public HttpResponseMessage ApproveTimesheetEntry([FromBody] TimesheetEntryDTO timesheetEntryDTO)
{
if (Is <TimesheetFeature> .Enabled)
{
TimesheetEntry timesheetEntry = db.TimesheetEntries.Find(timesheetEntryDTO.Id);
if (timesheetEntry == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
var email = HttpContext.Current.User.Identity.Name;
UserProfile userProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == email);
if (userProfile == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
//Check business rules
if (!timesheetEntryDTO.FinishDateTime.HasValue)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Finish time for shift must be specified"));
}
if (timesheetEntryDTO.FinishDateTime.Value < timesheetEntryDTO.StartDateTime)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Finish time for shift must be AFTER start time"));
}
if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", timesheetEntry.TimeCard.BusinessLocation.Business.Id.ToString()))
{
timesheetEntry.Approved = true;
timesheetEntry.ApprovedDateTime = WebUI.Common.Common.DateTimeNowLocal();
timesheetEntry.ApprovedBy = userProfile;
timesheetEntry.StartDateTime = timesheetEntryDTO.StartDateTime;
timesheetEntry.FinishDateTime = timesheetEntryDTO.FinishDateTime;
try
{
db.Entry(timesheetEntry).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented));
}
}
public void Put(Guid id, [FromBody] ShiftTemplateDTO shiftTemplateDTO)
{
if (ModelState.IsValid)
{
if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", shiftTemplateDTO.BusinessId.ToString()))
{
var shiftTemplate = MapperFacade.MapperConfiguration.Map <ShiftTemplateDTO, ShiftTemplate>(shiftTemplateDTO, db.ShiftTemplates.Find(shiftTemplateDTO.Id));
//Business rules
if (shiftTemplateDTO.StartTime > shiftTemplateDTO.FinishTime && !shiftTemplateDTO.FinishNextDay)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Shift start time must be before end time"));
}
//Role selected must be applicable to the Employee
if (shiftTemplateDTO.EmployeeId != null && shiftTemplateDTO.RoleId.HasValue && db.Employees.Find(shiftTemplateDTO.EmployeeId).Roles.FirstOrDefault(r => r.Id == shiftTemplateDTO.RoleId) == null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Employee does not have the role specified"));
}
if (shiftTemplateDTO.InternalLocationId.HasValue)
{
shiftTemplate.InternalLocation = db.InternalLocations.Find(shiftTemplateDTO.InternalLocationId);
}
else
{
db.Entry(shiftTemplate).Reference(r => r.InternalLocation).CurrentValue = null;
}
if (shiftTemplateDTO.RoleId.HasValue)
{
shiftTemplate.Role = db.Roles.Find(shiftTemplateDTO.RoleId);
}
else
{
db.Entry(shiftTemplate).Reference(r => r.Role).CurrentValue = null;
}
if (shiftTemplateDTO.EmployeeId.HasValue)
{
shiftTemplate.Employee = db.Employees.Find(shiftTemplateDTO.EmployeeId);
}
else
{
db.Entry(shiftTemplate).Reference(r => r.Employee).CurrentValue = null;
}
db.Entry(shiftTemplate).State = EntityState.Modified;
db.SaveChanges();
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
else
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
}
public HttpResponseMessage PutBusiness(Guid id, BusinessDetailsDTO businessDTO)
{
if (ClaimsAuthorization.CheckAccess("Put", "BusinessId", id.ToString()))
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != businessDTO.Id)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
try
{
var business = MapperFacade.MapperConfiguration.Map <BusinessDetailsDTO, Business>(businessDTO, db.Businesses.Single(b => b.Id == id));
//Lookup BusinessType and attach, so that no updates or inserts are performed on BusinessType lookup table
business.Type = db.BusinessTypes.Single(t => t.Id == businessDTO.TypeId);
////Apply any role updates or inserts
//foreach (RoleDTO roleDTO in businessDTO.Roles)
//{
// Role role = business.Roles.FirstOrDefault(r => r.Id == roleDTO.Id);
// //If there is a role, then need to update
// if (role != null)
// role.Name = roleDTO.Name;
// else //This is a new role being added
// {
// var newRole = MapperFacade.MapperConfiguration.Map<RoleDTO, Role>(roleDTO);
// newRole.Id = Guid.NewGuid();
// business.Roles.Add(newRole);
// } //Note: deletion of roles is not supported here
//}
db.Entry(business).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
public HttpResponseMessage Put(Guid id, BusinessPreferencesDTO businessPrefDTO)
{
if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", businessPrefDTO.BusinessLocationId.ToString()))
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != businessPrefDTO.Id)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
try
{
var businessPreferences = MapperFacade.MapperConfiguration.Map <BusinessPreferencesDTO, BusinessPreferences>(businessPrefDTO, db.BusinessPreferences.Find(businessPrefDTO.Id));
db.Entry(businessPreferences).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
// PUT api/BusinessTypeAPI/5
public HttpResponseMessage PutBusinessType(int id, BusinessType businesstype)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != businesstype.Id)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
db.Entry(businesstype).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
public HttpResponseMessage PutShift(Guid id, ShiftDTO shiftDTO)
{
var businessLocId = db.Shifts.Find(id).Roster.BusinessLocation.Id;
if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", businessLocId.ToString()))
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != shiftDTO.Id)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Id provided does not match object."));
}
try
{
var shift = MapperFacade.MapperConfiguration.Map <ShiftDTO, Shift>(shiftDTO, db.Shifts.Single(s => s.Id == id));
//If an already published shift is being edited need to send notifications for any changes to employee as a cancel notification
if (shift.IsPublished)
{
//Notify employee that the shift is being taken from as a cancellation
if (shift.Employee != null && shift.Employee.UserProfile != null && shift.Employee.Id != shiftDTO.EmployeeId)
{
MessagingService.ShiftCancelled(shift.Employee.UserProfile.Email, shift.Employee.UserProfile.FirstName, shift.InternalLocation.BusinessLocation.Name, shift.StartTime, shift.FinishTime);
}
}
//If the employee assigned to the shift has changed, need to notify them that they have a shift broadcast
var employeeAdded = (shiftDTO.EmployeeId != null && (shift.Employee == null || shift.Employee.Id != shiftDTO.EmployeeId));
shift.Employee = db.Employees.Find(shiftDTO.EmployeeId);
//Notify the employee they have been added to a published shift
if (shift.IsPublished && employeeAdded && shift.Employee.UserProfile != null)
{
MessagingService.ShiftBroadcast(shift.Employee.UserProfile.Email, shift.Employee.UserProfile.FirstName);
}
shift.InternalLocation = db.InternalLocations.Find(shiftDTO.InternalLocationId);
shift.Role = db.Roles.Find(shiftDTO.RoleId);
db.Entry(shift).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
public void AddTokenDetails([FromBody] PaymentDetailsDTO paymentDetailsDTO)
{
if (Is <PaymentFeature> .Enabled)
{
var employee = db.Employees.Find(paymentDetailsDTO.EmployeeID);
if (employee != null)
{
if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString()))
{
var paymentdetails = new PaymentDetails
{
Id = Guid.NewGuid()
};
if (employee.PaymentDetails != null)
{
paymentdetails = employee.PaymentDetails;
}
paymentdetails.TokenCustomerID = paymentDetailsDTO.TokenCustomerID;
paymentdetails.BusinessLocation = employee.BusinessLocation;
paymentdetails.CreatedDate = WebUI.Common.Common.DateTimeNowLocal();
//If there is another payment detail from a different employee then delete
if (employee.BusinessLocation.PaymentDetails != null &&
employee.BusinessLocation.PaymentDetails.Employee.Id != employee.Id)
{
//employee.BusinessLocation.PaymentDetails.
db.Entry(employee.BusinessLocation.PaymentDetails).State = EntityState.Deleted;
}
employee.PaymentDetails = paymentdetails;
db.SaveChanges();
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented));
}
}
// PUT api/calendarapi/5
public HttpResponseMessage Put(int id, [FromBody] ScheduleDTO scheduleDTO)
{
if (ModelState.IsValid)
//&& scheduleDTO.EndDate > calendarEventDTO.StartTime) //Ensure entry is a valid start date and finish date
{
var schedule = db.Schedules.Find(scheduleDTO.Id);
if (schedule == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Unable to find schedule with given id"));
}
//Ensure only supported types created.
if (scheduleDTO.Frequency != 0 && scheduleDTO.Frequency != 1 && scheduleDTO.Frequency != 2)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Frequency not supported. Must be once off (0), Daily (1) or Weekly(2)"));
}
if (schedule.UserProfile.Email != User.Identity.Name)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You are not authorised to access this schedule"));
}
try
{
var scheduleMOD = MapperFacade.MapperConfiguration.Map <ScheduleDTO, Schedule>(scheduleDTO, schedule);
db.Entry(scheduleMOD).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
}
public HttpResponseMessage Put(Guid id, UserPreferencesDTO usrPrefDTO)
{
var email = HttpContext.Current.User.Identity.Name;
UserProfile usrProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == email && usr.Id == id);
if (usrProfile != null)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
try
{
var userPreferences = db.UserPreferences.Find(usrPrefDTO.Id);
//If NULL, then retain any existing image data as no overrite is occurring (we don't pass back the whole image each time)
//This is a bit of a hack, best solution is to seperate out any uploaded documents as per this page (http://www.codeproject.com/Articles/658522/Storing-Images-in-SQL-Server-using-EF-and-ASP-NET)
if (usrPrefDTO.ImageData == null)
{
usrPrefDTO.ImageData = userPreferences.ImageData;
usrPrefDTO.ImageType = userPreferences.ImageType;
}
userPreferences = MapperFacade.MapperConfiguration.Map <UserPreferencesDTO, UserPreferences>(usrPrefDTO, userPreferences);
db.Entry(userPreferences).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
public HttpResponseMessage PutConfirmToken(string id)
{
if (db.security_Membership.SingleOrDefault(m => m.ConfirmationToken == id) == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.Conflict, "Cofirmation token does not exist"));
}
else
{
var secMembership = db.security_Membership.Single(m => m.ConfirmationToken == id);
//Remove token and set IsConfrimed to true
secMembership.ConfirmationToken = null;
secMembership.IsConfirmed = true;
db.Entry(secMembership).State = EntityState.Modified;
db.SaveChanges();
}
//Update account to be confirmed
return(Request.CreateResponse(HttpStatusCode.OK));
}
// PUT api/calendarapi/5
public HttpResponseMessage Put(Guid id, [FromBody] CalendarEventDTO calendarEventDTO)
{
if (ModelState.IsValid &&
calendarEventDTO.FinishTime > calendarEventDTO.StartTime) //Ensure entry is a valid start date and finish date
{
var calendarEvent = db.CalendarEvents.Find(calendarEventDTO.Id);
if (calendarEvent == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Unable to find calendar event with given id"));
}
if (calendarEvent.UserProfile.Email != User.Identity.Name)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You are not authorised to access this calendar event"));
}
try
{
var calendarEventMOD = Mapper.Map <CalendarEventDTO, CalendarEvent>(calendarEventDTO, calendarEvent);
db.Entry(calendarEventMOD).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}
else
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
}
// PUT api/<controller>/5
public void Put(Guid id, [FromBody] ShiftBlockDTO shiftBlockDTO)
{
if (Is <ShiftBlockFeature> .Enabled)
{
if (ModelState.IsValid)
{
if (ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", shiftBlockDTO.BusinessLocationId.ToString()))
{
var shiftBlock = MapperFacade.MapperConfiguration.Map <ShiftBlockDTO, ShiftBlock>(shiftBlockDTO, db.ShiftBlocks.Single(st => st.Id == id));
//Business rules
if (shiftBlockDTO.StartTime > shiftBlockDTO.FinishTime && !shiftBlockDTO.FinishNextDay)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "ShiftBlock start time must be before end time"));
}
shiftBlock.Role = db.Roles.Find(shiftBlockDTO.RoleId);
db.Entry(shiftBlock).State = EntityState.Modified;
db.SaveChanges();
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
}
else
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
}
else
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotImplemented));
}
}
// PUT api/EmployeeAPI/5
public HttpResponseMessage PutEmployee(Guid id, EmployeeDTO employeeDTO)
{
if (!ModelState.IsValid)
{
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState));
}
if (id != employeeDTO.Id)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added"));
}
try
{
bool sendEmailNotification = false;
var employee = db.Employees.Find(id);
if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString()))
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission"));
}
//Do not allow modification of email addresses which are linked to userprofiles already
if (employee.UserProfile != null && employeeDTO.Email != employee.Email)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "You can not modify email address for an employee which is linked to a registered user"));
}
//If the email address is being updated then send notification to new address
if (employee.Email != employeeDTO.Email && !String.IsNullOrEmpty(employeeDTO.Email))
{
sendEmailNotification = true;
}
//Map the updates across to original object
employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO, employee);
//Check to see if there is already an employee with this same email address registered for the business location.
var employeeExistingEmail = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employee.Email && emp.Id != employee.Id && emp.BusinessLocation.Id == employee.BusinessLocation.Id);
if (employeeExistingEmail != null)
{
throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business"));
}
//Lookup BusinessLocation and attach, so that no updates or inserts are performed on BusinessType lookup table
var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId);
employee.BusinessLocation = busLoc;
if (employee.IsAdmin)
{
employee.ManagerBusinessLocations.Add(busLoc);
}
else
{
//if not admin but currently linked
if (employee.ManagerBusinessLocations.Contains(busLoc))
{
employee.ManagerBusinessLocations.Remove(busLoc);
}
}
//Hook up any roles selected
employee.Roles.Clear(); //Clear first so we can hook up correct DB items
if (employeeDTO.Roles != null)
{
foreach (RoleDTO roleDTO in employeeDTO.Roles)
{
Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id);
if (role == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
employee.Roles.Add(role);
}
}
//If user email has been updated then send notification and request
if (sendEmailNotification)
{
//Remove any old employee requests
if (employee.EmployeeRequest != null)
{
db.Entry(employee.EmployeeRequest).State = EntityState.Deleted;
}
//Create an entry in the EMployeeRequest table
EmployeeRequest empRequest = new EmployeeRequest()
{
Id = Guid.NewGuid(),
CreatedDate = WebUI.Common.Common.DateTimeNowLocal(),
Status = RequestStatus.Pending,
BusinessLocation = employee.BusinessLocation
};
employee.EmployeeRequest = empRequest;
//If an existing user profile exists with matching email address
if (db.UserProfiles.Any(usr => usr.Email == employee.Email))
{
//Send user email notifying them that a business has registered their email and they need to approve to link
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, employee.Email, employee.MobilePhone);
}
else //Send email notifying them that they have been registered with a business and invite to register an account
{
MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone);
}
}
db.Entry(employee).State = EntityState.Modified;
db.SaveChanges();
}
catch (DbUpdateConcurrencyException ex)
{
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex));
}
return(Request.CreateResponse(HttpStatusCode.OK));
}