/// <summary>
/// Given a parent id which could be a GUID, UDI or an INT, this will resolve the INT
/// </summary>
/// <param name="parentId"></param>
/// <param name="validatePermissions">
/// If true, this will check if the current user has access to the resolved integer parent id
/// and if that check fails an unauthorized exception will occur
/// </param>
/// <returns></returns>
private async Task <ActionResult <int?> > GetParentIdAsIntAsync(string parentId, bool validatePermissions)
{
int intParentId;
// test for udi
if (UdiParser.TryParse(parentId, out GuidUdi parentUdi))
{
parentId = parentUdi.Guid.ToString();
}
//if it's not an INT then we'll check for GUID
if (int.TryParse(parentId, NumberStyles.Integer, CultureInfo.InvariantCulture, out intParentId) == false)
{
// if a guid then try to look up the entity
Guid idGuid;
if (Guid.TryParse(parentId, out idGuid))
{
var entity = _entityService.Get(idGuid);
if (entity != null)
{
intParentId = entity.Id;
}
else
{
return(null);
}
}
else
{
return(ValidationProblem("The request was not formatted correctly, the parentId is not an integer, Guid or UDI"));
}
}
// Authorize...
//ensure the user has access to this folder by parent id!
if (validatePermissions)
{
var requirement = new MediaPermissionsResourceRequirement();
var authorizationResult = await _authorizationService.AuthorizeAsync(User, new MediaPermissionsResource(_mediaService.GetById(intParentId)), requirement);
if (!authorizationResult.Succeeded)
{
return(ValidationProblem(
new SimpleNotificationModel(new BackOfficeNotification(
_localizedTextService.Localize("speechBubbles", "operationFailedHeader"),
_localizedTextService.Localize("speechBubbles", "invalidUserPermissionsText"),
NotificationStyle.Warning)),
StatusCodes.Status403Forbidden));
}
}
return(intParentId);
}
private static AuthorizationHandlerContext CreateAuthorizationHandlerContext(int nodeId, bool createWithNodeId = false)
{
var requirement = new MediaPermissionsResourceRequirement();
var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>()));
IMedia media = CreateMedia(nodeId);
MediaPermissionsResource resource = createWithNodeId
? new MediaPermissionsResource(nodeId)
: new MediaPermissionsResource(media);
return(new AuthorizationHandlerContext(new List <IAuthorizationRequirement> {
requirement
}, user, resource));
}
/// <summary>
/// Change the sort order for media
/// </summary>
/// <param name="sorted"></param>
/// <returns></returns>
public async Task <IActionResult> PostSort(ContentSortOrder sorted)
{
if (sorted == null)
{
return(NotFound());
}
//if there's nothing to sort just return ok
if (sorted.IdSortOrder?.Length == 0)
{
return(Ok());
}
// Authorize...
var requirement = new MediaPermissionsResourceRequirement();
var resource = new MediaPermissionsResource(sorted.ParentId);
AuthorizationResult authorizationResult =
await _authorizationService.AuthorizeAsync(User, resource, requirement);
if (!authorizationResult.Succeeded)
{
return(Forbid());
}
var sortedMedia = new List <IMedia>();
try
{
sortedMedia.AddRange(sorted.IdSortOrder?.Select(_mediaService.GetById).WhereNotNull() ??
Enumerable.Empty <IMedia>());
// Save Media with new sort order and update content xml in db accordingly
if (_mediaService.Sort(sortedMedia) == false)
{
_logger.LogWarning("Media sorting failed, this was probably caused by an event being cancelled");
return(ValidationProblem("Media sorting failed, this was probably caused by an event being cancelled"));
}
return(Ok());
}
catch (Exception ex)
{
_logger.LogError(ex, "Could not update media sort order");
throw;
}
}
/// <summary>
/// Change the sort order for media
/// </summary>
/// <param name="move"></param>
/// <returns></returns>
public async Task <IActionResult> PostMove(MoveOrCopy move)
{
// Authorize...
var requirement = new MediaPermissionsResourceRequirement();
AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(User,
new MediaPermissionsResource(_mediaService.GetById(move.Id)), requirement);
if (!authorizationResult.Succeeded)
{
return(Forbid());
}
ActionResult <IMedia> toMoveResult = ValidateMoveOrCopy(move);
IMedia?toMove = toMoveResult.Value;
if (toMove is null && toMoveResult is IConvertToActionResult convertToActionResult)
{
return(convertToActionResult.Convert());
}
var destinationParentID = move.ParentId;
var sourceParentID = toMove?.ParentId;
var moveResult = toMove is null
? false
: _mediaService.Move(toMove, move.ParentId,
_backofficeSecurityAccessor.BackOfficeSecurity?.GetUserId().Result ?? -1);
if (sourceParentID == destinationParentID)
{
return(ValidationProblem(new SimpleNotificationModel(new BackOfficeNotification("",
_localizedTextService.Localize("media", "moveToSameFolderFailed"), NotificationStyle.Error))));
}
if (moveResult == false)
{
return(ValidationProblem());
}
return(Content(toMove !.Path, MediaTypeNames.Text.Plain, Encoding.UTF8));
}