notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity
yavsc/Yavsc/ApiControllers/EstimateApiController.cs

199 lines
6.6 KiB
C#
Raw Normal View History Unescape Escape

validation & client approval dates
8 years ago
using System;
more api
8 years ago
using System.Linq;
Estimate Owner implementation
8 years ago
using System.Security.Claims;
authorizations and routes
8 years ago
using Microsoft.AspNet.Authorization;
more api
8 years ago
using Microsoft.AspNet.Http;
using Microsoft.AspNet.Mvc;
using Microsoft.Data.Entity;
.
8 years ago
using Microsoft.Extensions.Logging;
more api
8 years ago
using Yavsc.Models;
using Yavsc.Models.Billing;
namespace Yavsc.Controllers
{
[Produces("application/json")]
Use a more intuitive route to this controller
8 years ago
[Route("api/estimate"),Authorize()]
more api
8 years ago
public class EstimateApiController : Controller
{
private ApplicationDbContext _context;
.
8 years ago
private ILogger _logger;
public EstimateApiController(ApplicationDbContext context, ILoggerFactory loggerFactory)
more api
8 years ago
{
_context = context;
.
8 years ago
_logger = loggerFactory.CreateLogger<EstimateApiController>();
more api
8 years ago
}
Estimate Owner implementation
8 years ago
bool UserIsAdminOrThis(string uid)
{
if (User.IsInRole(Constants.AdminGroupName)) return true;
return uid == User.GetUserId();
}
bool UserIsAdminOrInThese (string oid, string uid)
{
if (User.IsInRole(Constants.AdminGroupName)) return true;
var cuid = User.GetUserId();
return cuid == uid || cuid == oid;
}
// GET: api/Estimate{?ownerId=User.GetUserId()}
more api
8 years ago
[HttpGet]
Estimate Owner implementation
8 years ago
public IActionResult GetEstimates(string ownerId=null)
more api
8 years ago
{
Estimate Owner implementation
8 years ago
if ( ownerId == null ) ownerId = User.GetUserId();
else if (!UserIsAdminOrThis(ownerId)) // throw new Exception("Not authorized") ;
// or just do nothing
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
.
8 years ago
return Ok(_context.Estimates.Include(e=>e.Bill).Where(e=>e.OwnerId == ownerId));
more api
8 years ago
}
// GET: api/Estimate/5
[HttpGet("{id}", Name = "GetEstimate")]
public IActionResult GetEstimate([FromRoute] long id)
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
}
.
8 years ago
Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id);
more api
8 years ago
if (estimate == null)
{
return HttpNotFound();
}
Estimate Owner implementation
8 years ago
if (UserIsAdminOrInThese(estimate.ClientId,estimate.OwnerId))
more api
8 years ago
return Ok(estimate);
Estimate Owner implementation
8 years ago
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
more api
8 years ago
}
// PUT: api/Estimate/5
[HttpPut("{id}")]
public IActionResult PutEstimate(long id, [FromBody] Estimate estimate)
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
}
if (id != estimate.Id)
{
return HttpBadRequest();
}
Estimate Owner implementation
8 years ago
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only modify your own estimates");
return HttpBadRequest(ModelState);
}
}
.
8 years ago
var entry = _context.Attach(estimate);
validation & client approval dates
8 years ago
estimate.LatestValidationDate = DateTime.Now;
more api
8 years ago
try
{
_context.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!EstimateExists(id))
{
return HttpNotFound();
}
else
{
throw;
}
}
.
8 years ago
return Ok( new { Id = estimate.Id, LatestValidationDate = estimate.LatestValidationDate });
more api
8 years ago
}
// POST: api/Estimate
[HttpPost]
public IActionResult PostEstimate([FromBody] Estimate estimate)
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
}
Estimate Owner implementation
8 years ago
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only create your own estimates");
return HttpBadRequest(ModelState);
}
}
validation & client approval dates
8 years ago
estimate.LatestValidationDate = DateTime.Now;
more api
8 years ago
_context.Estimates.Add(estimate);
.
8 years ago
/* _context.AttachRange(estimate.Bill);
_context.Attach(estimate);
_context.Entry(estimate).State = EntityState.Added;
foreach (var line in estimate.Bill)
_context.Entry(line).State = EntityState.Added;
// foreach (var l in estimate.Bill) _context.Attach<CommandLine>(l);
*/
more api
8 years ago
try
{
_context.SaveChanges();
}
catch (DbUpdateException)
{
if (EstimateExists(estimate.Id))
{
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
}
else
{
throw;
}
}
.
8 years ago
return Ok( new { Id = estimate.Id, Bill = estimate.Bill , LatestValidationDate = estimate.LatestValidationDate });
more api
8 years ago
}
// DELETE: api/Estimate/5
[HttpDelete("{id}")]
public IActionResult DeleteEstimate(long id)
{
if (!ModelState.IsValid)
{
return HttpBadRequest(ModelState);
}
.
8 years ago
Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id);
Estimate Owner implementation
8 years ago
more api
8 years ago
if (estimate == null)
{
return HttpNotFound();
}
Estimate Owner implementation
8 years ago
var uid = User.GetUserId();
if (!User.IsInRole(Constants.AdminGroupName))
{
if (uid != estimate.OwnerId)
{
ModelState.AddModelError("OwnerId","You can only create your own estimates");
return HttpBadRequest(ModelState);
}
}
more api
8 years ago
_context.Estimates.Remove(estimate);
_context.SaveChanges();
return Ok(estimate);
}
protected override void Dispose(bool disposing)
{
if (disposing)
{
_context.Dispose();
}
base.Dispose(disposing);
}
private bool EstimateExists(long id)
{
return _context.Estimates.Count(e => e.Id == id) > 0;
}
}
}