/// <summary>
/// Delete User
/// </summary>
/// <remarks>
/// Admin User can delete any user.
/// Non admin user an only delete its own user.
/// Deleting a user also deletes ssociated babies and associated memories.
/// </remarks>
/// <param name="id"></param>
/// <response code="401">Unauthorized: due to user not token not authorized or the request is not available to user role</response>
/// <returns>null</returns>
// DELETE: api/User/5
public async Task <IHttpActionResult> Delete(string id)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser is null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
if (currentUser.Id != id && currentUser.Role != BabyMemoryConstants.AdminUserRole)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);
if (userBabies != null)
{
foreach (var baby in userBabies)
{
_context.Delete <Baby>(baby.Id);
}
}
_context.Delete <User>(id);
return(StatusCode(HttpStatusCode.NoContent));
}
// GET api/<controller>
/// <summary>
/// Get Babies
/// </summary>
/// <remarks>
/// Admin Users get all babies.
/// Basic Users get only babies for the user.
/// </remarks>
/// <returns>Where does this go?</returns>
/// <example>Where is the example?</example>
/// <exception cref="HttpResponseException"></exception>
public async Task <List <Dictionary <string, object> > > Get()
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var responseDictionaryList = new List <Dictionary <string, object> >();
if (currentUser.Role == BabyMemoryConstants.AdminUserRole)
{
var allBabies = _context.Scan <Baby>();
responseDictionaryList.AddRange(allBabies.Select(b => ResponseDictionary(b)));
return(responseDictionaryList);
}
var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);
responseDictionaryList.AddRange(userBabies.Select(userBaby => ResponseDictionary(userBaby)));
return(responseDictionaryList);
}
// POST api/<controller>
/// <summary>
/// Add new memory
/// </summary>
/// <param name="memory"></param>
/// <returns></returns>
public async Task <IHttpActionResult> Post([FromBody] Memory memory)
{
var currentUser = await _authController.GetVerifiedUser(Request.Headers.Authorization);
if (currentUser == null)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var userBabies = _dataHelpers.BabiesForUserAndRole(currentUser);
if (!(userBabies.Exists(x => x.Id == memory.BabyId)))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
memory.Id = Guid.NewGuid().ToString("N");
_context.Save <Memory>(memory);
return(Created(Url.Route("DefaultApi", new { controller = "Memories" }), ResponseDictionary(memory)));
}