public async Task <IActionResult> DeletePermissionAsync([FromRoute] int groupId, [FromRoute] int functionId)
{
var currentAccount = await _accountRepository.GetAccountByIdAsync(CurrentAccountId);
if (currentAccount.GroupId > groupId)
{
throw new ForbiddenException(); // the lower the group id, the higher the authority; can only delete the group with authority lower than the current group
}
var group = await _groupRepository.GetGroupByIdAsync(groupId);
var function = await _functionRepository.GetFunctionByIdAsync(functionId);
if (group == null)
{
throw new NotFound404Exception("group");
}
if (function == null || !(await _groupRepository.AnyByPermissionAsync(functionId, groupId)))
{
throw new NotFound404Exception("function");
}
await _groupRepository.DeletePermissionAsync(functionId, groupId);
return(Ok(FunctionDTO.GetFrom(function)));
}
public async Task <IActionResult> UpdateFunctionAsync([FromRoute] int functionId, [FromBody] FunctionUpdateModel model)
{
var function = await _functionRepository.GetFunctionByIdAsync(functionId);
if (function == null)
{
throw new NotFound404Exception("function");
}
if (function.Code.Contains("Full"))
{
throw new ForbiddenException();
}
if (string.IsNullOrWhiteSpace(model.Code))
{
throw new IsRequiredException("code");
}
if (model.Code.Length > 20)
{
throw new CodeIsInvalidException();
}
if (function.Code != model.Code && await _functionRepository.AnyByCodeAsync(model.Code))
{
throw new AlreadyExistsException("code");
}
if (string.IsNullOrWhiteSpace(model.Description))
{
throw new IsRequiredException("description");
}
if (model.Description.Length < 20)
{
throw new DescriptionIsInvalidException();
}
if (function.Description != model.Description && await _functionRepository.AnyByDescriptionAsync(model.Description))
{
throw new AlreadyExistsException("description");
}
// bind data
function.Code = model.Code;
function.Description = model.Description;
function.IsActive = model.IsActive;
function.UpdatedDate = DateTime.Now;
await _functionRepository.UpdateFunctionAsync(function);
return(Ok(FunctionDTO.GetFrom(function)));
}
public async Task <IActionResult> GetFunctionByIdAsync([FromRoute] int functionId)
{
var function = await _functionRepository.GetFunctionByIdAsync(functionId);
if (function == null)
{
throw new NotFound404Exception("function");
}
return(Ok(FunctionDTO.GetFrom(function)));
}
public async Task <IActionResult> CreateFunctionAsync([FromBody] FunctionCreateModel model)
{
if (string.IsNullOrWhiteSpace(model.Code))
{
throw new IsRequiredException("code");
}
if (model.Code.Length > 20)
{
throw new CodeIsInvalidException();
}
if (await _functionRepository.AnyByCodeAsync(model.Code))
{
throw new AlreadyExistsException("code");
}
if (string.IsNullOrWhiteSpace(model.Description))
{
throw new IsRequiredException("description");
}
if (model.Description.Length < 20)
{
throw new DescriptionIsInvalidException();
}
if (await _functionRepository.AnyByDescriptionAsync(model.Description))
{
throw new AlreadyExistsException("description");
}
DateTime now = DateTime.Now;
var function = new Function
{
Code = model.Code,
Description = model.Description,
CreatedDate = now,
CreatedBy = CurrentAccountId,
UpdatedDate = now,
UpdatedBy = CurrentAccountId
};
await _functionRepository.CreateFunctionAsync(function);
return(Ok(FunctionDTO.GetFrom(function)));
}
public async Task <IActionResult> DeleteFunctionAsync([FromRoute] int functionId)
{
var function = await _functionRepository.GetFunctionByIdAsync(functionId);
if (function == null)
{
throw new NotFound404Exception("function");
}
if (function.Code.Contains("Full"))
{
throw new ForbiddenException(); // can not delete 'Full' functions
}
function.IsDeleted = true;
function.UpdatedDate = DateTime.Now;
function.UpdatedBy = CurrentAccountId;
await _functionRepository.UpdateFunctionAsync(function);
return(Ok(FunctionDTO.GetFrom(function)));
}
public async Task <IActionResult> CreatePermissionAsync([FromRoute] int groupId, [FromBody] PermissionCreateModel model)
{
var currentAccount = await _accountRepository.GetAccountByIdAsync(CurrentAccountId);
if (currentAccount.GroupId > groupId)
{
throw new ForbiddenException(); // the lower the group id, the higher the authority; can only delete the group with authority lower than the current group
}
var group = await _groupRepository.GetGroupByIdAsync(groupId);
var function = await _functionRepository.GetFunctionByIdAsync(model.FunctionId);
if (group == null)
{
throw new NotFound404Exception("group");
}
if (function == null)
{
throw new NotFound400Exception("function");
}
if (await _groupRepository.AnyByPermissionAsync(model.FunctionId, groupId))
{
throw new AlreadyExistsException("function");
}
var permission = new Permission
{
FunctionId = model.FunctionId,
GroupId = groupId
};
await _groupRepository.CreatePermissionAsync(permission);
return(Ok(FunctionDTO.GetFrom(function)));
}