public async Task <ActionResult <UserDTO> > DeleteUser(string username)
{
var user = await userManager.FindByNameAsync(username);
if (user == null)
{
return(NotFound());
}
User authenticatedUser = await userManager.FindByNameAsync(User.Identity.Name);
if (!(await userManager.IsInRoleAsync(authenticatedUser, UserRoles.Admin)) && !(authenticatedUser.UserName == username))
{
return(Unauthorized("Cannot delete another user unless admin"));
}
// TODO: Revoke security token
await userManager.DeleteAsync(user);
return(AuthController.UserToDTO(user));
}
public async Task <ActionResult <IEnumerable <UserDTO> > > GetUsers()
{
var users = await _context.Users.ToListAsync();
return(users.Select(user => AuthController.UserToDTO(user)).ToList());
}
public async Task <ActionResult <ResumeDetailDTO> > GetResume(long id)
{
User user = await userManager.FindByNameAsync(User.Identity.Name);
IList <string> roles = await userManager.GetRolesAsync(user);
// Definitely not the fastest way of doing it, but after spending many hours trying to figure out group joins
// in EF 3.0 and having it only result sadness, this will have to do for now
ResumeDetailDTO resumeDetail = await(from resume in _context.Resumes
join candidate in _context.Users on resume.CandidateId equals candidate.Id
where resume.ResumeId == id
select new ResumeDetailDTO()
{
ResumeId = resume.ResumeId,
Name = resume.Name,
Candidate = AuthController.UserToDTO(candidate)
}).FirstOrDefaultAsync();
if (resumeDetail == null)
{
return(NotFound());
}
bool authorized = false;
if (roles.Contains(UserRoles.Admin))
{
authorized = true;
}
else if (roles.Contains(UserRoles.Recruiter))
{
var query = from resume in _context.Resumes
join application in _context.Applications on resume.ResumeId equals application.ResumeId
join jobpost in _context.JobPosts on application.JobId equals jobpost.JobPostId
join recruiter in _context.Recruiters on jobpost.CompanyId equals recruiter.CompanyId
where recruiter.UserId == user.Id && resume.ResumeId == id
select resume;
if (query.Any())
{
authorized = true;
}
}
else if (resumeDetail.Candidate.UserName == user.UserName)
{
authorized = true;
}
if (!authorized)
{
return(Unauthorized("Cannot view that resume"));
}
// Find and join all weak entities separately
resumeDetail.Awards = await(from award in _context.Awards where award.ResumeId == id orderby award.Order select award)
.Select(x => AwardsController.AwardToDTO(x)).ToListAsync();
resumeDetail.Certifications = await(from cert in _context.Certifications where cert.ResumeId == id orderby cert.Order select cert)
.Select(x => CertificationsController.CertificationToDTO(x)).ToListAsync();
resumeDetail.Education = await(from edu in _context.Education where edu.ResumeId == id orderby edu.Order select edu)
.Select(x => EducationController.EducationToDTO(x)).ToListAsync();
resumeDetail.Experience = await(from exp in _context.Experiences where exp.ResumeId == id orderby exp.Order select exp)
.Select(x => ExperienceController.ExperienceToDTO(x)).ToListAsync();
resumeDetail.Projects = await(from proj in _context.Projects where proj.ResumeId == id orderby proj.Order select proj)
.Select(x => ProjectsController.ProjectToDTO(x)).ToListAsync();
resumeDetail.Skills = await(from skill in _context.Skills where skill.ResumeId == id orderby skill.Order select skill)
.Select(x => SkillsController.SkillToDTO(x)).ToListAsync();
return(resumeDetail);
}