public IHttpActionResult CreateGradeAsTeacher(int teacherId, GradeDto gradeDto)
{
var userData = IdentityHelper.GetLoggedInUser(RequestContext);
logger.Info("Create Grade {@gradeData} for Teacher {@teacherId} by {@userData}", gradeDto, teacherId, userData);
if (teacherId != gradeDto.TeacherId)
{
return(BadRequest("Id mismatch"));
}
if (userData.UserRole != "teachers")
{
return(Unauthorized());
}
if (teacherId != userData.UserId)
{
throw new UnauthorizedAccessException(string.Format("You are not allowed to assign grades for teacher {0}", teacherId));
}
GradeDto createdGrade = gradesService.CreateGradeDto(gradeDto);
logger.Info("Teacher {@userData} created grade {@gradeData}", userData, createdGrade);
return(CreatedAtRoute("GetGrade", new { gradeId = createdGrade.GradeId }, createdGrade));
}