public async Task <IActionResult?> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "put", Route = "dishes/{dishId}/rating")] HttpRequest req,
string dishId
)
{
var(authenticationStatus, authenticationResponse) = await req.HttpContext.AuthenticateAzureFunctionAsync();
if (!authenticationStatus)
{
return(authenticationResponse);
}
var dish = await _dishRepository.GetDishAsync(Guid.Parse(dishId));
if (dish is null)
{
return(new BadRequestObjectResult("DISH_NOT_FOUND"));
}
var userId = Guid.Parse(req.HttpContext.User.GetNameIdentifierId() !);
if (!_authz.Authorize(userId, dish.FamilyId, Resources.Dish, Actions.Update))
{
return(new UnauthorizedResult());
}
var dishRating = await req.GetBodyAs <UpdateDishRatingCommandModel>();
if (dishRating is null || dishRating.FamilyMemberId is null)
{
return(new BadRequestObjectResult("MISSING_VALUES"));
}
var family = await _familyRepository.GetFamily(dish.FamilyId);
var familyMemberId = Guid.Parse(dishRating.FamilyMemberId);
var familyMember = family !.FamilyMembers.FirstOrDefault(w => w.Id == familyMemberId);
if (familyMember is null)
{
return(new BadRequestObjectResult("FAMILYMEMBER_NOT_FOUND_IN_FAMILY"));
}
// verify that you're rating as yourself or on behalf of a user that doesn't have autonomy - rating on behalf of other autonomus users is not allowed
if (!familyMember.Id.Equals(userId) && familyMember.HasAutonomy)
{
return(new BadRequestObjectResult("NOT_ALLOWED"));
}
dish.SetRating(familyMemberId, dishRating.GetRatingInDomainFormat());
await _dishRepository.SaveAsync(dish);
return(new OkResult());
}
