public async Task <IActionResult> GetAsync([FromRoute] Guid organizationuuid, [FromRoute] Guid uuid) { //note: //org users and org roles are read from mh meta db! //This is where some env core objects are kept //ensure user belongs to an org if (await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid)) { var user = (await base.GetAsync(uuid, GetDefaultDbContext())).GetContent <MapHiveUser>(); if (user == null) { return(NotFound()); } //just check for owner / admin roles; it is an org member anyway if (await OrganizationContext.IsOrgOwnerAsync(GetDefaultDbContext(), user)) { user.OrganizationRole = Organization.OrganizationRole.Owner; } else if (await OrganizationContext.IsOrgAdminAsync(GetDefaultDbContext(), user)) { user.OrganizationRole = Organization.OrganizationRole.Admin; } else { user.OrganizationRole = Organization.OrganizationRole.Member; } return(Ok(user)); } return(NotFound()); }
public async Task <IActionResult> UpdateLinkAsync([FromRoute] Guid organizationuuid, [FromBody] MapHiveUser user, [FromRoute] Guid uuid) { try { //only owners or admins should be allowed to perform this action var callerId = Cartomatic.Utils.Identity.GetUserGuid(); if (!(UserIsOrgOwner(callerId) || UserIsOrgAdmin(callerId))) { return(NotAllowed()); } //make sure user 'belongs' to an org if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid)) { return(BadRequest("Not an org user.")); } //just need to update its role within an org too user.Uuid = uuid; //in put no uuid in the model! await this.OrganizationContext.ChangeOrganizationUserRoleAsync(GetDefaultDbContext(), user); return(Ok(user)); } catch (Exception ex) { return(this.HandleException(ex)); } }
public async Task <IActionResult> DeleteAsync([FromRoute] Guid organizationuuid, [FromRoute] Guid uuid) { try { //note: //org users and org roles are modified against mh meta db! //This is where some env core objects are kept //only owners or admins should be allowed to perform this action var callerId = Cartomatic.Utils.Identity.GetUserGuid(); var callerIsOrgOwner = UserIsOrgOwner(callerId); var callerIsOrgAdmin = UserIsOrgAdmin(callerId); //only owners and admins should be able to delete users! if (!(callerIsOrgOwner || callerIsOrgAdmin)) { return(NotAllowed()); } //make sure user 'belongs' to an org if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid)) { return(BadRequest("Not an org user.")); } //make sure to prevent self deletes if (uuid == Cartomatic.Utils.Identity.GetUserGuid()) { return(BadRequest("Cannot remove self.")); } var isOrgOwner = await OrganizationContext.IsOrgOwnerAsync(GetDefaultDbContext(), uuid); if (isOrgOwner) { return(BadRequest("Cannot remove org owner.")); } var user = await Base.ReadObjAsync <MapHiveUser>(GetDefaultDbContext(), uuid); if (user == null) { return(BadRequest("No such user.")); } await user.DestroyAsync(GetDefaultDbContext()); return(Ok()); } catch (Exception ex) { return(HandleException(ex)); } }
public async Task <IActionResult> PutAsync([FromRoute] Guid organizationuuid, [FromBody] MapHiveUser user, [FromRoute] Guid uuid) { try { //note: //org users and org roles are modified against mh meta db! //This is where some env core objects are kept //can modify user only if org admin or owner or self var callerId = Cartomatic.Utils.Identity.GetUserGuid(); if (!(UserIsOrgOwner(callerId) || UserIsOrgAdmin(callerId) || UserIsSelf(uuid))) { return(NotAllowed()); } //make sure user 'belongs' to an org if (!await OrganizationContext.IsOrgMemberAsync(GetDefaultDbContext(), uuid)) { return(BadRequest("Not an org user.")); } //note: perhaps should disallow editing some properties such as parentOrgId, etc. var entity = await user.UpdateAsync(GetDefaultDbContext(), uuid); if (entity != null) { //once the user has been updated, need to update his role within an org too //making sure though not to change own roles. //this is so only other users with enough credentials are allowed to modify stuff such as roles if (!UserIsSelf(uuid)) { await this.OrganizationContext.ChangeOrganizationUserRoleAsync(GetDefaultDbContext(), user); } return(Ok(entity)); } return(NotFound()); } catch (Exception ex) { return(this.HandleException(ex)); } }