using System; using System.Linq; using System.Security.Claims; using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Http; using Microsoft.AspNet.Mvc; using Microsoft.Data.Entity; using Microsoft.Extensions.Logging; using Yavsc.Models; using Yavsc.Models.Billing; namespace Yavsc.Controllers { [Produces("application/json")] [Route("api/estimate"),Authorize()] public class EstimateApiController : Controller { private ApplicationDbContext _context; private ILogger _logger; public EstimateApiController(ApplicationDbContext context, ILoggerFactory loggerFactory) { _context = context; _logger = loggerFactory.CreateLogger(); } bool UserIsAdminOrThis(string uid) { if (User.IsInRole(Constants.AdminGroupName)) return true; return uid == User.GetUserId(); } bool UserIsAdminOrInThese (string oid, string uid) { if (User.IsInRole(Constants.AdminGroupName)) return true; var cuid = User.GetUserId(); return cuid == uid || cuid == oid; } // GET: api/Estimate{?ownerId=User.GetUserId()} [HttpGet] public IActionResult GetEstimates(string ownerId=null) { if ( ownerId == null ) ownerId = User.GetUserId(); else if (!UserIsAdminOrThis(ownerId)) // throw new Exception("Not authorized") ; // or just do nothing return new HttpStatusCodeResult(StatusCodes.Status403Forbidden); return Ok(_context.Estimates.Include(e=>e.Bill).Where(e=>e.OwnerId == ownerId)); } // GET: api/Estimate/5 [HttpGet("{id}", Name = "GetEstimate")] public IActionResult GetEstimate([FromRoute] long id) { if (!ModelState.IsValid) { return HttpBadRequest(ModelState); } Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id); if (estimate == null) { return HttpNotFound(); } if (UserIsAdminOrInThese(estimate.ClientId,estimate.OwnerId)) return Ok(estimate); return new HttpStatusCodeResult(StatusCodes.Status403Forbidden); } // PUT: api/Estimate/5 [HttpPut("{id}")] public IActionResult PutEstimate(long id, [FromBody] Estimate estimate) { if (!ModelState.IsValid) { return HttpBadRequest(ModelState); } if (id != estimate.Id) { return HttpBadRequest(); } var uid = User.GetUserId(); if (!User.IsInRole(Constants.AdminGroupName)) { if (uid != estimate.OwnerId) { ModelState.AddModelError("OwnerId","You can only modify your own estimates"); return HttpBadRequest(ModelState); } } var entry = _context.Attach(estimate); try { _context.SaveChanges(); } catch (DbUpdateConcurrencyException) { if (!EstimateExists(id)) { return HttpNotFound(); } else { throw; } } return Ok( new { Id = estimate.Id }); } // POST: api/Estimate [HttpPost] public IActionResult PostEstimate([FromBody] Estimate estimate) { if (!ModelState.IsValid) { return HttpBadRequest(ModelState); } var uid = User.GetUserId(); if (!User.IsInRole(Constants.AdminGroupName)) { if (uid != estimate.OwnerId) { ModelState.AddModelError("OwnerId","You can only create your own estimates"); return HttpBadRequest(ModelState); } } if (estimate.CommandId!=null) { var query = _context.BookQueries.FirstOrDefault(q => q.Id == estimate.CommandId); if (query == null || query.PerformerId!= uid) throw new InvalidOperationException(); query.ValidationDate = DateTime.Now; } _context.Estimates.Add(estimate); /* _context.AttachRange(estimate.Bill); _context.Attach(estimate); _context.Entry(estimate).State = EntityState.Added; foreach (var line in estimate.Bill) _context.Entry(line).State = EntityState.Added; // foreach (var l in estimate.Bill) _context.Attach(l); */ try { _context.SaveChanges(); } catch (DbUpdateException) { if (EstimateExists(estimate.Id)) { return new HttpStatusCodeResult(StatusCodes.Status409Conflict); } else { throw; } } return Ok( new { Id = estimate.Id, Bill = estimate.Bill }); } // DELETE: api/Estimate/5 [HttpDelete("{id}")] public IActionResult DeleteEstimate(long id) { if (!ModelState.IsValid) { return HttpBadRequest(ModelState); } Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id); if (estimate == null) { return HttpNotFound(); } var uid = User.GetUserId(); if (!User.IsInRole(Constants.AdminGroupName)) { if (uid != estimate.OwnerId) { ModelState.AddModelError("OwnerId","You can only create your own estimates"); return HttpBadRequest(ModelState); } } _context.Estimates.Remove(estimate); _context.SaveChanges(); return Ok(estimate); } protected override void Dispose (bool disposing) { if (disposing) { _context.Dispose(); } base.Dispose(disposing); } private bool EstimateExists(long id) { return _context.Estimates.Count(e => e.Id == id) > 0; } } }