public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo)
{
if (this.HttpContext.User.IsInRole(Role.Manager))
{
if (userInfo.UserAccountType == UserAccountType.Admin)
{
var err = new DTO.ErrorBuilder()
.Message("You do not have the proper authorization to edit Admin user accounts.")
.Code(403)
.Build();
return(err);
}
}
else if (this.HttpContext.User.IsInRole(Role.Tenant))
{
var err = new DTO.ErrorBuilder()
.Message("You do not have the proper authorization to edit user accounts.")
.Code(403)
.Build();
return(err);
}
var user = await _userRepository.UpdateUserInfo(userInfo);
var userDTO = new DTO.UserDTO(user);
return(new ObjectResult(userDTO));
}
public async Task <IActionResult> GetSpecificUserInfo(int userId)
{
if (this.HttpContext.User.IsInRole(Role.Admin) || this.HttpContext.User.IsInRole(Role.Manager))
{
var thisUserId = this.UserIdFromApiKey();
var user = await _userRepository.UserFromId(userId);
if (user == null)
{
var err = new DTO.ErrorBuilder()
.Message("No user found with that ID")
.Code(400)
.Build();
return(err);
}
var userDTO = new DTO.UserDTO(user);
return(new ObjectResult(userDTO));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You do not have the proper authorization to view user accounts.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetAgreementTemplates()
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property")
.Code(403)
.Build();
return(err);
}
var allAgreements = await _agreementRepository.GetAllAgreements();
return(new ObjectResult(allAgreements));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var allAgreements = await _agreementRepository.GetAllAgreements();
return(new ObjectResult(allAgreements));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view agreements.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetTenantById(int tenantId)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var tenant = await _tenantRepository.TenantFromId(tenantId);
if (tenant == null)
{
var err = new DTO.ErrorBuilder()
.Message("Tenant not found.")
.Code(404)
.Build();
return(err);
}
var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId);
var unitNumber = unit == null ? "" : unit.UnitNumber;
var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber);
return(new ObjectResult(tenantDTO));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view tenants by ID.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetAgreementsByTenant(int tenantId)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var agreements = await _agreementRepository.GetSignedAgreements((int)tenantId);
if (agreements.Count() == 0)
{
var err = new DTO.ErrorBuilder()
.Message("No agreements located for that tenant.")
.Code(404)
.Build();
return(err);
}
var agreementDTOs = agreements.Select(a => new DTO.AgreementDTO(a)).ToList();
return(new ObjectResult(agreementDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to list agreements.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetDailyResourceUsage(ResourceType resource)
{
var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod();
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var usages = await _billRepository.GetDailyResourceUsage((int)tenantId, resource, currentBillingPeriod);
return(new ObjectResult(usages));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view resource usage.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view resource usage.");
return(err);
}
}
public async Task <IActionResult> DeleteUnit(int unitId)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var deleted = await _tenantRepository.DeleteUnit(unitId);
if (!deleted)
{
var err = new DTO.ErrorBuilder()
.Message("Unit not found.")
.Code(404)
.Build();
return(err);
}
var ok = new ObjectResult(new { });
ok.StatusCode = 200;
return(ok);
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to delete units.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to delete units.");
return(err);
}
}
public async Task <IActionResult> GetUnitById(int unitId)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var unit = await _tenantRepository.GetUnit(unitId);
if (unit == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unit not found.")
.Code(404)
.Build();
return(err);
}
return(new ObjectResult(unit));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to query units.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetTenants()
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var tenants = await _tenantRepository.GetTenants();
var tenantDTOs = new List <DTO.TenantInfoDTO>();
foreach (var tenant in tenants)
{
var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId);
var unitNumber = unit == null ? "" : unit.UnitNumber;
var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber);
tenantDTOs.Add(tenantDTO);
}
return(new ObjectResult(tenantDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view tenant lists.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetResourceProjectionsInPeriod()
{
var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod();
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var projections = await _billRepository.GetProjectedResourceUsages((int)tenantId, currentBillingPeriod, DateTime.Now);
var projectionDTOs = projections.Select(p => new DTO.ProjectedResourceUsageDTO(p)).ToList();
return(new ObjectResult(projectionDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view resource projections.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view resource projections.");
return(err);
}
}
public async Task <IActionResult> GetAgreement(int agreementId)
{
var userId = this.UserIdFromApiKey();
// Handle agreement query by tenant.
if (this.UserInRole(Role.Tenant))
{
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property.")
.Code(403)
.Build();
return(err);
}
var agreements = await _agreementRepository.GetSignedAgreements((int)tenantId);
// TODO: make this less terrible
var targetAgreement = agreements.Where(a => a.AgreementId == agreementId).FirstOrDefault();
if (targetAgreement == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unable to find that agreement.")
.Code(404)
.Build();
return(err);
}
var targetAgreementAsDTO = new DTO.AgreementDTO(targetAgreement);
return(new ObjectResult(targetAgreementAsDTO));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var agreement = await _agreementRepository.GetSignedAgreement(agreementId);
if (agreement == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unable to find that agreement.")
.Code(404)
.Build();
return(err);
}
var agreementAsDTO = new DTO.AgreementDTO(agreement);
return(new ObjectResult(agreementAsDTO));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view agreements.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> GetPaidBillsInPeriod(int billingPeriodId)
{
var billingPeriod = await _billRepository.BillingPeriodFromId(billingPeriodId);
if (billingPeriod == null)
{
var err = new DTO.ErrorBuilder()
.Message("Billing period not found.")
.Code(404)
.Build();
return(err);
}
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var bills = await _billRepository.GetBills((int)tenantId, billingPeriod);
var billDTOs = bills
.Where(b => b.Owed() <= 0)
.Select(b => new DTO.BillDTO(b)).ToList();
return(new ObjectResult(billDTOs));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var bills = await _billRepository.GetBills(billingPeriod);
var billDTOs = bills
.Where(b => b.Owed() <= 0)
.Select(b => new DTO.BillDTO(b)).ToList();
return(new ObjectResult(billDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view billing information.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view billing information.");
return(err);
}
}
public async Task <IActionResult> GetAgreementsByTenant(int tenantId)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var agreements = await _agreementRepository.GetAgreements((int)tenantId);
if (agreements.Count() == 0)
{
var err = new DTO.ErrorBuilder()
.Message("No agreements located for that tenant.")
.Code(404)
.Build();
return(err);
}
return(new ObjectResult(agreements));
}
else if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var checkTenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (checkTenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property")
.Code(403)
.Build();
_logger.LogWarning($"Attempt by user {userId} to access tenant information without being a tenant.");
return(err);
}
if ((int)checkTenantId != tenantId)
{
var err = new DTO.ErrorBuilder()
.Message("No agreements found.")
.Code(404)
.Build();
return(err);
}
var agreements = await _agreementRepository.GetAgreements(tenantId);
return(new ObjectResult(agreements));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to list agreements.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to query agreements.");
return(err);
}
}
public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo)
{
// When user already logged in...
if (this.UserInRole(Role.Tenant))
{
var thisUserId = this.UserIdFromApiKey();
// Ensure a tenant cannot updated information for another user.
userInfo.UserId = thisUserId;
var updatedUser = await _userRepository.UpdateUserInfo(userInfo);
if (updatedUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("User already exists with that login information or user not found.")
.Code(409)
.Build();
return(err);
}
return(new ObjectResult(updatedUser));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var updatedUser = await _userRepository.UpdateUserInfo(userInfo);
if (updatedUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("User already exists with that login information or user not found.")
.Code(409)
.Build();
return(err);
}
return(new ObjectResult(updatedUser));
}
else
{
userInfo.UserAccountType = UserAccountType.Tenant;
var newUser = await _userRepository.TryCreateAccount(userInfo);
if (newUser == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unable to create account, tenant information not found or already exists.")
.Code(404)
.Build();
return(err);
}
newUser.Password = "******";
return(new ObjectResult(newUser));
}
}
public async Task <IActionResult> GetMaintenanceRequests(int limit)
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant.")
.Code(400)
.Build();
return(err);
}
var unit = await _tenantRepository.UnitFromTenantId((int)tenantId);
if (unit == null)
{
var err = new DTO.ErrorBuilder()
.Message("Tenant not assigned a unit.")
.Code(400)
.Build();
return(err);
}
var requests = await _maintenanceRepository.GetMaintenanceRequests(unit.UnitNumber);
var requestDTOs = await MakeDTORequests(requests);
return(new ObjectResult(requestDTOs));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var requests = await _maintenanceRepository.GetMaintenanceRequests();
var requestDTOs = await MakeDTORequests(requests);
return(new ObjectResult(requestDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view maintenance requests.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view maintenance requests.");
return(err);
}
}
public async Task <IActionResult> PostBill(DataModel.PayBill bill)
{
var billingPeriod = await _billRepository.BillingPeriodFromId(bill.BillingPeriodId);
if (billingPeriod == null)
{
var err = new DTO.ErrorBuilder()
.Message("Billing period not found.")
.Code(404)
.Build();
return(err);
}
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var paid = await _billRepository.PayBill((int)tenantId, bill.Amount, bill.Resource, bill.BillingPeriodId);
var flatBill = new DTO.BillDTO(paid);
return(new ObjectResult(flatBill));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var paid = await _billRepository.PayBill(bill.TenantId, bill.Amount, bill.Resource, bill.BillingPeriodId);
var flatBill = new DTO.BillDTO(paid);
return(new ObjectResult(flatBill));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to make bill payments.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to make a billing payment.");
return(err);
}
}
public async Task <IActionResult> UpdateTenantInfo(DTO.TenantInfoDTO info)
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var unitNumber = await _tenantRepository.UnitFromTenantId((int)tenantId);
if (unitNumber == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not assigned to a unit")
.Code(400)
.Build();
return(err);
}
// Prevent user from changing their own unit number.
info.UnitNumber = unitNumber.UnitNumber;
var tenant = await _tenantRepository.UpdateTenantInfo((int)tenantId, info);
return(new ObjectResult(tenant));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var tenant = await _tenantRepository.UpdateTenantInfo(info.TenantId, info);
return(new ObjectResult(tenant));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("Not authorized to edit tenant information.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> UpdateUnit(Entity.Unit unit)
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var updatedUnit = await _tenantRepository.UpdateUnit(unit);
return(new ObjectResult(updatedUnit));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to update units.")
.Code(403)
.Build();
return(new ObjectResult(err));
}
}
public async Task <IActionResult> GetUnits()
{
if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var units = await _tenantRepository.GetUnits();
return(new ObjectResult(units));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view units.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> UpdateAgreementTemplate(Entity.Agreement agreement)
{
if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var updatedAgreement = await _agreementRepository.UpdateAgreementTemplate(agreement);
return(new ObjectResult(updatedAgreement));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to update agreement templates.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> Login(DataModel.Login loginInfo)
{
var user = await _userRepository.Login(loginInfo.UserName, loginInfo.Password);
if (user != null)
{
var loginOkDTO = new DTO.LoginOk(user);
return(new ObjectResult(loginOkDTO));
}
else
{
var error = new DTO.ErrorBuilder()
.Message("Invalid credentials")
.Code(401)
.Build();
return(error);
}
}
public async Task <IActionResult> GetAgreementTemplates()
{
if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var templates = await _agreementTemplateRepository.GetAll();
return(new ObjectResult(templates));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view agreement templates.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view agreement templates.");
return(err);
}
}
public async Task <IActionResult> GetUnpaidBillsInCurrentPeriod()
{
var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod();
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var bills = await _billRepository.GetBills((int)tenantId, currentBillingPeriod);
var billDTOs = bills
.Where(b => b.Owed() > 0)
.Select(b => new DTO.BillDTO(b)).ToList();
return(new ObjectResult(billDTOs));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var bills = await _billRepository.GetBills(currentBillingPeriod);
var billDTOs = bills
.Where(b => b.Owed() > 0)
.Select(b => new DTO.BillDTO(b)).ToList();
return(new ObjectResult(billDTOs));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view billing information.")
.Code(403)
.Build();
return(err);
}
}
public async Task <IActionResult> SignAgreement(DTO.SignAgreementDTO signAgreement)
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property.")
.Code(403)
.Build();
return(err);
}
var agreement = await _agreementRepository.SignAgreement((int)tenantId,
signAgreement.AgreementId,
signAgreement.StartDate,
signAgreement.EndDate);
if (agreement == null)
{
var err = new DTO.ErrorBuilder()
.Message("Unable to find that agreement id.")
.Code(404)
.Build();
return(err);
}
else
{
var agreementDTO = new DTO.AgreementDTO(agreement);
return(new ObjectResult(agreementDTO));
}
}
else
{
var err = new DTO.ErrorBuilder()
.Message("Only tenants may sign agreements.")
.Code(400)
.Build();
return(err);
}
}
public async Task <IActionResult> GetTenant()
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenant = await _tenantRepository.TenantFromUserId(userId);
if (tenant == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant")
.Code(400)
.Build();
return(err);
}
var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId);
var unitNumber = unit == null ? "" : unit.UnitNumber;
var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber);
return(new ObjectResult(tenantDTO));
}
else if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager))
{
var err = new DTO.ErrorBuilder()
.Message("This route is for tenants only.")
.Code(400)
.Build();
return(new ObjectResult(err));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view tenant info.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view tenant info.");
return(new ObjectResult(err));
}
}
public async Task <IActionResult> GetAgreements()
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property")
.Code(403)
.Build();
_logger.LogWarning($"User {userId} attempted to access tenant information without being a tenant.");
return(err);
}
var agreements = await _agreementRepository.GetAgreements((int)tenantId);
return(new ObjectResult(agreements));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var allAgreements = await _agreementRepository.GetAgreements();
return(new ObjectResult(allAgreements));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to view agreements.")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to view agreements.");
return(err);
}
}
public async Task <IActionResult> UpdateAgreement(Entity.Agreement newInfo)
{
if (this.UserInRole(Role.Tenant))
{
var userId = this.UserIdFromApiKey();
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("You are not a tenant of this property.")
.Code(403)
.Build();
_logger.LogWarning($"Attempt by user {userId} to access tenant information without being a tenant.");
return(err);
}
var existingAgreement = await _agreementRepository.GetAgreement(newInfo.AgreementId);
if (existingAgreement == null)
{
var err = new DTO.ErrorBuilder()
.Message("Agreement not found.(1)")
.Code(404)
.Build();
return(err);
}
if (existingAgreement.TenantId != tenantId)
{
var err = new DTO.ErrorBuilder()
.Message("Agreement not found.(2)")
.Code(404)
.Build();
return(err);
}
var updated = await _agreementRepository.UpdateAgreement(newInfo);
return(new ObjectResult(updated));
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var updated = await _agreementRepository.UpdateAgreement(newInfo);
if (updated == null)
{
var err = new DTO.ErrorBuilder()
.Message("An error occurred while updating the agreement.")
.Code(400)
.Build();
return(err);
}
return(new ObjectResult(updated));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to update agreements")
.Code(403)
.Build();
_logger.LogWarning($"Unauthorized access attempt to update agreements.");
return(err);
}
}
public async Task <IActionResult> UpdateMaintenanceRequest(DataModel.MaintenanceRequestModel model)
{
var userId = this.UserIdFromApiKey();
if (this.UserInRole(Role.Tenant))
{
var tenantId = await _tenantRepository.TenantIdFromUserId(userId);
if (tenantId == null)
{
var err = new DTO.ErrorBuilder()
.Message("Not a tenant.")
.Code(400)
.Build();
return(err);
}
var unit = await _tenantRepository.UnitFromTenantId((int)tenantId);
if (unit == null)
{
var err = new DTO.ErrorBuilder()
.Message("Tenant not assigned a unit.")
.Code(400)
.Build();
return(err);
}
// Set the unit number to the tenant's unit number so they cannot schedule maintenance for other
// tenants.
model.UnitNumber = unit.UnitNumber;
var existingRequest = await _maintenanceRepository.GetMaintenanceRequest(model.MaintenanceRequestId);
if (existingRequest != null)
{
if (existingRequest.UnitNumber == unit.UnitNumber)
{
existingRequest = await _maintenanceRepository.UpdateMaintenanceRequest(existingRequest, model, userId);
var flatRequest = await DTO.MaintenanceRequestDTO.Build(existingRequest, _userRepository);
return(new ObjectResult(flatRequest));
}
else
{
var err = new DTO.ErrorBuilder()
.Message("Maintenance request does not exist for provided unit number.")
.Code(404)
.Build();
return(err);
}
}
else
{
var newRequest = await _maintenanceRepository.OpenMaintenanceRequest(userId, model);
var flatRequest = await DTO.MaintenanceRequestDTO.Build(newRequest, _userRepository);
return(new ObjectResult(flatRequest));
}
}
else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin))
{
var existingRequest = await _maintenanceRepository.GetMaintenanceRequest(model.MaintenanceRequestId);
if (existingRequest != null)
{
existingRequest = await _maintenanceRepository.UpdateMaintenanceRequest(existingRequest, model, userId);
var flatRequest = await DTO.MaintenanceRequestDTO.Build(existingRequest, _userRepository);
return(new ObjectResult(flatRequest));
}
else
{
var newRequest = await _maintenanceRepository.OpenMaintenanceRequest(userId, model);
var flatRequest = await DTO.MaintenanceRequestDTO.Build(newRequest, _userRepository);
return(new ObjectResult(flatRequest));
}
}
else
{
var err = new DTO.ErrorBuilder()
.Message("You are not authorized to make maintenance requests.")
.Code(403)
.Build();
return(err);
}
}
