public IHttpActionResult Delete(long id) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } validation = ValidateUserCanBeDeleted(token); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User target = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (target.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } User removed = ws.RemoveUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); RestUser res = CreateRestUser(removed); res.href = ""; return(Ok(res)); }
private bool ValidateUserExists(string token, long id) { DataAccessSoapClient dataWS = new DataAccessSoapClient(); User target = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); return(target != null); }
private bool ValidateClientIdentity(string token, long userId) { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); DataAccessSoapClient dataWS = new DataAccessSoapClient(); User target = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, userId); return(identity != null && target != null && identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString())); }
private IHttpActionResult ValidateProductData(ProductData product, string token, bool editing) { if (product == null) { return(BadRequest("Product data is missing")); } if (!editing && !product.IsComplete()) { return(BadRequest("Product data missing some required field")); } if (product.Price != null && product.Price <= 0) { return(BadRequest("Product price must be a positive decimal number")); } if (product.Units != null && product.Units < 1) { return(BadRequest("Product units must be a positive integer")); } if (product.SellerId != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); User seller = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, product.SellerId.Value); if (seller == null || seller.Role != DataAccessWS.UserRole.SELLER) { return(BadRequest("Seller with id " + product.SellerId.Value + " not found in the system")); } } if (product.CategoryId != null) { DataAccessSoapClient ws = new DataAccessSoapClient(); Category category = ws.FindCategory(new DataAccessWS.Security { BinarySecurityToken = token }, product.CategoryId.Value); if (category == null) { return(BadRequest("Category with id " + product.CategoryId.Value + " not found in the system")); } } return(null); }
public IHttpActionResult Get(long id) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } DataAccessSoapClient ws = new DataAccessSoapClient(); User user = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (user.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } return(Ok(CreateRestUser(user))); }
private void assignProperties(Product product, ProductData data, string token) { if (!string.IsNullOrEmpty(data.Name)) { product.Name = data.Name; } if (!string.IsNullOrEmpty(data.Description)) { product.Description = data.Description; } if (data.Price != null) { product.Price = data.Price.Value; } if (data.Units != null) { product.Units = data.Units.Value; } if (data.Image != null) { product.image = data.Image; } if (data.SellerId != null) { product.seller_id = data.SellerId.Value; DataAccessSoapClient ws = new DataAccessSoapClient(); dynamic user = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, product.seller_id); product.seller = user; } if (data.CategoryId != null) { product.category_id = data.CategoryId.Value; DataAccessSoapClient ws = new DataAccessSoapClient(); dynamic category = ws.FindCategory(new DataAccessWS.Security { BinarySecurityToken = token }, product.category_id); product.category = category; } }
public IHttpActionResult Put(long id, [FromBody] UserData userData) { string token = GetAuthToken(); IHttpActionResult validation = Validate(token, id); if (validation != null) { return(validation); } if (userData == null) { return(BadRequest("Missing user data")); } DataAccessSoapClient ws = new DataAccessSoapClient(); User target = ws.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, id); if (target.Role != DataAccessWS.UserRole.BUYER) { return(NotFound()); } IHttpActionResult userValidation = ValidateUserData(userData, target); if (userValidation != null) { return(userValidation); } User inputUser = userData.CreateBuyer(); inputUser.Id = id; User updated = ws.UpdateUser(new DataAccessWS.Security { BinarySecurityToken = token }, inputUser); return(Ok(CreateRestUser(updated))); }
private IHttpActionResult ValidateOwnerProduct(string token, long productId) { try { IdentityWSSoapClient ws = new IdentityWSSoapClient(); IdentityData identity = ws.GetIdentity(new IdentityWS.Security { BinarySecurityToken = token }); if (identity == null) { return(Unauthorized()); } DataAccessSoapClient dataWS = new DataAccessSoapClient(); var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding; binding.MaxReceivedMessageSize = int.MaxValue; Product target = dataWS.FindProduct(new DataAccessWS.Security { BinarySecurityToken = token }, productId); if (target == null) { return(NotFound()); } User owner = dataWS.FindUser(new DataAccessWS.Security { BinarySecurityToken = token }, target.seller_id); if (!owner.Username.Equals(identity.Username)) { return(Unauthorized()); } } catch (FaultException ex) { return(BadRequest("Invalid security token")); } return(null); }