public async Task <IActionResult> Details(int id) { Role role = await AuthorizationTools.GetRoleAsync(User, _context); ViewData.Add("role", role); ViewData.Add("id", AuthorizationTools.GetUserDbId(User, _context, role)); string email = AuthorizationTools.GetEmail(User); if (role == Role.ADMIN) { return(new UnauthorizedResult()); } Application app = _context.JobApplications .Include(x => x.JobOffer) .Include(x => x.Candidate) .Include(x => x.JobOffer.HR) .Include(x => x.JobOffer.HR.Company) .Include(x => x.Comments) .Where(a => a.Id == id) .FirstOrDefault(); if (app == null) { return(new NotFoundResult()); } if (role == Role.HR) { HR us = _context.HRs.Where(c => c.EmailAddress == email).FirstOrDefault(); if (us == null || us.Id != app.JobOffer.HR.Id) { return(new UnauthorizedResult()); } ApplicationWithComment appWithComm = new ApplicationWithComment(app); return(View("DetailsHR", appWithComm)); } else { Candidate us = _context.Candidates.Where(c => c.EmailAddress == email).FirstOrDefault(); if (us == null || us.Id != app.Candidate.Id) { return(new UnauthorizedResult()); } return(View("DetailsCandidate", app)); } }
public async Task <ActionResult> CreateCommentAjax(ApplicationWithComment model) { Role role = await AuthorizationTools.GetRoleAsync(User, _context); ViewData.Add("role", role); ViewData.Add("id", AuthorizationTools.GetUserDbId(User, _context, role)); if (model.CommentText == "") { RedirectToAction("Details", new { id = model.Id }); } if (role != Role.HR) { return(new UnauthorizedResult()); } Application app = _context.JobApplications .Include(x => x.Comments) .Include(x => x.JobOffer) .Include(x => x.JobOffer.HR) .Where(a => a.Id == model.Id).FirstOrDefault(); string email = AuthorizationTools.GetEmail(User); HR hr = _context.HRs.Where(c => c.EmailAddress == email).First(); if (app.JobOffer.HR != hr) { return(new UnauthorizedResult()); } Comment comm = new Comment() { Text = model.CommentText, Application = app }; await _context.Comments.AddAsync(comm); await _context.SaveChangesAsync(); return(RedirectToAction("Details", new { id = model.Id })); }