public override bool HasPermision( User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ)
{
return true;
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b;
if (!String.IsNullOrEmpty(request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
switch (request.HttpMethod.ToUpper()) {
case "GET":
if (b.HasPermission (user.Username, Permission.Types.READ)) {
b.Permissions = DataSource.GetPermissionsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's permission data");
}
break;
case "POST":
if (b.HasPermission (user.Username, Permission.Types.PARENT)) {
if (String.IsNullOrEmpty (request ["pid"])) {
Permission p = new Permission ();
p.BabyId = b.Id;
p.Username = request ["username"];
Enum.TryParse<Permission.Types> (request ["type"], out p.Type);
p = DataSource.CreatePermission (p, user);
b.Permissions.Add (p);
response.Write (b.ToJSON ());
} else {
throw new NotImplementedException ("UPDAITNG HAS TO WAIT SORRY");
}
}
else{
throw new AuthException ("Only Users with the PARENT role can update this baby's permission data");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
} else {
throw new ArgumentNullException ("Baby id not specified as 'id'");
}
}
public virtual bool HasPermision(User user,
HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = false;
if (user.Role == User.Roles.ADMIN) {
okay = true;
}
//TODO
return okay;
}
public bool HasPermission(string username, Permission.Types type)
{
bool found = false;
if (type == Permission.Types.READ && this.IsPublic) {
return true;
}
foreach (Permission p in this.Permissions) {
if (p.Username == username && p.Type >= type) {
found = true;
break;
}
}
return found;
}
public override bool HasPermision(User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = base.HasPermision (user, request, DataSource);
if (!okay) {
if (!String.IsNullOrEmpty (request ["id"])) {
Baby b = DataSource.ReadBaby (request ["id"], user);
if (request.HttpMethod == "GET") {
okay = (b.IsPublic || b.HasPermission (user.Username, Permission.Types.READ));
} else {
okay = b.HasPermission (user.Username, Permission.Types.UPDATE);
}
} else {
//no baby? no problem.
okay = true;
}
}
return okay;
}
public bool SavePermission(Permission permission, User user)
{
SqliteCommand cmd = new SqliteCommand (SAVE_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@type", permission.Type);
cmd.Parameters.AddWithValue("@username",permission.Username);
cmd.Parameters.AddWithValue("@babyid",permission.BabyId);
cmd.Parameters.AddWithValue("@added",permission.Added.ToString(DB_DATE_FORMAT));
cmd.Parameters.AddWithValue("@id",permission.Id);
int items = cmd.ExecuteNonQuery();
return items > 0;
}
public Permission ReadPermission(int Id, User user)
{
Permission p = new Permission ();
SqliteCommand cmd = new SqliteCommand (READ_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue("@id",Id);
SqliteDataReader r = cmd.ExecuteReader ();
if (r.Read ()) {
p.Id = Id;
p.Added = DateTime.ParseExact(r ["Added"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture );
p.BabyId = r ["BabyId"].ToString ();
p.Type = (Permission.Types)int.Parse (r ["Type"].ToString ());
p.Username = r ["Username"].ToString ();
}
r.Close ();
return p;
}
public List<Permission> GetPermissionsForUser( User user)
{
List<Permission> Permissions = new List<Permission> ();
SqliteCommand cmd = new SqliteCommand (READ_USER_PERMISSIONS, this.db);
cmd.Parameters.AddWithValue ("@username", user.Username);
SqliteDataReader r = cmd.ExecuteReader ();
while (r.Read ()) {
Permission p = new Permission ();
int.TryParse (r ["Id"].ToString (),out p.Id);
p.Added = DateTime.ParseExact(r ["Added"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture );
p.BabyId = r ["BabyId"].ToString ();
p.Type = (Permission.Types)int.Parse (r ["Type"].ToString ());
p.Username = r ["Username"].ToString ();
p.BabyName = r ["Name"].ToString ();
Permissions.Add (p);
}
r.Close ();
return Permissions;
}
public Permission CreatePermission(Permission permission, User user)
{
Permission p = new Permission();
SqliteCommand cmd = new SqliteCommand (CREATE_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@type", (int)permission.Type);
cmd.Parameters.AddWithValue("@username",permission.Username);
cmd.Parameters.AddWithValue("@babyid",permission.BabyId);
cmd.Parameters.AddWithValue("@added",permission.Added.ToString(DB_DATE_FORMAT));
bool saved = cmd.ExecuteNonQuery () > 0;
if (saved) {
return permission;
}
return p;
}
public Baby CreateBaby(Baby baby, User user)
{
Baby b = baby;
SqliteCommand cmd = new SqliteCommand (CREATE_BABY, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
if (String.IsNullOrEmpty (baby.Id)) {
Random r = new Random ();
//TODO Collision Checks
byte[] id =new byte[BABY_ID_LENGTH];
r.NextBytes (id);
b.Id = Convert.ToBase64String (id)
.Replace ('+', '-')
.Replace('/','_')
.TrimEnd(new char[]{'='});
cmd.Parameters.AddWithValue ("@Id",b.Id);
} else {
cmd.Parameters.AddWithValue ("@Id", baby.Id);
}
cmd.Parameters.AddWithValue("@name",b.Name);
cmd.Parameters.AddWithValue("@image",b.Image);
cmd.Parameters.AddWithValue("@sex",b.Sex);
cmd.Parameters.AddWithValue("@dateofbirth",b.DOB.ToString(DB_DATE_FORMAT));
cmd.Parameters.AddWithValue("@ispublic",b.IsPublic);
bool saved = cmd.ExecuteNonQuery () > 0;
if (saved) {
Permission p = new Permission (b.Id,user.Username,Permission.Types.PARENT);
this.CreatePermission (p,user);
b.Permissions.Add (p);
BabyEvent be = new BabyEvent (b.Id, user.Username, "INFO", "CREATED");
this.CreateBabyEvent (be, user);
b.Events.Add (be);
return b;
}
return new Baby();
}
