public async Task <IActionResult> GetAsync([FromRoute] Guid organizationuuid, [FromRoute] Guid uuid)
{
//note:
//org users and org roles are read from mh meta db!
//This is where some env core objects are kept
//ensure user belongs to an org
if (await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid))
{
var user = (await base.GetAsync(uuid, GetDefaultDbContext())).GetContent <MapHiveUser>();
if (user == null)
{
return(NotFound());
}
//just check for owner / admin roles; it is an org member anyway
if (await OrganizationContext.IsOrgOwnerAsync(GetDefaultDbContext(), user))
{
user.OrganizationRole = Organization.OrganizationRole.Owner;
}
else if (await OrganizationContext.IsOrgAdminAsync(GetDefaultDbContext(), user))
{
user.OrganizationRole = Organization.OrganizationRole.Admin;
}
else
{
user.OrganizationRole = Organization.OrganizationRole.Member;
}
return(Ok(user));
}
return(NotFound());
}
public async Task <IActionResult> UpdateLinkAsync([FromRoute] Guid organizationuuid, [FromBody] MapHiveUser user, [FromRoute] Guid uuid)
{
try
{
//only owners or admins should be allowed to perform this action
var callerId = Cartomatic.Utils.Identity.GetUserGuid();
if (!(UserIsOrgOwner(callerId) || UserIsOrgAdmin(callerId)))
{
return(NotAllowed());
}
//make sure user 'belongs' to an org
if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid))
{
return(BadRequest("Not an org user."));
}
//just need to update its role within an org too
user.Uuid = uuid; //in put no uuid in the model!
await this.OrganizationContext.ChangeOrganizationUserRoleAsync(GetDefaultDbContext(), user);
return(Ok(user));
}
catch (Exception ex)
{
return(this.HandleException(ex));
}
}
public async Task <IActionResult> DeleteAsync([FromRoute] Guid organizationuuid, [FromRoute] Guid uuid)
{
try
{
//note:
//org users and org roles are modified against mh meta db!
//This is where some env core objects are kept
//only owners or admins should be allowed to perform this action
var callerId = Cartomatic.Utils.Identity.GetUserGuid();
var callerIsOrgOwner = UserIsOrgOwner(callerId);
var callerIsOrgAdmin = UserIsOrgAdmin(callerId);
//only owners and admins should be able to delete users!
if (!(callerIsOrgOwner || callerIsOrgAdmin))
{
return(NotAllowed());
}
//make sure user 'belongs' to an org
if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid))
{
return(BadRequest("Not an org user."));
}
//make sure to prevent self deletes
if (uuid == Cartomatic.Utils.Identity.GetUserGuid())
{
return(BadRequest("Cannot remove self."));
}
var isOrgOwner = await OrganizationContext.IsOrgOwnerAsync(GetDefaultDbContext(), uuid);
if (isOrgOwner)
{
return(BadRequest("Cannot remove org owner."));
}
var user = await Base.ReadObjAsync <MapHiveUser>(GetDefaultDbContext(), uuid);
if (user == null)
{
return(BadRequest("No such user."));
}
await user.DestroyAsync(GetDefaultDbContext());
return(Ok());
}
catch (Exception ex)
{
return(HandleException(ex));
}
}
public async Task <IActionResult> PutAsync([FromRoute] Guid organizationuuid, [FromBody] MapHiveUser user, [FromRoute] Guid uuid)
{
try
{
//note:
//org users and org roles are modified against mh meta db!
//This is where some env core objects are kept
//can modify user only if org admin or owner or self
var callerId = Cartomatic.Utils.Identity.GetUserGuid();
if (!(UserIsOrgOwner(callerId) || UserIsOrgAdmin(callerId) || UserIsSelf(uuid)))
{
return(NotAllowed());
}
//make sure user 'belongs' to an org
if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid))
{
return(BadRequest("Not an org user."));
}
//note: perhaps should disallow editing some properties such as parentOrgId, etc.
var entity = await user.UpdateAsync(GetDefaultDbContext(), uuid);
if (entity != null)
{
//once the user has been updated, need to update his role within an org too
//making sure though not to change own roles.
//this is so only other users with enough credentials are allowed to modify stuff such as roles
if (!UserIsSelf(uuid))
{
await this.OrganizationContext.ChangeOrganizationUserRoleAsync(GetDefaultDbContext(), user);
}
return(Ok(entity));
}
return(NotFound());
}
catch (Exception ex)
{
return(this.HandleException(ex));
}
}