protected async Task <IActionResult> RunBeingAsync(string beingId, Permission?sharePermission, Func <Being, Task <IActionResult> > handler)
{
Ensure.NotNullOrEmpty(beingId, "beingId");
Being entity = await db.Beings.FindAsync(beingId);
if (entity == null)
{
return(NotFound());
}
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (sharePermission == null)
{
return(Unauthorized());
}
else if (sharePermission == Permission.Read && !await shareStatus.IsBeingSharedForReadAsync(beingId, userId))
{
return(Unauthorized());
}
else if (sharePermission == Permission.Write && !await shareStatus.IsBeingSharedForWriteAsync(beingId, userId))
{
return(Unauthorized());
}
}
return(await handler(entity));
}
public Task <IActionResult> Get(string id) => RunBeingAsync(id, Permission.Read, async entity =>
{
Permission permission = Permission.Write;
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (!await shareStatus.IsBeingSharedForWriteAsync(id, userId))
{
permission = Permission.Read;
}
}
BeingModel model = new BeingModel();
MapEntityToModel(entity, model);
AuthorizedModel <BeingModel> result = new AuthorizedModel <BeingModel>(model);
result.OwnerId = entity.UserId;
result.OwnerName = await userNames.GetUserNameAsync(entity.UserId);
result.UserPermission = permission;
return(Ok(result));
});
