurrentPrincipal =
new GenericPrincipal(identity, _roles);
_isAuth = true;
}
else
{
_userId = user.id;
// Set up the identity object that our Controllers can use
GenericIdentity identity = new GenericIdentity(_fbUserid);
System.Threading.Thread.CurrentPrincipal =
new GenericPrincipal(identity, _roles);
_isAuth = true;
}
}
else
{
_isAuth = false;
}
}
// not authenicated
else
{
_isAuth = false;
}
//authenicated
if (_isAuth)
{
Debug.WriteLine("You're authenicated");
}
// not authenicated
else
{
// 417 - so we can specify a message
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = "Invalid token";
actionContext.Response.Content = new StringContent("Invalid token");
}
}
catch (FacebookOAuthException e)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = e.Message;
actionContext.Response.Content = new StringContent(e.InnerException.ToString());
}
catch (FacebookApiLimitException e)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = e.Message;
actionContext.Response.Content = new StringContent(e.InnerException.ToString());
}
catch (FacebookApiException e)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = e.Message;
actionContext.Response.Content = new StringContent(e.InnerException.ToString());
}
catch (Exception e)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);
actionContext.Response.ReasonPhrase = e.Message;
actionContext.Response.Content = new StringContent(e.InnerException.ToString());
}
finally
{
db.Dispose();
}
}
