public IHttpActionResult PostCounterMeasure(CounterMeasureAddRequest counterMeasureRequest)
{
CheckModelState();
//if user is kpi owner not an admin, check if he is the kpi owner of the given
//scorecard else return unauthorized
if (IsUserKPIOwnerOrTeamMemberNotAdmin())
{
bool isUserKPIOwnerOfScorecard = userManager.
IsUserKPIOwnerOfScorecard(Username, counterMeasureRequest.ScorecardId.Value);
bool isUserTeamMemberOfScorecard = userManager.
IsUserTeamMemberOfScorecard(Username, counterMeasureRequest.ScorecardId.Value);
if (!isUserKPIOwnerOfScorecard && !isUserTeamMemberOfScorecard)
{
return(Unauthorized());
}
}
counterMeasureManager.AddCounterMeasure(counterMeasureRequest, Username);
return(Ok());
}
public IHttpActionResult IsUserAdminOrKpiOwnerOrTeamMemberofScorecard(int scorecardId)
{
//if user is kpi owner not an admin, check if he is the kpi owner/team member of the given
//scorecard else return unauthorized
bool isUserKPIOwnerOrTeamMemberofScorecard = false;
bool isUserAdmin = false;
if (IsUserKPIOwnerOrTeamMemberNotAdmin())
{
bool isUserKPIOwnerOfScorecard = userManager.
IsUserKPIOwnerOfScorecard(Username, scorecardId);
bool isUserTeamMemberOfScorecard = userManager.
IsUserTeamMemberOfScorecard(Username, scorecardId);
isUserKPIOwnerOrTeamMemberofScorecard = isUserKPIOwnerOfScorecard || isUserTeamMemberOfScorecard;
}
else if (User.IsInRole(NDMSSecurityConstants.AdminRole))
{
isUserAdmin = true;
}
ApiResponse <bool> resonse = new ApiResponse <bool>();
resonse.Data = isUserAdmin || isUserKPIOwnerOrTeamMemberofScorecard;
return(Ok(resonse));
}