public async Task <bool> IsAuthorizedToStoreProgress(Models.DTO.ChallengeProgress challengeProgress, Guid deviceGuid) { var postingUser = await _getUsersService.GetUserByDeviceAsync(deviceGuid); var targetUser = await _getUsersService.GetUserByIdAsync(deviceGuid, challengeProgress.UserId); if (targetUser == null) { return(false); } if (targetUser == postingUser && challengeProgress.Status <= Models.ProgressStatus.Completed) { return(true); } return(postingUser.UnitAdmin); }
public async Task <Models.EFDB.ChallengeProgress> StoreChallengeProgressAsync(Models.DTO.ChallengeProgress challengeProgress) { var efdbProgress = (Models.EFDB.ChallengeProgress)challengeProgress; _db.ChallengesProgresses.AddOrUpdate(efdbProgress); await _db.SaveChangesAsync(); return(efdbProgress); }
public async Task <IHttpActionResult> PutChallengeProgress([FromUri] Guid challengeProgressId, [FromBody] Models.DTO.ChallengeProgress challengeProgress) { var claimUser = this.User as ClaimsPrincipal; var deviceGuid = Guid.Parse(claimUser.FindFirst("DeviceId").Value); if (challengeProgressId != challengeProgress.Id) { return(BadRequest()); } if (!await _challengesProgressService.IsAuthorizedToStoreProgress(challengeProgress, deviceGuid)) { return(Unauthorized(null)); } await _challengesProgressService.StoreChallengeProgressAsync(challengeProgress); return(Created(Url.Route("PutChallengeProgress", null), challengeProgress)); }