public IHttpActionResult PostCounterMeasure(CounterMeasureAddRequest counterMeasureRequest) { CheckModelState(); //if user is kpi owner not an admin, check if he is the kpi owner of the given //scorecard else return unauthorized if (IsUserKPIOwnerOrTeamMemberNotAdmin()) { bool isUserKPIOwnerOfScorecard = userManager. IsUserKPIOwnerOfScorecard(Username, counterMeasureRequest.ScorecardId.Value); bool isUserTeamMemberOfScorecard = userManager. IsUserTeamMemberOfScorecard(Username, counterMeasureRequest.ScorecardId.Value); if (!isUserKPIOwnerOfScorecard && !isUserTeamMemberOfScorecard) { return(Unauthorized()); } } counterMeasureManager.AddCounterMeasure(counterMeasureRequest, Username); return(Ok()); }
public IHttpActionResult IsUserAdminOrKpiOwnerOrTeamMemberofScorecard(int scorecardId) { //if user is kpi owner not an admin, check if he is the kpi owner/team member of the given //scorecard else return unauthorized bool isUserKPIOwnerOrTeamMemberofScorecard = false; bool isUserAdmin = false; if (IsUserKPIOwnerOrTeamMemberNotAdmin()) { bool isUserKPIOwnerOfScorecard = userManager. IsUserKPIOwnerOfScorecard(Username, scorecardId); bool isUserTeamMemberOfScorecard = userManager. IsUserTeamMemberOfScorecard(Username, scorecardId); isUserKPIOwnerOrTeamMemberofScorecard = isUserKPIOwnerOfScorecard || isUserTeamMemberOfScorecard; } else if (User.IsInRole(NDMSSecurityConstants.AdminRole)) { isUserAdmin = true; } ApiResponse <bool> resonse = new ApiResponse <bool>(); resonse.Data = isUserAdmin || isUserKPIOwnerOrTeamMemberofScorecard; return(Ok(resonse)); }