public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel) { var thing = context.GetAll <DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thing == null) { ModelState.AddModelError("", "Invalid Thing"); return(new HttpResponseMessage <JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest)); } if (!thing.AssignedTo.Any(at => at.AssignedToUserId == viewModel.UserId)) { ModelState.AddModelError("", "A thing can only be removed by its owner."); return(new HttpResponseMessage <JsonValue>(ModelState.ToJson(), HttpStatusCode.BadRequest)); } thing.Complete(viewModel.UserId); context.SaveChanges(); var sThing = thing.MapToServiceModel(); var response = new HttpResponseMessage <ServiceModel.Thing>(sThing, HttpStatusCode.OK); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return(response); }
public HttpResponseMessage Complete(int id, ServiceModel.CompleteThingViewModel viewModel) { var thing = context.GetAll <DomainModel.Thing>() .FirstOrDefault(u => u.Id == id); if (thing == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid thing")); } var user = context.GetAll <DomainModel.User>() .FirstOrDefault(u => u.Id == viewModel.UserId); if (user == null) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound, "Invalid user")); } if (thing.OwnerId != user.Id && !thing.AssignedTo.Any(at => at.AssignedToUserId == user.Id) && !thing.Team.Members.Admins().Any(a => a.Id == user.Id)) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Forbidden, "A thing can only be completed by someone assigned to it, the thing's owner, or a team administrator.")); } thing.Complete(user); context.SaveChanges(); emailService.ThingCompleted(thing.AssignedTo.Select(x => x.AssignedToUser).ToArray(), user, thing).Send(); var sThing = thing.MapToServiceModel(); var response = Request.CreateResponse(HttpStatusCode.OK, sThing); response.Headers.Location = new Uri(Request.RequestUri, "/api/thing/" + thing.Id.ToString()); return(response); }