public async Task <IActionResult> Delete(string sid)
{
if (String.IsNullOrEmpty(sid))
{
return(BadRequest("No data is inputted"));
}
LearnHistoryViewModel vm = new LearnHistoryViewModel();
if (!vm.ParseGeneratedKey(sid))
{
return(BadRequest("Key is not recognized: " + sid));
}
String usrName = "";
String scopeFilter = String.Empty;
try
{
var usrObj = HIHAPIUtility.GetUserClaim(this);
usrName = usrObj.Value;
//var scopeObj = HIHAPIUtility.GetScopeClaim(this, HIHAPIConstants.LearnHistoryScope);
//var scopeValue = scopeObj.Value;
//if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerAndDispaly) == 0)
//{
// return StatusCode(401, "Current user has no authority to delete history!");
//}
//else if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerFullControl) == 0)
//{
// if (String.CompareOrdinal(usrName, vm.UserID) != 0)
// {
// return StatusCode(401, "Current user cannot delete the history where he/she is not responsible for.");
// }
//}
}
catch
{
return(BadRequest("Not valid HTTP HEAD: User and Scope Failed!"));
}
if (String.IsNullOrEmpty(usrName))
{
return(BadRequest("User cannot recognize"));
}
// Update the database
SqlConnection conn = null;
SqlCommand cmd = null;
String queryString = "";
String strErrMsg = "";
HttpStatusCode errorCode = HttpStatusCode.OK;
try
{
using (conn = new SqlConnection(Startup.DBConnectionString))
{
await conn.OpenAsync();
// Check Home assignment with current user
try
{
HIHAPIUtility.CheckHIDAssignment(conn, vm.HID, usrName);
}
catch (Exception exp)
{
return(BadRequest(exp.Message));
}
// Now go ahead for the delete
queryString = @"DELETE FROM [dbo].[t_learn_hist]
WHERE [HID] = @HID
AND [USERID] = @USERID
AND [OBJECTID] = @OBJECTID
AND [LEARNDATE] = @LEARNDATE;";
cmd = new SqlCommand(queryString, conn);
cmd.Parameters.AddWithValue("@HID", vm.HID);
cmd.Parameters.AddWithValue("@USERID", vm.UserID);
cmd.Parameters.AddWithValue("@OBJECTID", vm.ObjectID);
cmd.Parameters.AddWithValue("@LEARNDATE", vm.LearnDate);
Int32 nRst = await cmd.ExecuteNonQueryAsync();
}
}
catch (Exception exp)
{
System.Diagnostics.Debug.WriteLine(exp.Message);
strErrMsg = exp.Message;
if (errorCode == HttpStatusCode.OK)
{
errorCode = HttpStatusCode.InternalServerError;
}
}
finally
{
if (cmd != null)
{
cmd.Dispose();
cmd = null;
}
if (conn != null)
{
conn.Dispose();
conn = null;
}
}
if (errorCode != HttpStatusCode.OK)
{
switch (errorCode)
{
case HttpStatusCode.Unauthorized:
return(Unauthorized());
case HttpStatusCode.NotFound:
return(NotFound());
case HttpStatusCode.BadRequest:
return(BadRequest(strErrMsg));
default:
return(StatusCode(500, strErrMsg));
}
}
return(Ok());
}
public async Task <IActionResult> Put(String sid, [FromBody] LearnHistoryViewModel vm)
{
if (vm == null || String.CompareOrdinal(sid, vm.GeneratedKey()) != 0)
{
return(BadRequest("No data is inputted"));
}
String usrName = "";
String scopeFilter = String.Empty;
try
{
var usrObj = HIHAPIUtility.GetUserClaim(this);
usrName = usrObj.Value;
//var scopeObj = HIHAPIUtility.GetScopeClaim(this, HIHAPIConstants.LearnHistoryScope);
//var scopeValue = scopeObj.Value;
//if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerAndDispaly) == 0)
//{
// return StatusCode(401, "Current user has no authority to change learn history!");
//}
//else if (String.CompareOrdinal(scopeValue, HIHAPIConstants.OnlyOwnerFullControl) == 0)
//{
// if (String.CompareOrdinal(usrName, vm.UserID) != 0)
// {
// return StatusCode(401, "Current user cannot change the history where he/she is not responsible for.");
// }
//}
}
catch
{
return(BadRequest("Not valid HTTP HEAD: User and Scope Failed!"));
}
if (String.IsNullOrEmpty(usrName))
{
return(BadRequest("User cannot recognize"));
}
// Update the database
SqlConnection conn = null;
SqlCommand cmd = null;
SqlDataReader reader = null;
String queryString = "";
String strErrMsg = "";
HttpStatusCode errorCode = HttpStatusCode.OK;
try
{
using (conn = new SqlConnection(Startup.DBConnectionString))
{
await conn.OpenAsync();
// Check Home assignment with current user
try
{
HIHAPIUtility.CheckHIDAssignment(conn, vm.HID, usrName);
}
catch (Exception)
{
errorCode = HttpStatusCode.BadRequest;
throw;
}
// Do the check first: object id
String checkString = @"SELECT [ID] FROM [dbo].[t_learn_obj] WHERE [ID] = " + vm.ObjectID.ToString();
cmd = new SqlCommand(checkString, conn);
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
errorCode = HttpStatusCode.BadRequest;
throw new Exception("Invalid Object ID : " + vm.ObjectID.ToString());
}
reader.Dispose();
reader = null;
cmd.Dispose();
cmd = null;
// Do the check: name
checkString = @"SELECT [USER] FROM [dbo].[t_homemem] WHERE [HID] = " + vm.HID.ToString() + " AND [USER] = N'" + vm.UserID + "'";
cmd = new SqlCommand(checkString, conn);
reader = cmd.ExecuteReader();
if (!reader.HasRows)
{
errorCode = HttpStatusCode.BadRequest;
throw new Exception("Invalid user ID : " + vm.UserID);
}
reader.Dispose();
reader = null;
cmd.Dispose();
cmd = null;
// Now go ahead for the creating
queryString = @"UPDATE [dbo].[t_learn_hist]
SET [COMMENT] = @COMMENT
,[UPDATEDBY] = @UPDATEDBY
,[UPDATEDAT] = @UPDATEDAT
WHERE [HID] = @HID
AND [USERID] = @USERID
AND [OBJECTID] = @OBJECTID
AND [LEARNDATE] = @LEARNDATE";
cmd = new SqlCommand(queryString, conn);
cmd.Parameters.AddWithValue("@COMMENT", vm.Comment);
cmd.Parameters.AddWithValue("@UPDATEDBY", usrName);
cmd.Parameters.AddWithValue("@UPDATEDAT", DateTime.Now);
cmd.Parameters.AddWithValue("@HID", vm.HID);
cmd.Parameters.AddWithValue("@USERID", vm.UserID);
cmd.Parameters.AddWithValue("@OBJECTID", vm.ObjectID);
cmd.Parameters.AddWithValue("@LEARNDATE", vm.LearnDate);
Int32 nRst = await cmd.ExecuteNonQueryAsync();
}
}
catch (Exception exp)
{
System.Diagnostics.Debug.WriteLine(exp.Message);
strErrMsg = exp.Message;
if (errorCode == HttpStatusCode.OK)
{
errorCode = HttpStatusCode.InternalServerError;
}
}
finally
{
if (reader != null)
{
reader.Dispose();
reader = null;
}
if (cmd != null)
{
cmd.Dispose();
cmd = null;
}
if (conn != null)
{
conn.Dispose();
conn = null;
}
}
if (errorCode != HttpStatusCode.OK)
{
switch (errorCode)
{
case HttpStatusCode.Unauthorized:
return(Unauthorized());
case HttpStatusCode.NotFound:
return(NotFound());
case HttpStatusCode.BadRequest:
return(BadRequest(strErrMsg));
default:
return(StatusCode(500, strErrMsg));
}
}
var setting = new Newtonsoft.Json.JsonSerializerSettings
{
DateFormatString = HIHAPIConstants.DateFormatPattern,
ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver()
};
return(new JsonResult(vm, setting));
}
