public void AddDeviation(DeviationDto inputDeviation) // What if WorkMonth.Id is manipulated?
{
if (inputDeviation == null)
{
throw new Exception("Bad input, deviation is null");
}
var targetWorkMonth = _timeKeeperRepo.GetWorkMonthByIdAsync(inputDeviation.WorkMonthId).Result;
// Is user member of organisation?
if (targetWorkMonth == null)
{
targetWorkMonth = GetNotYetCreatedWorkmonth(inputDeviation.RequestedDate);
targetWorkMonth.UserId = inputDeviation.userId;
targetWorkMonth = _timeKeeperRepo.AddWorkMonth(targetWorkMonth).Result;
inputDeviation.WorkMonthId = targetWorkMonth.Id;
}
if (targetWorkMonth.IsApproved)
{
throw new Exception("Cannot add deviation to allready approved month.");
}
if (targetWorkMonth.IsSubmitted)
{
throw new Exception("The month is submitted, unsubmit and try again.");
}
if (targetWorkMonth.UserId != inputDeviation.userId)
{
throw new UnauthorizedAccessException();
}
var result = _mapper.Map <Deviation>(inputDeviation);
_timeKeeperRepo.AddDeviationAsync(result);
}
private bool ValidateInputDeviationInput(DeviationDto inputDeviation)
{
var requestedMonth = _timeKeeperRepo.GetWorkMonthByIdAsync(inputDeviation.WorkMonthId).Result;
if (requestedMonth.IsApproved)
{
throw new Exception("Cannot add deviations to allready approved months.");
}
if (requestedMonth.IsSubmitted)
{
throw new Exception("Cannot add deviations to allready submitted months. Recall the month and try again.");
}
if (inputDeviation.userId != requestedMonth.UserId)
{
throw new Exception("Unauthorized.");
}
return(true);
}
