public async Task <IHttpActionResult> PutUpdateSequencialRestricted(int id, SequenceACL sequence) { //Check the user is a Admin User var userId = User.Identity.GetUserId(); UserACL userAclForAdmin = await db.UserAcls.Where(x => x.UserId == userId).SingleOrDefaultAsync(); if (userAclForAdmin.UserType != Admin) { return(BadRequest("Only Admin User can Update Sequencial Restricted")); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Document document = await db.Documents.FindAsync(id); if (document == null) { return(NotFound()); } // Check Sequencial List is already created. var sequencialListToCheck = await db.SequenceAcls.Where(x => x.DocAclId == document.DocumentACLId).SingleOrDefaultAsync(); if (sequencialListToCheck != null) { return(BadRequest("Sequencial list is already Exist.")); } // only sequence and present access is updated DocumentACL aDocumentAcl = await db.DocumentAcls.Where(x => x.DocumentId == id).SingleOrDefaultAsync(); SequenceACL aSequenceAcl = await db.SequenceAcls.Where(x => x.DocAclId == aDocumentAcl.Id).SingleOrDefaultAsync(); aSequenceAcl.Sequence = sequence.Sequence; aSequenceAcl.PresentAccess = sequence.PresentAccess; await db.SaveChangesAsync(); // change the DocAclType in DocumentAcl aDocumentAcl.DocAclType = 2; await db.SaveChangesAsync(); //// Check Document have a restricted sequence. //var restrictedListToCheck = await // db.Restricteds.Where(x => x.DocAclId == document.DocumentACLId).SingleOrDefaultAsync(); //if (restrictedListToCheck != null) //{ // db.Restricteds.Remove(restrictedListToCheck); // await db.SaveChangesAsync(); //} //Delete the Document from the DocumentUser Table... db.DocumentUsers.RemoveRange(db.DocumentUsers.Where(x => x.DocumentId == id)); await db.SaveChangesAsync(); // Add user To the DocumentUser Model List <string> userInTagList = sequence.Sequence.Split(',').ToList(); foreach (var userInList in userInTagList) { var len = userInList.Length; if (len != 36 && userInList[0] == 'g') { var groupId = Convert.ToInt64(userInList.Substring(1)); //Check the Group is Exist var groupIsExist = db.Groups.FindAsync(groupId); // Get all the user of the Group var groupUsers = await(from u in db.Users join ug in db.UserGroups on u.Id equals ug.UserId join g in db.Groups on ug.GroupId equals g.Id where g.Id == groupId select new { u.Id, u.UserName, u.Email, u.CompanyId, }).ToListAsync(); // Add User to the Document foreach (var userInGroup in groupUsers) { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInGroup.Id && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInGroup.Id; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } else { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInList && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInList; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } return(Ok(sequence)); }
public async Task <IHttpActionResult> PostDocument(DocumentDTO document) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } // Check the User have the Privelage to add Document var userIdToCheckPrivilage = User.Identity.GetUserId(); var userPrivilage = await db.UserPrivilages.FirstAsync(x => x.UserId == userIdToCheckPrivilage); if (userPrivilage.CanAddDocument != 1) { return(BadRequest("User doens't have the Permission to add Document")); } // UserId and CompanyId must be correct var UserId = User.Identity.GetUserId(); var aUser = await db.Users.Where(x => x.Id == UserId).SingleOrDefaultAsync(); document.UserId = aUser.Id; document.CompanyId = aUser.CompanyId; //Save Document Document aDocument = new Document(); aDocument.UserId = document.UserId; aDocument.CompanyId = document.CompanyId; aDocument.DocType = document.DocType; aDocument.Name = document.Name; db.Documents.Add(aDocument); await db.SaveChangesAsync(); //Save File File aFile = new File(); aFile.Content = document.FileContent; aFile.DocumentId = aDocument.Id; db.Files.Add(aFile); await db.SaveChangesAsync(); //Save History History aHistory = new History(); aHistory.AddedOn = DateTime.Now; aHistory.EditedOn = DateTime.Now; aHistory.DocumentId = aDocument.Id; db.Histories.Add(aHistory); await db.SaveChangesAsync(); // Save DocumentAcl DocumentACL aDocumentAcl = new DocumentACL(); aDocumentAcl.DocumentId = aDocument.Id; if (document.DocumentACLType != 0) { document.DocumentACLType = 0; } aDocumentAcl.DocAclType = document.DocumentACLType; // By Default Private db.DocumentAcls.Add(aDocumentAcl); await db.SaveChangesAsync(); //Save HistorySequence HistorySequence aHistorySequence = new HistorySequence(); aHistorySequence.HistoryId = aHistory.Id; aHistorySequence.Message = aDocument.Name + " file is Created."; aHistorySequence.Date = aHistory.AddedOn; aHistorySequence.UserId = document.UserId; db.HistorySequences.Add(aHistorySequence); await db.SaveChangesAsync(); //Add FileId to the Document aDocument.FileId = aFile.Id; aDocument.DocumentACLId = aDocumentAcl.Id; await db.SaveChangesAsync(); return(Ok(aDocument)); }
public async Task <IHttpActionResult> PutCreateRestrictedSequence(int id, Restricted restricted) { //Check the user is a Admin User var userId = User.Identity.GetUserId(); UserACL userAclForAdmin = await db.UserAcls.Where(x => x.UserId == userId).SingleOrDefaultAsync(); if (userAclForAdmin.UserType != Admin) { return(BadRequest("Only Admin User can Update User ACL")); } //Check DocAcl and UserId is Given if (!ModelState.IsValid) { return(BadRequest(ModelState)); } Document document = await db.Documents.FindAsync(id); if (document == null) { return(NotFound()); } // only List is updated DocumentACL aDocumentAcl = await db.DocumentAcls.Where(x => x.DocumentId == id).SingleOrDefaultAsync(); Restricted aRestricted = await db.Restricteds.Where(x => x.DocAclId == aDocumentAcl.Id).SingleOrDefaultAsync(); aRestricted.List = restricted.List; //db.Restricteds.Add(aRestricted); await db.SaveChangesAsync(); // change the DocAclType in DocumentAcl aDocumentAcl.DocAclType = 3; await db.SaveChangesAsync(); //Delete the Document from the DocumentUser Table... db.DocumentUsers.RemoveRange(db.DocumentUsers.Where(x => x.DocumentId == id)); await db.SaveChangesAsync(); // Add User to the Document List <string> userInTagList = aRestricted.List.Split(',').ToList(); foreach (var userInList in userInTagList) { var len = userInList.Length; if (len != 36 && userInList[0] == 'g') { var groupId = Convert.ToInt64(userInList.Substring(1)); //Check the Group is Exist var groupIsExist = await db.Groups.FindAsync(groupId); // Get all the user of the Group var groupUsers = await(from u in db.Users join ug in db.UserGroups on u.Id equals ug.UserId join g in db.Groups on ug.GroupId equals g.Id where g.Id == groupId select new { u.Id, u.UserName, u.Email, u.CompanyId, }).ToListAsync(); // Add User to the Document foreach (var userInGroup in groupUsers) { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInGroup.Id && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInGroup.Id; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } else { //check the user is already member of this Document var aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == userInList && x.DocumentId == document.Id).SingleOrDefaultAsync(); if (aDocumentUser == null) { DocumentUser documentUser = new DocumentUser(); documentUser.UserId = userInList; documentUser.DocumentId = document.Id; db.DocumentUsers.Add(documentUser); await db.SaveChangesAsync(); } } } return(Ok(aRestricted)); }
public async Task <IHttpActionResult> PostTag(TagDTO tag) { Tag aTag = new Tag(); //History aHistory = new History(); HistorySequence aHistorySequence = new HistorySequence(); SequenceACL aSequenceAcl = new SequenceACL(); bool updatePresentAccess = false; if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //Check the doc is exist Document document = await db.Documents.FindAsync(tag.DocumentId); if (document == null) { return(BadRequest("Document is not exist")); } // check the document acl DocumentACL documentAcl = await db.DocumentAcls.Where(x => x.DocumentId == tag.DocumentId).SingleOrDefaultAsync(); if (documentAcl.DocAclType == 0) { if (document.UserId != tag.UserId) { return(BadRequest("This document is private and this user is not authorized to tag this document")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 1) { var CompanyUser = await db.Users.Where(x => x.CompanyId == document.CompanyId && x.Id == tag.UserId).SingleOrDefaultAsync(); if (CompanyUser == null) { return(BadRequest("This User is not belongs to this company")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 3) { Restricted aRestricted = await db.Restricteds.Where(x => x.DocAclId == documentAcl.Id).SingleOrDefaultAsync(); List <string> tagList = aRestricted.List.Split(',').ToList(); //Check the User is in the restricted list DocumentUser aDocumentUser = await db.DocumentUsers.Where(x => x.UserId == tag.UserId).SingleOrDefaultAsync(); if (aDocumentUser == null) { return(BadRequest("The Document is restriced and this user is not authorize to use it ")); } else { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); } } else if (documentAcl.DocAclType == 2) { bool canTag = false; aSequenceAcl = await db.SequenceAcls.Where(x => x.DocAclId == documentAcl.Id).SingleOrDefaultAsync(); List <string> tagList = aSequenceAcl.Sequence.Split(',').ToList(); // var presentUserInList = tagList[aSequenceAcl.PresentAccess]; var len = presentUserInList.Length; if (len != 36 && presentUserInList[0] == 'g') { var groupId = Convert.ToInt64(presentUserInList.Substring(1)); // check the user is in the group var userIsIngroup = await(from ug in db.UserGroups join u in db.Users on ug.UserId equals u.Id where ug.GroupId == groupId && ug.UserId == tag.UserId select new { Id = u.Id, }).SingleOrDefaultAsync(); if (userIsIngroup != null) { var userPrivilageforTag = await db.UserPrivilages.Where(x => x.UserId == userIsIngroup.Id).SingleOrDefaultAsync(); if (userPrivilageforTag.CanTagDocument == 1) { canTag = true; } } else { return(BadRequest("User is not in authorize to tag the document")); } } else { int index = tagList.IndexOf(tag.UserId); if (index == -1) { return (BadRequest("The Document is Sequencial-restriced and this user is not authorize to use it ")); } else if (tagList.Count - 1 < aSequenceAcl.PresentAccess) { return (BadRequest( "The Document is Sequencial-restriced. All the User has already tagged this document.")); } else if (tagList[aSequenceAcl.PresentAccess] != tag.UserId) { return (BadRequest( "The Document is Sequencial-restriced. User trun to tag the document is not come.")); } else { canTag = true; } } if (canTag) { aTag.DocumentId = tag.DocumentId; aTag.TagContent = tag.TagContent; aTag.TagColor = tag.TagColor; aTag.UserId = tag.UserId; db.Tags.Add(aTag); updatePresentAccess = true; } } await db.SaveChangesAsync(); //Edit history info History aHistory = await db.Histories.Where(x => x.DocumentId == tag.DocumentId).SingleOrDefaultAsync(); //aHistory.AddedOn = DateTime.Now; aHistory.EditedOn = DateTime.Now; //aHistory.DocumentId = document.Id; //db.Histories.Add(aHistory); await db.SaveChangesAsync(); //Add History Sequence Info aHistorySequence.HistoryId = aHistory.Id; aHistorySequence.Message = tag.Message; aHistorySequence.Date = aHistory.EditedOn; aHistorySequence.UserId = User.Identity.GetUserId(); db.HistorySequences.Add(aHistorySequence); await db.SaveChangesAsync(); //Update the present Access if it is a Sequencial Restricted Document if (updatePresentAccess) { aSequenceAcl.PresentAccess += 1; } await db.SaveChangesAsync(); return(Ok(aTag)); }