public async Task <IHttpActionResult> GetSequencialRestricted(int id) { //Check the user is a Admin User var userId = User.Identity.GetUserId(); UserACL userAclForAdmin = await db.UserAcls.Where(x => x.UserId == userId).SingleOrDefaultAsync(); if (userAclForAdmin.UserType != Admin) { return(BadRequest("Only Admin User can get Sequencial list")); } Document document = await db.Documents.FindAsync(id); if (document == null) { return(NotFound()); } // Get the SequencialList SequenceACL sequence = await db.SequenceAcls.Where(x => x.DocAclId == document.DocumentACLId).SingleOrDefaultAsync(); return(Ok(sequence)); }
public async Task <IHttpActionResult> PutUpdateSequencialRestricted(int id, SequenceACL sequence) { //Check the user is a Admin User var userId = User.Identity.GetUserId(); UserACL userAclForAdmin = await db.UserAcls.Where(x => x.UserId == userId).SingleOrDefaultAsync(); if (userAclForAdmin.UserType != Admin) { return(BadRequest("Only Admin User can Update Sequencial Restricted")); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Document document = await db.Documents.FindAsync(id); if (document == null) { return(NotFound()); } // Check Sequencial List is already created. var sequencialListToCheck = await db.SequenceAcls.Where(x => x.DocAclId == document.DocumentACLId).SingleOrDefaultAsync(); if (sequencialListToCheck != null) { return(BadRequest("Sequencial list is already Exist.")); } // only sequence and present access is updated DocumentACL aDocumentAcl = await db.DocumentAcls.Where(x => x.DocumentId == id).SingleOrDefaultAsync(); SequenceACL aSequenceAcl = await db.SequenceAcls.Where(x => x.DocAclId == aDocumentAcl.Id).SingleOrDefaultAsync(); aSequenceAcl.Sequence = sequence.Sequence; aSequenceAcl.PresentAccess = sequence.PresentAccess; await db.SaveChangesAsync(); // change the DocAclType in DocumentAcl aDocumentAcl.DocAclType = 2; await db.SaveChangesAsync(); //// Check Document have a restricted sequence. //var restrictedListToCheck = await // db.Restricteds.Where(x => x.DocAclId == document.DocumentACLId).SingleOrDefaultAsync(); //if (restrictedListToCheck != null) //{ // db.Restricteds.Remove(restrictedListToCheck); // await db.SaveChangesAsync(); //} //Delete the Document from the DocumentUser Table... db.DocumentUsers.RemoveRange(db.DocumentUsers.Where(x => x.DocumentId == id)); await db.SaveChangesAsync(); // Add user To the DocumentUser Model List <string> userInTagList = sequence.Sequence.Split(',').ToList(); foreach (var userInList in userInTagList) { var len = userInList.Length; if (len != 36 && userInList[0] == 'g') { var groupId = Convert.ToInt64(userInList.Substring(1)); //Check the Group is Exist var groupIsExist = db.Groups.FindAsync(groupId); // Get all the user of the Group var groupUsers = await(from u in db.Users join ug in db.UserGroups on u.Id equals ug.UserId join g in db.Groups on ug.GroupId equals g.Id where g.Id == groupId select new { u.Id, u.UserName, u.Email, u.CompanyId, }).ToListAsync(); // Add User to the Document foreach (var userInGroup in groupUsers) { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInGroup.Id && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInGroup.Id; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } else { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInList && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInList; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } return(Ok(sequence)); }
public async Task <IHttpActionResult> PostTag(TagDTO tag) { Tag aTag = new Tag(); //History aHistory = new History(); HistorySequence aHistorySequence = new HistorySequence(); SequenceACL aSequenceAcl = new SequenceACL(); bool updatePresentAccess = false; if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //Check the doc is exist Document document = await db.Documents.FindAsync(tag.DocumentId); if (document == null) { return(BadRequest("Document is not exist")); } // check the document acl DocumentACL documentAcl = await db.DocumentAcls.Where(x => x.DocumentId == tag.DocumentId).SingleOrDefaultAsync(); if (documentAcl.DocAclType == 0) { if (document.UserId != tag.UserId) { return(BadRequest("This document is private and this user is not authorized to tag this document")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 1) { var CompanyUser = await db.Users.Where(x => x.CompanyId == document.CompanyId && x.Id == tag.UserId).SingleOrDefaultAsync(); if (CompanyUser == null) { return(BadRequest("This User is not belongs to this company")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 3) { Restricted aRestricted = await db.Restricteds.Where(x => x.DocAclId == documentAcl.Id).SingleOrDefaultAsync(); List <string> tagList = aRestricted.List.Split(',').ToList(); //Check the User is in the restricted list DocumentUser aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == tag.UserId).SingleOrDefaultAsync(); if (aDocumentUser == null) { return(BadRequest("The Document is restriced and this user is not authorize to use it ")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 2) { bool canTag = false; aSequenceAcl = await db.SequenceAcls.Where(x => x.DocAclId == documentAcl.Id).SingleOrDefaultAsync(); List <string> tagList = aSequenceAcl.Sequence.Split(',').ToList(); // var presentUserInList = tagList[aSequenceAcl.PresentAccess]; var len = presentUserInList.Length; if (len != 36 && presentUserInList[0] == 'g') { var groupId = Convert.ToInt64(presentUserInList.Substring(1)); // check the user is in the group var userIsIngroup = await(from ug in db.UserGroups join u in db.Users on ug.UserId equals u.Id where ug.GroupId == groupId && ug.UserId == tag.UserId select new { Id = u.Id, }).SingleOrDefaultAsync(); if (userIsIngroup != null) { var userPrivilageforTag = await db.UserPrivilages.Where(x => x.UserId == userIsIngroup.Id).SingleOrDefaultAsync(); if (userPrivilageforTag.CanTagDocument == 1) { canTag = true; } } else { return(BadRequest("User is not in authorize to tag the document")); } } else { int index = tagList.IndexOf(tag.UserId); if (index == -1) { return (BadRequest("The Document is Sequencial-restriced and this user is not authorize to use it ")); } else if (tagList.Count - 1 < aSequenceAcl.PresentAccess) { return (BadRequest( "The Document is Sequencial-restriced. All the User has already tagged this document.")); } else if (tagList[aSequenceAcl.PresentAccess] != tag.UserId) { return (BadRequest( "The Document is Sequencial-restriced. User trun to tag the document is not come.")); } else { canTag = true; } } if (canTag) { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); updatePresentAccess = true; } } await db.SaveChangesAsync(); //Edit history info History aHistory = await db.Histories.Where(x => x.DocumentId == tag.DocumentId).SingleOrDefaultAsync(); //aHistory.AddedOn = DateTime.Now; aHistory.EditedOn = DateTime.Now; //aHistory.DocumentId = document.Id; //db.Histories.Add(aHistory); await db.SaveChangesAsync(); //Add History Sequence Info aHistorySequence.HistoryId = aHistory.Id; aHistorySequence.Message = tag.Message; aHistorySequence.Date = aHistory.EditedOn; aHistorySequence.UserId = User.Identity.GetUserId(); db.HistorySequences.Add(aHistorySequence); await db.SaveChangesAsync(); //Update the present Access if it is a Sequencial Restricted Document if (updatePresentAccess) { aSequenceAcl.PresentAccess += 1; } await db.SaveChangesAsync(); return(Ok(aTag)); }