public FormDTOForAdmin Update(int id, PutFormDTO updated)
{
Form found = GetByID(id);
if (found == null)
{
throw new HttpException("The Form with id: " + updated.Id + " was not found.");
}
if (updated.Grade != null)
{
found.Grade = (int)updated.Grade;
}
if (updated.Tag != null)
{
found.Tag = updated.Tag;
}
if (updated.Started != null)
{
found.Started = (DateTime)updated.Started;
}
if (updated.AttendingTeacherId != null)
{
Teacher foundTeacher = db.TeachersRepository.GetByID(updated.AttendingTeacherId);
if (foundTeacher == null)
{
throw new HttpException("Attending teacher with id: " + updated.AttendingTeacherId + " was not found.");
}
if (foundTeacher.FormAttending != null && foundTeacher.FormAttending.Id != found.Id)
{
throw new HttpException("The teacher id " + updated.AttendingTeacherId + " is already assigned to the form " +
"with id: " + foundTeacher.FormAttending.Id + ". The teacher can only attend one form at a time.");
}
if (foundTeacher.IsStillWorking == false)
{
throw new HttpException("The teacher id " + foundTeacher.Id + " is no longer working in this shool. " +
"You must assing someone who is still working.");
}
found.AttendingTeacher = foundTeacher;
}
db.FormsRepository.Update(found);
Form duplicate = db.FormsRepository.GetDuplicate(found.Grade, found.Tag, found.Started.Year);
if (duplicate != null && duplicate.Id != found.Id)
{
throw new HttpException("The form you are creating by this update is already in the system. " +
"The form id:" + duplicate.Id);
}
db.Save();
FormDTOForAdmin updatedDTO = new FormDTOForAdmin();
updatedDTO = toDTO.ConvertToFormDTOForAdmin(found);
return(updatedDTO);
}
public HttpResponseMessage GetForm(int id)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Form by id: " + id);
try
{
Form form = formsService.GetByID(id);
if (form == null)
{
logger.Info("The form with id: " + id + " was not found.");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "The form with id: " + id + " was not found."));
}
if (userRole == "admin")
{
logger.Info("Requesting found form convert for " + userRole + "role.");
FormDTOForAdmin dto = toDTO.ConvertToFormDTOForAdmin(form);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else if (userRole == "teacher")
{
logger.Info("Requesting found form convert for " + userRole + "role.");
FormDTOForTeacher dto = toDTO.ConvertToFormDTOForTeacher(form);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else if (form.Students.Any(x => x.Id == userId) == true ||
form.Students.Any(x => x.Parent.Id == userId) == true)
{
logger.Info("Requesting found form convert for " + userRole + " role.");
FormDTOForStudentAndParents dto = toDTO.ConvertToFormDTOForStudentAndParent(form);
if (dto == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Something went wrong."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, dto));
}
else
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}
