public async Task <IHttpActionResult> NewNewsItemFeedback(NewNewsItemFeedbackDTO newNewsItemFeedbackDTO) { string userName = User.Identity.Name; User user = db.Users.Where(_user => _user.UserName == userName).Include(_user => _user.Company).SingleOrDefault(); if (user == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } NewsItem newsItem = db.NewsItems.Where(_newsItem => _newsItem.ID == newNewsItemFeedbackDTO.NewsItemID) .Include(_newsItem => _newsItem.Product.TeamMembers .Select(teamMember => teamMember.User) .Select(teamMember => teamMember.Company)) .Include(_newsItem => _newsItem.User.Company.Followers) .Include(_newsItem => _newsItem.User.CompaniesAsMembers) .SingleOrDefault(); if (newsItem == null) { throw new HttpResponseException(HttpStatusCode.NotFound); } if (newsItem.Product != null) { if ((newsItem.Product.CompanyID != user.Company.ID) && (newsItem.Product.TeamMembers.Where(teamMember => teamMember.UserID == user.Id && teamMember.CanEditTheProduct == true).SingleOrDefault() == null) && (newsItem.Product.Privacy == ProductPrivacy.Private) || ((newsItem.Product.Privacy == ProductPrivacy.VisibleToSelectedGroups) && (newsItem.Product.GroupsVisibleTo.Any(followerGroup => followerGroup.Followers.Any(follower => follower.UserID == user.Id)) == false))) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } } if ((newsItem.UserID != user.Id) && (newsItem.User.Company.Members.Where(member => member.UserID == user.Id).SingleOrDefault() == null) && (newsItem.User.Company.Followers.Where(follower => follower.UserID == user.Id).SingleOrDefault() == null) && (newsItem.User.CompaniesAsMembers.Where(companyAsMember => companyAsMember.Company.Followers.Any(follower => follower.UserID == user.Id)).SingleOrDefault() == null)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } NewsItemFeedback newsItemFeedback = Mapper.Map <NewNewsItemFeedbackDTO, NewsItemFeedback>(newNewsItemFeedbackDTO); newsItemFeedback.UserID = user.Id; newsItemFeedback.User = user; newsItemFeedback.NewsItemID = newsItem.ID; newsItemFeedback.NewsItem = newsItem; newsItemFeedback.PostedAt = DateTime.Now; newsItemFeedback = db.NewsItemFeedback.Add(newsItemFeedback); newsItem.UpdatedAt = DateTime.Now; db.Entry(newsItem).State = EntityState.Modified; await db.SaveChangesAsync(); return(Ok(Mapper.Map <NewsItemFeedback, NewsItemFeedbackDTO>(newsItemFeedback))); }
public async Task <IHttpActionResult> GetNewsItemFeedbackImage(long newsItemFeedbackId) { NewsItemFeedback newsItemFeedback = db.NewsItemFeedback.Where(_newsItemFeedback => _newsItemFeedback.ID == newsItemFeedbackId).SingleOrDefault(); if (newsItemFeedback == null) { return(NotFound()); } byte[] imageBytes; string mediaTypeHeader; if (newsItemFeedback.Image != null) { imageBytes = newsItemFeedback.Image; mediaTypeHeader = "image/png"; } else { string filePath = System.Web.Hosting.HostingEnvironment.MapPath("/img/user_image.svg"); imageBytes = File.ReadAllBytes(filePath); mediaTypeHeader = "image/svg+xml"; } MemoryStream memoryStream = new MemoryStream(imageBytes); HttpResponseMessage responseMessage = new HttpResponseMessage(HttpStatusCode.OK); responseMessage.Content = new StreamContent(memoryStream); responseMessage.Content.Headers.ContentType = new System.Net.Http.Headers.MediaTypeHeaderValue(mediaTypeHeader); return(ResponseMessage(responseMessage)); }