public override bool HasPermision( User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ)
{
return true;
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b=null;
if (!String.IsNullOrEmpty (request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
}
switch (request.HttpMethod.ToUpper()) {
case "GET":
if(b!=null){
if (b.HasPermission (user.Username, Permission.Types.READ)) {
// b.Permissions = DataSource.GetPermissionsForBaby (b, user);
// b.Events = DataSource.GetEventsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's data");
}
} else {
throw new ArgumentNullException ("Argument 'id' not specified. POST to CREATE a BABY or use and id.");
}
break;
case "POST":
b = new Baby();
b.Name = request["name"];
b.Sex = request["sex"];
b.IsPublic = request["public"] =="Y";
DateTime.TryParse(request["dob"], out b.DOB);
b.Image = request["image"];
if(String.IsNullOrEmpty(request["id"])){
Baby fromDb = DataSource.CreateBaby(b,user);
response.Write (fromDb.ToJSON ());
}
else{
if (b.HasPermission (user.Username, Permission.Types.PARENT)) {
b.Id = request ["id"];
DataSource.SaveBaby (b, user);
} else {
throw new AuthException ("Only users with the parent role can update baby details.");
}
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b;
if (!String.IsNullOrEmpty(request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
switch (request.HttpMethod.ToUpper()) {
case "GET":
if (b.HasPermission (user.Username, Permission.Types.READ)) {
b.Permissions = DataSource.GetPermissionsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's permission data");
}
break;
case "POST":
if (b.HasPermission (user.Username, Permission.Types.PARENT)) {
if (String.IsNullOrEmpty (request ["pid"])) {
Permission p = new Permission ();
p.BabyId = b.Id;
p.Username = request ["username"];
Enum.TryParse<Permission.Types> (request ["type"], out p.Type);
p = DataSource.CreatePermission (p, user);
b.Permissions.Add (p);
response.Write (b.ToJSON ());
} else {
throw new NotImplementedException ("UPDAITNG HAS TO WAIT SORRY");
}
}
else{
throw new AuthException ("Only Users with the PARENT role can update this baby's permission data");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
} else {
throw new ArgumentNullException ("Baby id not specified as 'id'");
}
}
public virtual bool HasPermision(User user,
HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = false;
if (user.Role == User.Roles.ADMIN) {
okay = true;
}
//TODO
return okay;
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
User u;
if (!String.IsNullOrEmpty (request ["id"])) {
u = DataSource.ReadUser (request ["id"]);
} else {
u = DataSource.ReadUser (user.Username);
u.Permissions = DataSource.GetPermissionsForUser (user);
}
switch (request.HttpMethod.ToUpper ()) {
case "GET":
response.Write (u.ToJSON ());
break;
case "POST":
//users cannot be created here only via the regiestration portal.
u = DataSource.ReadUser (request ["id"]);
u.Email = request ["email"];
u.Image = request ["image"];
u.DisplayJson = request ["displaydata"];
//PasswordChanges matching length, and old ps checked.
// if (!String.IsNullOrEmpty (request ["password1"]) &&
// request ["password1"] == request ["password2"] &&
// request ["password1"].Length > Registration.MIN_PW_LENGTH &&
// String.IsNullOrEmpty (request ["password_old"]) &&
// u.BuildHash (request ["password_old"]) == u.Hash) {
//
// u.Hash = u.BuildHash (request ["password1"]);
// }
if (u.Username == user.Username || user.Role == User.Roles.ADMIN) {
DataSource.SaveUser (u, user);
response.Write (u.ToJSON ());
} else {
throw new AccessViolationException ("You can't just edit someone else's user details");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b;
if (!String.IsNullOrEmpty (request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
switch (request.HttpMethod.ToUpper ()) {
case "GET":
if (b.HasPermission (user.Username, Permission.Types.READ)) {
b.Events = DataSource.GetEventsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's data");
}
break;
case "POST":
b.Permissions = DataSource.GetPermissionsForBaby (b, user);
if(b.HasPermission(user.Username, Permission.Types.UPDATE)){
BabyEvent be = new BabyEvent (
b.Id,
user.Username,
String.IsNullOrEmpty (request ["eventtype"]) ? "UNKNOWN" : request ["eventtype"],
String.IsNullOrEmpty (request ["subtype"]) ? "" : request ["subtype"],
String.IsNullOrEmpty (request ["details"]) ? "" : request ["details"]);
be = DataSource.CreateBabyEvent (be, user);
b.Events.Add (be);
response.Write (b.ToJSON());
}
else {
throw new AuthException ("You don't have permission to Update this baby's data");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
else {
throw new ArgumentNullException ("Baby id not specified as 'id'");
}
}
public override bool HasPermision(User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = base.HasPermision (user, request, DataSource);
if (!okay) {
if (!String.IsNullOrEmpty (request ["id"])) {
Baby b = DataSource.ReadBaby (request ["id"], user);
if (request.HttpMethod == "GET") {
okay = (b.IsPublic || b.HasPermission (user.Username, Permission.Types.READ));
} else {
okay = b.HasPermission (user.Username, Permission.Types.UPDATE);
}
} else {
//no baby? no problem.
okay = true;
}
}
return okay;
}
public virtual void RespondToRequest(User user,
HttpRequest request,
HttpResponse response,
IBabyDataSource DataSource)
{
}
public HttpBasic(IBabyDataSource data)
{
this.DataSource = data;
}
