public IActionResult PostUser([FromBody] User user) { try { if (HttpContext.Items["User"] == null && _config.UserPostPermissionLevel > 0) { throw new UnauthorizedException("Authorization failed!"); } int userLevel; if (HttpContext.Items["User"] == null) { userLevel = 1; } else { userLevel = (int)((User)HttpContext.Items["User"]).PermissionLevel; } if (userLevel < _config.UserPostPermissionLevel) { throw new ForbiddenException("You don't have high enough security clearance for this operation!"); } //check constraints CheckUsername(user.Name); CheckPassword(user.Password); //hash password user.Password = Convert.ToBase64String(KeyDerivation.Pbkdf2(user.Password, _config.Salt, KeyDerivationPrf.HMACSHA1, 1000, 256 / 8)); switch (userLevel) { case 1: user.PermissionLevel = 1; if (HttpContext.Items["User"] != null) { if (((User)HttpContext.Items["User"]).OrganizationId != null) { user.OrganizationId = ((User)HttpContext.Items["User"]).OrganizationId; } else { throw new Exception("Data integrity broken!\ncustomers must have an assigned organization"); } } break; case 2: user.PermissionLevel = 1; if (((User)HttpContext.Items["User"]).OrganizationId != null) { user.OrganizationId = ((User)HttpContext.Items["User"]).OrganizationId; } else { throw new Exception("Data integrity broken!\nemployees must have an assigned organization"); } break; case 3: if (user.PermissionLevel != null) { if (user.PermissionLevel >= 3) { user.PermissionLevel = 2; } } else { int level = _persistence.GetPermissionLevel(user.Permission); if (level >= 3) { user.PermissionLevel = 2; } else { user.PermissionLevel = level; } } if (((User)HttpContext.Items["User"]).OrganizationId != null) { user.OrganizationId = ((User)HttpContext.Items["User"]).OrganizationId; } else { throw new Exception("Data integrity broken!\nemployers must have an assigned organization"); } break; case 4: if (user.PermissionLevel != null) { if (user.PermissionLevel > 4) { user.PermissionLevel = 4; } } else { int level = _persistence.GetPermissionLevel(user.Permission); if (level >= 4) { user.PermissionLevel = 4; } else { user.PermissionLevel = level; } } if (user.OrganizationId == null && user.Organization != null) { user.OrganizationId = _persistence.GetOrganization(user.Organization); } break; case 5: if (user.PermissionLevel != null) { if (user.PermissionLevel > 5) { user.PermissionLevel = 5; } } else { int level = _persistence.GetPermissionLevel(user.Permission); if (level >= 5) { user.PermissionLevel = 5; } else { user.PermissionLevel = level; } } if (user.OrganizationId == null && user.Organization != null) { user.OrganizationId = _persistence.GetOrganization(user.Organization); } break; } if (HttpContext.Items["User"] != null && user.PermissionLevel <= 3 && user.OrganizationId == null) { throw new ConflictException("customers, employees and employers must have an assigned organization"); } _persistence.CreateUser(user); return(StatusCode(200)); } catch (UnauthorizedException e) { return(StatusCode(401, e.Message)); } catch (ForbiddenException e) { return(StatusCode(403, e.Message)); } catch (ConflictException e) { return(StatusCode(409, e.Message)); } catch (Exception e) { return(StatusCode(500, e.Message)); } }