public async Task <ActionResult <PutPermissionResponse> > UpdatePermission( [Required] string meUserId, [Required] string permissionId, [FromBody] PutPermissionRequest putPermission) { try { if (!ModelState.IsValid) { return(BadRequest(new PutPermissionResponse())); } var currentUser = await CurrentUser(); if (currentUser.UserId.Equals(meUserId)) { return(Forbid()); } var locationDocument = (await _locationParentsService.Handle( new LocationParentsQuery(putPermission.LocationId))) .ToLocationPath(); if (!CanAsync(Permission.UpdateUserPermission, locationDocument)) { return(Forbid()); } var user = await _userRetrievalByIdService.Handle(new UserRetrievalByIdQuery(meUserId)); if (user == null) { return(NotFound(new PutPermissionResponse())); } var permissionToUpdate = user.Permissions.SingleOrDefault(p => p.PermissionId == permissionId); if (permissionToUpdate == null) { return(NotFound(new PutPermissionResponse())); } if (user.Permissions.Any(usersPermission => usersPermission.LocationId == putPermission.LocationId && usersPermission.UserRole == putPermission.UserRole)) { return(Conflict()); } permissionToUpdate = Mapper.Map(putPermission, permissionToUpdate); var updateUser = new UserUpdatePermissions { UserId = user.UserId, Permissions = user.Permissions, }; await _userUpdateService.Handle(new UserUpdateQuery(updateUser, currentUser)); var locationOfPermission = _locationRetrievalService.Handle(new LocationRetrievalByIdQuery(permissionToUpdate.LocationId)).Result; var permissionLocation = new PermissionLocation(permissionToUpdate, locationOfPermission, meUserId); var result = Mapper.Map <PutPermissionResponse>(permissionLocation); return(Ok(result)); } catch (DocumentClientException) { return(NotFound(new PutPermissionResponse())); } catch (ArgumentException) { return(NotFound(new PutPermissionResponse())); } }
public async Task <ActionResult> DeletePermission( [Required] string meUserId, [Required] string permissionId) { try { if (!ModelState.IsValid) { return(BadRequest()); } var currentUser = await CurrentUser(); if (currentUser.UserId.Equals(meUserId)) { return(Forbid()); } var user = await _userRetrievalByIdService.Handle(new UserRetrievalByIdQuery(meUserId)); if (user == null) { return(NotFound()); } var permissionToDelete = user.Permissions.FirstOrDefault(p => p.PermissionId == permissionId); if (permissionToDelete == null) { return(NotFound()); } var locationDocument = (await _locationParentsService.Handle( new LocationParentsQuery(permissionToDelete.LocationId))) .ToLocationPath(); if (!CanAsync(Permission.DeleteUserPermission, locationDocument)) { return(Forbid()); } var temp = user.Permissions.ToList(); temp.Remove(permissionToDelete); var userUpdate = new UserUpdatePermissions() { UserId = user.UserId, Permissions = temp, }; user.Permissions = temp; await _userUpdateService.Handle(new UserUpdateQuery(userUpdate, currentUser)); return(Ok()); } catch (DocumentClientException) { return(NotFound()); } catch (ArgumentException) { return(NotFound()); } }
public async Task <ActionResult <PostPermissionResponse> > CreatePermission( [Required] string meUserId, [FromBody] PostPermissionRequest postPermission) { if (!ModelState.IsValid) { return(BadRequest(new PostPermissionResponse())); } var currentUser = await CurrentUser(); if (currentUser.UserId.Equals(meUserId)) { return(Forbid()); } try { var permission = Mapper.Map <MEUserPermission>(postPermission); permission.PermissionId = Guid.NewGuid().ToString(); var locationDocument = (await _locationParentsService.Handle( new LocationParentsQuery(permission.LocationId))) .ToLocationPath(); if (!CanAsync(Permission.CreateUserPermission, locationDocument)) { return(Forbid()); } var user = await _userRetrievalByIdService.Handle(new UserRetrievalByIdQuery(meUserId)); if (user == null) { return(NotFound(new PostPermissionResponse())); } var existingPermissions = user.Permissions != null?user.Permissions.ToList() : new List <MEUserPermission>(); if (user.Permissions == null) { user.Permissions = new List <MEUserPermission>(); } if (user.Permissions.Any(usersPermissions => usersPermissions.IsEquivalent(permission))) { return(Conflict()); } existingPermissions.Add(permission); user.Permissions = existingPermissions; var updateUser = new UserUpdatePermissions { UserId = user.UserId, Permissions = user.Permissions, }; await _userUpdateService.Handle(new UserUpdateQuery(updateUser, currentUser)); var location = _locationRetrievalService.Handle(new LocationRetrievalByIdQuery(permission.LocationId)).Result; var permissionLocation = new PermissionLocation(permission, location, meUserId); var result = Mapper.Map <PostPermissionResponse>(permissionLocation); return(Ok(result)); } catch (DocumentClientException) { return(NotFound(new PostPermissionResponse())); } catch (ArgumentException) { return(NotFound(new PostPermissionResponse())); } }