public async Task <IActionResult> New([FromBody] MetricUpdateRequest data) { if (data == null) { return(BadRequest("No data received.")); } //make sure only the author or a system administrator is saving metric, and they have the author metric claim if (!User.HasClaim(cl => cl.Type == Identity.Claims.AuthorMetric_Key)) { return(BadRequest("The current user does not have permission to author a metric.")); } //TODO: validate the minimum required metadata is included var currentUserID = Guid.Parse(User.Claims.Where(x => x.Type == Identity.Claims.UserID_Key).Select(x => x.Value).FirstOrDefault()); var metric = new Model.Metric { AuthorID = currentUserID, Description = data.Description, Justification = data.Justification, ExpectedResults = data.ExpectedResults, ModifiedOn = DateTime.UtcNow, ResultsTypeID = data.ResultsTypeID, ServiceDeskUrl = data.ServiceDeskUrl ?? string.Empty, Title = data.Title }; _db.Metrics.Add(metric); metric.Statuses.Add(new Model.MetricStatusItem { MetricID = metric.ID, MetricStatusID = Model.MetricStatus.DraftID, UserID = currentUserID }); foreach (var domainID in data.Domains) { metric.AddDomains(domainID); } foreach (var frameworkCategoryID in data.FrameworkCategories) { metric.AddFrameworkCategories(frameworkCategoryID); } await _db.SaveChangesAsync(); return(await Get(metric.ID)); }
public async Task <IActionResult> Update([FromBody] MetricUpdateRequest data) { if (data == null) { return(BadRequest("No data received.")); } var metric = await _db.Metrics .Include(m => m.Domains) .Include(m => m.FrameworkCategories) .Where(m => m.ID == data.ID).FirstOrDefaultAsync(); if (metric == null) { return(NotFound()); } //make sure only the author or a system administrator is saving metric, and they have the author metric claim if (!User.HasClaim(cl => cl.Type == Identity.Claims.AuthorMetric_Key)) { return(BadRequest("The current user does not have permission to author a metric.")); } var currentUserID = Guid.Parse(User.Claims.Where(x => x.Type == Identity.Claims.UserID_Key).Select(x => x.Value).FirstOrDefault()); if (metric.AuthorID != currentUserID && !User.HasClaim(cl => cl.Type == Identity.Claims.SystemAdministrator_Key)) { return(BadRequest("The current user is not the author of the metric and does not have permission to edit the metric.")); } var currentStatus = await _db.MetricStatusItems.Where(si => si.MetricID == metric.ID).OrderByDescending(si => si.CreateOn).Select(si => si.MetricStatus).FirstOrDefaultAsync(); if (currentStatus.AllowEdit == false) { return(BadRequest("The current status of the metric does not allow for edit.")); } //TODO: validate the minimum required metadata is included //update the metric metric.Description = data.Description; metric.Justification = data.Justification; metric.ExpectedResults = data.ExpectedResults; metric.ModifiedOn = DateTime.UtcNow; metric.ResultsTypeID = data.ResultsTypeID; metric.ServiceDeskUrl = data.ServiceDeskUrl; metric.Title = data.Title; foreach (var domainID in data.Domains.Except(metric.Domains.Select(d => d.DomainID))) { metric.AddDomains(domainID); } foreach (var domain in metric.Domains.Where(d => !data.Domains.Contains(d.DomainID)).ToArray()) { metric.Domains.Remove(domain); } foreach (var frameworkCategoryID in data.FrameworkCategories.Except(metric.FrameworkCategories.Select(d => d.DataQualityFrameworkCategoryID))) { metric.AddFrameworkCategories(frameworkCategoryID); } foreach (var category in metric.FrameworkCategories.Where(c => !data.FrameworkCategories.Contains(c.DataQualityFrameworkCategoryID)).ToArray()) { metric.FrameworkCategories.Remove(category); } await _db.SaveChangesAsync(); return(await Get(data.ID)); }