/// <summary> /// Delete User /// </summary> /// <remarks> /// Admin User can delete any user. /// Non admin user an only delete its own user. /// Deleting a user also deletes ssociated babies and associated memories. /// </remarks> /// <param name="id"></param> /// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response> /// <returns>null</returns> // DELETE: api/User/5 public async Task <IHttpActionResult> Delete(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser is null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } if (currentUser.Id != id && currentUser.Role != BabyMemoryConstants.AdminUserRole) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser); if (userBabies != null) { foreach (var baby in userBabies) { _context.Delete <Baby>(baby.Id); } } _context.Delete <User>(id); return(StatusCode(HttpStatusCode.NoContent)); }
// DELETE api/<controller>/5 /// <summary>Delete Memory</summary> /// <remarks> /// Admin User can delete any user /// Basic User can only delete the authorized user /// </remarks> /// <example>where does this go</example> /// <param name="id"></param> public async Task <IHttpActionResult> Delete(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var currentMemory = _context.Load <Memory>(id); if (currentMemory == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var userMemories = new List <Memory>(); userMemories.AddRange(currentUser.Role == BabyMemoryConstants.AdminUserRole ? _context.Scan <Memory>() : _dataHelpers.GetMemoriesForUser(currentUser)); if (!userMemories.Exists(m => m.Id == currentMemory.Id)) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } _context.Delete <Memory>(id); return(StatusCode(HttpStatusCode.NoContent)); }
// DELETE api/<controller>/5 /// <summary> /// Deletes baby /// </summary> /// <remarks> /// Deletes baby, removes baby from the user and deletes associated memories. /// Admin can delete any baby /// Basic user can only delete baby associated with the authorized user /// </remarks> /// <param name="id"></param> /// <exception cref="HttpResponseException"></exception> public async Task <IHttpActionResult> Delete(string id) { var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization); if (currentUser == null) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var babies = _dataHelpers.BabiesForUserAndRole(currentUser); if (!(babies.Any(x => x.Id == id))) { throw new HttpResponseException(HttpStatusCode.Unauthorized); } var existingBaby = _context.Load <Baby>(id); if (existingBaby == null) { return(StatusCode(HttpStatusCode.NoContent)); } //delete memories _dataHelpers.DeleteMemoresForBaby(id); _context.Delete <Baby>(existingBaby.Id); return(StatusCode(HttpStatusCode.NoContent)); }
public async Task RemoveRight(string userId, string resourceId, RightType type) { userId.ThrowInvalidDataExceptionIfNull("User cannot be empty"); resourceId.ThrowInvalidDataExceptionIfNullOrWhiteSpace("Resource id must be valid"); // KLUDGE: not sure how to do this with one query. await _dbContext.Delete <UserRight>(new List <ScanCondition> { new ScanCondition(nameof(UserRight.UserId), ScanOperator.Equal, userId), new ScanCondition(nameof(UserRight.ResourceId), ScanOperator.Equal, resourceId), new ScanCondition(nameof(UserRight.Type), ScanOperator.Equal, type) }); Log.TraceFormat( "Remove right: user {0} to [{1:G},{2}]", userId, type, resourceId); }
public void Delete(string id) { _ddbcontext.Delete <T>( id, _applicationName, new DynamoDBOperationConfig { OverrideTableName = _ddbTableName } ); }