/// <summary> /// Get List of all users /// </summary> /// <returns></returns> public async Task <IList <UserOutoutDTO> > GetAllUsers(int userId) { List <UserEntity> allUsers = null; //Get the user that sent the delete request UserEntity loggedInUser = await this.userRepository.GetUser(userId); allUsers = (List <UserEntity>) await this.userRepository.GetAllUsers(); if (loggedInUser.Role == Roles.Business) { allUsers = allUsers.FindAll(user => user.ParentUserId == loggedInUser.UserId); } else if (loggedInUser.Role == Roles.BusinessUser) { UserAccessEntity userAccess = await this.userAccessRepository.GetUserAccess(loggedInUser.UserId); if (userAccess.View) { allUsers = allUsers.FindAll(user => user.ParentUserId == loggedInUser.ParentUserId); } else { throw new UnauthorizedAccessException("User Don't Have access for this action"); } } else if (loggedInUser.Role == Roles.User) { throw new UnauthorizedAccessException("User Don't Have access for this action"); } //Map to user output dto return(this.mapper.Map <IList <UserOutoutDTO> >(allUsers)); }
public async Task UpdateUserAccess(UserAccessEntity userAccessEntity) { UserAccessEntity user = this.context.UserAccess.SingleOrDefault((access) => access.UserId == userAccessEntity.UserId); if (user == null) { this.context.UserAccess.Add(userAccessEntity); } else { user.Create = userAccessEntity.Create; user.Edit = userAccessEntity.Edit; user.View = userAccessEntity.View; user.Delete = userAccessEntity.Delete; this.context.UserAccess.Update(user); } await this.context.SaveChangesAsync(); }
public async Task <AccessOutputDto> GetAllUserAccess(int userId) { AccessOutputDto accessOutputDto = new AccessOutputDto(); UserAccessEntity userAccessEntity = await this.userAccessRepository.GetUserAccess(userId); if (userAccessEntity == null) { accessOutputDto.UserAccess = new UserAccessOutputDto() { UserId = userId }; } else { UserAccessOutputDto userAccessOutputDto = this.mapper.Map <UserAccessOutputDto>(userAccessEntity); accessOutputDto.UserAccess = userAccessOutputDto; } return(accessOutputDto); }
/// <summary> /// Delete a user /// </summary> /// <param name="userDeleteInputDTO"></param> /// <returns></returns> public async Task DeleteUser(UserDeleteInputDTO userDeleteInputDTO, int userId) { bool hasAccessToDelete = true; //Get the user that sent the delete request UserEntity loggedInUser = await this.userRepository.GetUser(userId); if (loggedInUser.Role == Roles.BusinessUser) { UserAccessEntity userAccess = await this.userAccessRepository.GetUserAccess(userId); hasAccessToDelete = userAccess != null ? userAccess.Delete : false; } if (hasAccessToDelete) { await this.userRepository.DeleteUser(userDeleteInputDTO.UserId); } else { throw new UnauthorizedAccessException("User don't have access to perform delete operation"); } }
/// <summary> /// Update Given User /// </summary> /// <param name="userUpdateInputDTO"></param> /// <returns></returns> public async Task UpdateUser(UserUpdateInputDTO userUpdateInputDTO, int userId) { UserEntity foundUser = await this.userRepository.GetUser(userUpdateInputDTO.UserId); bool hasAccessToUpdate = true; if (foundUser == null) { throw new ApplicationException("User not found"); } //Get the user that sent the delete request UserEntity loggedInUser = await this.userRepository.GetUser(userId); if (loggedInUser.Role == "BusinessUser") { UserAccessEntity userAccess = await this.userAccessRepository.GetUserAccess(userId); hasAccessToUpdate = userAccess != null ? userAccess.Edit : false; } if (hasAccessToUpdate) { foundUser.FirstName = userUpdateInputDTO.FirstName; foundUser.LastName = userUpdateInputDTO.LastName; foundUser.Role = userUpdateInputDTO.Role; foundUser.EmailAddress = userUpdateInputDTO.EmailAddress; foundUser.EmailVerified = userUpdateInputDTO.EmailVerified; foundUser.MaxUsers = userUpdateInputDTO.MaxUsers; await this.userRepository.UpdateUser(foundUser); } else { throw new UnauthorizedAccessException("User don't have access to perform Edit operation"); } }
public async Task UpdateAllAccess(AccessOutputDto accessOutputDto) { UserAccessEntity userAccessEntity = this.mapper.Map <UserAccessEntity>(accessOutputDto.UserAccess); await this.userAccessRepository.UpdateUserAccess(userAccessEntity); }
/// <summary> /// Add New User /// </summary> /// <param name="userAddInputDTO"></param> /// <returns></returns> public async Task <UserOutoutDTO> AddNewUser(UserAddInputDTO userAddInputDTO, int userId) { UserEntity newUser = this.mapper.Map <UserEntity>(userAddInputDTO); bool hasAccessToCreate = true; UserEntity loggedInUser = await this.userRepository.GetUser(userId); byte[] passwordHash, passwordSalt; this.authService.CreatePasswordHash(newUser.EmailAddress, out passwordHash, out passwordSalt); newUser.passwordSalt = passwordSalt; newUser.passwordHash = passwordHash; if (loggedInUser.Role == Roles.BusinessUser) { UserEntity parent = await this.userRepository.GetUser(loggedInUser.ParentUserId); if (parent.AddedUsers + 1 > parent.MaxUsers) { throw new ApplicationException("Business cannot add more users"); } // Update user added users parent.AddedUsers = parent.AddedUsers + 1; await this.userRepository.UpdateUser(parent); UserAccessEntity userAccess = await this.userAccessRepository.GetUserAccess(userId); hasAccessToCreate = userAccess != null ? userAccess.Delete : false; newUser.ParentUserId = loggedInUser.ParentUserId; } if (loggedInUser.Role == Roles.Business) { newUser.ParentUserId = loggedInUser.UserId; if (loggedInUser.AddedUsers + 1 > loggedInUser.MaxUsers) { throw new ApplicationException("Business cannot add more users"); } } if (hasAccessToCreate) { UserEntity updatedUser = await this.userRepository.AddUser(newUser); if (!updatedUser.EmailVerified) { await this.accountService.SendVerificationEmail(updatedUser.EmailAddress); } if (loggedInUser.Role == Roles.Business) { // Update user added users loggedInUser.AddedUsers = loggedInUser.AddedUsers + 1; await this.userRepository.UpdateUser(loggedInUser); } return(this.mapper.Map <UserOutoutDTO>(updatedUser)); } else { throw new UnauthorizedAccessException("User don't have access to perform the add user operation"); } }