// GET api/<controller>/5 /// <summary> /// Get Baby By Id /// </summary> /// <remarks> /// Admin users can get any baby /// Basic users can only get babies for the authorized user /// </remarks> /// <param name="id"></param> /// <returns></returns> /// <exception cref="HttpResponseException"></exception> public async Task <Dictionary <string, object> > Get(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (currentUser.Role == BabyMemoryConstants.AdminUserRole) { var baby = _context.Load <Baby>(id); return(ResponseDictionary(baby)); } var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser); if (!(userBabies.Any(x => x.Id == id))) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } //var usersBaby = _context.Load<Baby>(id); return(ResponseDictionary(userBabies.FirstOrDefault(x => x.Id == id))); }
// GET api/<controller>/5 /// <summary> /// Get memory by id /// </summary> /// <remarks> /// Admin User can get any user /// Basic user can only get itself /// </remarks> /// <param name="id"></param> /// <returns></returns> public async Task <Dictionary <string, object> > Get(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var currentMemory = _context.Load <Memory>(id); if (currentMemory == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } var userMemories = new List <Memory>(); userMemories.AddRange(currentUser.Role == BabyMemoryConstants.AdminUserRole ? _context.Scan <Memory>() : _dataHelpers.GetMemoriesForUser(currentUser)); if (!userMemories.Exists(m => m.Id == currentMemory.Id)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } return(ResponseDictionary(currentMemory)); }
public T Get(string id) { return(_ddbcontext.Load <T>( id, _applicationName, new DynamoDBOperationConfig { OverrideTableName = _ddbTableName } )); }
// Get: api/user/5 /// <summary> /// Get user by Id /// </summary> /// <remarks> /// For Admin User returns any user. /// For non-admin user, only returns info for the user. /// </remarks> /// <param name="id"></param> /// <returns>User</returns> /// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response> /// <exception cref="HttpResponseException"></exception> //[SwaggerResponse(HttpStatusCode.OK, "User that was found", typeof(User))] public async Task <IHttpActionResult> Get(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser is null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } if (currentUser.Id != id && currentUser.Role != BabyMemoryConstants.AdminUserRole) { throw new HttpResponseException(HttpStatusCode.BadRequest); } var user = _context.Load <User>(id); if (user is null) { return(BadRequest()); } return(Ok(ResponseDictionary(user))); }