public override bool HasPermision( User user, System.Web.HttpRequest request, IBabyDataSource DataSource, Permission.Types type = Permission.Types.READ) { return true; }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b=null; if (!String.IsNullOrEmpty (request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); } switch (request.HttpMethod.ToUpper()) { case "GET": if(b!=null){ if (b.HasPermission (user.Username, Permission.Types.READ)) { // b.Permissions = DataSource.GetPermissionsForBaby (b, user); // b.Events = DataSource.GetEventsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's data"); } } else { throw new ArgumentNullException ("Argument 'id' not specified. POST to CREATE a BABY or use and id."); } break; case "POST": b = new Baby(); b.Name = request["name"]; b.Sex = request["sex"]; b.IsPublic = request["public"] =="Y"; DateTime.TryParse(request["dob"], out b.DOB); b.Image = request["image"]; if(String.IsNullOrEmpty(request["id"])){ Baby fromDb = DataSource.CreateBaby(b,user); response.Write (fromDb.ToJSON ()); } else{ if (b.HasPermission (user.Username, Permission.Types.PARENT)) { b.Id = request ["id"]; DataSource.SaveBaby (b, user); } else { throw new AuthException ("Only users with the parent role can update baby details."); } } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b; if (!String.IsNullOrEmpty(request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); switch (request.HttpMethod.ToUpper()) { case "GET": if (b.HasPermission (user.Username, Permission.Types.READ)) { b.Permissions = DataSource.GetPermissionsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's permission data"); } break; case "POST": if (b.HasPermission (user.Username, Permission.Types.PARENT)) { if (String.IsNullOrEmpty (request ["pid"])) { Permission p = new Permission (); p.BabyId = b.Id; p.Username = request ["username"]; Enum.TryParse<Permission.Types> (request ["type"], out p.Type); p = DataSource.CreatePermission (p, user); b.Permissions.Add (p); response.Write (b.ToJSON ()); } else { throw new NotImplementedException ("UPDAITNG HAS TO WAIT SORRY"); } } else{ throw new AuthException ("Only Users with the PARENT role can update this baby's permission data"); } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } } else { throw new ArgumentNullException ("Baby id not specified as 'id'"); } }
public virtual bool HasPermision(User user, HttpRequest request, IBabyDataSource DataSource, Permission.Types type = Permission.Types.READ ) { bool okay = false; if (user.Role == User.Roles.ADMIN) { okay = true; } //TODO return okay; }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { User u; if (!String.IsNullOrEmpty (request ["id"])) { u = DataSource.ReadUser (request ["id"]); } else { u = DataSource.ReadUser (user.Username); u.Permissions = DataSource.GetPermissionsForUser (user); } switch (request.HttpMethod.ToUpper ()) { case "GET": response.Write (u.ToJSON ()); break; case "POST": //users cannot be created here only via the regiestration portal. u = DataSource.ReadUser (request ["id"]); u.Email = request ["email"]; u.Image = request ["image"]; u.DisplayJson = request ["displaydata"]; //PasswordChanges matching length, and old ps checked. // if (!String.IsNullOrEmpty (request ["password1"]) && // request ["password1"] == request ["password2"] && // request ["password1"].Length > Registration.MIN_PW_LENGTH && // String.IsNullOrEmpty (request ["password_old"]) && // u.BuildHash (request ["password_old"]) == u.Hash) { // // u.Hash = u.BuildHash (request ["password1"]); // } if (u.Username == user.Username || user.Role == User.Roles.ADMIN) { DataSource.SaveUser (u, user); response.Write (u.ToJSON ()); } else { throw new AccessViolationException ("You can't just edit someone else's user details"); } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b; if (!String.IsNullOrEmpty (request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); switch (request.HttpMethod.ToUpper ()) { case "GET": if (b.HasPermission (user.Username, Permission.Types.READ)) { b.Events = DataSource.GetEventsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's data"); } break; case "POST": b.Permissions = DataSource.GetPermissionsForBaby (b, user); if(b.HasPermission(user.Username, Permission.Types.UPDATE)){ BabyEvent be = new BabyEvent ( b.Id, user.Username, String.IsNullOrEmpty (request ["eventtype"]) ? "UNKNOWN" : request ["eventtype"], String.IsNullOrEmpty (request ["subtype"]) ? "" : request ["subtype"], String.IsNullOrEmpty (request ["details"]) ? "" : request ["details"]); be = DataSource.CreateBabyEvent (be, user); b.Events.Add (be); response.Write (b.ToJSON()); } else { throw new AuthException ("You don't have permission to Update this baby's data"); } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } } else { throw new ArgumentNullException ("Baby id not specified as 'id'"); } }
public override bool HasPermision(User user, System.Web.HttpRequest request, IBabyDataSource DataSource, Permission.Types type = Permission.Types.READ ) { bool okay = base.HasPermision (user, request, DataSource); if (!okay) { if (!String.IsNullOrEmpty (request ["id"])) { Baby b = DataSource.ReadBaby (request ["id"], user); if (request.HttpMethod == "GET") { okay = (b.IsPublic || b.HasPermission (user.Username, Permission.Types.READ)); } else { okay = b.HasPermission (user.Username, Permission.Types.UPDATE); } } else { //no baby? no problem. okay = true; } } return okay; }
public virtual void RespondToRequest(User user, HttpRequest request, HttpResponse response, IBabyDataSource DataSource) { }
public HttpBasic(IBabyDataSource data) { this.DataSource = data; }