public bool ValidateMyRemoval([FromUri] int assessmentId)
{
Auth.IsAuthenticated();
if (Auth.AmILastAdminWithUsers(assessmentId))
{
return(false);
}
return(true);
}
public ContactsListResponse RemoveContactFromAssessment([FromBody] ContactRemoveParameters contactRemove)
{
if (contactRemove == null)
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The input parameters are not valid"),
ReasonPhrase = "The input parameters are not valid"
};
throw new HttpResponseException(err);
}
int assessmentId = contactRemove.Assessment_ID == 0 ? Auth.AssessmentForUser() : contactRemove.Assessment_ID;
int currentUserId = Auth.GetUserId();
if (contactRemove.UserId == 0)
{
contactRemove.UserId = currentUserId;
}
// Determine the current user's role.
ContactsManager cm = new ContactsManager();
int currentUserRole = cm.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, assessmentId) ?? 0;
// If they are a USER and are trying to remove anyone but themself, forbid it
if (currentUserRole == (int)ContactsManager.ContactRole.RoleUser && contactRemove.UserId != currentUserId)
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The current user does not have administrative authority for the Assessment."),
ReasonPhrase = "The only contact that a user role can remove is themself."
};
throw new HttpResponseException(err);
}
// Do not allow the user to remove themself if they are the last Admin on the assessment and there are other users
if (contactRemove.UserId == currentUserId &&
Auth.AmILastAdminWithUsers(assessmentId))
{
var err = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("The current user is the only Administrator contact on the Assessment"),
ReasonPhrase = "An Assessment must have at least one Administrator contact."
};
throw new HttpResponseException(err);
}
List <ContactDetail> newList;
try
{
newList = cm.RemoveContact(contactRemove.UserId, assessmentId);
}
catch (NoSuchUserException)
{
// This could happen if they try to remove a contact that wasn't on the assessment.
// It's not critical.
//Are we sure this is the ONLY CASE that could ever happen?
//changing it to catch specific instance just in case there could be
//anything else that could ever happen
}
ContactsManager contactManager = new ContactsManager();
ContactsListResponse resp = new ContactsListResponse
{
ContactList = contactManager.GetContacts(assessmentId),
CurrentUserRole = contactManager.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, assessmentId) ?? 0
};
return(resp);
}
