206 lines
6.9 KiB
C#
206 lines
6.9 KiB
C#
using System;
|
||
using System.Linq;
|
||
using System.Security.Claims;
|
||
using Microsoft.AspNet.Authorization;
|
||
using Microsoft.AspNet.Http;
|
||
using Microsoft.AspNet.Mvc;
|
||
using Microsoft.Data.Entity;
|
||
using Microsoft.Extensions.Logging;
|
||
using Yavsc.Models;
|
||
using Yavsc.Models.Billing;
|
||
|
||
namespace Yavsc.Controllers
|
||
{
|
||
[Produces("application/json")]
|
||
[Route("api/estimate"),Authorize()]
|
||
public class EstimateApiController : Controller
|
||
{
|
||
private ApplicationDbContext _context;
|
||
private ILogger _logger;
|
||
public EstimateApiController(ApplicationDbContext context, ILoggerFactory loggerFactory)
|
||
{
|
||
_context = context;
|
||
_logger = loggerFactory.CreateLogger<EstimateApiController>();
|
||
}
|
||
bool UserIsAdminOrThis(string uid)
|
||
{
|
||
if (User.IsInRole(Constants.AdminGroupName)) return true;
|
||
return uid == User.GetUserId();
|
||
}
|
||
bool UserIsAdminOrInThese (string oid, string uid)
|
||
{
|
||
if (User.IsInRole(Constants.AdminGroupName)) return true;
|
||
var cuid = User.GetUserId();
|
||
return cuid == uid || cuid == oid;
|
||
}
|
||
// GET: api/Estimate{?ownerId=User.GetUserId()}
|
||
[HttpGet]
|
||
public IActionResult GetEstimates(string ownerId=null)
|
||
{
|
||
if ( ownerId == null ) ownerId = User.GetUserId();
|
||
else if (!UserIsAdminOrThis(ownerId)) // throw new Exception("Not authorized") ;
|
||
// or just do nothing
|
||
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
|
||
return Ok(_context.Estimates.Include(e=>e.Bill).Where(e=>e.OwnerId == ownerId));
|
||
}
|
||
// GET: api/Estimate/5
|
||
[HttpGet("{id}", Name = "GetEstimate")]
|
||
public IActionResult GetEstimate([FromRoute] long id)
|
||
{
|
||
if (!ModelState.IsValid)
|
||
{
|
||
return HttpBadRequest(ModelState);
|
||
}
|
||
|
||
Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id);
|
||
|
||
if (estimate == null)
|
||
{
|
||
return HttpNotFound();
|
||
}
|
||
|
||
if (UserIsAdminOrInThese(estimate.ClientId,estimate.OwnerId))
|
||
return Ok(estimate);
|
||
return new HttpStatusCodeResult(StatusCodes.Status403Forbidden);
|
||
}
|
||
|
||
// PUT: api/Estimate/5
|
||
[HttpPut("{id}"),Produces("application/json")]
|
||
public IActionResult PutEstimate(long id, [FromBody] Estimate estimate)
|
||
{
|
||
|
||
if (!ModelState.IsValid)
|
||
{
|
||
return new BadRequestObjectResult(ModelState);
|
||
}
|
||
|
||
if (id != estimate.Id)
|
||
{
|
||
return HttpBadRequest();
|
||
}
|
||
var uid = User.GetUserId();
|
||
if (!User.IsInRole(Constants.AdminGroupName))
|
||
{
|
||
if (uid != estimate.OwnerId)
|
||
{
|
||
ModelState.AddModelError("OwnerId","You can only modify your own estimates");
|
||
return HttpBadRequest(ModelState);
|
||
}
|
||
}
|
||
|
||
var entry = _context.Attach(estimate);
|
||
try
|
||
{
|
||
_context.SaveChanges(User.GetUserId());
|
||
}
|
||
catch (DbUpdateConcurrencyException)
|
||
{
|
||
if (!EstimateExists(id))
|
||
{
|
||
return HttpNotFound();
|
||
}
|
||
else
|
||
{
|
||
throw;
|
||
}
|
||
}
|
||
|
||
return Ok( new { Id = estimate.Id });
|
||
}
|
||
|
||
// POST: api/Estimate
|
||
[HttpPost,Produces("application/json")]
|
||
public IActionResult PostEstimate([FromBody] Estimate estimate)
|
||
{
|
||
var uid = User.GetUserId();
|
||
if (!User.IsInRole(Constants.AdminGroupName))
|
||
{
|
||
if (uid != estimate.OwnerId)
|
||
{
|
||
ModelState.AddModelError("OwnerId","You can only create your own estimates");
|
||
return HttpBadRequest(ModelState);
|
||
}
|
||
}
|
||
if (estimate.CommandId!=null) {
|
||
var query = _context.RdvQueries.FirstOrDefault(q => q.Id == estimate.CommandId);
|
||
if (query == null || query.PerformerId!= uid)
|
||
return HttpBadRequest(ModelState);
|
||
query.ValidationDate = DateTime.Now;
|
||
}
|
||
if (!ModelState.IsValid)
|
||
{
|
||
return new BadRequestObjectResult(ModelState);
|
||
}
|
||
_context.Estimates.Add(estimate);
|
||
|
||
|
||
/* _context.AttachRange(estimate.Bill);
|
||
_context.Attach(estimate);
|
||
_context.Entry(estimate).State = EntityState.Added;
|
||
foreach (var line in estimate.Bill)
|
||
_context.Entry(line).State = EntityState.Added;
|
||
// foreach (var l in estimate.Bill) _context.Attach<CommandLine>(l);
|
||
*/
|
||
try
|
||
{
|
||
_context.SaveChanges(User.GetUserId());
|
||
}
|
||
catch (DbUpdateException)
|
||
{
|
||
if (EstimateExists(estimate.Id))
|
||
{
|
||
return new HttpStatusCodeResult(StatusCodes.Status409Conflict);
|
||
}
|
||
else
|
||
{
|
||
throw;
|
||
}
|
||
}
|
||
return Ok( new { Id = estimate.Id, Bill = estimate.Bill });
|
||
}
|
||
|
||
// DELETE: api/Estimate/5
|
||
[HttpDelete("{id}")]
|
||
public IActionResult DeleteEstimate(long id)
|
||
{
|
||
if (!ModelState.IsValid)
|
||
{
|
||
return HttpBadRequest(ModelState);
|
||
}
|
||
|
||
Estimate estimate = _context.Estimates.Include(e=>e.Bill).Single(m => m.Id == id);
|
||
|
||
if (estimate == null)
|
||
{
|
||
return HttpNotFound();
|
||
}
|
||
var uid = User.GetUserId();
|
||
if (!User.IsInRole(Constants.AdminGroupName))
|
||
{
|
||
if (uid != estimate.OwnerId)
|
||
{
|
||
ModelState.AddModelError("OwnerId","You can only create your own estimates");
|
||
return HttpBadRequest(ModelState);
|
||
}
|
||
}
|
||
_context.Estimates.Remove(estimate);
|
||
_context.SaveChanges(User.GetUserId());
|
||
|
||
return Ok(estimate);
|
||
}
|
||
|
||
protected override void Dispose (bool disposing)
|
||
{
|
||
if (disposing)
|
||
{
|
||
_context.Dispose();
|
||
}
|
||
base.Dispose(disposing);
|
||
}
|
||
|
||
private bool EstimateExists(long id)
|
||
{
|
||
return _context.Estimates.Count(e => e.Id == id) > 0;
|
||
}
|
||
}
|
||
} |