public FormDTOForAdmin Update(int id, PutFormDTO updated) { Form found = GetByID(id); if (found == null) { throw new HttpException("The Form with id: " + updated.Id + " was not found."); } if (updated.Grade != null) { found.Grade = (int)updated.Grade; } if (updated.Tag != null) { found.Tag = updated.Tag; } if (updated.Started != null) { found.Started = (DateTime)updated.Started; } if (updated.AttendingTeacherId != null) { Teacher foundTeacher = db.TeachersRepository.GetByID(updated.AttendingTeacherId); if (foundTeacher == null) { throw new HttpException("Attending teacher with id: " + updated.AttendingTeacherId + " was not found."); } if (foundTeacher.FormAttending != null && foundTeacher.FormAttending.Id != found.Id) { throw new HttpException("The teacher id " + updated.AttendingTeacherId + " is already assigned to the form " + "with id: " + foundTeacher.FormAttending.Id + ". The teacher can only attend one form at a time."); } if (foundTeacher.IsStillWorking == false) { throw new HttpException("The teacher id " + foundTeacher.Id + " is no longer working in this shool. " + "You must assing someone who is still working."); } found.AttendingTeacher = foundTeacher; } db.FormsRepository.Update(found); Form duplicate = db.FormsRepository.GetDuplicate(found.Grade, found.Tag, found.Started.Year); if (duplicate != null && duplicate.Id != found.Id) { throw new HttpException("The form you are creating by this update is already in the system. " + "The form id:" + duplicate.Id); } db.Save(); FormDTOForAdmin updatedDTO = new FormDTOForAdmin(); updatedDTO = toDTO.ConvertToFormDTOForAdmin(found); return(updatedDTO); }
public HttpResponseMessage GetForm(int id) { string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value; string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value; logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Form by id: " + id); try { Form form = formsService.GetByID(id); if (form == null) { logger.Info("The form with id: " + id + " was not found."); return(Request.CreateResponse(HttpStatusCode.BadRequest, "The form with id: " + id + " was not found.")); } if (userRole == "admin") { logger.Info("Requesting found form convert for " + userRole + "role."); FormDTOForAdmin dto = toDTO.ConvertToFormDTOForAdmin(form); if (dto == null) { logger.Info("Failed!"); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, dto)); } else if (userRole == "teacher") { logger.Info("Requesting found form convert for " + userRole + "role."); FormDTOForTeacher dto = toDTO.ConvertToFormDTOForTeacher(form); if (dto == null) { logger.Info("Failed!"); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, dto)); } else if (form.Students.Any(x => x.Id == userId) == true || form.Students.Any(x => x.Parent.Id == userId) == true) { logger.Info("Requesting found form convert for " + userRole + " role."); FormDTOForStudentAndParents dto = toDTO.ConvertToFormDTOForStudentAndParent(form); if (dto == null) { logger.Info("Failed!"); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, dto)); } else { logger.Info("Authorisation failure. User " + userId + " is not authorised for this request."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " + "We’re sorry, but you are not authorized to perform the requested operation.")); } } catch (Exception e) { logger.Error(e); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e)); } }