private SelfReportedLoanListModel RemoveInvalidLoansFromList(SelfReportedLoanListModel srList)
{
//get Id of the member currently logged-in
SiteMember sm = IntegrationLoader.LoadDependency <ISiteMembership>("siteMembership").GetMember();
string individualId = "";
if (sm != null && sm.Profile != null && sm.Profile.Id != null)
{
individualId = sm.Profile.Id.ToString();
_log.Debug(string.Format("SiteMember.Profile.Id = {0}", individualId));
}
List <string> invalidLoanIdList = new List <string>();
//get list of current SRL's for the member logged-in
if (!string.IsNullOrEmpty(individualId))
{
SelfReportedLoanListModel srListFromDB = GetSelfReportedLoans(individualId);
foreach (SelfReportedLoanModel srl in srList.Loans)
{
if (!string.IsNullOrEmpty(srl.LoanSelfReportedEntryId) && srListFromDB != null)//only care about loans being updated here.
{
bool foundValidLoan = false;
foreach (SelfReportedLoanModel srlFromDB in srListFromDB.Loans)
{
if (srl.LoanSelfReportedEntryId == srlFromDB.LoanSelfReportedEntryId)
{
foundValidLoan = true;
break;
}
}
// if a loan attempting to be updated by user isn't in DB, then user is tampering. Remove that loan from the update list.
if (!foundValidLoan)
{
invalidLoanIdList.Add(srl.LoanSelfReportedEntryId);
_log.Warn(string.Format("User attempted to save loan information that did not belong to them. User = {0}, LoanSelfReportedEntryId = {1}",
individualId, srl.LoanSelfReportedEntryId));
}
}
}
foreach (string str in invalidLoanIdList)
{
SelfReportedLoanModel srl = srList.Loans.Find(l => l.LoanSelfReportedEntryId == str);
if (srl != null)
{
srList.Loans.Remove(srl);
}
}
}
return(srList);
}