public override void OnActionExecuting(HttpActionContext filterContext)
{
var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"];
var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider);
var itemDetails = new ItemDetail();
if (itemRequest.ServerPath != null)
{
itemRequest.ItemId = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath).Id;
}
if (itemRequest.ItemId == Guid.Empty && (itemRequest.ItemType == ItemType.Datasource || itemRequest.ItemType == ItemType.File))
{
itemDetails = itemManagement.GetItemDetailsFromItemName(itemRequest.Name, itemRequest.ItemType);
if (itemDetails != null)
{
itemRequest.ItemId = itemDetails.Id;
}
else
{
var apiResponse = new ItemResponse
{
Status = false,
StatusMessage = "Invalid request values"
};
var response = new HttpResponseMessage
{
Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
};
filterContext.Response = response;
}
}
filterContext.ActionArguments["itemRequest"] = itemRequest;
var userId = new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId(itemRequest.UserName);
var itemsList =
itemManagement.GetItems(
new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId(
itemRequest.UserName), ItemType, null, null, null, null, null, itemRequest.ItemId);
HttpContext.Current.Session["UserId"] = userId;
if (itemsList.result.Any(a => a.Id == itemRequest.ItemId && a.CanRead) == false)
{
var apiResponse = new ItemResponse
{
Status = false,
StatusMessage = "You do not have permission to access this item or the item does not exist."
};
var response = new HttpResponseMessage
{
Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
};
filterContext.Response = response;
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(HttpActionContext filterContext)
{
var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"];
var itemDetail = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath);
if (itemDetail == null)
{
var apiResponse = new ItemResponse
{
Status = false,
StatusMessage = "You do not have permission to edit this item or the item does not exist."
};
var response = new HttpResponseMessage
{
Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
};
filterContext.Response = response;
}
itemRequest.ItemId = itemDetail.Id;
itemRequest.CategoryId = itemDetail.CategoryId;
var itemId = itemRequest.ItemId;
filterContext.ActionArguments["itemRequest"] = itemRequest;
var userId = userManagement.GetUserId(itemRequest.UserName);
var itemsList = itemManagement.GetItems(userId, ItemType, null, null, null, null, null, itemId);
if (itemsList.result.Any(a => a.Id == itemId && a.CanWrite) == false)
{
var apiResponse = new ItemResponse
{
Status = false,
StatusMessage = "You do not have permission to edit this item or the item does not exist."
};
var response = new HttpResponseMessage
{
Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
};
filterContext.Response = response;
}
else
{
if (itemManagement.IsItemNameAlreadyExistsForUpdate(itemRequest.Name, itemRequest.CategoryId, itemId))
{
var apiResponse = new ItemResponse
{
Status = false,
StatusMessage = "Item with the same name is already exist in the specified Category"
};
var response = new HttpResponseMessage
{
Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
};
filterContext.Response = response;
}
}
base.OnActionExecuting(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var id = filterContext.HttpContext.Request["id"];
var itemId = new Guid();
if (String.IsNullOrEmpty(id) || Guid.TryParse(id, out itemId) == false)
{
filterContext.Result = new RedirectResult("/reports", true);
}
else
{
var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider);
var itemDetail = itemManagement.GetItemDetailsFromItemId(itemId, false);
if (itemDetail == null)
{
filterContext.Result = new ViewResult
{
ViewName = "../Home/PermissionDenied"
};
}
else
{
var itemsList = itemManagement.GetItems(Convert.ToInt32(filterContext.HttpContext.User.Identity.Name), itemDetail.ItemType, null, null, null, null, null, itemId);
if (!itemsList.result.Any(a => a.Id == itemId && a.CanRead))
{
filterContext.Result = new ViewResult
{
ViewName = "../Home/PermissionDenied"
};
}
}
}
base.OnActionExecuting(filterContext);
}