public async Task <IHttpActionResult> AddOrUpdateProjectAccess(ProjectShqUsersViewModel projectShqUsersViewModel)
{
if (!ModelState.IsValid)
{
return(BadRequest("Not a valid model"));
}
Project project = await db.Projects.Where(item => item.Id == projectShqUsersViewModel.ProjectId).FirstOrDefaultAsync();
if (project == null)
{
return(NotFound());
}
var CreatedBy = await db.ShqUsers.Include("IdentityUser").FirstOrDefaultAsync(item => item.IdentityUserId == project.CreatedById);
if (HttpContext.Current.User.Identity.Name != CreatedBy.IdentityUser.UserName &&
HttpContext.Current.User.IsInRole(ShqConstants.AdministratorRole) == false)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "No Access"));
}
ShqUser shqUser = await db.ShqUsers.Where(item => item.EmailAddress == projectShqUsersViewModel.EmailAddress).FirstOrDefaultAsync();
if (shqUser == null)
{
return(NotFound());
}
var ps = shqUser.ProjectsAccess.Where(item => item.ProjectId == projectShqUsersViewModel.ProjectId && item.ShqUserId == shqUser.IdentityUserId).FirstOrDefault();
if (ps != null)
{
ps.Privilege = projectShqUsersViewModel.Privilege;
ps.LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId;
ps.LastModfiedTime = DateTime.Now;
}
else
{
var newAccess = new ProjectShqUsers()
{
ProjectId = projectShqUsersViewModel.ProjectId,
ShqUserId = shqUser.IdentityUserId,
Privilege = projectShqUsersViewModel.Privilege,
CreatedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId,
LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId
};
newAccess.LastModifiedById = newAccess.CreatedById;
shqUser.ProjectsAccess.Add(newAccess);
}
await db.SaveChangesAsync();
(new AuditsController()).AddAuditEntry("api/Projects/AddOrUpdateAccess", JsonConvert.SerializeObject(projectShqUsersViewModel));
return(Ok(projectShqUsersViewModel));
}
public async Task <IHttpActionResult> RemoveProjectAccess(ProjectShqUsersViewModel projectShqUsersViewModel)
{
if (!ModelState.IsValid)
{
return(BadRequest("Not a valid model"));
}
Project project = await db.Projects.Where(item => item.Id == projectShqUsersViewModel.ProjectId).FirstOrDefaultAsync();
if (project == null)
{
return(NotFound());
}
var CreatedBy = await db.ShqUsers.Include("IdentityUser").FirstOrDefaultAsync(item => item.IdentityUserId == project.CreatedById);
if (HttpContext.Current.User.Identity.Name != CreatedBy.IdentityUser.UserName &&
HttpContext.Current.User.IsInRole(ShqConstants.AdministratorRole) == false)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "No Access"));
}
ShqUser shqUser = await db.ShqUsers.Include("ProjectsAccess").Where(item => item.EmailAddress == projectShqUsersViewModel.EmailAddress).FirstOrDefaultAsync();
if (shqUser == null)
{
return(NotFound());
}
var ps = shqUser.ProjectsAccess.Where(item => item.ProjectId == projectShqUsersViewModel.ProjectId && item.ShqUserId == shqUser.IdentityUserId).FirstOrDefault();
if (ps != null)
{
shqUser.ProjectsAccess.Remove(ps);
project.LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId;
project.LastModfiedTime = DateTime.Now;
}
else
{
return(NotFound());
}
await db.SaveChangesAsync();
return(Ok(projectShqUsersViewModel));
}
