public async Task <ActionResult <AuthorizedModel <EntryModel> > > Get(string id)
{
Ensure.NotNullOrEmpty(id, "id");
Entry entity = await db.Entries.FindAsync(id);
if (entity == null)
{
return(NotFound());
}
Permission permission = Permission.Write;
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (!await shareStatus.IsEntrySharedForReadAsync(id, userId))
{
return(Unauthorized());
}
if (!await shareStatus.IsEntrySharedForWriteAsync(id, userId))
{
permission = Permission.Read;
}
}
EntryModel model = new EntryModel();
MapEntityToModel(entity, model);
AuthorizedModel <EntryModel> result = new AuthorizedModel <EntryModel>(model);
result.OwnerId = entity.UserId;
result.OwnerName = await userNames.GetUserNameAsync(entity.UserId);
result.UserPermission = permission;
return(Ok(result));
}
public Task <IActionResult> Detail(string entryId, string imageId) => RunEntryAsync(entryId, Permission.Read, async entry =>
{
Image entity = await dataContext.Images.FirstOrDefaultAsync(i => i.Entry.Id == entryId && i.Id == imageId);
if (entity == null)
{
return(NotFound());
}
var model = new ImageModel();
service.MapEntityToModel(entity, model, entry.UserId);
var permission = model.UserId == User.FindUserId() || await shareStatus.IsEntrySharedForWriteAsync(entryId, User.FindUserId()) ? Permission.Write : Permission.Read;
AuthorizedModel <ImageModel> result = new AuthorizedModel <ImageModel>(model);
result.OwnerId = entry.UserId;
result.OwnerName = await userNames.GetUserNameAsync(entry.UserId);
result.UserPermission = permission;
return(Ok(result));
});
protected async Task <IActionResult> RunEntryAsync(string entryId, Permission?sharePermission, Func <Entry, Task <IActionResult> > handler)
{
Ensure.NotNullOrEmpty(entryId, "entryId");
Entry entity;
if (runEntryObserver == null)
{
entity = await db.Entries.FindAsync(entryId);
}
else
{
entity = await runEntryObserver(db.Entries).FirstOrDefaultAsync(e => e.Id == entryId);
}
if (entity == null)
{
return(NotFound());
}
string userId = HttpContext.User.FindUserId();
if (entity.UserId != userId)
{
if (sharePermission == null)
{
return(Unauthorized());
}
else if (sharePermission == Permission.Read && !await shareStatus.IsEntrySharedForReadAsync(entryId, userId))
{
return(Unauthorized());
}
else if (sharePermission == Permission.Write && !await shareStatus.IsEntrySharedForWriteAsync(entryId, userId))
{
return(Unauthorized());
}
}
return(await handler(entity));
}
