public async Task <object> GetInstructor(int id) { try { DataResponse <Instructor> response = await _service.GetByID(id); if (await CheckPermissionToGetInstructor(response.Data[0])) { return(this.SendResponse(response)); } return(Forbid()); } catch (Exception e) { Response.StatusCode = StatusCode(500).StatusCode; return(null); } }
/// <summary> /// Metodo checa as permissoes de pegar um student. /// </summary> private async Task <bool> CheckPermisionToGetStudent(Student student) { User user = (await userService.GetByID(this.GetUserID())).Data[0]; if (user.Student != null && user.Student.IsActive && user.Student.ID == student.ID) { return(true); } if (user.Instructor != null && user.Instructor.IsActive) { Instructor instructor = (await InstructorService.GetByID(user.Instructor.ID)).Data[0]; foreach (InstructorClass instructorClass in instructor.Classes) { if (student.Classes.Where(ic => ic.ClassID == instructorClass.ClassID).Any()) { return(true); } } } if (user.Coordinator != null && user.Coordinator.IsActive) { Coordinator Coordinator = (await CoordinatorService.GetByID(user.Coordinator.ID)).Data[0]; foreach (CoordinatorClass CoordinatorClass in Coordinator.Classes) { if (student.Classes.Where(ic => ic.ClassID == CoordinatorClass.ClassID).Any()) { return(true); } } } if (user.Owner != null && user.Owner.IsActive) { Owner Owner = (await OwnerService.GetByID(user.Owner.ID)).Data[0]; foreach (OwnerCourse ownerCourse in Owner.Courses) { Course course = (await CourseService.GetByID(ownerCourse.CourseID)).Data[0]; foreach (Class @class in course.Classes) { if (student.Classes.Where(sc => sc.ClassID == @class.ID).Any()) { return(true); } } } } return(false); }