public async Task <IHttpActionResult> AddOrUpdateProjectAccess(ProjectShqUsersViewModel projectShqUsersViewModel) { if (!ModelState.IsValid) { return(BadRequest("Not a valid model")); } Project project = await db.Projects.Where(item => item.Id == projectShqUsersViewModel.ProjectId).FirstOrDefaultAsync(); if (project == null) { return(NotFound()); } var CreatedBy = await db.ShqUsers.Include("IdentityUser").FirstOrDefaultAsync(item => item.IdentityUserId == project.CreatedById); if (HttpContext.Current.User.Identity.Name != CreatedBy.IdentityUser.UserName && HttpContext.Current.User.IsInRole(ShqConstants.AdministratorRole) == false) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "No Access")); } ShqUser shqUser = await db.ShqUsers.Where(item => item.EmailAddress == projectShqUsersViewModel.EmailAddress).FirstOrDefaultAsync(); if (shqUser == null) { return(NotFound()); } var ps = shqUser.ProjectsAccess.Where(item => item.ProjectId == projectShqUsersViewModel.ProjectId && item.ShqUserId == shqUser.IdentityUserId).FirstOrDefault(); if (ps != null) { ps.Privilege = projectShqUsersViewModel.Privilege; ps.LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId; ps.LastModfiedTime = DateTime.Now; } else { var newAccess = new ProjectShqUsers() { ProjectId = projectShqUsersViewModel.ProjectId, ShqUserId = shqUser.IdentityUserId, Privilege = projectShqUsersViewModel.Privilege, CreatedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId, LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId }; newAccess.LastModifiedById = newAccess.CreatedById; shqUser.ProjectsAccess.Add(newAccess); } await db.SaveChangesAsync(); (new AuditsController()).AddAuditEntry("api/Projects/AddOrUpdateAccess", JsonConvert.SerializeObject(projectShqUsersViewModel)); return(Ok(projectShqUsersViewModel)); }
public async Task <IHttpActionResult> RemoveProjectAccess(ProjectShqUsersViewModel projectShqUsersViewModel) { if (!ModelState.IsValid) { return(BadRequest("Not a valid model")); } Project project = await db.Projects.Where(item => item.Id == projectShqUsersViewModel.ProjectId).FirstOrDefaultAsync(); if (project == null) { return(NotFound()); } var CreatedBy = await db.ShqUsers.Include("IdentityUser").FirstOrDefaultAsync(item => item.IdentityUserId == project.CreatedById); if (HttpContext.Current.User.Identity.Name != CreatedBy.IdentityUser.UserName && HttpContext.Current.User.IsInRole(ShqConstants.AdministratorRole) == false) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "No Access")); } ShqUser shqUser = await db.ShqUsers.Include("ProjectsAccess").Where(item => item.EmailAddress == projectShqUsersViewModel.EmailAddress).FirstOrDefaultAsync(); if (shqUser == null) { return(NotFound()); } var ps = shqUser.ProjectsAccess.Where(item => item.ProjectId == projectShqUsersViewModel.ProjectId && item.ShqUserId == shqUser.IdentityUserId).FirstOrDefault(); if (ps != null) { shqUser.ProjectsAccess.Remove(ps); project.LastModifiedById = db.ShqUsers.Where(u => u.IdentityUser.UserName == HttpContext.Current.User.Identity.Name).FirstOrDefault().IdentityUserId; project.LastModfiedTime = DateTime.Now; } else { return(NotFound()); } await db.SaveChangesAsync(); return(Ok(projectShqUsersViewModel)); }