protected async Task <IActionResult> RunEntryAsync(string entryId, Permission?sharePermission, Func <Entry, Task <IActionResult> > handler)
{
Ensure.NotNullOrEmpty(entryId, "entryId");
Entry entity;
if (runEntryObserver == null)
{
entity = await db.Entries.FindAsync(entryId);
}
else
{
entity = await runEntryObserver(db.Entries).FirstOrDefaultAsync(e => e.Id == entryId);
}
if (entity == null)
{
return(NotFound());
}
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (sharePermission == null)
{
return(Unauthorized());
}
else if (sharePermission == Permission.Read && !await shareStatus.IsEntrySharedForReadAsync(entryId, userId))
{
return(Unauthorized());
}
else if (sharePermission == Permission.Write && !await shareStatus.IsEntrySharedForWriteAsync(entryId, userId))
{
return(Unauthorized());
}
}
return(await handler(entity));
}
public async Task <ActionResult <AuthorizedModel <EntryModel> > > Get(string id)
{
Ensure.NotNullOrEmpty(id, "id");
Entry entity = await db.Entries.FindAsync(id);
if (entity == null)
{
return(NotFound());
}
Permission permission = Permission.Write;
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (!await shareStatus.IsEntrySharedForReadAsync(id, userId))
{
return(Unauthorized());
}
if (!await shareStatus.IsEntrySharedForWriteAsync(id, userId))
{
permission = Permission.Read;
}
}
EntryModel model = new EntryModel();
MapEntityToModel(entity, model);
AuthorizedModel <EntryModel> result = new AuthorizedModel <EntryModel>(model);
result.OwnerId = entity.UserId;
result.OwnerName = await userNames.GetUserNameAsync(entity.UserId);
result.UserPermission = permission;
return(Ok(result));
}
