Exemplo n.º 1
0
        /// <summary>
        /// Delete User
        /// </summary>
        /// <remarks>
        /// Admin User can delete any user.
        /// Non admin user an only delete its own user.
        /// Deleting a user also deletes ssociated babies and associated memories.
        /// </remarks>
        /// <param name="id"></param>
        /// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response>
        /// <returns>null</returns>
        // DELETE: api/User/5
        public async Task <IHttpActionResult> Delete(string id)
        {
            var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);

            if (currentUser is null)
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }

            if (currentUser.Id != id && currentUser.Role != BabyMemoryConstants.AdminUserRole)
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }

            var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);

            if (userBabies != null)
            {
                foreach (var baby in userBabies)
                {
                    _context.Delete <Baby>(baby.Id);
                }
            }

            _context.Delete <User>(id);

            return(StatusCode(HttpStatusCode.NoContent));
        }
Exemplo n.º 2
0
        // GET api/<controller>
        /// <summary>
        /// Get Babies
        /// </summary>
        /// <remarks>
        /// Admin Users get all babies.
        /// Basic Users get only babies for the user.
        /// </remarks>
        /// <returns>Where does this go?</returns>
        /// <example>Where is the example?</example>
        /// <exception cref="HttpResponseException"></exception>
        public async Task <List <Dictionary <string, object> > > Get()
        {
            var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);

            if (currentUser == null)
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }

            var responseDictionaryList = new List <Dictionary <string, object> >();

            if (currentUser.Role == BabyMemoryConstants.AdminUserRole)
            {
                var allBabies = _context.Scan <Baby>();
                responseDictionaryList.AddRange(allBabies.Select(b => ResponseDictionary(b)));
                return(responseDictionaryList);
            }

            var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);

            responseDictionaryList.AddRange(userBabies.Select(userBaby => ResponseDictionary(userBaby)));

            return(responseDictionaryList);
        }
Exemplo n.º 3
0
        // POST api/<controller>
        /// <summary>
        /// Add new memory
        /// </summary>
        /// <param name="memory"></param>
        /// <returns></returns>
        public async Task <IHttpActionResult> Post([FromBody] Memory memory)
        {
            var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);

            if (currentUser == null)
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }

            var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);

            if (!(userBabies.Exists(x => x.Id == memory.BabyId)))
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }

            memory.Id = Guid.NewGuid().ToString("N");
            _context.Save <Memory>(memory);
            return(Created(Url.Route("DefaultApi", new { controller = "Memories" }), ResponseDictionary(memory)));
        }