public async Task <IActionResult> UpdateEnrollee(int enrolleeId, EnrolleeProfileViewModel enrolleeProfile, [FromQuery] bool beenThroughTheWizard) { var enrollee = await _enrolleeService.GetEnrolleeNoTrackingAsync(enrolleeId); if (enrollee == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!User.CanEdit(enrollee)) { return(Forbid()); } // If the enrollee is not in the status of 'Editable', it cannot be updated if (!(await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, StatusType.Editable))) { this.ModelState.AddModelError("Enrollee.CurrentStatus", "Enrollee can not be updated when the current status is not 'Editable'."); return(BadRequest(ApiResponse.BadRequest(this.ModelState))); } await _enrolleeService.UpdateEnrolleeAsync(enrolleeId, enrolleeProfile, beenThroughTheWizard); return(NoContent()); }
public async Task <ActionResult <EnrolleeViewModel> > Submit(int enrolleeId, EnrolleeUpdateModel updatedProfile) { var record = await _enrolleeService.GetPermissionsRecordAsync(enrolleeId); if (record == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!record.EditableBy(User)) { return(Forbid()); } if (updatedProfile == null) { this.ModelState.AddModelError("EnrolleeUpdateModel", "New profile cannot be null."); return(BadRequest(ApiResponse.BadRequest(this.ModelState))); } if (!await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, StatusType.Editable)) { this.ModelState.AddModelError("Enrollee.CurrentStatus", "Application can not be submitted when the current status is not 'Active'."); return(BadRequest(ApiResponse.BadRequest(this.ModelState))); } updatedProfile.IdentityAssuranceLevel = User.GetIdentityAssuranceLevel(); updatedProfile.IdentityProvider = User.GetIdentityProvider(); await _submissionService.SubmitApplicationAsync(enrolleeId, updatedProfile); var enrollee = await _enrolleeService.GetEnrolleeAsync(enrolleeId); return(Ok(ApiResponse.Result(enrollee))); }
public async Task <IActionResult> UpdateEnrollee(int enrolleeId, EnrolleeUpdateModel enrollee, [FromQuery] bool beenThroughTheWizard) { var record = await _enrolleeService.GetPermissionsRecordAsync(enrolleeId); if (record == null) { return(NotFound(ApiResponse.Message($"Enrollee not found with id {enrolleeId}"))); } if (!record.EditableBy(User)) { return(Forbid()); } // If the enrollee is not in the status of 'Editable', it cannot be updated if (!(await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, StatusType.Editable))) { ModelState.AddModelError("Enrollee.CurrentStatus", "Enrollee can not be updated when the current status is not 'Editable'."); return(BadRequest(ApiResponse.BadRequest(ModelState))); } enrollee.SetTokenProperties(User); await _enrolleeService.UpdateEnrolleeAsync(enrolleeId, enrollee, beenThroughTheWizard); return(NoContent()); }
public async Task <IActionResult> UpdateEnrollee(int enrolleeId, Enrollee enrollee, [FromQuery] bool beenThroughTheWizard = false) { if (enrollee == null) { this.ModelState.AddModelError("Enrollee", "Could not update the enrollee, the passed in Enrollee cannot be null."); return(BadRequest(new ApiBadRequestResponse(this.ModelState))); } if (enrollee == null || enrollee.Id == null) { this.ModelState.AddModelError("Enrollee.Id", "Enrollee Id is required to make updates."); return(BadRequest(new ApiBadRequestResponse(this.ModelState))); } if (enrolleeId != enrollee.Id) { this.ModelState.AddModelError("Enrollee.Id", "Enrollee Id does not match with the payload."); return(BadRequest(new ApiBadRequestResponse(this.ModelState))); } if (!_enrolleeService.EnrolleeExists(enrolleeId)) { return(NotFound(new ApiResponse(404, $"Enrollee not found with id {enrolleeId}"))); } // If the enrollee is not in the status of 'In Progress', it cannot be updated if (!(await _enrolleeService.IsEnrolleeInStatusAsync(enrolleeId, Status.IN_PROGRESS_CODE))) { this.ModelState.AddModelError("Enrollee.CurrentStatus", "Enrollee can not be updated when the current status is not 'In Progress'."); return(BadRequest(new ApiBadRequestResponse(this.ModelState))); } // If the user is not an ADMIN, make sure the enrolleeId matches the user, otherwise return not authorized if (!BelongsToEnrollee(enrollee)) { return(Forbid()); } await _enrolleeService.UpdateEnrolleeAsync(enrollee, beenThroughTheWizard); return(NoContent()); }