public async Task <IActionResult> UpdateCoach(string coachId, [FromBody] CoachUpdateModel coachUpdateModel)
{
var currentUserId = User.Identity.Name;
try
{
if (User.IsInRole(Role.Admin))
{
await _coachService.UpdateCoachFromAdminAsync(coachId, coachUpdateModel);
}
else if (User.IsInRole(Role.Coach))
{
await _coachService.UpdateCoachFromCoachAsync(currentUserId, coachId, coachUpdateModel);
}
else
{
return(Forbid("You must be part of the Buildup program"));
}
}
catch (UnauthorizedAccessException e)
{
return(Forbid($"You are not allowed to update this coach: {e.Message}"));
}
catch (Exception e)
{
return(BadRequest($"Can't update the coach: {e.Message}"));
}
return(Ok());
}
// Updating the coach
public async Task UpdateCoachFromAdminAsync(string coachId, CoachUpdateModel coachUpdateModel)
{
Coach coach = await GetCoachFromCoachId(coachId);
if (coach == null)
{
throw new Exception("This coach doesn't exist");
}
User user = await GetUserFromAdminAsync(coachId);
if (user == null)
{
throw new Exception("Their is no user for this coach...");
}
await UpdateCoach(coachId, coachUpdateModel);
// Only admins are supposed to be able to change the steps
// Since we don't want to spam, we only check notifications
// on admin side
if (coachUpdateModel.Status == CoachStatus.Deleted)
{
await _notificationService.NotifyRefusedCoach(user.Email, user.FirstName);
}
if (coach.Step == CoachSteps.Preselected && coachUpdateModel.Step == CoachSteps.Meeting)
{
await _notificationService.NotifyPreselectionCoach(user.Email, user.FirstName);
}
if (coach.Step != CoachSteps.Signing && coachUpdateModel.Step == CoachSteps.Signing)
{
await _notificationService.NotifyAcceptationCoach(user.Email);
}
}
private async Task UpdateCoach(string id, CoachUpdateModel coachUpdateModel)
{
var update = Builders <Coach> .Update
.Set(dbCoach => dbCoach.Status, coachUpdateModel.Status)
.Set(dbCoach => dbCoach.Step, coachUpdateModel.Step)
.Set(dbCoach => dbCoach.Situation, coachUpdateModel.Situation)
.Set(dbCoach => dbCoach.Description, coachUpdateModel.Description);
string fileId = "";
if (coachUpdateModel.CoachCard != null && coachUpdateModel.CoachCard.Length >= 1)
{
fileId = await _filesService.UploadFile($"coachcar_{id}", coachUpdateModel.CoachCard);
update = update.Set(dbCoach => dbCoach.CoachCardId, fileId);
}
await _coachs.UpdateOneAsync(databaseCoach =>
databaseCoach.Id == id,
update
);
}
public async Task UpdateCoachFromCoachAsync(string currentUserId, string coachId, CoachUpdateModel coachUpdateModel)
{
Coach coach = await GetCoachFromCoachId(coachId);
if (coach == null || coach.UserId != currentUserId)
{
throw new UnauthorizedAccessException("You are trying to update an other coach than you");
}
await UpdateCoach(coachId, coachUpdateModel);
}
