public async Task <IActionResult> UpdateCoach(string coachId, [FromBody] CoachUpdateModel coachUpdateModel) { var currentUserId = User.Identity.Name; try { if (User.IsInRole(Role.Admin)) { await _coachService.UpdateCoachFromAdminAsync(coachId, coachUpdateModel); } else if (User.IsInRole(Role.Coach)) { await _coachService.UpdateCoachFromCoachAsync(currentUserId, coachId, coachUpdateModel); } else { return(Forbid("You must be part of the Buildup program")); } } catch (UnauthorizedAccessException e) { return(Forbid($"You are not allowed to update this coach: {e.Message}")); } catch (Exception e) { return(BadRequest($"Can't update the coach: {e.Message}")); } return(Ok()); }
// Updating the coach public async Task UpdateCoachFromAdminAsync(string coachId, CoachUpdateModel coachUpdateModel) { Coach coach = await GetCoachFromCoachId(coachId); if (coach == null) { throw new Exception("This coach doesn't exist"); } User user = await GetUserFromAdminAsync(coachId); if (user == null) { throw new Exception("Their is no user for this coach..."); } await UpdateCoach(coachId, coachUpdateModel); // Only admins are supposed to be able to change the steps // Since we don't want to spam, we only check notifications // on admin side if (coachUpdateModel.Status == CoachStatus.Deleted) { await _notificationService.NotifyRefusedCoach(user.Email, user.FirstName); } if (coach.Step == CoachSteps.Preselected && coachUpdateModel.Step == CoachSteps.Meeting) { await _notificationService.NotifyPreselectionCoach(user.Email, user.FirstName); } if (coach.Step != CoachSteps.Signing && coachUpdateModel.Step == CoachSteps.Signing) { await _notificationService.NotifyAcceptationCoach(user.Email); } }
private async Task UpdateCoach(string id, CoachUpdateModel coachUpdateModel) { var update = Builders <Coach> .Update .Set(dbCoach => dbCoach.Status, coachUpdateModel.Status) .Set(dbCoach => dbCoach.Step, coachUpdateModel.Step) .Set(dbCoach => dbCoach.Situation, coachUpdateModel.Situation) .Set(dbCoach => dbCoach.Description, coachUpdateModel.Description); string fileId = ""; if (coachUpdateModel.CoachCard != null && coachUpdateModel.CoachCard.Length >= 1) { fileId = await _filesService.UploadFile($"coachcar_{id}", coachUpdateModel.CoachCard); update = update.Set(dbCoach => dbCoach.CoachCardId, fileId); } await _coachs.UpdateOneAsync(databaseCoach => databaseCoach.Id == id, update ); }
public async Task UpdateCoachFromCoachAsync(string currentUserId, string coachId, CoachUpdateModel coachUpdateModel) { Coach coach = await GetCoachFromCoachId(coachId); if (coach == null || coach.UserId != currentUserId) { throw new UnauthorizedAccessException("You are trying to update an other coach than you"); } await UpdateCoach(coachId, coachUpdateModel); }