public async Task <ActionResult> DeleteOwner(int id, int userid) { // Is the requester authorized? if (GetAuthorizedOwnershipLevel(id) < OwnershipLevel.Administrator) { if (userid != AuthorizedID) { return(Forbidden()); } } // Does this ownership exist? EventOwnership ownership = await Db.EventOwnerships.FirstOrDefaultAsync(o => (o.Event.ID == id) && (o.User.ID == userid)); if (ownership == null) { return(NotFound("Ownership not found")); } // Any admins left? if ((ownership.OwnershipLevel == OwnershipLevel.Administrator) && (Db.EventOwnerships.Count(o => (o.Event.ID == id) && (o.OwnershipLevel == OwnershipLevel.Administrator)) == 1)) { return(BadRequest("Cannot remove last administrator from an event.")); } Db.EventOwnerships.Remove(ownership); await Db.SaveChangesAsync(); return(Ok()); }
private OwnershipLevel GetAuthorizedOwnershipLevel(int eventid) { if (AuthorizedSecurityLevel >= SecurityLevel.Administrator) { return(OwnershipLevel.Administrator); } EventOwnership ownership = Db.EventOwnerships.FirstOrDefault(o => (o.Event.ID == eventid) && (o.User.ID == AuthorizedID)); if (ownership == null) { return(OwnershipLevel.None); } return(ownership.OwnershipLevel); }
public async Task <ActionResult> CreateOwner(int id, int userid, [FromBody] OwnershipLevel ownershipLevel) { // Is the requester authorized? if (GetAuthorizedOwnershipLevel(id) < OwnershipLevel.Administrator) { return(Forbidden()); } Event @event = await Db.Events.FindAsync(id); if (@event == null) { return(NotFound("Event not found")); } User user = await Db.Users.FindAsync(userid); if (user == null) { return(NotFound("User not found")); } EventOwnership ownership = await Db.EventOwnerships.FirstOrDefaultAsync(o => (o.Event.ID == id) && (o.User.ID == userid)); // Already set? if (ownership?.OwnershipLevel == ownershipLevel) { return(Ok()); // done } if (ownership != null) { ownership.OwnershipLevel = ownershipLevel; Db.EventOwnerships.Update(ownership); } else { Db.EventOwnerships.Add(new EventOwnership() { Event = @event, User = user, OwnershipLevel = ownershipLevel }); } await Db.SaveChangesAsync(); return(Ok()); }