public HttpResponseMessage GetSortedStudentsNamesByFormId(int id) { string userId = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == "UserId").Value; string userRole = ((ClaimsPrincipal)RequestContext.Principal).FindFirst(x => x.Type == ClaimTypes.Role).Value; logger.Info("UserRole: " + userRole + ", UserId: " + userId + ": Requesting Sorted Students Names Collection For Form Id: " + id); try { if (userRole == "admin" || userRole == "teacher") { FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id); if (form == null) { logger.Info("Failed!"); return(Request.CreateResponse(HttpStatusCode.BadRequest, "Failed!")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, form)); } if (userRole == "student") { FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormId(id); if (form == null || form.Students.Any(x => x.Id == userId) == false) { logger.Info("Authorisation failure. User " + userId + " is not authorised for this request."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Access Denied. " + "We’re sorry, but you are not authorized to perform the requested operation.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, form)); } else { //parent ulazi, ali bacamo exception ako nije roditelj nekog deteta odeljenja FormIdStudentsDTO form = formsService.GetSortedStudentsNamesByFormIdForParent(id, userId); if (form == null) { logger.Info("Failed."); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Failed.")); } logger.Info("Success!"); return(Request.CreateResponse(HttpStatusCode.OK, form)); } } catch (Exception e) { logger.Error(e); return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, e)); } }
public FormIdStudentsDTO GetSortedStudentsNamesByFormIdForParent(int formId, string parentId) { Parent foundParent = db.ParentsRepository.GetByID(parentId); if (foundParent == null) { //sanse da ulogovani korisnik ne postoji su nepostojece :) throw new HttpException("The User with id: " + parentId + " was not found."); } Form found = GetByID(formId); if (found == null) { throw new HttpException("The Form with id: " + formId + " was not found."); } IEnumerable <Student> students = found.Students; if (students.Count() == 0) { throw new HttpException("Student list is empty."); } if (students.Any(x => x.Parent.Id == parentId) == false) { throw new HttpException("Access Denied. We’re sorry, but you are not authorized to perform the requested operation."); } FormIdStudentsDTO dto = new FormIdStudentsDTO { Id = found.Id, Grade = found.Grade, Tag = found.Tag, Started = found.Started, AttendingTeacher = found.AttendingTeacher.FirstName + " " + found.AttendingTeacher.LastName, NumberOfStudents = 0, Students = new List <FormStudentDTO>() }; foreach (var student in students) { FormStudentDTO studentDTO = ConvertToFormStudentDTO(student); dto.Students.Add(studentDTO); dto.NumberOfStudents++; } dto.Students = dto.Students.OrderBy(x => x.Student).ThenBy(x => x.Id).ToList(); return(dto); }
public FormIdStudentsDTO GetSortedStudentsNamesByFormId(int id) { Form found = GetByID(id); if (found == null) { throw new HttpException("The Form with id: " + id + " was not found."); } IEnumerable <Student> students = found.Students; if (students.Count() == 0) { throw new HttpException("Student list is empty."); } FormIdStudentsDTO dto = new FormIdStudentsDTO { Id = found.Id, Grade = found.Grade, Tag = found.Tag, Started = found.Started, AttendingTeacher = found.AttendingTeacher.FirstName + " " + found.AttendingTeacher.LastName, NumberOfStudents = 0, Students = new List <FormStudentDTO>() }; foreach (var student in students) { FormStudentDTO studentDTO = ConvertToFormStudentDTO(student); dto.Students.Add(studentDTO); dto.NumberOfStudents++; } dto.Students = dto.Students.OrderBy(x => x.Student).ThenBy(x => x.Id).ToList(); return(dto); }