public async Task <Response <WeekPictogramDTO> > CreatePictogram([FromBody] PictogramDTO pictogram)
{
var user = await _giraf.LoadUserWithResources(HttpContext.User);
if (user == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotFound));
}
if (pictogram == null)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties,
"Could not read pictogram DTO. Please make sure not to include image data in this request. " +
"Use POST localhost/v1/pictogram/{id}/image instead."));
}
if (!ModelState.IsValid)
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.InvalidProperties));
}
//Create the actual pictogram instance
// if access level is not specified, missing properties
if (pictogram.AccessLevel == null || !Enum.IsDefined(typeof(AccessLevel), pictogram.AccessLevel))
{
return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties, "access level, pictogram"));
}
Pictogram pict =
new Pictogram(pictogram.Title, (AccessLevel)pictogram.AccessLevel);
if (pictogram.AccessLevel == AccessLevel.PRIVATE)
{
//Add relation between pictogram and current user
new UserResource(user, pict);
}
else if (pictogram.AccessLevel == AccessLevel.PROTECTED)
{
//Add the pictogram to the user's department
new DepartmentResource(user.Department, pict);
}
await _giraf._context.Pictograms.AddAsync(pict);
await _giraf._context.SaveChangesAsync();
return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pict)));
}
public async Task <Response <DepartmentDTO> > AddResource(long departmentId, long resourceId)
{
var usr = await _giraf.LoadUserWithResources(HttpContext.User);
//Fetch the department and check that it exists no need to load ressources already on user
var department = await _giraf._context.Departments.Where(d => d.Key == departmentId)
.Include(d => d.Members)
.FirstOrDefaultAsync();
if (department == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentNotFound));
}
//Fetch the resource with the given id, check that it exists and that the user owns it.
var resource = await _giraf._context.Pictograms.Where(f => f.Id == resourceId).FirstOrDefaultAsync();
if (resource == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
}
var resourceOwned = await _giraf.CheckPrivateOwnership(resource, usr);
if (!resourceOwned)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized));
}
//Check if the department already owns the resource
var alreadyOwned = await _giraf._context.DepartmentResources
.Where(depres => depres.OtherKey == departmentId &&
depres.PictogramKey == resourceId)
.AnyAsync();
if (alreadyOwned)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentAlreadyOwnsResource));
}
//Remove resource from user
var usrResource = await _giraf._context.UserResources
.Where(ur => ur.PictogramKey == resource.Id && ur.OtherKey == usr.Id)
.FirstOrDefaultAsync();
if (usrResource == null)
{
return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound));
}
usr.Resources.Remove(usrResource);
await _giraf._context.SaveChangesAsync();
//Change resource AccessLevel to Protected from Private
resource.AccessLevel = AccessLevel.PROTECTED;
//Create a relationship between the department and the resource.
var dr = new DepartmentResource(usr.Department, resource);
await _giraf._context.DepartmentResources.AddAsync(dr);
await _giraf._context.SaveChangesAsync();
//Return Ok and the department - the resource is now visible in deparment.Resources
var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf);
return(new Response <DepartmentDTO>(new DepartmentDTO(usr.Department, members)));
}