public StudentTeacherDTOItems GetTeachersByStudentUserNameForParent(string studentUserName, string parentId) { Parent foundParent = db.ParentsRepository.GetByID(parentId); if (foundParent == null) { //ovo je nemoguce throw new HttpException("The parent with id: " + parentId + " was not found."); } Student foundStudent = db.StudentsRepository.GetByUserName(studentUserName); if (foundStudent == null) { throw new HttpException("The student with username: "******" was not found."); } if (foundStudent.Parent.Id != foundParent.Id) { throw new HttpException("Access Denied. We’re sorry, but you are not authorized to perform the requested operation."); } StudentTeacherDTOItems dto = GetTeachersByStudentUserName(studentUserName); return(dto); }
public HttpResponseMessage GetTeachersByStudentUserName([FromUri] string studentUserName) { string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value; string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value; logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Teacher Collection - " + "By student User Name: " + studentUserName + " - Sorted Asc By Name"); try { if (userRole == "admin" || userRole == "teacher") { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName); if (teachers == null) { logger.Info("Teachers by student User Name: " + studentUserName + " were not found."); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Teachers by student User Name: " + studentUserName + " were not found.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } else if (userRole == "student") { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserName(studentUserName); if (teachers == null || teachers.Id != userId) { logger.Info("Authorisation failure. User " + userId + " is not authorised for this request."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " + "We’re sorry, but you are not authorized to perform the requested operation.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } else { StudentTeacherDTOItems teachers = teachersService.GetTeachersByStudentUserNameForParent(studentUserName, userId); if (teachers == null) { logger.Info("Failed."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, teachers)); } } catch (Exception e) { logger.Error(e); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e)); } }
public StudentTeacherDTOItems GetTeachersByStudentUserName(string studentUserName) { Student foundStudent = db.StudentsRepository.GetByUserName(studentUserName); if (foundStudent == null) { throw new HttpException("The student with username: "******" was not found."); } IEnumerable <FormToTeacherSubject> studentTeachers = db.FormsToTeacherSubjectsRepository.GetAllByFormId(foundStudent.Form.Id); if (studentTeachers.Count() == 0) { throw new HttpException("Teachers list for student " + studentUserName + " is empty."); } StudentTeacherDTOItems dto = new StudentTeacherDTOItems { Id = foundStudent.Id, UserName = foundStudent.UserName, Student = foundStudent.FirstName + " " + foundStudent.LastName, Form = foundStudent.Form.Grade + "-" + foundStudent.Form.Tag, NumberOfTeachers = 0, Teachers = new List <TeacherDTOItem>() }; foreach (var fts in studentTeachers) { TeacherDTOItem teacherDTO = ConvertToTeacherDTOItem(fts); dto.Teachers.Add(teacherDTO); dto.NumberOfTeachers++; } dto.Teachers = dto.Teachers.OrderBy(x => x.Teacher).ToList(); return(dto); }