public async Task <IHttpActionResult> UpdateProductTeamMember(ProductTeamMemberUpdateDTO productTeamMemberUpdateDTO) { string userName = User.Identity.Name; User user = db.Users.Where(_user => _user.UserName == userName).SingleOrDefault(); if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Product product = db.Products.Where(_product => _product.ID == productTeamMemberUpdateDTO.ProductID) .Include(_product => _product.TeamMembers .Select(teamMember => teamMember.User)) .SingleOrDefault(); if (product == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } if ((product.CompanyID != user.Company.ID) && (product.TeamMembers.Where(teamMember => teamMember.UserID == user.Id && teamMember.CanEditTheProduct == true).SingleOrDefault() == null)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } ProductTeamMember productTeamMember = product.TeamMembers.Where(_productTeamMember => _productTeamMember.UserID == productTeamMemberUpdateDTO.UserID).SingleOrDefault(); if (productTeamMember == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } productTeamMember.Role = productTeamMemberUpdateDTO.Role; productTeamMember.CanEditTheProduct = productTeamMemberUpdateDTO.CanEditTheProduct; db.Entry(productTeamMember).State = EntityState.Modified; await db.SaveChangesAsync(); return(Ok(Mapper.Map <ProductTeamMember, ProductTeamMemberDTO>(productTeamMember))); }
public async Task <IHttpActionResult> GetMyProductAccessLevel(long id) { string userName = User.Identity.Name; User user = db.Users.Where(_user => _user.UserName == userName).Include(_user => _user.Company).SingleOrDefault(); if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } Product product = db.Products.Where(_product => _product.ID == id).Include(_product => _product.TeamMembers).SingleOrDefault(); if (product == null) { return(NotFound()); } if (product.CompanyID == user.Company.ID) { EntityUserLevel entityUserLevel = new EntityUserLevel(); entityUserLevel.EntityId = product.ID; entityUserLevel.IsAdmin = true; return(Ok(entityUserLevel)); } if ((product.CompanyID != user.Company.ID) && (product.TeamMembers.Where(teamMember => teamMember.UserID == user.Id && (teamMember.CanEditTheProduct == true || (teamMember.UserLevelId.HasValue && teamMember.UserLevelId.Value > 0))).SingleOrDefault() == null)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } ProductTeamMember productTeamMember = product.TeamMembers.Where(teamMember => teamMember.UserID == user.Id).SingleOrDefault(); if (productTeamMember != null) { EntityUserLevel entityUserLevel = new EntityUserLevel(); entityUserLevel.EntityId = product.ID; entityUserLevel.EntityUserLevelId = productTeamMember.UserLevelId.HasValue ? productTeamMember.UserLevelId.Value : 0; UserLevel userLevel = db.UserLevels.Where(uLevel => uLevel.Id == entityUserLevel.EntityUserLevelId).SingleOrDefault(); if (userLevel != null) { entityUserLevel.UserLevel = userLevel.Name; if (!productTeamMember.CanEditTheProduct) { if (userLevel.Name.ToLower() == "admin") { entityUserLevel.IsAdmin = true; } if (userLevel.Name.ToLower() == "viewer") { entityUserLevel.IsViewer = true; } if (userLevel.Name.ToLower() == "editor") { entityUserLevel.IsEditor = true; } } } if (productTeamMember.CanEditTheProduct) { entityUserLevel.IsAdmin = true; } return(Ok(entityUserLevel)); } throw new HttpResponseException(HttpStatusCode.NotFound); }
public async Task <IHttpActionResult> AddNewProductTeamMember(NewProductTeamMemberDTO newProductTeamMemberDTO) { string userName = User.Identity.Name; User authenticatedUser = db.Users.Where(_user => _user.UserName == userName).SingleOrDefault(); if (authenticatedUser == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Product product = db.Products.Where(_product => _product.ID == newProductTeamMemberDTO.ProductID) .Include(_product => _product.TeamMembers .Select(teamMember => teamMember.User) .Select(teamMember => teamMember.Company)) .SingleOrDefault(); if (product == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } if ((product.CompanyID != authenticatedUser.Company.ID) && (product.TeamMembers.Where(teamMember => teamMember.UserID == authenticatedUser.Id && teamMember.CanEditTheProduct == true).SingleOrDefault() == null)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } User productTeamMemberUser = db.Users.Where(_user => _user.Id == newProductTeamMemberDTO.UserID) .Include(_user => _user.CompaniesAsMembers) .Include(_user => _user.ProductTeamMembers) .SingleOrDefault(); if (productTeamMemberUser == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } Company company = product.Company; if (company == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } CompanyMember companyMember = productTeamMemberUser.CompaniesAsMembers.Where(_companyMember => _companyMember.CompanyID == company.ID).SingleOrDefault(); if (companyMember == null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } ProductTeamMember productTeamMember = productTeamMemberUser.ProductTeamMembers.Where(_productTeamMember => _productTeamMember.ProductID == newProductTeamMemberDTO.ProductID).SingleOrDefault(); if (productTeamMember != null) { throw new HttpResponseException(HttpStatusCode.BadRequest); } productTeamMember = new ProductTeamMember(); productTeamMember.UserID = productTeamMemberUser.Id; productTeamMember.ProductID = product.ID; productTeamMember.User = productTeamMemberUser; productTeamMember.Product = product; productTeamMember.CanEditTheProduct = false; productTeamMember = db.ProductTeamMembers.Add(productTeamMember); await db.SaveChangesAsync(); return(Ok(Mapper.Map <ProductTeamMember, ProductTeamMemberDTO>(productTeamMember))); }
public async Task <IHttpActionResult> UpdateProductTeamMemberMutiple(List <ProductTeamMemberUpdateDTO> productTeamMemberUpdateDTO) { CervittApiResult result = new CervittApiResult(); string userName = User.Identity.Name; User user = db.Users.Where(_user => _user.UserName == userName).SingleOrDefault(); if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (productTeamMemberUpdateDTO == null || productTeamMemberUpdateDTO.Count == 0) { return(BadRequest("Invalid data or no any data passed.")); } long userId = productTeamMemberUpdateDTO.FirstOrDefault().UserID; db.ProductTeamMembers.RemoveRange(db.ProductTeamMembers.Where(u => u.UserID == userId)); await db.SaveChangesAsync(); foreach (ProductTeamMemberUpdateDTO postItem in productTeamMemberUpdateDTO) { if (postItem.ProductID <= 0 || postItem.UserID <= 0) { continue; } Product product = db.Products.Where(_product => _product.ID == postItem.ProductID) .Include(_product => _product.TeamMembers .Select(teamMember => teamMember.User)) .SingleOrDefault(); if (product != null) { UserLevel userLevel = db.UserLevels.SingleOrDefault(c => c.Id == postItem.UserLevelId); bool isAdmin = false; if (userLevel.Name.ToLower() == "admin") { isAdmin = true; } ProductTeamMember productTeamMember = product.TeamMembers.Where(_productTeamMember => _productTeamMember.UserID == postItem.UserID).SingleOrDefault(); if (productTeamMember == null) { productTeamMember = new ProductTeamMember(); productTeamMember.CanEditTheProduct = isAdmin; productTeamMember.ProductID = postItem.ProductID; productTeamMember.UserID = postItem.UserID; productTeamMember.UserLevelId = postItem.UserLevelId; db.ProductTeamMembers.Add(productTeamMember); await db.SaveChangesAsync(); } else { productTeamMember.Role = postItem.Role; productTeamMember.UserLevelId = postItem.UserLevelId; productTeamMember.CanEditTheProduct = isAdmin; db.Entry(productTeamMember).State = EntityState.Modified; await db.SaveChangesAsync(); } } } result.Success = true; result.SuccessMessage = "Records updated successfully."; result.ErrorMessage = ""; return(Ok(result)); }