public IHttpActionResult NewUser(Dto.Models.User userDto) { loggedInUser = GetLoggedInUser(); if (!ModelState.IsValid) { return(BadRequest(ModelState)); } ValidationResult userValidatorResult = new UserValidator().Validate(userDto, "default,Password"); if (!userValidatorResult.IsValid) { return(new ValidatorError("Validation failed for new user DTO", HttpStatusCode.BadRequest, userValidatorResult, Request)); } var userEntity = Mapper.Map <Dto.Models.User, Entity.Models.User>(userDto); if (userEntity.CompanyId != loggedInUser.CompanyId) { return(new BadRequestErrorMessageResult("New user does not have same company as logged in user", this)); } else if (db.Users.Count(u => u.CompanyId == loggedInUser.CompanyId && u.Id != userEntity.Id && u.Username == userEntity.Username) > 0) { return(new BadRequestErrorMessageResult("Another user has the same username as this user", this)); } if (userDto.Properties != null) { var propertyIdList = userDto.Properties.Select(p => p.Id); var properties = db.Properties.Where(p => propertyIdList.Contains(p.Id)); foreach (var p in properties) { p.Users.Add(userEntity); } } var company = db.Companies.Find(userDto.Company.Id); company.Users.Add(userEntity); db.SaveChanges(); userDto = Mapper.Map <Entity.Models.User, Dto.Models.User>(userEntity); GenerateUserPhotoLink(userDto); userValidatorResult = new UserValidator().Validate(userDto, ruleSet: "default,NoPassword"); if (!userValidatorResult.IsValid) { return(new ValidatorError("Error mapping user DTO from database", HttpStatusCode.InternalServerError, userValidatorResult, Request)); } return(CreatedAtRoute("NewUserRoute", new { id = userDto.Id }, userDto)); }
public IHttpActionResult UpdateUser(int id, Dto.Models.User userDto) { loggedInUser = GetLoggedInUser(); if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (userDto == null) { return(new BadRequestErrorMessageResult("Updated user DTO is missing", this)); } ValidationResult userValidatorResult = new UserValidator().Validate(userDto); if (!userValidatorResult.IsValid) { return(new ValidatorError("Validation failed for updated user DTO", HttpStatusCode.BadRequest, userValidatorResult, Request)); } if (id != userDto.Id) { return(new BadRequestErrorMessageResult("Updated user DTO id mismatch", this)); } var userEntity = Mapper.Map <Dto.Models.User, Entity.Models.User>(userDto); if (userEntity.CompanyId != loggedInUser.CompanyId) { // Updated user does not have same company. Make it appear as user does not exist for this company. return(NotFound()); } else if (db.Users.Count(u => u.CompanyId == loggedInUser.CompanyId && u.Id != userEntity.Id && u.Username == userEntity.Username) > 0) { return(new BadRequestErrorMessageResult("Another user has the same username as this user", this)); } db.Users.Attach(userEntity); // Don't mark entire entity as modified - fields are optional //db.Entry(userEntity).State = EntityState.Modified; if (userEntity.Fullname != null) { db.Entry(userEntity).Property(u => u.Fullname).IsModified = true; } if (userEntity.Username != null) { db.Entry(userEntity).Property(u => u.Username).IsModified = true; } if (userEntity.Password != null) { db.Entry(userEntity).Property(u => u.Password).IsModified = true; } if (userEntity.Password == null) { // Entity validation will fail because Password column is not-null and password is optional field. // NOTE: Must use Where/Select instead of Find, so entire entity is not loaded (otherwise it will conflict with Attach!) //userEntity.Password = db.Users.Where(u => u.Id == userEntity.Id).Select(u => u.Password).FirstOrDefault(); } if (userDto.Properties != null) { db.Entry(userEntity).Collection(u => u.Properties).Load(); // force load var propertyIdList = userDto.Properties.Select(p => p.Id); var newProperties = db.Properties.Where(p => propertyIdList.Contains(p.Id)).ToList(); userEntity.Properties = newProperties; // for this to work you must force load existing Property collection } try { db.Configuration.ValidateOnSaveEnabled = false; db.SaveChanges(); } catch (DbUpdateConcurrencyException) { if (!UserExists(id)) { return(NotFound()); } else { throw; } } finally { db.Configuration.ValidateOnSaveEnabled = true; } return(StatusCode(HttpStatusCode.NoContent)); }