public async Task <IActionResult> UpdateBuilder(string builderId, [FromBody] BuilderUpdateModel builderUpdateModel)
{
var currentUserId = User.Identity.Name;
try
{
if (User.IsInRole(Role.Admin))
{
await _buildersService.UpdateBuilderFromAdminAsync(builderId, builderUpdateModel);
}
else if (User.IsInRole(Role.Builder))
{
await _buildersService.UpdateBuilderFromBuilderAsync(currentUserId, builderId, builderUpdateModel);
}
else
{
return(Forbid("You must be part of the Buildup program"));
}
}
catch (UnauthorizedAccessException e)
{
return(Forbid($"You are not authorized to update this builder: {e.Message}"));
}
catch (Exception e)
{
return(BadRequest($"Can't update the builder: {e.Message}"));
}
return(Ok());
}
private async Task UpdateBuilder(string id, BuilderUpdateModel builderUpdateModel)
{
var update = Builders <Builder> .Update
.Set(dbBuilder => dbBuilder.CoachId, builderUpdateModel.CoachId)
.Set(dbBuilder => dbBuilder.NtfReferentId, builderUpdateModel.NtfReferentId)
.Set(dbBuilder => dbBuilder.Status, builderUpdateModel.Status)
.Set(dbBuilder => dbBuilder.Step, builderUpdateModel.Step)
.Set(dbBuilder => dbBuilder.Situation, builderUpdateModel.Situation)
.Set(dbBuilder => dbBuilder.Description, builderUpdateModel.Description);
string fileId = "";
if (builderUpdateModel.BuilderCard != null && builderUpdateModel.BuilderCard.Length >= 1)
{
fileId = await _filesService.UploadFile($"buildercard_{id}", builderUpdateModel.BuilderCard);
update = update.Set(dbBuilder => dbBuilder.BuilderCardId, fileId);
}
if (builderUpdateModel.ProgramEndDate != DateTime.MinValue)
{
update = update.Set(dbBuilder => dbBuilder.ProgramEndDate, builderUpdateModel.ProgramEndDate);
}
else
{
update = update.Set(dbBuilder => dbBuilder.ProgramEndDate, DateTime.Now.AddMonths(3));
}
await _builders.UpdateOneAsync(databaseBuilder =>
databaseBuilder.Id == id,
update
);
}
// Updating the builder
public async Task UpdateBuilderFromAdminAsync(string builderId, BuilderUpdateModel builderUpdateModel)
{
Builder builder = await GetBuilderFromBuilderId(builderId);
if (builder == null)
{
throw new Exception("This builder doesn't exist");
}
User user = await GetUserFromAdminAsync(builderId);
if (user == null)
{
throw new Exception("Their is no user for builder...");
}
await UpdateBuilder(builderId, builderUpdateModel);
// Only admins are supposed to be able to change the steps
// Since we don't want to spam, we only check notifications
// on admin side
if (builderUpdateModel.Status == BuilderStatus.Deleted)
{
await _notificationService.NotifyRefusedBuilder(user.Email, user.FirstName);
}
if (builder.Step == BuilderSteps.Preselected && builderUpdateModel.Step == BuilderSteps.AdminMeeting)
{
await _notificationService.NotifyPreselectionBuilder(user.Email, user.FirstName);
}
if (builder.Step != BuilderSteps.CoachMeeting && builderUpdateModel.Step == BuilderSteps.CoachMeeting)
{
await _notificationService.NotifyAdminMeetingValidatedBuilder(user.Email, user.FirstName);
}
}
public async Task UpdateBuilderFromBuilderAsync(string currentUserId, string builderId, BuilderUpdateModel builderUpdateModel)
{
Builder builder = await GetBuilderFromBuilderId(builderId);
if (builder == null || builder.UserId != currentUserId)
{
throw new UnauthorizedAccessException("You are not the builder you prettend to be");
}
await UpdateBuilder(builderId, builderUpdateModel);
}
