Esempio n. 1
0
        public UserFullModel GetById(int id, [ValueProvider(typeof(HeaderValueProviderFactory<string>))] string sessionKey)
        {
            return this.PerformOperationAndHandleExceptions(() =>
            {
                ValidateSessionKey(sessionKey);
                var context = this.ContextFactory.Create();
                using (context)
                {
                    var usersDbSet = context.Set<User>();
                    var searchedUser = usersDbSet.FirstOrDefault(u => u.Id == id);
                    var user = usersDbSet.FirstOrDefault(u => u.SessionKey == sessionKey);
                    if (user == null || user.Role.Permission != "admin")
                    {
                        var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Invalid user authentication");
                        throw new HttpResponseException(errResponse);
                    }

                    if (searchedUser == null)
                    {
                        var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.NotFound, "No such user");
                        throw new HttpResponseException(errResponse);
                    }

                    var models =
                        new UserFullModel()
                        {
                            Id = searchedUser.Id,
                            Nickname = searchedUser.Nickname,
                            AuthCode = searchedUser.AuthCode,
                            SessionKey = searchedUser.SessionKey,
                            Permission = searchedUser.Role.Permission,
                            Amount = searchedUser.Amount,
                            Cars = searchedUser.Cars.AsQueryable().Select(CarModel.FromCar)
                        };

                    return models;
                }
            });
        }
Esempio n. 2
0
        public HttpResponseMessage PutEditUser(int id, UserFullModel model,
          [ValueProvider(typeof(HeaderValueProviderFactory<string>))] string sessionKey)
        {
            return this.PerformOperationAndHandleExceptions(() =>
            {
                var context = this.ContextFactory.Create();
                var admin = this.LoginUser(sessionKey, context);

                var user = context.Set<User>().Find(id);
                if (user == null)
                {
                    var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.Conflict, "The user does not exist");
                    throw new HttpResponseException(errResponse);
                }
                if (admin.Role.Permission != "admin")
                {
                    var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.BadRequest, "You have no permissions to do change cars");
                    throw new HttpResponseException(errResponse);
                }
                if (model.Amount != null && model.Amount != user.Amount)
                {
                    user.Amount = model.Amount;
                }
                if (model.Nickname != null && model.Nickname != user.Nickname)
                {
                    user.Nickname = model.Nickname;
                }
                if (model.Permission != null && model.Permission != user.Role.Permission)
                {
                    var permission = context.Set<Role>().FirstOrDefault(r => r.Permission == model.Permission);
                    if (permission == null)
                    {
                        var errResponse = this.Request.CreateErrorResponse(HttpStatusCode.Conflict, "Such permissions do not exists, they are admin registered and anonymous");
                        throw new HttpResponseException(errResponse);
                    }

                    user.Role = permission;
                }
                if (model.SessionKey != null && model.SessionKey != user.SessionKey)
                {
                    user.SessionKey = model.SessionKey;
                }
                if (model.AuthCode != null && model.AuthCode != user.AuthCode)
                {
                    user.AuthCode = model.AuthCode;
                }
                if (model.Username != null && model.Username != user.Username)
                {
                    user.Username = model.Username;
                }

                context.SaveChanges();
                var response = this.Request.CreateResponse(HttpStatusCode.NoContent);
                return response;
            });
        }