public async Task <ActionResult <ICollection <UserWebInfoDTO> > > UpdateUser(UserWebInfoDTO userWebInfoDTO)
{
var userInfo = SecHelper.GetUserInfo(HttpContext.User.Claims);
try {
var user = await _context.Users.Where(u => u.Login.Equals(userInfo.Login) && u.ApartmentCode.Equals(userInfo.ApartmentCode)).SingleOrDefaultAsync();
if (!SecHelper.IsAdmin(user)) // TODO move to claims
{
throw new Exception("Not admin");
}
var userToUpdate = await _context.Users.FindAsync(userWebInfoDTO.ID);
if (userToUpdate == null)
{
return(new NotFoundResult());
}
userToUpdate.IsActivated = userWebInfoDTO.IsActivated; // currently only this
_context.Users.Update(userToUpdate);
await _context.SaveChangesAsync();
return(new OkObjectResult(userWebInfoDTO));
} catch {
return(new ForbidResult());
}
}
public async Task <ActionResult <UULResponse> > DeleteNews(long id)
{
UULResponse response;
var currentUser = HttpContext.User;
try {
var user = await UserDao.GetUserFromClaimsOrThrow(_context, HttpContext.User);
if (!SecHelper.IsAdmin(user))
{
throw new Exception("Access denied");
}
var news = await _context.News.FindAsync(id);
_context.News.Remove(news);
await _context.SaveChangesAsync();
response = new UULResponse()
{
Success = true, Message = "News item was deleted", Data = null
};
} catch (Exception e) {
response = new UULResponse()
{
Success = false, Message = e.Message, Data = null
};
}
return(response);
}
public async Task <ActionResult <UULResponse> > CreateOrUpdateNews(NewsWebDTO dto)
{
UULResponse response;
try {
var user = await UserDao.GetUserFromClaimsOrThrow(_context, HttpContext.User);
if (!SecHelper.IsAdmin(user))
{
throw new Exception("Access denied");
}
var news = new News(dto);
var now = DateOperations.Now();
if (news.ID == null)
{
news.CreatedAt = now;
}
else
{
news.UpdatedAt = now;
}
string message = "News was created";
if (news.ID == null)
{
_context.News.Add(news);
}
else
{
_context.News.Update(news);
message = "News was upadted";
}
await _context.SaveChangesAsync();
response = new UULResponse()
{
Success = true, Message = message, Data = new NewsWebDTO(news)
};
} catch (Exception e) {
response = new UULResponse()
{
Success = false, Message = e.Message, Data = null
};
}
return(response);
}
public async Task <ActionResult <ICollection <UserWebInfoDTO> > > GetUsers()
{
var userInfo = SecHelper.GetUserInfo(HttpContext.User.Claims);
try {
var user = await _context.Users.Where(u => u.Login.Equals(userInfo.Login) && u.ApartmentCode.Equals(userInfo.ApartmentCode)).SingleOrDefaultAsync();
if (!SecHelper.IsAdmin(user)) // TODO move to claims
{
throw new Exception("Not admin");
}
var userDTOs = await _context.Users.Where(u => !u.Login.Equals(userInfo.Login) && !u.ApartmentCode.Equals(userInfo.ApartmentCode)).OrderBy(u => u.ApartmentCode).Select(u => new UserWebInfoDTO(u)).ToListAsync();
return(new OkObjectResult(userDTOs));
} catch {
return(new ForbidResult());
}
}