public async Task <bool> IsInstallerOwner(WebAppUser user, string idForm, string idStore)
{
bool result = await IsRights("-set-own", user, idForm);
if (!result)
{
return(result);
}
MtdStoreOwner mtdStoreOwner = await _context.MtdStoreOwner.FindAsync(idStore);
if (mtdStoreOwner == null)
{
return(await IsAdmin(user));
}
List <WebAppUser> webAppUsers = await GetUsersInGroupsAsync(user);
if (webAppUsers.Count == 0)
{
return(result);
}
List <string> userIds = webAppUsers.Select(x => x.Id).ToList();
return(webAppUsers.Where(x => userIds.Contains(mtdStoreOwner.UserId)).Any());
}
public async Task <IActionResult> OnPostSetOwnerAsync()
{
IFormCollection requestForm = await Request.ReadFormAsync();
string idStore = requestForm["setowner-id-store"];
string idUser = requestForm["setowner-id-user"];
WebAppUser webAppUser = await _userHandler.FindByIdAsync(idUser);
if (webAppUser != null)
{
MtdStoreOwner mtdStoreOwner = await _context.MtdStoreOwner.Include(x => x.IdNavigation).FirstOrDefaultAsync(x => x.Id == idStore);
if (mtdStoreOwner == null)
{
string idForm = mtdStoreOwner.IdNavigation.MtdForm;
bool IsInstllerOwner = await _userHandler.IsInstallerOwner(webAppUser, idForm, mtdStoreOwner.Id);
if (!IsInstllerOwner)
{
return(Forbid());
}
mtdStoreOwner = new MtdStoreOwner
{
Id = idStore,
UserId = webAppUser.Id,
UserName = webAppUser.Title
};
await _context.MtdStoreOwner.AddAsync(mtdStoreOwner);
await _context.SaveChangesAsync();
return(Ok());
}
mtdStoreOwner.UserId = webAppUser.Id;
mtdStoreOwner.UserName = webAppUser.Title;
_context.Entry(mtdStoreOwner).State = EntityState.Modified;
await _context.SaveChangesAsync();
}
return(Ok());
}