public async Task <ActionResult <JobPostDTO> > PatchJobPost(long id, JobPostDTO postDTO)
{
JobPost post = DTOToJobPost(postDTO);
if (id != post.JobPostId)
{
return(BadRequest());
}
User user = await userManager.FindByIdAsync(User.Identity.Name);
IList <string> roles = await userManager.GetRolesAsync(user);
if (!roles.Contains(UserRoles.Admin))
{
// check if the job post is owned by a companyt hat the recruiter is part of
var query = from jobpost in _context.JobPosts
join queryRecruiter in _context.Recruiters on jobpost.CompanyId equals queryRecruiter.CompanyId
where jobpost.JobPostId == post.JobPostId && queryRecruiter.UserId == user.Id
select jobpost;
if (!query.Any())
{
return(Unauthorized("You are not a recruiter for the currenet company specified in the job post"));
}
Recruiter recruiter = await _context.Recruiters.FindAsync(user.Id, post.CompanyId);
if (recruiter == null)
{
return(Unauthorized("You are not a recruiter for the new company specified in the job post"));
}
}
_context.Entry(post).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!JobPostExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(AcceptedAtAction("PatchJobPost", new { JobPostId = post.JobPostId }, postDTO));
}
public async Task <IActionResult> PatchOffer(long appId, long offerId, OfferDTO offerDTO)
{
Offer offer = DTOToOffer(offerDTO);
if (offerId != offerDTO.OfferId || appId != offerDTO.ApplicationId)
{
return(BadRequest());
}
User user = await userManager.FindByNameAsync(User.Identity.Name);
IList <string> roles = await userManager.GetRolesAsync(user);
if (!roles.Contains(UserRoles.Admin))
{
var query = from queryOffer in _context.Offers
join application in _context.Applications on queryOffer.ApplicationId equals application.ApplicationId
join jobPost in _context.JobPosts on application.JobId equals jobPost.JobPostId
join recruiter in _context.Recruiters on user.Id equals recruiter.UserId
where jobPost.CompanyId == recruiter.CompanyId &&
queryOffer.ApplicationId == offer.ApplicationId &&
queryOffer.OfferId == offer.OfferId
select queryOffer;
if (!await query.AnyAsync())
{
return(Unauthorized("Cannot make an offer for that application"));
}
}
_context.Entry(offer).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!OfferExists(appId, offerId))
{
return(NotFound());
}
else
{
throw;
}
}
return(AcceptedAtAction("PatchOffer", new { ApplicationId = offer.ApplicationId, OfferId = offer.OfferId }, offerDTO));
}
public async Task <IActionResult> PatchReferral(long appId, long refId, ReferralDTO referralDTO)
{
Referral referral = DTOToReferral(referralDTO);
if (appId != referralDTO.ApplicationId || refId != referralDTO.ReferralId)
{
return(BadRequest("One of the query params does not match the body params"));
}
User user = await userManager.FindByNameAsync(User.Identity.Name);
IList <string> roles = await userManager.GetRolesAsync(user);
if (!roles.Contains(UserRoles.Admin))
{
var query = from queryReferral in _context.Referrals
join application in _context.Applications on queryReferral.ApplicationId equals application.ApplicationId
join jobPost in _context.JobPosts on application.JobId equals jobPost.JobPostId
join recruiter in _context.Recruiters on user.Id equals recruiter.UserId
where jobPost.CompanyId == recruiter.CompanyId &&
queryReferral.ApplicationId == referral.ApplicationId &&
queryReferral.ReferralId == referral.ReferralId
select queryReferral;
if (!await query.AnyAsync())
{
return(Unauthorized("Cannot modify the referral for that application"));
}
}
_context.Entry(referral).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ReferralExists(appId, refId))
{
return(NotFound());
}
else
{
throw;
}
}
return(AcceptedAtAction("PatchReferral", new { ApplicationId = referral.ApplicationId, ReferralId = referral.ReferralId }, referralDTO));
}
public async Task <IActionResult> PatchApplication(long id, ApplicationDTO appDTO)
{
if (id != appDTO.ApplicationId)
{
return(BadRequest("Application Id is different in the URL and body of the request"));
}
User user = await userManager.FindByNameAsync(User.Identity.Name);
IList <string> roles = await userManager.GetRolesAsync(user);
if ((appDTO.DateSubmitted == null) || (!roles.Contains(UserRoles.Admin) && !roles.Contains(UserRoles.Recruiter)))
{
appDTO.DateSubmitted = DateTime.UtcNow;
}
Application app = DTOToApplication(appDTO);
bool authorized = false;
if (roles.Contains(UserRoles.Admin))
{
authorized = true;
}
else if (roles.Contains(UserRoles.Recruiter))
{
var query = from application in _context.Applications
join jobPost in _context.JobPosts on application.JobId equals jobPost.JobPostId
join recruiter in _context.Recruiters on user.Id equals recruiter.UserId
where jobPost.CompanyId == recruiter.CompanyId && application.ApplicationId == app.ApplicationId
select application;
if (await query.AnyAsync())
{
authorized = true;
}
}
if (!authorized)
{
return(Unauthorized("Not authorized to update this application or the application does not exist"));
}
_context.Entry(app).State = EntityState.Modified;
try
{
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!ApplicationExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(AcceptedAtAction("PatchApplication", new { applicationId = app.ApplicationId }, appDTO));
}