public async Task <IHttpActionResult> Comment(long labId, long sampleId, LabsApiCommentModel model)
{
var result = await LabsDao.PostComment(this, labId, sampleId, model);
if (result == null)
{
return(NotFound());
}
return(JsonWithPermissions(result, true, false, false));
}
public static async Task <LabSampleComment> PostComment(IRequestContext context, long labId, long sampleId, LabsApiCommentModel model)
{
var statusChange = model.RequestedStatus;
if (!await IsLabManager(context, labId) && statusChange.HasValue)
{
throw new InvalidOperationException("Not authorized to change sample status.");
}
var labSample = await GetLabSample(context, labId, sampleId);
if (labSample == null)
{
return(null);
}
if (statusChange.HasValue)
{
labSample.Status = statusChange.Value;
}
var comment = new LabSampleComment
{
LabSample = labSample,
UserId = context.UserId,
Date = DateTimeOffset.Now,
NewStatus = statusChange,
Message = string.IsNullOrWhiteSpace(model.Message) ? null : model.Message,
};
context.DbContext.LabSampleComments.Add(comment);
await context.DbContext.SaveChangesAsync();
await context.LogAsync($"Added comment to lab ID {labId} sample ID {sampleId}, changing status to {statusChange}");
return(comment);
}