public StudentTeacherDTOItems GetTeachersByStudentUserNameForParent(string studentUserName, string parentId)
{
Parent foundParent = db.ParentsRepository.GetByID(parentId);
if (foundParent == null)
{
//ovo je nemoguce
throw new HttpException("The parent with id: " + parentId + " was not found.");
}
Student foundStudent = db.StudentsRepository.GetByUserName(studentUserName);
if (foundStudent == null)
{
throw new HttpException("The student with username: "******" was not found.");
}
if (foundStudent.Parent.Id != foundParent.Id)
{
throw new HttpException("Access Denied. We’re sorry, but you are not authorized to perform the requested operation.");
}
StudentTeacherDTOItems dto = GetTeachersByStudentUserName(studentUserName);
return(dto);
}
public HttpResponseMessage GetTeachersByStudentUserName([FromUri] string studentUserName)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Teacher Collection - " +
"By student User Name: " + studentUserName + " - Sorted Asc By Name");
try
{
if (userRole == "admin" || userRole == "teacher")
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName);
if (teachers == null)
{
logger.Info("Teachers by student User Name: " + studentUserName + " were not found.");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Teachers by student User Name: " + studentUserName + " were not found."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
else if (userRole == "student")
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName);
if (teachers == null || teachers.Id != userId)
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
else
{
StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserNameForParent(studentUserName, userId);
if (teachers == null)
{
logger.Info("Failed.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, teachers));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}
public StudentTeacherDTOItems GetTeachersByStudentUserName(string studentUserName)
{
Student foundStudent = db.StudentsRepository.GetByUserName(studentUserName);
if (foundStudent == null)
{
throw new HttpException("The student with username: "******" was not found.");
}
IEnumerable <FormToTeacherSubject> studentTeachers = db.FormsToTeacherSubjectsRepository.GetAllByFormId(foundStudent.Form.Id);
if (studentTeachers.Count() == 0)
{
throw new HttpException("Teachers list for student " + studentUserName + " is empty.");
}
StudentTeacherDTOItems dto = new StudentTeacherDTOItems
{
Id = foundStudent.Id,
UserName = foundStudent.UserName,
Student = foundStudent.FirstName + " " + foundStudent.LastName,
Form = foundStudent.Form.Grade + "-" + foundStudent.Form.Tag,
NumberOfTeachers = 0,
Teachers = new List <TeacherDTOItem>()
};
foreach (var fts in studentTeachers)
{
TeacherDTOItem teacherDTO = ConvertToTeacherDTOItem(fts);
dto.Teachers.Add(teacherDTO);
dto.NumberOfTeachers++;
}
dto.Teachers = dto.Teachers.OrderBy(x => x.Teacher).ToList();
return(dto);
}