public HttpResponseMessage PutEditUser(int id, UserFullModel model,
[ValueProvider(typeof(HeaderValueProviderFactory <string>))] string sessionKey)
{
return(this.PerformOperationAndHandleExceptions(() =>
{
var context = this.ContextFactory.Create();
var admin = this.LoginUser(sessionKey, context);
var user = context.Set <User>().Find(id);
if (user == null)
{
var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.Conflict, "The user does not exist");
throw new HttpResponseException(errResponse);
}
if (admin.Role.Permission != "admin")
{
var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, "You have no permissions to do change cars");
throw new HttpResponseException(errResponse);
}
if (model.Amount != null && model.Amount != user.Amount)
{
user.Amount = model.Amount;
}
if (model.Nickname != null && model.Nickname != user.Nickname)
{
user.Nickname = model.Nickname;
}
if (model.Permission != null && model.Permission != user.Role.Permission)
{
var permission = context.Set <Role>().FirstOrDefault(r => r.Permission == model.Permission);
if (permission == null)
{
var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.Conflict, "Such permissions do not exists, they are admin registered and anonymous");
throw new HttpResponseException(errResponse);
}
user.Role = permission;
}
if (model.SessionKey != null && model.SessionKey != user.SessionKey)
{
user.SessionKey = model.SessionKey;
}
if (model.AuthCode != null && model.AuthCode != user.AuthCode)
{
user.AuthCode = model.AuthCode;
}
if (model.Username != null && model.Username != user.Username)
{
user.Username = model.Username;
}
context.SaveChanges();
var response = this.Request.CreateResponse(HttpStatusCode.NoContent);
return response;
}));
}
// api/users/get/{id}
public UserFullModel GetUser(string username, string sessionKey)
{
var response = this.PerformOperationAndHandleExceptions(() =>
{
var currentUser = GetUser(sessionKey);
var searchUser = context.Users.FirstOrDefault(u => u.Username == username);
if (searchUser == null)
{
throw new ArgumentException("Invalid user id.");
}
var userFModel = new UserFullModel
{
AboutMe = searchUser.AboutMe,
Birthday = searchUser.Birthday,
Email = searchUser.Email,
Gender = searchUser.Gender,
Hometown = searchUser.Hometown,
LastVisit = searchUser.LastVisit,
Nickname = searchUser.Nickname,
Occupation = searchUser.Occupation,
RegistrationDate = searchUser.RegistrationDate,
StudentNumber = searchUser.StudentNumber,
Username = searchUser.Username,
WebSite = searchUser.WebSite
};
if (currentUser.Id == searchUser.Id)
{
userFModel.Courses = from c in currentUser.Courses
let marks = c.Marks.FirstOrDefault(m => m.Student.Id == currentUser.Id)
where marks != null
select new CourseUserModel
{
ExamScore = marks.ExamScore,
ExamScoreMax = c.Marks.Max(m => m.ExamScore),
HomeworksCount = c.Lectures.Count(l => l.HomeworkDeadline != null),
Id = c.Id,
SubmitedHomeworksCount = c.Lectures.Count(l => l.Homeworks.Any(h => h.Author.Id == currentUser.Id)),
TestScore = marks.TestScore,
Title = c.Name,
FinalResult = new FinalResultModel
{
Position = marks.Position,
Score = marks.Score,
Status = marks.FinalResult
}
};
}
return(userFModel);
});
return(response);
}
public UserFullModel Get(int id)
{
var entity = this.userRepository.Get(id);
if (entity == null)
{
var errResponse = this.Request.CreateErrorResponse(
HttpStatusCode.BadRequest, string.Format("There is no such element"));
throw new HttpResponseException(errResponse);
}
var model = UserFullModel.Convert(entity);
return(model);
}
public HttpResponseMessage UpdateUser([FromBody] UserFullModel userModel,
[ValueProvider(typeof(HeaderValueProviderFactory <string>))] string sessionKey)
{
var responseMsg = this.PerformOperationAndHandleExceptions(() =>
{
var context = new BookstoreContext();
var adminUser = context.Users.FirstOrDefault(usr => usr.SessionKey == sessionKey);
if (adminUser == null)
{
throw new UnauthorizedAccessException("Invalid username or password");
}
if (adminUser.IsAdmin != true)
{
throw new UnauthorizedAccessException("You dont have permissions to access this resourse!");
}
var userEntity = context.Users.SingleOrDefault(u => u.Id == userModel.Id);
if (userModel.Username != null)
{
userEntity.Username = userModel.Username;
}
if (userModel.IsActive != null)
{
userEntity.IsActive = userModel.IsActive.Value;
}
if (userModel.IsAdmin != null)
{
userEntity.IsAdmin = userModel.IsAdmin.Value;
}
context.SaveChanges();
return(Request.CreateResponse(HttpStatusCode.OK));
});
return(responseMsg);
}
public UserFullModel GetById(int id, [ValueProvider(typeof(HeaderValueProviderFactory <string>))] string sessionKey)
{
return(this.PerformOperationAndHandleExceptions(() =>
{
ValidateSessionKey(sessionKey);
var context = this.ContextFactory.Create();
using (context)
{
var usersDbSet = context.Set <User>();
var searchedUser = usersDbSet.FirstOrDefault(u => u.Id == id);
var user = usersDbSet.FirstOrDefault(u => u.SessionKey == sessionKey);
if (user == null || user.Role.Permission != "admin")
{
var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Invalid user authentication");
throw new HttpResponseException(errResponse);
}
if (searchedUser == null)
{
var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.NotFound, "No such user");
throw new HttpResponseException(errResponse);
}
var models =
new UserFullModel()
{
Id = searchedUser.Id,
Nickname = searchedUser.Nickname,
AuthCode = searchedUser.AuthCode,
SessionKey = searchedUser.SessionKey,
Permission = searchedUser.Role.Permission,
Amount = searchedUser.Amount,
Cars = searchedUser.Cars.AsQueryable().Select(CarModel.FromCar)
};
return models;
}
}));
}
