public async Task <IActionResult> Delete(string sid) { if (String.IsNullOrEmpty(sid)) { return(BadRequest("No data is inputted")); } LearnHistoryViewModel vm = new LearnHistoryViewModel(); if (!vm.ParseGeneratedKey(sid)) { return(BadRequest("Key is not recognized: " + sid)); } String usrName = ""; String scopeFilter = String.Empty; try { var usrObj = HIHAPIUtility.GetUserClaim(this); usrName = usrObj.Value; //var scopeObj = HIHAPIUtility.GetScopeClaim(this, HIHAPIConstants.LearnHistoryScope); //var scopeValue = scopeObj.Value; //if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerAndDispaly) == 0) //{ // return StatusCode(401, "Current user has no authority to delete history!"); //} //else if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerFullControl) == 0) //{ // if (String.CompareOrdinal(usrName, vm.UserID) != 0) // { // return StatusCode(401, "Current user cannot delete the history where he/she is not responsible for."); // } //} } catch { return(BadRequest("Not valid HTTP HEAD: User and Scope Failed!")); } if (String.IsNullOrEmpty(usrName)) { return(BadRequest("User cannot recognize")); } // Update the database SqlConnection conn = null; SqlCommand cmd = null; String queryString = ""; String strErrMsg = ""; HttpStatusCode errorCode = HttpStatusCode.OK; try { using (conn = new SqlConnection(Startup.DBConnectionString)) { await conn.OpenAsync(); // Check Home assignment with current user try { HIHAPIUtility.CheckHIDAssignment(conn, vm.HID, usrName); } catch (Exception exp) { return(BadRequest(exp.Message)); } // Now go ahead for the delete queryString = @"DELETE FROM [dbo].[t_learn_hist] WHERE [HID] = @HID AND [USERID] = @USERID AND [OBJECTID] = @OBJECTID AND [LEARNDATE] = @LEARNDATE;"; cmd = new SqlCommand(queryString, conn); cmd.Parameters.AddWithValue("@HID", vm.HID); cmd.Parameters.AddWithValue("@USERID", vm.UserID); cmd.Parameters.AddWithValue("@OBJECTID", vm.ObjectID); cmd.Parameters.AddWithValue("@LEARNDATE", vm.LearnDate); Int32 nRst = await cmd.ExecuteNonQueryAsync(); } } catch (Exception exp) { System.Diagnostics.Debug.WriteLine(exp.Message); strErrMsg = exp.Message; if (errorCode == HttpStatusCode.OK) { errorCode = HttpStatusCode.InternalServerError; } } finally { if (cmd != null) { cmd.Dispose(); cmd = null; } if (conn != null) { conn.Dispose(); conn = null; } } if (errorCode != HttpStatusCode.OK) { switch (errorCode) { case HttpStatusCode.Unauthorized: return(Unauthorized()); case HttpStatusCode.NotFound: return(NotFound()); case HttpStatusCode.BadRequest: return(BadRequest(strErrMsg)); default: return(StatusCode(500, strErrMsg)); } } return(Ok()); }
public async Task <IActionResult> Put(String sid, [FromBody] LearnHistoryViewModel vm) { if (vm == null || String.CompareOrdinal(sid, vm.GeneratedKey()) != 0) { return(BadRequest("No data is inputted")); } String usrName = ""; String scopeFilter = String.Empty; try { var usrObj = HIHAPIUtility.GetUserClaim(this); usrName = usrObj.Value; //var scopeObj = HIHAPIUtility.GetScopeClaim(this, HIHAPIConstants.LearnHistoryScope); //var scopeValue = scopeObj.Value; //if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerAndDispaly) == 0) //{ // return StatusCode(401, "Current user has no authority to change learn history!"); //} //else if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerFullControl) == 0) //{ // if (String.CompareOrdinal(usrName, vm.UserID) != 0) // { // return StatusCode(401, "Current user cannot change the history where he/she is not responsible for."); // } //} } catch { return(BadRequest("Not valid HTTP HEAD: User and Scope Failed!")); } if (String.IsNullOrEmpty(usrName)) { return(BadRequest("User cannot recognize")); } // Update the database SqlConnection conn = null; SqlCommand cmd = null; SqlDataReader reader = null; String queryString = ""; String strErrMsg = ""; HttpStatusCode errorCode = HttpStatusCode.OK; try { using (conn = new SqlConnection(Startup.DBConnectionString)) { await conn.OpenAsync(); // Check Home assignment with current user try { HIHAPIUtility.CheckHIDAssignment(conn, vm.HID, usrName); } catch (Exception) { errorCode = HttpStatusCode.BadRequest; throw; } // Do the check first: object id String checkString = @"SELECT [ID] FROM [dbo].[t_learn_obj] WHERE [ID] = " + vm.ObjectID.ToString(); cmd = new SqlCommand(checkString, conn); reader = cmd.ExecuteReader(); if (!reader.HasRows) { errorCode = HttpStatusCode.BadRequest; throw new Exception("Invalid Object ID : " + vm.ObjectID.ToString()); } reader.Dispose(); reader = null; cmd.Dispose(); cmd = null; // Do the check: name checkString = @"SELECT [USER] FROM [dbo].[t_homemem] WHERE [HID] = " + vm.HID.ToString() + " AND [USER] = N'" + vm.UserID + "'"; cmd = new SqlCommand(checkString, conn); reader = cmd.ExecuteReader(); if (!reader.HasRows) { errorCode = HttpStatusCode.BadRequest; throw new Exception("Invalid user ID : " + vm.UserID); } reader.Dispose(); reader = null; cmd.Dispose(); cmd = null; // Now go ahead for the creating queryString = @"UPDATE [dbo].[t_learn_hist] SET [COMMENT] = @COMMENT ,[UPDATEDBY] = @UPDATEDBY ,[UPDATEDAT] = @UPDATEDAT WHERE [HID] = @HID AND [USERID] = @USERID AND [OBJECTID] = @OBJECTID AND [LEARNDATE] = @LEARNDATE"; cmd = new SqlCommand(queryString, conn); cmd.Parameters.AddWithValue("@COMMENT", vm.Comment); cmd.Parameters.AddWithValue("@UPDATEDBY", usrName); cmd.Parameters.AddWithValue("@UPDATEDAT", DateTime.Now); cmd.Parameters.AddWithValue("@HID", vm.HID); cmd.Parameters.AddWithValue("@USERID", vm.UserID); cmd.Parameters.AddWithValue("@OBJECTID", vm.ObjectID); cmd.Parameters.AddWithValue("@LEARNDATE", vm.LearnDate); Int32 nRst = await cmd.ExecuteNonQueryAsync(); } } catch (Exception exp) { System.Diagnostics.Debug.WriteLine(exp.Message); strErrMsg = exp.Message; if (errorCode == HttpStatusCode.OK) { errorCode = HttpStatusCode.InternalServerError; } } finally { if (reader != null) { reader.Dispose(); reader = null; } if (cmd != null) { cmd.Dispose(); cmd = null; } if (conn != null) { conn.Dispose(); conn = null; } } if (errorCode != HttpStatusCode.OK) { switch (errorCode) { case HttpStatusCode.Unauthorized: return(Unauthorized()); case HttpStatusCode.NotFound: return(NotFound()); case HttpStatusCode.BadRequest: return(BadRequest(strErrMsg)); default: return(StatusCode(500, strErrMsg)); } } var setting = new Newtonsoft.Json.JsonSerializerSettings { DateFormatString = HIHAPIConstants.DateFormatPattern, ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver() }; return(new JsonResult(vm, setting)); }