public HttpResponseMessage GetTeachersByStudentUserName([FromUri] string studentUserName)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Teacher Collection - " +
"By student User Name: " + studentUserName + " - Sorted Asc By Name");
try
{
if (userRole == "admin" || userRole == "teacher")
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName);
if (teachers == null)
{
logger.Info("Teachers by student User Name: " + studentUserName + " were not found.");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Teachers by student User Name: " + studentUserName + " were not found."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
else if (userRole == "student")
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName);
if (teachers == null || teachers.Id != userId)
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
else
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserNameForParent(studentUserName, userId);
if (teachers == null)
{
logger.Info("Failed.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}
