public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b=null; if (!String.IsNullOrEmpty (request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); } switch (request.HttpMethod.ToUpper()) { case "GET": if(b!=null){ if (b.HasPermission (user.Username, Permission.Types.READ)) { // b.Permissions = DataSource.GetPermissionsForBaby (b, user); // b.Events = DataSource.GetEventsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's data"); } } else { throw new ArgumentNullException ("Argument 'id' not specified. POST to CREATE a BABY or use and id."); } break; case "POST": b = new Baby(); b.Name = request["name"]; b.Sex = request["sex"]; b.IsPublic = request["public"] =="Y"; DateTime.TryParse(request["dob"], out b.DOB); b.Image = request["image"]; if(String.IsNullOrEmpty(request["id"])){ Baby fromDb = DataSource.CreateBaby(b,user); response.Write (fromDb.ToJSON ()); } else{ if (b.HasPermission (user.Username, Permission.Types.PARENT)) { b.Id = request ["id"]; DataSource.SaveBaby (b, user); } else { throw new AuthException ("Only users with the parent role can update baby details."); } } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b; if (!String.IsNullOrEmpty(request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); switch (request.HttpMethod.ToUpper()) { case "GET": if (b.HasPermission (user.Username, Permission.Types.READ)) { b.Permissions = DataSource.GetPermissionsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's permission data"); } break; case "POST": if (b.HasPermission (user.Username, Permission.Types.PARENT)) { if (String.IsNullOrEmpty (request ["pid"])) { Permission p = new Permission (); p.BabyId = b.Id; p.Username = request ["username"]; Enum.TryParse<Permission.Types> (request ["type"], out p.Type); p = DataSource.CreatePermission (p, user); b.Permissions.Add (p); response.Write (b.ToJSON ()); } else { throw new NotImplementedException ("UPDAITNG HAS TO WAIT SORRY"); } } else{ throw new AuthException ("Only Users with the PARENT role can update this baby's permission data"); } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } } else { throw new ArgumentNullException ("Baby id not specified as 'id'"); } }
public override void RespondToRequest(User user, System.Web.HttpRequest request, System.Web.HttpResponse response, IBabyDataSource DataSource) { Baby b; if (!String.IsNullOrEmpty (request ["id"])) { b = DataSource.ReadBaby (request ["id"], user); switch (request.HttpMethod.ToUpper ()) { case "GET": if (b.HasPermission (user.Username, Permission.Types.READ)) { b.Events = DataSource.GetEventsForBaby (b, user); response.Write (b.ToJSON ()); } else { throw new AuthException ("You don't have permission to view this baby's data"); } break; case "POST": b.Permissions = DataSource.GetPermissionsForBaby (b, user); if(b.HasPermission(user.Username, Permission.Types.UPDATE)){ BabyEvent be = new BabyEvent ( b.Id, user.Username, String.IsNullOrEmpty (request ["eventtype"]) ? "UNKNOWN" : request ["eventtype"], String.IsNullOrEmpty (request ["subtype"]) ? "" : request ["subtype"], String.IsNullOrEmpty (request ["details"]) ? "" : request ["details"]); be = DataSource.CreateBabyEvent (be, user); b.Events.Add (be); response.Write (b.ToJSON()); } else { throw new AuthException ("You don't have permission to Update this baby's data"); } break; default: throw new NotSupportedException ("Unsupported HTTP Method"); break; } } else { throw new ArgumentNullException ("Baby id not specified as 'id'"); } }
public override bool HasPermision(User user, System.Web.HttpRequest request, IBabyDataSource DataSource, Permission.Types type = Permission.Types.READ ) { bool okay = base.HasPermision (user, request, DataSource); if (!okay) { if (!String.IsNullOrEmpty (request ["id"])) { Baby b = DataSource.ReadBaby (request ["id"], user); if (request.HttpMethod == "GET") { okay = (b.IsPublic || b.HasPermission (user.Username, Permission.Types.READ)); } else { okay = b.HasPermission (user.Username, Permission.Types.UPDATE); } } else { //no baby? no problem. okay = true; } } return okay; }