public async Task <ActionResult <ShoppingUserResult> > GetUsersInGroup(string id) { ShoppingUserResult result = new ShoppingUserResult(); var user = await _userProvider.GetUserAsync(); try { bool isUserInGroup = await _userGroups.UserIsInGroupAsync(id, user.Id); bool isAdmin = await _userProvider.IsUserAdminAsync(); if (!(isAdmin || isUserInGroup)) { result.IsSuccessful = false; result.ErrorMessages.Add("Not authorized"); return(Unauthorized(result)); } var usersInGroup = await _userGroups.GetUsersInGroup(id); result.IsSuccessful = true; result.ResultData = usersInGroup; } catch (ItemNotFoundException e) { result.IsSuccessful = false; result.ErrorMessages.Add(e.Message); return(NotFound(result)); } return(Ok(result)); }
public async Task <ActionResult <ShoppingUserResult> > UpdateUserData(string id, [FromBody] ShoppingUserModel updatedData) { ShoppingUserResult result = new ShoppingUserResult(); if (id != updatedData.Id) { result.IsSuccessful = false; result.ErrorMessages.Add($"Ids do not match"); return(BadRequest(result)); } if (!(await IsUserAuthorized(id))) { result.IsSuccessful = false; result.ErrorMessages.Add("Not authorized to access this resource"); return(Unauthorized(result)); } var updateResult = await _userRepository.UpdateUserData(id, updatedData); if (updateResult == null) { result.IsSuccessful = false; result.ErrorMessages.Add("Could not update user data"); return(NotFound(result)); } result.IsSuccessful = true; result.ResultData.Add(updateResult); return(Ok(result)); }
public async Task <ActionResult <ShoppingUserResult> > GetCurrentUser() { var currentUser = await _currentUserProvider.GetUserAsync(); var result = new ShoppingUserResult() { IsSuccessful = true, ResultData = new List <ShoppingUserModel>() { currentUser } }; return(Ok(result)); }
public async Task <ActionResult <ShoppingUserResult> > GetByIdAsync(string id) { ShoppingUserResult result = new ShoppingUserResult(); var currentUser = await _currentUserProvider.GetUserAsync(); var dbUser = await _userRepository.GetUserAsync(new ShoppingUserModel() { Id = id }); if (dbUser == null) { _logger.LogDebug($"No user found with id {id}"); result.IsSuccessful = false; result.ErrorMessages.Add("Not authorized"); return(Unauthorized(result)); } if (currentUser.Id != id) { var groupsInCommon = await _userGroupRepository.GetCommonGroupsAsync(currentUser.Id, id); if (groupsInCommon.Count == 0) { result.IsSuccessful = false; result.ErrorMessages.Add("Not authorized"); return(Unauthorized(result)); } } result.IsSuccessful = true; result.ResultData = new List <ShoppingUserModel>() { dbUser }; return(Ok(result)); }