public async Task <Response <WeekPictogramDTO> > CreatePictogram([FromBody] PictogramDTO pictogram) { var user = await _giraf.LoadUserWithResources(HttpContext.User); if (user == null) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.NotFound)); } if (pictogram == null) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties, "Could not read pictogram DTO. Please make sure not to include image data in this request. " + "Use POST localhost/v1/pictogram/{id}/image instead.")); } if (!ModelState.IsValid) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.InvalidProperties)); } //Create the actual pictogram instance // if access level is not specified, missing properties if (pictogram.AccessLevel == null || !Enum.IsDefined(typeof(AccessLevel), pictogram.AccessLevel)) { return(new ErrorResponse <WeekPictogramDTO>(ErrorCode.MissingProperties, "access level, pictogram")); } Pictogram pict = new Pictogram(pictogram.Title, (AccessLevel)pictogram.AccessLevel); if (pictogram.AccessLevel == AccessLevel.PRIVATE) { //Add relation between pictogram and current user new UserResource(user, pict); } else if (pictogram.AccessLevel == AccessLevel.PROTECTED) { //Add the pictogram to the user's department new DepartmentResource(user.Department, pict); } await _giraf._context.Pictograms.AddAsync(pict); await _giraf._context.SaveChangesAsync(); return(new Response <WeekPictogramDTO>(new WeekPictogramDTO(pict))); }
public async Task <Response <DepartmentDTO> > AddResource(long departmentId, long resourceId) { var usr = await _giraf.LoadUserWithResources(HttpContext.User); //Fetch the department and check that it exists no need to load ressources already on user var department = await _giraf._context.Departments.Where(d => d.Key == departmentId) .Include(d => d.Members) .FirstOrDefaultAsync(); if (department == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentNotFound)); } //Fetch the resource with the given id, check that it exists and that the user owns it. var resource = await _giraf._context.Pictograms.Where(f => f.Id == resourceId).FirstOrDefaultAsync(); if (resource == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound)); } var resourceOwned = await _giraf.CheckPrivateOwnership(resource, usr); if (!resourceOwned) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.NotAuthorized)); } //Check if the department already owns the resource var alreadyOwned = await _giraf._context.DepartmentResources .Where(depres => depres.OtherKey == departmentId && depres.PictogramKey == resourceId) .AnyAsync(); if (alreadyOwned) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.DepartmentAlreadyOwnsResource)); } //Remove resource from user var usrResource = await _giraf._context.UserResources .Where(ur => ur.PictogramKey == resource.Id && ur.OtherKey == usr.Id) .FirstOrDefaultAsync(); if (usrResource == null) { return(new ErrorResponse <DepartmentDTO>(ErrorCode.ResourceNotFound)); } usr.Resources.Remove(usrResource); await _giraf._context.SaveChangesAsync(); //Change resource AccessLevel to Protected from Private resource.AccessLevel = AccessLevel.PROTECTED; //Create a relationship between the department and the resource. var dr = new DepartmentResource(usr.Department, resource); await _giraf._context.DepartmentResources.AddAsync(dr); await _giraf._context.SaveChangesAsync(); //Return Ok and the department - the resource is now visible in deparment.Resources var members = DepartmentDTO.FindMembers(department.Members, _roleManager, _giraf); return(new Response <DepartmentDTO>(new DepartmentDTO(usr.Department, members))); }