Exemplo n.º 1
0
        public async Task <ActionResult <ICollection <UserWebInfoDTO> > > UpdateUser(UserWebInfoDTO userWebInfoDTO)
        {
            var userInfo = SecHelper.GetUserInfo(HttpContext.User.Claims);

            try {
                var user = await _context.Users.Where(u => u.Login.Equals(userInfo.Login) && u.ApartmentCode.Equals(userInfo.ApartmentCode)).SingleOrDefaultAsync();

                if (!SecHelper.IsAdmin(user))   // TODO move to claims
                {
                    throw new Exception("Not admin");
                }
                var userToUpdate = await _context.Users.FindAsync(userWebInfoDTO.ID);

                if (userToUpdate == null)
                {
                    return(new NotFoundResult());
                }
                userToUpdate.IsActivated = userWebInfoDTO.IsActivated; // currently only this
                _context.Users.Update(userToUpdate);
                await _context.SaveChangesAsync();

                return(new OkObjectResult(userWebInfoDTO));
            } catch {
                return(new ForbidResult());
            }
        }
Exemplo n.º 2
0
        public async Task <ActionResult <UULResponse> > DeleteNews(long id)
        {
            UULResponse response;
            var         currentUser = HttpContext.User;

            try {
                var user = await UserDao.GetUserFromClaimsOrThrow(_context, HttpContext.User);

                if (!SecHelper.IsAdmin(user))
                {
                    throw new Exception("Access denied");
                }
                var news = await _context.News.FindAsync(id);

                _context.News.Remove(news);
                await _context.SaveChangesAsync();

                response = new UULResponse()
                {
                    Success = true, Message = "News item was deleted", Data = null
                };
            } catch (Exception e) {
                response = new UULResponse()
                {
                    Success = false, Message = e.Message, Data = null
                };
            }
            return(response);
        }
Exemplo n.º 3
0
        public async Task <ActionResult <UULResponse> > CreateOrUpdateNews(NewsWebDTO dto)
        {
            UULResponse response;

            try {
                var user = await UserDao.GetUserFromClaimsOrThrow(_context, HttpContext.User);

                if (!SecHelper.IsAdmin(user))
                {
                    throw new Exception("Access denied");
                }
                var news = new News(dto);
                var now  = DateOperations.Now();
                if (news.ID == null)
                {
                    news.CreatedAt = now;
                }
                else
                {
                    news.UpdatedAt = now;
                }
                string message = "News was created";
                if (news.ID == null)
                {
                    _context.News.Add(news);
                }
                else
                {
                    _context.News.Update(news);
                    message = "News was upadted";
                }
                await _context.SaveChangesAsync();

                response = new UULResponse()
                {
                    Success = true, Message = message, Data = new NewsWebDTO(news)
                };
            } catch (Exception e) {
                response = new UULResponse()
                {
                    Success = false, Message = e.Message, Data = null
                };
            }
            return(response);
        }
Exemplo n.º 4
0
        public async Task <ActionResult <ICollection <UserWebInfoDTO> > > GetUsers()
        {
            var userInfo = SecHelper.GetUserInfo(HttpContext.User.Claims);

            try {
                var user = await _context.Users.Where(u => u.Login.Equals(userInfo.Login) && u.ApartmentCode.Equals(userInfo.ApartmentCode)).SingleOrDefaultAsync();

                if (!SecHelper.IsAdmin(user))   // TODO move to claims
                {
                    throw new Exception("Not admin");
                }
                var userDTOs = await _context.Users.Where(u => !u.Login.Equals(userInfo.Login) && !u.ApartmentCode.Equals(userInfo.ApartmentCode)).OrderBy(u => u.ApartmentCode).Select(u => new UserWebInfoDTO(u)).ToListAsync();

                return(new OkObjectResult(userDTOs));
            } catch {
                return(new ForbidResult());
            }
        }