public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo) { if (this.HttpContext.User.IsInRole(Role.Manager)) { if (userInfo.UserAccountType == UserAccountType.Admin) { var err = new DTO.ErrorBuilder() .Message("You do not have the proper authorization to edit Admin user accounts.") .Code(403) .Build(); return(err); } } else if (this.HttpContext.User.IsInRole(Role.Tenant)) { var err = new DTO.ErrorBuilder() .Message("You do not have the proper authorization to edit user accounts.") .Code(403) .Build(); return(err); } var user = await _userRepository.UpdateUserInfo(userInfo); var userDTO = new DTO.UserDTO(user); return(new ObjectResult(userDTO)); }
public async Task <IActionResult> GetSpecificUserInfo(int userId) { if (this.HttpContext.User.IsInRole(Role.Admin) || this.HttpContext.User.IsInRole(Role.Manager)) { var thisUserId = this.UserIdFromApiKey(); var user = await _userRepository.UserFromId(userId); if (user == null) { var err = new DTO.ErrorBuilder() .Message("No user found with that ID") .Code(400) .Build(); return(err); } var userDTO = new DTO.UserDTO(user); return(new ObjectResult(userDTO)); } else { var err = new DTO.ErrorBuilder() .Message("You do not have the proper authorization to view user accounts.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetAgreementTemplates() { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property") .Code(403) .Build(); return(err); } var allAgreements = await _agreementRepository.GetAllAgreements(); return(new ObjectResult(allAgreements)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var allAgreements = await _agreementRepository.GetAllAgreements(); return(new ObjectResult(allAgreements)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view agreements.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetTenantById(int tenantId) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var tenant = await _tenantRepository.TenantFromId(tenantId); if (tenant == null) { var err = new DTO.ErrorBuilder() .Message("Tenant not found.") .Code(404) .Build(); return(err); } var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId); var unitNumber = unit == null ? "" : unit.UnitNumber; var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber); return(new ObjectResult(tenantDTO)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view tenants by ID.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetAgreementsByTenant(int tenantId) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var agreements = await _agreementRepository.GetSignedAgreements((int)tenantId); if (agreements.Count() == 0) { var err = new DTO.ErrorBuilder() .Message("No agreements located for that tenant.") .Code(404) .Build(); return(err); } var agreementDTOs = agreements.Select(a => new DTO.AgreementDTO(a)).ToList(); return(new ObjectResult(agreementDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to list agreements.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetDailyResourceUsage(ResourceType resource) { var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod(); if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var usages = await _billRepository.GetDailyResourceUsage((int)tenantId, resource, currentBillingPeriod); return(new ObjectResult(usages)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view resource usage.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view resource usage."); return(err); } }
public async Task <IActionResult> DeleteUnit(int unitId) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var deleted = await _tenantRepository.DeleteUnit(unitId); if (!deleted) { var err = new DTO.ErrorBuilder() .Message("Unit not found.") .Code(404) .Build(); return(err); } var ok = new ObjectResult(new { }); ok.StatusCode = 200; return(ok); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to delete units.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to delete units."); return(err); } }
public async Task <IActionResult> GetUnitById(int unitId) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var unit = await _tenantRepository.GetUnit(unitId); if (unit == null) { var err = new DTO.ErrorBuilder() .Message("Unit not found.") .Code(404) .Build(); return(err); } return(new ObjectResult(unit)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to query units.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetTenants() { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var tenants = await _tenantRepository.GetTenants(); var tenantDTOs = new List <DTO.TenantInfoDTO>(); foreach (var tenant in tenants) { var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId); var unitNumber = unit == null ? "" : unit.UnitNumber; var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber); tenantDTOs.Add(tenantDTO); } return(new ObjectResult(tenantDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view tenant lists.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetResourceProjectionsInPeriod() { var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod(); if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var projections = await _billRepository.GetProjectedResourceUsages((int)tenantId, currentBillingPeriod, DateTime.Now); var projectionDTOs = projections.Select(p => new DTO.ProjectedResourceUsageDTO(p)).ToList(); return(new ObjectResult(projectionDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view resource projections.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view resource projections."); return(err); } }
public async Task <IActionResult> GetAgreement(int agreementId) { var userId = this.UserIdFromApiKey(); // Handle agreement query by tenant. if (this.UserInRole(Role.Tenant)) { var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property.") .Code(403) .Build(); return(err); } var agreements = await _agreementRepository.GetSignedAgreements((int)tenantId); // TODO: make this less terrible var targetAgreement = agreements.Where(a => a.AgreementId == agreementId).FirstOrDefault(); if (targetAgreement == null) { var err = new DTO.ErrorBuilder() .Message("Unable to find that agreement.") .Code(404) .Build(); return(err); } var targetAgreementAsDTO = new DTO.AgreementDTO(targetAgreement); return(new ObjectResult(targetAgreementAsDTO)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var agreement = await _agreementRepository.GetSignedAgreement(agreementId); if (agreement == null) { var err = new DTO.ErrorBuilder() .Message("Unable to find that agreement.") .Code(404) .Build(); return(err); } var agreementAsDTO = new DTO.AgreementDTO(agreement); return(new ObjectResult(agreementAsDTO)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view agreements.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> GetPaidBillsInPeriod(int billingPeriodId) { var billingPeriod = await _billRepository.BillingPeriodFromId(billingPeriodId); if (billingPeriod == null) { var err = new DTO.ErrorBuilder() .Message("Billing period not found.") .Code(404) .Build(); return(err); } if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var bills = await _billRepository.GetBills((int)tenantId, billingPeriod); var billDTOs = bills .Where(b => b.Owed() <= 0) .Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var bills = await _billRepository.GetBills(billingPeriod); var billDTOs = bills .Where(b => b.Owed() <= 0) .Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view billing information.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view billing information."); return(err); } }
public async Task <IActionResult> GetAgreementsByTenant(int tenantId) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var agreements = await _agreementRepository.GetAgreements((int)tenantId); if (agreements.Count() == 0) { var err = new DTO.ErrorBuilder() .Message("No agreements located for that tenant.") .Code(404) .Build(); return(err); } return(new ObjectResult(agreements)); } else if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var checkTenantId = await _tenantRepository.TenantIdFromUserId(userId); if (checkTenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property") .Code(403) .Build(); _logger.LogWarning($"Attempt by user {userId} to access tenant information without being a tenant."); return(err); } if ((int)checkTenantId != tenantId) { var err = new DTO.ErrorBuilder() .Message("No agreements found.") .Code(404) .Build(); return(err); } var agreements = await _agreementRepository.GetAgreements(tenantId); return(new ObjectResult(agreements)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to list agreements.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to query agreements."); return(err); } }
public async Task <IActionResult> SetUserInfo(DTO.UserDTO userInfo) { // When user already logged in... if (this.UserInRole(Role.Tenant)) { var thisUserId = this.UserIdFromApiKey(); // Ensure a tenant cannot updated information for another user. userInfo.UserId = thisUserId; var updatedUser = await _userRepository.UpdateUserInfo(userInfo); if (updatedUser == null) { var err = new DTO.ErrorBuilder() .Message("User already exists with that login information or user not found.") .Code(409) .Build(); return(err); } return(new ObjectResult(updatedUser)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var updatedUser = await _userRepository.UpdateUserInfo(userInfo); if (updatedUser == null) { var err = new DTO.ErrorBuilder() .Message("User already exists with that login information or user not found.") .Code(409) .Build(); return(err); } return(new ObjectResult(updatedUser)); } else { userInfo.UserAccountType = UserAccountType.Tenant; var newUser = await _userRepository.TryCreateAccount(userInfo); if (newUser == null) { var err = new DTO.ErrorBuilder() .Message("Unable to create account, tenant information not found or already exists.") .Code(404) .Build(); return(err); } newUser.Password = "******"; return(new ObjectResult(newUser)); } }
public async Task <IActionResult> GetMaintenanceRequests(int limit) { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant.") .Code(400) .Build(); return(err); } var unit = await _tenantRepository.UnitFromTenantId((int)tenantId); if (unit == null) { var err = new DTO.ErrorBuilder() .Message("Tenant not assigned a unit.") .Code(400) .Build(); return(err); } var requests = await _maintenanceRepository.GetMaintenanceRequests(unit.UnitNumber); var requestDTOs = await MakeDTORequests(requests); return(new ObjectResult(requestDTOs)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var requests = await _maintenanceRepository.GetMaintenanceRequests(); var requestDTOs = await MakeDTORequests(requests); return(new ObjectResult(requestDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view maintenance requests.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view maintenance requests."); return(err); } }
public async Task <IActionResult> PostBill(DataModel.PayBill bill) { var billingPeriod = await _billRepository.BillingPeriodFromId(bill.BillingPeriodId); if (billingPeriod == null) { var err = new DTO.ErrorBuilder() .Message("Billing period not found.") .Code(404) .Build(); return(err); } if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var paid = await _billRepository.PayBill((int)tenantId, bill.Amount, bill.Resource, bill.BillingPeriodId); var flatBill = new DTO.BillDTO(paid); return(new ObjectResult(flatBill)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var paid = await _billRepository.PayBill(bill.TenantId, bill.Amount, bill.Resource, bill.BillingPeriodId); var flatBill = new DTO.BillDTO(paid); return(new ObjectResult(flatBill)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to make bill payments.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to make a billing payment."); return(err); } }
public async Task <IActionResult> UpdateTenantInfo(DTO.TenantInfoDTO info) { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var unitNumber = await _tenantRepository.UnitFromTenantId((int)tenantId); if (unitNumber == null) { var err = new DTO.ErrorBuilder() .Message("Not assigned to a unit") .Code(400) .Build(); return(err); } // Prevent user from changing their own unit number. info.UnitNumber = unitNumber.UnitNumber; var tenant = await _tenantRepository.UpdateTenantInfo((int)tenantId, info); return(new ObjectResult(tenant)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var tenant = await _tenantRepository.UpdateTenantInfo(info.TenantId, info); return(new ObjectResult(tenant)); } else { var err = new DTO.ErrorBuilder() .Message("Not authorized to edit tenant information.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> UpdateUnit(Entity.Unit unit) { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var updatedUnit = await _tenantRepository.UpdateUnit(unit); return(new ObjectResult(updatedUnit)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to update units.") .Code(403) .Build(); return(new ObjectResult(err)); } }
public async Task <IActionResult> GetUnits() { if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var units = await _tenantRepository.GetUnits(); return(new ObjectResult(units)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view units.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> UpdateAgreementTemplate(Entity.Agreement agreement) { if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var updatedAgreement = await _agreementRepository.UpdateAgreementTemplate(agreement); return(new ObjectResult(updatedAgreement)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to update agreement templates.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> Login(DataModel.Login loginInfo) { var user = await _userRepository.Login(loginInfo.UserName, loginInfo.Password); if (user != null) { var loginOkDTO = new DTO.LoginOk(user); return(new ObjectResult(loginOkDTO)); } else { var error = new DTO.ErrorBuilder() .Message("Invalid credentials") .Code(401) .Build(); return(error); } }
public async Task <IActionResult> GetAgreementTemplates() { if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var templates = await _agreementTemplateRepository.GetAll(); return(new ObjectResult(templates)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view agreement templates.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view agreement templates."); return(err); } }
public async Task <IActionResult> GetUnpaidBillsInCurrentPeriod() { var currentBillingPeriod = await _billRepository.GetCurrentBillingPeriod(); if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var bills = await _billRepository.GetBills((int)tenantId, currentBillingPeriod); var billDTOs = bills .Where(b => b.Owed() > 0) .Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var bills = await _billRepository.GetBills(currentBillingPeriod); var billDTOs = bills .Where(b => b.Owed() > 0) .Select(b => new DTO.BillDTO(b)).ToList(); return(new ObjectResult(billDTOs)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view billing information.") .Code(403) .Build(); return(err); } }
public async Task <IActionResult> SignAgreement(DTO.SignAgreementDTO signAgreement) { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property.") .Code(403) .Build(); return(err); } var agreement = await _agreementRepository.SignAgreement((int)tenantId, signAgreement.AgreementId, signAgreement.StartDate, signAgreement.EndDate); if (agreement == null) { var err = new DTO.ErrorBuilder() .Message("Unable to find that agreement id.") .Code(404) .Build(); return(err); } else { var agreementDTO = new DTO.AgreementDTO(agreement); return(new ObjectResult(agreementDTO)); } } else { var err = new DTO.ErrorBuilder() .Message("Only tenants may sign agreements.") .Code(400) .Build(); return(err); } }
public async Task <IActionResult> GetTenant() { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenant = await _tenantRepository.TenantFromUserId(userId); if (tenant == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant") .Code(400) .Build(); return(err); } var unit = await _tenantRepository.UnitFromTenantId(tenant.TenantId); var unitNumber = unit == null ? "" : unit.UnitNumber; var tenantDTO = new DTO.TenantInfoDTO(tenant, unitNumber); return(new ObjectResult(tenantDTO)); } else if (this.UserInRole(Role.Admin) || this.UserInRole(Role.Manager)) { var err = new DTO.ErrorBuilder() .Message("This route is for tenants only.") .Code(400) .Build(); return(new ObjectResult(err)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view tenant info.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view tenant info."); return(new ObjectResult(err)); } }
public async Task <IActionResult> GetAgreements() { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property") .Code(403) .Build(); _logger.LogWarning($"User {userId} attempted to access tenant information without being a tenant."); return(err); } var agreements = await _agreementRepository.GetAgreements((int)tenantId); return(new ObjectResult(agreements)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var allAgreements = await _agreementRepository.GetAgreements(); return(new ObjectResult(allAgreements)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to view agreements.") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to view agreements."); return(err); } }
public async Task <IActionResult> UpdateAgreement(Entity.Agreement newInfo) { if (this.UserInRole(Role.Tenant)) { var userId = this.UserIdFromApiKey(); var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("You are not a tenant of this property.") .Code(403) .Build(); _logger.LogWarning($"Attempt by user {userId} to access tenant information without being a tenant."); return(err); } var existingAgreement = await _agreementRepository.GetAgreement(newInfo.AgreementId); if (existingAgreement == null) { var err = new DTO.ErrorBuilder() .Message("Agreement not found.(1)") .Code(404) .Build(); return(err); } if (existingAgreement.TenantId != tenantId) { var err = new DTO.ErrorBuilder() .Message("Agreement not found.(2)") .Code(404) .Build(); return(err); } var updated = await _agreementRepository.UpdateAgreement(newInfo); return(new ObjectResult(updated)); } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var updated = await _agreementRepository.UpdateAgreement(newInfo); if (updated == null) { var err = new DTO.ErrorBuilder() .Message("An error occurred while updating the agreement.") .Code(400) .Build(); return(err); } return(new ObjectResult(updated)); } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to update agreements") .Code(403) .Build(); _logger.LogWarning($"Unauthorized access attempt to update agreements."); return(err); } }
public async Task <IActionResult> UpdateMaintenanceRequest(DataModel.MaintenanceRequestModel model) { var userId = this.UserIdFromApiKey(); if (this.UserInRole(Role.Tenant)) { var tenantId = await _tenantRepository.TenantIdFromUserId(userId); if (tenantId == null) { var err = new DTO.ErrorBuilder() .Message("Not a tenant.") .Code(400) .Build(); return(err); } var unit = await _tenantRepository.UnitFromTenantId((int)tenantId); if (unit == null) { var err = new DTO.ErrorBuilder() .Message("Tenant not assigned a unit.") .Code(400) .Build(); return(err); } // Set the unit number to the tenant's unit number so they cannot schedule maintenance for other // tenants. model.UnitNumber = unit.UnitNumber; var existingRequest = await _maintenanceRepository.GetMaintenanceRequest(model.MaintenanceRequestId); if (existingRequest != null) { if (existingRequest.UnitNumber == unit.UnitNumber) { existingRequest = await _maintenanceRepository.UpdateMaintenanceRequest(existingRequest, model, userId); var flatRequest = await DTO.MaintenanceRequestDTO.Build(existingRequest, _userRepository); return(new ObjectResult(flatRequest)); } else { var err = new DTO.ErrorBuilder() .Message("Maintenance request does not exist for provided unit number.") .Code(404) .Build(); return(err); } } else { var newRequest = await _maintenanceRepository.OpenMaintenanceRequest(userId, model); var flatRequest = await DTO.MaintenanceRequestDTO.Build(newRequest, _userRepository); return(new ObjectResult(flatRequest)); } } else if (this.UserInRole(Role.Manager) || this.UserInRole(Role.Admin)) { var existingRequest = await _maintenanceRepository.GetMaintenanceRequest(model.MaintenanceRequestId); if (existingRequest != null) { existingRequest = await _maintenanceRepository.UpdateMaintenanceRequest(existingRequest, model, userId); var flatRequest = await DTO.MaintenanceRequestDTO.Build(existingRequest, _userRepository); return(new ObjectResult(flatRequest)); } else { var newRequest = await _maintenanceRepository.OpenMaintenanceRequest(userId, model); var flatRequest = await DTO.MaintenanceRequestDTO.Build(newRequest, _userRepository); return(new ObjectResult(flatRequest)); } } else { var err = new DTO.ErrorBuilder() .Message("You are not authorized to make maintenance requests.") .Code(403) .Build(); return(err); } }