public ContactsListResponse CreateAndAddContactToAssessment([FromBody] ContactCreateParameters newContact) { int assessmentId = Auth.AssessmentForUser(); TokenManager tm = new TokenManager(); string app_code = tm.Payload(Constants.Token_Scope); // Make sure the user is an admin on this assessment Auth.AuthorizeAdminRole(); newContact.AssessmentId = assessmentId; newContact.PrimaryEmail = newContact.PrimaryEmail ?? ""; ContactsManager cm = new ContactsManager(); List <ContactDetail> details = new List <ContactDetail>(1); details.Add(cm.CreateAndAddContactToAssessment(newContact)); ContactsListResponse resp = new ContactsListResponse { ContactList = details, CurrentUserRole = cm.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, assessmentId) ?? 0 }; return(resp); }
public ContactsListResponse GetContactsForAssessment() { int assessmentId = Auth.AssessmentForUser(); int userId = TransactionSecurity.CurrentUserId; ContactsManager contactManager = new ContactsManager(); ContactsListResponse resp = new ContactsListResponse { ContactList = contactManager.GetContacts(assessmentId), CurrentUserRole = contactManager.GetUserRoleOnAssessment(userId, assessmentId) ?? 0 }; return(resp); }
public ContactsListResponse RemoveContactFromAssessment([FromBody] ContactRemoveParameters contactRemove) { if (contactRemove == null) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The input parameters are not valid"), ReasonPhrase = "The input parameters are not valid" }; throw new HttpResponseException(err); } int assessmentId = contactRemove.Assessment_ID == 0 ? Auth.AssessmentForUser() : contactRemove.Assessment_ID; int currentUserId = Auth.GetUserId(); if (contactRemove.UserId == 0) { contactRemove.UserId = currentUserId; } // Determine the current user's role. ContactsManager cm = new ContactsManager(); int currentUserRole = cm.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, assessmentId) ?? 0; // If they are a USER and are trying to remove anyone but themself, forbid it if (currentUserRole == (int)ContactsManager.ContactRole.RoleUser && contactRemove.UserId != currentUserId) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The current user does not have administrative authority for the Assessment."), ReasonPhrase = "The only contact that a user role can remove is themself." }; throw new HttpResponseException(err); } // Do not allow the user to remove themself if they are the last Admin on the assessment and there are other users if (contactRemove.UserId == currentUserId && Auth.AmILastAdminWithUsers(assessmentId)) { var err = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("The current user is the only Administrator contact on the Assessment"), ReasonPhrase = "An Assessment must have at least one Administrator contact." }; throw new HttpResponseException(err); } List <ContactDetail> newList; try { newList = cm.RemoveContact(contactRemove.UserId, assessmentId); } catch (NoSuchUserException) { // This could happen if they try to remove a contact that wasn't on the assessment. // It's not critical. //Are we sure this is the ONLY CASE that could ever happen? //changing it to catch specific instance just in case there could be //anything else that could ever happen } ContactsManager contactManager = new ContactsManager(); ContactsListResponse resp = new ContactsListResponse { ContactList = contactManager.GetContacts(assessmentId), CurrentUserRole = contactManager.GetUserRoleOnAssessment(TransactionSecurity.CurrentUserId, assessmentId) ?? 0 }; return(resp); }