public async Task <ActionResult <ShoppingUserResult> > GetUsersInGroup(string id)
{
ShoppingUserResult result = new ShoppingUserResult();
var user = await _userProvider.GetUserAsync();
try
{
bool isUserInGroup = await _userGroups.UserIsInGroupAsync(id, user.Id);
bool isAdmin = await _userProvider.IsUserAdminAsync();
if (!(isAdmin || isUserInGroup))
{
result.IsSuccessful = false;
result.ErrorMessages.Add("Not authorized");
return(Unauthorized(result));
}
var usersInGroup = await _userGroups.GetUsersInGroup(id);
result.IsSuccessful = true;
result.ResultData = usersInGroup;
}
catch (ItemNotFoundException e)
{
result.IsSuccessful = false;
result.ErrorMessages.Add(e.Message);
return(NotFound(result));
}
return(Ok(result));
}
public async Task <ActionResult <ShoppingUserResult> > UpdateUserData(string id, [FromBody] ShoppingUserModel updatedData)
{
ShoppingUserResult result = new ShoppingUserResult();
if (id != updatedData.Id)
{
result.IsSuccessful = false;
result.ErrorMessages.Add($"Ids do not match");
return(BadRequest(result));
}
if (!(await IsUserAuthorized(id)))
{
result.IsSuccessful = false;
result.ErrorMessages.Add("Not authorized to access this resource");
return(Unauthorized(result));
}
var updateResult = await _userRepository.UpdateUserData(id, updatedData);
if (updateResult == null)
{
result.IsSuccessful = false;
result.ErrorMessages.Add("Could not update user data");
return(NotFound(result));
}
result.IsSuccessful = true;
result.ResultData.Add(updateResult);
return(Ok(result));
}
public async Task <ActionResult <ShoppingUserResult> > GetCurrentUser()
{
var currentUser = await _currentUserProvider.GetUserAsync();
var result = new ShoppingUserResult()
{
IsSuccessful = true,
ResultData = new List <ShoppingUserModel>()
{
currentUser
}
};
return(Ok(result));
}
public async Task <ActionResult <ShoppingUserResult> > GetByIdAsync(string id)
{
ShoppingUserResult result = new ShoppingUserResult();
var currentUser = await _currentUserProvider.GetUserAsync();
var dbUser = await _userRepository.GetUserAsync(new ShoppingUserModel()
{
Id = id
});
if (dbUser == null)
{
_logger.LogDebug($"No user found with id {id}");
result.IsSuccessful = false;
result.ErrorMessages.Add("Not authorized");
return(Unauthorized(result));
}
if (currentUser.Id != id)
{
var groupsInCommon = await _userGroupRepository.GetCommonGroupsAsync(currentUser.Id, id);
if (groupsInCommon.Count == 0)
{
result.IsSuccessful = false;
result.ErrorMessages.Add("Not authorized");
return(Unauthorized(result));
}
}
result.IsSuccessful = true;
result.ResultData = new List <ShoppingUserModel>()
{
dbUser
};
return(Ok(result));
}
