public HttpResponseMessage GetSortedStudentsNamesByFormId(int id)
{
string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value;
string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value;
logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Sorted Students Names Collection For Form Id: " + id);
try
{
if (userRole == "admin" || userRole == "teacher")
{
FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id);
if (form == null)
{
logger.Info("Failed!");
return(Request.CreateResponse(HttpStatusCode.BadRequest, "Failed!"));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, form));
}
if (userRole == "student")
{
FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id);
if (form == null || form.Students.Any(x => x.Id == userId) == false)
{
logger.Info("Authorisation failure. User " + userId + " is not authorised for this request.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " +
"We’re sorry, but you are not authorized to perform the requested operation."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, form));
}
else
{
//parent ulazi, ali bacamo exception ako nije roditelj nekog deteta odeljenja
FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormIdForParent(id, userId);
if (form == null)
{
logger.Info("Failed.");
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed."));
}
logger.Info("Success!");
return(Request.CreateResponse(HttpStatusCode.OK, form));
}
}
catch (Exception e)
{
logger.Error(e);
return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e));
}
}
public FormIdStudentsDTO GetSortedStudentsNamesByFormIdForParent(int formId, string parentId)
{
Parent foundParent = db.ParentsRepository.GetByID(parentId);
if (foundParent == null)
{
//sanse da ulogovani korisnik ne postoji su nepostojece :)
throw new HttpException("The User with id: " + parentId + " was not found.");
}
Form found = GetByID(formId);
if (found == null)
{
throw new HttpException("The Form with id: " + formId + " was not found.");
}
IEnumerable <Student> students = found.Students;
if (students.Count() == 0)
{
throw new HttpException("Student list is empty.");
}
if (students.Any(x => x.Parent.Id == parentId) == false)
{
throw new HttpException("Access Denied. We’re sorry, but you are not authorized to perform the requested operation.");
}
FormIdStudentsDTO dto = new FormIdStudentsDTO
{
Id = found.Id,
Grade = found.Grade,
Tag = found.Tag,
Started = found.Started,
AttendingTeacher = found.AttendingTeacher.FirstName + " " + found.AttendingTeacher.LastName,
NumberOfStudents = 0,
Students = new List <FormStudentDTO>()
};
foreach (var student in students)
{
FormStudentDTO studentDTO = ConvertToFormStudentDTO(student);
dto.Students.Add(studentDTO);
dto.NumberOfStudents++;
}
dto.Students = dto.Students.OrderBy(x => x.Student).ThenBy(x => x.Id).ToList();
return(dto);
}
public FormIdStudentsDTO GetSortedStudentsNamesByFormId(int id)
{
Form found = GetByID(id);
if (found == null)
{
throw new HttpException("The Form with id: " + id + " was not found.");
}
IEnumerable <Student> students = found.Students;
if (students.Count() == 0)
{
throw new HttpException("Student list is empty.");
}
FormIdStudentsDTO dto = new FormIdStudentsDTO
{
Id = found.Id,
Grade = found.Grade,
Tag = found.Tag,
Started = found.Started,
AttendingTeacher = found.AttendingTeacher.FirstName + " " + found.AttendingTeacher.LastName,
NumberOfStudents = 0,
Students = new List <FormStudentDTO>()
};
foreach (var student in students)
{
FormStudentDTO studentDTO = ConvertToFormStudentDTO(student);
dto.Students.Add(studentDTO);
dto.NumberOfStudents++;
}
dto.Students = dto.Students.OrderBy(x => x.Student).ThenBy(x => x.Id).ToList();
return(dto);
}
