public IHttpActionResult GetByID(string id)
{
if (parentsService.ExistsID(id) == false)
{
return(NotFound());
}
return(Ok(parentsService.GetByID(id)));
}
public HttpResponseMessage GetParentById(string id)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Parnet by id: " + id);
try
{
Parent parent = parentsService.GetByID(id);
if (parent == null)
{
logger.Info("The parent with id: " + id + " was not found.");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "The parent with id: " + id + " was not found."));
}
if (userRole == "admin")
{
logger.Info("Requesting found parent convert for " + userRole + "role.");
ParentDTOForAdmin dto = toDTO.ConvertToParentDTOForAdmin(parent, (List <IdentityUserRole>)parent.Roles);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else if (userRole == "teacher")
{
logger.Info("Requesting found parent convert for " + userRole + "role.");
ParentDTOForTeacher dto = toDTO.ConvertToParentDTOForTeacher(parent);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else if (userId == parent.Id ||
parent.Students.Any(x => x.Id == userId) == true ||
parent.Students.Any(x => x.Form.Students.Any(y => y.Id == userId)) == true ||
parent.Students.Any(x => x.Form.Students.Any(y => y.Parent.Id == userId)) == true)
{
logger.Info("Requesting found parent convert for " + userRole + " role.");
ParentDTOForStudentAndParents dto = toDTO.ConvertToParentDTOForStudentAndParent(parent);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}