// PUT api/EmployeeAPI/5 public HttpResponseMessage PutEmployee(Guid id, EmployeeDTO employeeDTO) { if (!ModelState.IsValid) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState)); } if (id != employeeDTO.Id) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added")); } try { bool sendEmailNotification = false; var employee = db.Employees.Find(id); if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employee.BusinessLocation.Id.ToString())) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission")); } //Do not allow modification of email addresses which are linked to userprofiles already if (employee.UserProfile != null && employeeDTO.Email != employee.Email) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "You can not modify email address for an employee which is linked to a registered user")); } //If the email address is being updated then send notification to new address if (employee.Email != employeeDTO.Email && !String.IsNullOrEmpty(employeeDTO.Email)) { sendEmailNotification = true; } //Map the updates across to original object employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO, employee); //Check to see if there is already an employee with this same email address registered for the business location. var employeeExistingEmail = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employee.Email && emp.Id != employee.Id && emp.BusinessLocation.Id == employee.BusinessLocation.Id); if (employeeExistingEmail != null) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business")); } //Lookup BusinessLocation and attach, so that no updates or inserts are performed on BusinessType lookup table var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId); employee.BusinessLocation = busLoc; if (employee.IsAdmin) { employee.ManagerBusinessLocations.Add(busLoc); } else { //if not admin but currently linked if (employee.ManagerBusinessLocations.Contains(busLoc)) { employee.ManagerBusinessLocations.Remove(busLoc); } } //Hook up any roles selected employee.Roles.Clear(); //Clear first so we can hook up correct DB items if (employeeDTO.Roles != null) { foreach (RoleDTO roleDTO in employeeDTO.Roles) { Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id); if (role == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } employee.Roles.Add(role); } } //If user email has been updated then send notification and request if (sendEmailNotification) { //Remove any old employee requests if (employee.EmployeeRequest != null) { db.Entry(employee.EmployeeRequest).State = EntityState.Deleted; } //Create an entry in the EMployeeRequest table EmployeeRequest empRequest = new EmployeeRequest() { Id = Guid.NewGuid(), CreatedDate = WebUI.Common.Common.DateTimeNowLocal(), Status = RequestStatus.Pending, BusinessLocation = employee.BusinessLocation }; employee.EmployeeRequest = empRequest; //If an existing user profile exists with matching email address if (db.UserProfiles.Any(usr => usr.Email == employee.Email)) { //Send user email notifying them that a business has registered their email and they need to approve to link MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, employee.Email, employee.MobilePhone); } else //Send email notifying them that they have been registered with a business and invite to register an account { MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone); } } db.Entry(employee).State = EntityState.Modified; db.SaveChanges(); } catch (DbUpdateConcurrencyException ex) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, ex)); } return(Request.CreateResponse(HttpStatusCode.OK)); }
internal EmployeeDTO CreateNewEmployee(EmployeeDTO employeeDTO, bool insertNewRoles = false) { if (!ClaimsAuthorization.CheckAccess("Put", "BusinessLocationId", employeeDTO.BusinessLocationId.ToString())) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You do not have appropriate permission")); } if (employeeDTO.Roles != null && employeeDTO.Roles.Count > 5) { throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.ExpectationFailed, "Maximimum of 5 roles only can be added")); } //Check to see if there is already an employee with this same email address registered for the business location. var employeeExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.Email) && emp.Email == employeeDTO.Email && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId); if (employeeExisting != null) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this email address already exists for this business")); } //Check to see if there is already an employee with this same mobile phone registered for the business location. var employeeMobileExisting = db.Employees.FirstOrDefault(emp => !String.IsNullOrEmpty(employeeDTO.MobilePhone) && emp.MobilePhone == employeeDTO.MobilePhone && emp.BusinessLocation.Id == employeeDTO.BusinessLocationId); if (employeeMobileExisting != null) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "An employee with this Mobile Phone already exists for this business")); } var employee = MapperFacade.MapperConfiguration.Map <EmployeeDTO, Employee>(employeeDTO); employee.Id = Guid.NewGuid(); //Assign new ID on save. //Create QR code for the employee System.Drawing.Bitmap qrCodeImage = WebUI.Common.Common.GenerateQR(employee.Id.ToString()); using (System.IO.MemoryStream memory = new System.IO.MemoryStream()) { qrCodeImage.Save(memory, System.Drawing.Imaging.ImageFormat.Jpeg); employee.QRCode = memory.ToArray(); } //Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table var busLoc = db.BusinessLocations.Single(b => b.Id == employeeDTO.BusinessLocationId); employee.BusinessLocation = busLoc; if (employee.IsAdmin) { employee.ManagerBusinessLocations.Add(busLoc); } //Hook up any roles selected employee.Roles.Clear(); //Clear first so we can hook up correct DB items if (employeeDTO.Roles != null) { foreach (RoleDTO roleDTO in employeeDTO.Roles) { //Find the role by specific ID or else by matching businessId AND name Role role = db.Roles.FirstOrDefault(r => r.Id == roleDTO.Id || (r.Business.Id == employeeDTO.BusinessId && r.Name == roleDTO.Name)); if (role == null) { if (!insertNewRoles) { throw new HttpResponseException(Request.CreateErrorResponse(HttpStatusCode.ExpectationFailed, "Role does not exist")); } else { role = new Role { Id = Guid.NewGuid(), //Assign new ID on save. Name = roleDTO.Name, Enabled = true }; //Lookup Business and attach, so that no updates or inserts are performed on BusinessType lookup table role.Business = db.Businesses.Find(employeeDTO.BusinessId); db.Roles.Add(role); // employee.Roles.Add(role); } } employee.Roles.Add(role); } } //If user email or mobile phone is entered then set up an employee request if (!String.IsNullOrEmpty(employee.Email) || !String.IsNullOrEmpty(employee.MobilePhone)) { //Create an entry in the EMployeeRequest table EmployeeRequest empRequest = new EmployeeRequest() { Id = Guid.NewGuid(), CreatedDate = WebUI.Common.Common.DateTimeNowLocal(), Status = RequestStatus.Pending, BusinessLocation = employee.BusinessLocation }; employee.EmployeeRequest = empRequest; var existingUserProfile = db.UserProfiles.FirstOrDefault(usr => usr.Email == employee.Email || usr.MobilePhone == employee.MobilePhone); //If an existing user profile exists with matching email address or a matching mobile phone number if (existingUserProfile != null) { //Send user email notifying them that a business has registered their email and they need to approve to link MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, true, existingUserProfile.Email, employee.MobilePhone); } else //Send email notifying them that they have been registered with a business and invite to register an account { MessagingService.BusinessRegisteredEmployee(employee.FirstName, employee.BusinessLocation.Business.Name, false, employee.Email, employee.MobilePhone); } } db.Employees.Add(employee); db.SaveChanges(); employeeDTO = MapperFacade.MapperConfiguration.Map <Employee, EmployeeDTO>(employee); return(employeeDTO); }