public async Task <bool> IsAuthorizedToStoreProgress(Models.DTO.ChallengeProgress challengeProgress, Guid deviceGuid)
{
var postingUser = await _getUsersService.GetUserByDeviceAsync(deviceGuid);
var targetUser = await _getUsersService.GetUserByIdAsync(deviceGuid, challengeProgress.UserId);
if (targetUser == null)
{
return(false);
}
if (targetUser == postingUser && challengeProgress.Status <= Models.ProgressStatus.Completed)
{
return(true);
}
return(postingUser.UnitAdmin);
}
public async Task <Models.EFDB.ChallengeProgress> StoreChallengeProgressAsync(Models.DTO.ChallengeProgress challengeProgress)
{
var efdbProgress = (Models.EFDB.ChallengeProgress)challengeProgress;
_db.ChallengesProgresses.AddOrUpdate(efdbProgress);
await _db.SaveChangesAsync();
return(efdbProgress);
}
public async Task <IHttpActionResult> PutChallengeProgress([FromUri] Guid challengeProgressId, [FromBody] Models.DTO.ChallengeProgress challengeProgress)
{
var claimUser = this.User as ClaimsPrincipal;
var deviceGuid = Guid.Parse(claimUser.FindFirst("DeviceId").Value);
if (challengeProgressId != challengeProgress.Id)
{
return(BadRequest());
}
if (!await _challengesProgressService.IsAuthorizedToStoreProgress(challengeProgress, deviceGuid))
{
return(Unauthorized(null));
}
await _challengesProgressService.StoreChallengeProgressAsync(challengeProgress);
return(Created(Url.Route("PutChallengeProgress", null), challengeProgress));
}
