public void Add(T entity)
{
_ddbcontext.Save(entity, new DynamoDBOperationConfig
{
OverrideTableName = _ddbTableName
});
}
// POST api/<controller>
/// <summary>
/// Create baby
/// </summary>
/// <remarks>
/// Creates baby, adds baby to authorized user, adds memory of babys birth
/// Admin has the same abilites as a basic user.
/// There is no special behavior for admin users.
/// </remarks>
/// <param name="baby"></param>
/// <returns></returns>
public async Task <IHttpActionResult> Post([FromBody] Baby baby)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
if (currentUser.Role != BabyMemoryConstants.AdminUserRole || !baby.UserId.IsNullOrWhiteSpace())
{
baby.UserId = currentUser.Id;
}
else
{
var userOfBaby = _context.Load <User>(baby.UserId);
if (userOfBaby == null)
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
else
{
baby.UserId = userOfBaby.Id;
}
}
baby.Id = Guid.NewGuid().ToString("N");
_context.Save <Baby>(baby);
var memory = new Memory
{
Id = Guid.NewGuid().ToString("N"),
BabyId = baby.Id,
Date = baby.DateOfBirth,
Description = BabyMemoryConstants.BirthDescription
};
_context.Save <Memory>(memory);
return(Created(Url.Route("DefaultApi", new { controller = "Babies" }), ResponseDictionary(_context.Load <Baby>(baby.Id))));
}
// POST api/<controller>
/// <summary>
/// Add new memory
/// </summary>
/// <param name="memory"></param>
/// <returns></returns>
public async Task <IHttpActionResult> Post([FromBody] Memory memory)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);
if (!(userBabies.Exists(x => x.Id == memory.BabyId)))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
memory.Id = Guid.NewGuid().ToString("N");
_context.Save <Memory>(memory);
return(Created(Url.Route("DefaultApi", new { controller = "Memories" }), ResponseDictionary(memory)));
}
/// <summary>
/// Create User
/// </summary>
/// <remarks>
/// Admin user can add any user with any role.
/// Non admin user can only add a user with their own verified email address.
/// No user can add an email address that already exists.
///
/// BabyIds is always blank (babies are added via baby conroller)
/// and Id is auto generated.
/// Role can be generated as admin when it is created.
/// </remarks>
/// <param name="user"></param>
/// <response code="519">email address already used</response>
/// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response>
/// <response code="201">Created</response>
/// <returns>User</returns>
// POST: api/User
public async Task <IHttpActionResult> Post([FromBody] User user)
{
var currentUserEmail = await _authController.GetVerifiedEmail(Request.Headers.Authorization);
if (currentUserEmail is null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
user.Id = Guid.NewGuid().ToString("N");
if (!string.Equals(currentUserEmail.ToLower().Trim(), user.Email.ToLower().Trim(), StringComparison.CurrentCultureIgnoreCase) &&
currentUser?.Role != BabyMemoryConstants.AdminUserRole)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
if (currentUser?.Role == BabyMemoryConstants.AdminUserRole)
{
user.Email = user.Email.ToLower();
}
else
{
user.Email = currentUserEmail.ToLower();
}
var existingUsers = _context.Query <User>(user.Email.ToLower(), new DynamoDBOperationConfig {
IndexName = "UserEmailIndex"
}).ToList();
if (existingUsers.Count > 0)
{
throw new HttpResponseException(HttpStatusCode.Conflict);
}
_context.Save <User>(user);
return(Created(Url.Route("DefaultApi", new { controller = "User" }), ResponseDictionary(user)));
}