public IHttpActionResult GetFeedback(int id)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//Ima li usera prema traženom ID-ju
bool UserExists = db.CTEmployees.Any(x => x.ID.Equals(id));
//ako ga nema
if (!UserExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Requested User invalid")));
}
//ako je običan user, može da traži samo svoje podatke
if (!isAdmin && empLogged.ID != id)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
var commentlist = new List <Tuple <int, int, DateTime, string, string, int?> >().Select(t => new {
IdTypeCategory = t.Item1,
IdCategory = t.Item2,
Date = t.Item3,
Header = t.Item4,
Comment = t.Item5,
rating = t.Item6
}).ToList();
//vadi sve komentare za zadatog usera
foreach (Feedback feed1 in db.Feedbacks)
{
if (feed1.IDUser == id)
{
commentlist.Add(new {
IdTypeCategory = getCatCode(feed1),
IdCategory = getCatId(feed1),
Date = feed1.FeedbackDate,
Header = feed1.Heading,
Comment = feed1.Comment,
rating = feed1.Rating
});
}
}
if (commentlist.Count == 0)
{
return(NotFound());
}
return(Ok(commentlist));
}
//******************************************
//*drugi stepen aktivacije naloga
public ActionResult Activation()
{
string poruka1 = String.Empty;
string Guidobj1 = RouteData.Values["id"].ToString();
Guid activationCode1 = new Guid();
if (Guid.TryParse(Guidobj1, out activationCode1) && Guidobj1 != null)
{
Employee_Activation Activation1 = db.Employee_Activations.Where(p => p.ActivationCode.Equals(activationCode1)).FirstOrDefault();
if (Activation1 != null)
{
db.Employee_Activations.Remove(Activation1);
db.SaveChanges();
CTEmployee user1 = db.CTEmployees.Find(Activation1.Id);
ViewBag.message = "Activation successful! You can Login now.";
return(View());
}
}
ViewBag.message = "Activation unsuccessful!";
return(View());
}
//[ResponseType(typeof(Country))]
public IHttpActionResult PostCountry([FromBody] Country PostCountry)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako nije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//da li već postoji Country
bool CountryExists = db.Countries.Any(e => e.Name == PostCountry.Name);
if (CountryExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Country already exists!")));
}
db.Countries.Add(PostCountry);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Created, "Country added")));;
}
public IHttpActionResult DeleteDestination(int id)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
Country country = db.Countries.Find(id);
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
Destination Dest2Delete = db.Destinations.Find(id);
if (Dest2Delete == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Item not found!")));
}
db.Destinations.Remove(Dest2Delete);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Moved, "Item Deleted")));
}
public IHttpActionResult GetCTEmployee()
{
CTEmployee empl1 = GetLoggedEmp(out bool isAdmin);
//ako ne postoji
if (empl1 == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako nije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
var EmpList = new List <Tuple <int, string, string> >()
.Select(t => new { Id = t.Item1, Name = t.Item2, LastName = t.Item3 }).ToList();
foreach (CTEmployee ct1 in db.CTEmployees)
{
EmpList.Add(new { Id = ct1.ID, Name = ct1.FName, LastName = ct1.LName });
}
return(Ok(EmpList));
}
public IHttpActionResult PutDestination([FromBody] Destination Dest1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako mije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//Postoji li Destination prema ID-ju
bool PutDestExists = db.Destinations.Any(x => x.ID.Equals(Dest1.ID));
//ako nema
if (!PutDestExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Destination invalid")));
}
db.Entry(Dest1).State = EntityState.Modified;
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.OK, "Podaci promenjeni")));
}
public IHttpActionResult PostCTEmployee([FromBody] CTEmployee PostEmp1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
//identifikuje jedinstvenog usera preko mail-a
PostEmp1.Email = PostEmp1.Email.Trim();
bool empExists = db.CTEmployees.Any(e => e.Email == PostEmp1.Email);
if (empExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Email address already exists!")));
}
//proveri da li password već postoji kod drugog usera
PostEmp1.Pass = encrypt.encryptPass(PostEmp1.Pass.Trim());
bool PassExists = db.CTEmployees.Any(x => (x.Pass == PostEmp1.Pass && x.Email != PostEmp1.Email));
if (PassExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Password Alredy exists")));
}
PostEmp1.EmployeeType = 1;
db.CTEmployees.Add(PostEmp1);
db.SaveChanges();
SendActivationEmail(PostEmp1);
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Created, "To successfully finish the process of registration click the link in the activation email!")));
}
public IHttpActionResult PostDestination(Destination Dest1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//da li već postoji dest
bool DestExists = db.Destinations.Any(e => e.CityName.Equals(Dest1.CityName, StringComparison.OrdinalIgnoreCase));
if (DestExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Destination already exists!")));
}
db.Destinations.Add(Dest1);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Created, "Destination added")));
}
public IHttpActionResult GetCTEmployee(int id)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//nađi usera prema traženom ID-ju
CTEmployee empRequested = db.CTEmployees.Find(id);
//ako ga nema
if (empRequested == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako je običan user, može da traži samo svoje podatke
if (!isAdmin && empLogged.ID != empRequested.ID)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//filtrira podatke za korisnika
string pass = encrypt.decryptPass(empRequested.Pass);
var emp = new { empRequested.ID, empRequested.FName, empRequested.LName, pass, empRequested.Email, empRequested.EmployeeType };
return(Ok(emp));
}
public IHttpActionResult GetCountry([FromUri] int id)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako mije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
Country CountryRequested = db.Countries.Find(id);
if (CountryRequested == null)
{
return(NotFound());
}
return(Ok(new { Id = CountryRequested.ID, Name = CountryRequested.Name }));
}
public IHttpActionResult PostDestination(LifeInCity Life1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako mije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//da li postoji destincija u listi destinacija
bool DestExists = db.Destinations.Any(e => e.ID.Equals(Life1.IDDestination));
if (!DestExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Destination not valid!")));
}
//da li postoji kategorija u listi kategorija
bool CatExists = db.AccTraDesCategories.Any(e => e.ID.Equals(Life1.IDAccTraDesCategory));
if (!CatExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Category not valid!")));
}
//da li postoji već opis te kategorije za taj grad
bool DestAndCategExists = db.LifeInCities.Any(x => (x.IDAccTraDesCategory.Equals(Life1.IDAccTraDesCategory) && x.IDDestination.Equals(Life1.IDDestination)));
//ako već ima, nemoj dodati
if (DestAndCategExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Category alredy exists for given destination")));
}
//inače dodaj
else
{
Life1.ChangeDate = System.DateTime.UtcNow;
Life1.IDAdmin = empLogged.ID;
db.LifeInCities.Add(Life1);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Created, "Category added")));
}
}
public IHttpActionResult GetLIfeinCity([FromUri] int id, int id2)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//dal postoji destin. za zadati
bool idDestExists = db.Destinations.Any(x => x.ID.Equals(id));
if (!idDestExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Destination invalid")));
}
//dal postoji kategorija za zadati id
bool idCetegorytExists = db.AccTraDesCategories.Any(x => x.ID.Equals(id));
if (!idCetegorytExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Category invalid")));
}
//ako je admin, pošalji mu i datum izmene destination i ko je izmenio
if (isAdmin)
{
var LIfeinCity1 = (
from c in db.LifeInCities
where (c.IDDestination == id && c.IDAccTraDesCategory == id2)
select new { c.ID, c.Description, c.ChangeDate, c.IDAdmin }).ToList();
if (LIfeinCity1 == null)
{
return(NotFound());
}
return(Ok(LIfeinCity1));
}
//za običnog usera đaljem bez toga
else
{
var LIfeinCity1 = (
from c in db.LifeInCities
where (c.IDDestination == id && c.IDAccTraDesCategory == id2)
select new { c.ID, c.Description }).ToList();
if (LIfeinCity1 == null)
{
return(NotFound());
}
return(Ok(LIfeinCity1));
}
}
//*******************
//baca objekat u file
//*******************
private static void SendEmpToFile(CTEmployee emp1)
{
string path = $"{HttpRuntime.AppDomainAppPath}\\Izlaz_objekat.txt";
StreamWriter izlaz = new StreamWriter(path);
izlaz.WriteLine("Id= " + emp1.ID + '\n');
izlaz.WriteLine("Fname= " + emp1.FName + '\n');
izlaz.WriteLine("Lname= " + emp1.LName + '\n');
izlaz.Close();
}
//************************************************
//vraća autorizovanog usera i njegov EmployeeType
//************************************************
private CTEmployee GetLoggedEmp(out bool isAdmin)
{
isAdmin = false;
string Mail = ControllerContext.RequestContext.Principal.Identity.Name;
CTEmployee empl1 = db.CTEmployees.Where(x => x.Email.Equals(Mail)).FirstOrDefault();
if (empl1 != null)
{
isAdmin = (empl1.EmployeeType == 0);
}
return(empl1);
}
public IHttpActionResult DeleteLifeInCity([FromUri] int id, [FromUri] int id2 = -1)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
Country country = db.Countries.Find(id);
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//da li postoji destincija u listi destinacija
bool DestExists = db.Destinations.Any(e => e.ID.Equals(id));
if (!DestExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Destination not valid!")));
}
//da li postoji kategorija u listi kategorija
bool CatExists = db.AccTraDesCategories.Any(e => e.ID.Equals(id2));
if (!CatExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Category not valid!")));
}
//da li postoji LifeInCity te kategorije za taj grad
LifeInCity life1 = db.LifeInCities.Where(x => (x.IDAccTraDesCategory.Equals(id2) && x.IDDestination.Equals(id))).FirstOrDefault();
//ako nema, nema ni brisanja
if (life1 == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Category dont exist for given destination")));
}
//inače briši
else
{
db.LifeInCities.Remove(life1);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Moved, "Item Deleted")));
}
}
public IHttpActionResult PutFeedback([FromBody] Feedback fdb1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//postoji li Feedback prema iD-ju ?
bool FeedbackExists = db.Feedbacks.Any(x => x.ID.Equals(fdb1.ID));
//ako nema
if (!FeedbackExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Feedback Item not found")));
}
//if (id != feedback.ID)
//{
// return BadRequest();
//}
//db.Entry(feedback).State = EntityState.Modified;
//try
//{
// db.SaveChanges();
//}
//catch (DbUpdateConcurrencyException)
//{
// if (!FeedbackExists(id))
// {
// return NotFound();
// }
// else
// {
// throw;
// }
//}
return(StatusCode(HttpStatusCode.NoContent));
}
//*******************************************************
public override async Task GrantResourceOwnerCredentials
(OAuthGrantResourceOwnerCredentialsContext context)
{
string mail = null;
using (DBBTAEntities obj = new DBBTAEntities())
{
string contMail = context.UserName.Trim();
string contPass = context.Password.Trim();
CTEmployee emp1 = obj.CTEmployees.Where(
x => x.Email == contMail).FirstOrDefault();
if (emp1 != null)
{
bool PassEq = encrypt.decryptPass(emp1.Pass) == contPass;
mail = emp1.Email;
if (!PassEq)
{
context.SetError("invalid_grant",
"The password is incorrect.");
return;
}
}
else
{
context.SetError("invalid_grant",
"User name not found.");
return;
}
}
ClaimsIdentity oAuthIdentity =
new ClaimsIdentity(context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity =
new ClaimsIdentity(context.Options.AuthenticationType);
//ovo dodajem
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, mail));
AuthenticationProperties NameProperty = CreateProperties(context.UserName);
AuthenticationTicket ticket =
new AuthenticationTicket(oAuthIdentity, NameProperty);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
//***************************************************
//*******Send Activation Mail
//***************************************************
private void SendActivationEmail(CTEmployee user1)
{
Guid activationCode1 = Guid.NewGuid();
string host; string email; string password;
db.Employee_Activations.Add(new Employee_Activation {
Id = user1.ID,
ActivationCode = activationCode1
});
var par1 = db.Admin_SMTP_parameteres.FirstOrDefault();
host = par1.host;
email = par1.UserName;
password = encrypt.decryptPass(par1.password);
db.SaveChanges();
int port = 587;
string mailFrom = "*****@*****.**";
string mailTo = user1.Email;
string mailTitle = "Account activation";
string mailMessage = "Hi, " + user1.FName + " " + user1.LName + ", ";
mailMessage += "<br /><br />Click on the link below to activate accoount";
var baseUrl = Request.RequestUri.GetLeftPart(UriPartial.Authority);
mailMessage += "<br /><a href = '" + string.Format("{0}/Home/Activation/{1}", baseUrl, activationCode1) + "'>Activate.</a>";
var message1 = new MimeMessage();
message1.From.Add(new MailboxAddress(mailFrom));
message1.To.Add(new MailboxAddress(mailTo));
message1.Subject = mailTitle;
message1.Body = new TextPart("html")
{
Text = mailMessage
};
using (var client = new SmtpClient()) {
client.Connect(host, port, SecureSocketOptions.StartTls);
client.Authenticate(email, password);
client.Send(message1);
client.Disconnect(true);
}
}
public IHttpActionResult PostCTEmployee([FromBody] CTEmployee PostEmp1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako nije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//mail dodatog usera
PostEmp1.Email = PostEmp1.Email.Trim();
bool empExists = db.CTEmployees.Any(e => e.Email == PostEmp1.Email);
//ako već postoji
if (empExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Email address already exists!")));
}
//proveri da li password već postoji kod drugog usera
PostEmp1.Pass = encrypt.encryptPass(PostEmp1.Pass.Trim());
bool PassExists = db.CTEmployees.Any(x => (x.Pass == PostEmp1.Pass && x.Email != PostEmp1.Email));
if (PassExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Password Alredy exists")));
}
db.CTEmployees.Add(PostEmp1);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Created, "User added")));
}
public IHttpActionResult GetCountries()
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
var CountryList = new List <Tuple <int, string> >()
.Select(t => new { Id = t.Item1, Name = t.Item2 }).ToList();
foreach (Country ct1 in db.Countries)
{
CountryList.Add(new { Id = ct1.ID, Name = ct1.Name });
}
return(Ok(CountryList));
}
//[ResponseType(typeof(Country))]
public IHttpActionResult GetDestinations([FromUri] int id)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
var cities = (from c in db.Destinations
where c.IDCountry == id
select new { c.ID, c.CityName }).ToList();
if (cities == null)
{
return(NotFound());
}
return(Ok(cities));
}
public IHttpActionResult PutLifeInCity(LifeInCity life1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako mije admin
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//postoji li LifeInCity prema iD-ju ?
bool LifeincityExists = db.LifeInCities.Any(x => x.ID.Equals(life1.ID));
//ako nema
if (!LifeincityExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "LifeinCIty Item not found")));
}
life1.ChangeDate = System.DateTime.UtcNow;
life1.IDAdmin = empLogged.ID;
//polja IDDestination i IDAccTraDesCategory se ne menjaju
db.LifeInCities.Attach(life1);
db.Entry(life1).Property("Description").IsModified = true;
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.OK, "Item changed")));
}
public IHttpActionResult GetAccTraDesCategories()
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
var CatList = new List <Tuple <int, string> >().Select(t => new { Id = t.Item1, AccTraDesType = t.Item2 }).ToList();
foreach (AccTraDesCategory categ1 in db.AccTraDesCategories)
{
CatList.Add(new { Id = categ1.ID, AccTraDesType = categ1.AccTraDesType });
}
if (CatList == null)
{
return(StatusCode(HttpStatusCode.NoContent));
}
return(Ok(CatList));
}
//[ResponseType(typeof(CTEmployee))]
public IHttpActionResult DeleteCTEmployee(int id)
{
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
if (!isAdmin)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
CTEmployee empToDelete = db.CTEmployees.Find(id);
//ako je traženi employee admin, ne dozvoli brisanje
if (empToDelete.EmployeeType == 0)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Operation not permited")));
}
if (empToDelete == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Employee not found!")));
}
List <Feedback> usersFeed1 = db.Feedbacks.Where(x => x.IDUser == id).ToList();
db.Feedbacks.RemoveRange(usersFeed1);
db.CTEmployees.Remove(empToDelete);
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.Moved, "User Deleted")));
}
//[ResponseType(typeof(void))]
public IHttpActionResult PutCTEmployee(CTEmployee PutEmp1)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
CTEmployee empLogged = GetLoggedEmp(out bool isAdmin);
//ako ne postoji user koji je logovan
if (empLogged == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//Ima li usera prema traženom ID-ju
CTEmployee ExistingEmployee = db.CTEmployees.Where(x => x.ID.Equals(PutEmp1.ID)).FirstOrDefault();
//ako ga nema
if (ExistingEmployee == null)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "User invalid")));
}
//ako je običan user, može da traži samo svoje podatke
if (!isAdmin && empLogged.ID != PutEmp1.ID)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "User not permited")));
}
//proveri da li je email jedinstven samo ako je admin ulogovan, jer ako nije, običan user svejedno ne može da menja email
PutEmp1.Email = PutEmp1.Email.Trim();
if (isAdmin)
{
bool empExists = db.CTEmployees.Any(x => (x.Email == PutEmp1.Email && x.ID != PutEmp1.ID));
//ako već postoji
if (empExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Email address already exists!")));
}
}
//proveri da li password već postoji kod drugog usera
PutEmp1.Pass = encrypt.encryptPass(PutEmp1.Pass.Trim());
bool PassExists = db.CTEmployees.Any(x => (x.Pass == PutEmp1.Pass && x.ID != PutEmp1.ID));
if (PassExists)
{
return(ResponseMessage(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Password Alredy exists")));
}
ExistingEmployee.FName = PutEmp1.FName;
ExistingEmployee.LName = PutEmp1.LName;
ExistingEmployee.Pass = PutEmp1.Pass;
if (isAdmin) //samo admin sme da izmeni Email polje
{
ExistingEmployee.Email = PutEmp1.Email;
}
db.SaveChanges();
return(ResponseMessage(Request.CreateResponse(HttpStatusCode.OK, "Podaci promenjeni")));
}