public override bool HasPermision( User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ)
{
return true;
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b=null;
if (!String.IsNullOrEmpty (request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
}
switch (request.HttpMethod.ToUpper()) {
case "GET":
if(b!=null){
if (b.HasPermission (user.Username, Permission.Types.READ)) {
// b.Permissions = DataSource.GetPermissionsForBaby (b, user);
// b.Events = DataSource.GetEventsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's data");
}
} else {
throw new ArgumentNullException ("Argument 'id' not specified. POST to CREATE a BABY or use and id.");
}
break;
case "POST":
b = new Baby();
b.Name = request["name"];
b.Sex = request["sex"];
b.IsPublic = request["public"] =="Y";
DateTime.TryParse(request["dob"], out b.DOB);
b.Image = request["image"];
if(String.IsNullOrEmpty(request["id"])){
Baby fromDb = DataSource.CreateBaby(b,user);
response.Write (fromDb.ToJSON ());
}
else{
if (b.HasPermission (user.Username, Permission.Types.PARENT)) {
b.Id = request ["id"];
DataSource.SaveBaby (b, user);
} else {
throw new AuthException ("Only users with the parent role can update baby details.");
}
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b;
if (!String.IsNullOrEmpty(request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
switch (request.HttpMethod.ToUpper()) {
case "GET":
if (b.HasPermission (user.Username, Permission.Types.READ)) {
b.Permissions = DataSource.GetPermissionsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's permission data");
}
break;
case "POST":
if (b.HasPermission (user.Username, Permission.Types.PARENT)) {
if (String.IsNullOrEmpty (request ["pid"])) {
Permission p = new Permission ();
p.BabyId = b.Id;
p.Username = request ["username"];
Enum.TryParse<Permission.Types> (request ["type"], out p.Type);
p = DataSource.CreatePermission (p, user);
b.Permissions.Add (p);
response.Write (b.ToJSON ());
} else {
throw new NotImplementedException ("UPDAITNG HAS TO WAIT SORRY");
}
}
else{
throw new AuthException ("Only Users with the PARENT role can update this baby's permission data");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
} else {
throw new ArgumentNullException ("Baby id not specified as 'id'");
}
}
public virtual bool HasPermision(User user,
HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = false;
if (user.Role == User.Roles.ADMIN) {
okay = true;
}
//TODO
return okay;
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
User u;
if (!String.IsNullOrEmpty (request ["id"])) {
u = DataSource.ReadUser (request ["id"]);
} else {
u = DataSource.ReadUser (user.Username);
u.Permissions = DataSource.GetPermissionsForUser (user);
}
switch (request.HttpMethod.ToUpper ()) {
case "GET":
response.Write (u.ToJSON ());
break;
case "POST":
//users cannot be created here only via the regiestration portal.
u = DataSource.ReadUser (request ["id"]);
u.Email = request ["email"];
u.Image = request ["image"];
u.DisplayJson = request ["displaydata"];
//PasswordChanges matching length, and old ps checked.
// if (!String.IsNullOrEmpty (request ["password1"]) &&
// request ["password1"] == request ["password2"] &&
// request ["password1"].Length > Registration.MIN_PW_LENGTH &&
// String.IsNullOrEmpty (request ["password_old"]) &&
// u.BuildHash (request ["password_old"]) == u.Hash) {
//
// u.Hash = u.BuildHash (request ["password1"]);
// }
if (u.Username == user.Username || user.Role == User.Roles.ADMIN) {
DataSource.SaveUser (u, user);
response.Write (u.ToJSON ());
} else {
throw new AccessViolationException ("You can't just edit someone else's user details");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
public override void RespondToRequest(User user,
System.Web.HttpRequest request,
System.Web.HttpResponse response,
IBabyDataSource DataSource)
{
Baby b;
if (!String.IsNullOrEmpty (request ["id"])) {
b = DataSource.ReadBaby (request ["id"], user);
switch (request.HttpMethod.ToUpper ()) {
case "GET":
if (b.HasPermission (user.Username, Permission.Types.READ)) {
b.Events = DataSource.GetEventsForBaby (b, user);
response.Write (b.ToJSON ());
} else {
throw new AuthException ("You don't have permission to view this baby's data");
}
break;
case "POST":
b.Permissions = DataSource.GetPermissionsForBaby (b, user);
if(b.HasPermission(user.Username, Permission.Types.UPDATE)){
BabyEvent be = new BabyEvent (
b.Id,
user.Username,
String.IsNullOrEmpty (request ["eventtype"]) ? "UNKNOWN" : request ["eventtype"],
String.IsNullOrEmpty (request ["subtype"]) ? "" : request ["subtype"],
String.IsNullOrEmpty (request ["details"]) ? "" : request ["details"]);
be = DataSource.CreateBabyEvent (be, user);
b.Events.Add (be);
response.Write (b.ToJSON());
}
else {
throw new AuthException ("You don't have permission to Update this baby's data");
}
break;
default:
throw new NotSupportedException ("Unsupported HTTP Method");
break;
}
}
else {
throw new ArgumentNullException ("Baby id not specified as 'id'");
}
}
public override bool HasPermision(User user,
System.Web.HttpRequest request,
IBabyDataSource DataSource,
Permission.Types type = Permission.Types.READ
)
{
bool okay = base.HasPermision (user, request, DataSource);
if (!okay) {
if (!String.IsNullOrEmpty (request ["id"])) {
Baby b = DataSource.ReadBaby (request ["id"], user);
if (request.HttpMethod == "GET") {
okay = (b.IsPublic || b.HasPermission (user.Username, Permission.Types.READ));
} else {
okay = b.HasPermission (user.Username, Permission.Types.UPDATE);
}
} else {
//no baby? no problem.
okay = true;
}
}
return okay;
}
public Permission CreatePermission(Permission permission, User user)
{
Permission p = new Permission();
SqliteCommand cmd = new SqliteCommand (CREATE_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@type", (int)permission.Type);
cmd.Parameters.AddWithValue("@username",permission.Username);
cmd.Parameters.AddWithValue("@babyid",permission.BabyId);
cmd.Parameters.AddWithValue("@added",permission.Added.ToString(DB_DATE_FORMAT));
bool saved = cmd.ExecuteNonQuery () > 0;
if (saved) {
return permission;
}
return p;
}
public BabyEvent ReadBabyEvent(int Id, User user)
{
BabyEvent be = new BabyEvent ();
SqliteCommand cmd = new SqliteCommand (READ_BABYEVENT, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@id", Id);
SqliteDataReader r = cmd.ExecuteReader ();
if (r.Read ()) {
be.Id = int.Parse (r ["Id"].ToString ());
be.ReportUser = r ["Username"].ToString();
be.BabyId = r ["BabyId"].ToString();
be.ReportTime = DateTime.Parse (r ["Reported"].ToString ());
be.Type = r ["Type"].ToString ();
be.Subtype = r ["Subtype"].ToString ();
be.Details = r ["details"].ToString ();
}
r.Close ();
return be;
}
public bool SavePermission(Permission permission, User user)
{
SqliteCommand cmd = new SqliteCommand (SAVE_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@type", permission.Type);
cmd.Parameters.AddWithValue("@username",permission.Username);
cmd.Parameters.AddWithValue("@babyid",permission.BabyId);
cmd.Parameters.AddWithValue("@added",permission.Added.ToString(DB_DATE_FORMAT));
cmd.Parameters.AddWithValue("@id",permission.Id);
int items = cmd.ExecuteNonQuery();
return items > 0;
}
public bool SaveUser(User target, User user)
{
SqliteCommand cmd = new SqliteCommand (SAVE_USER, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@username", target.Username);
cmd.Parameters.AddWithValue ("@email", target.Email);
cmd.Parameters.AddWithValue ("@image", target.Image);
cmd.Parameters.AddWithValue ("@role", (int)target.Role);
cmd.Parameters.AddWithValue ("@flag", (int)target.Flag);
cmd.Parameters.AddWithValue ("@displayjson", target.DisplayJson);
int items = cmd.ExecuteNonQuery();
return items > 0;
}
public override User Register(User user)
{
return base.Register (user);
}
public bool SaveBabyEvent(BabyEvent babyevent, User user)
{
SqliteCommand cmd = new SqliteCommand (SAVE_BABYEVENT, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@username", babyevent.ReportUser);
cmd.Parameters.AddWithValue ("@babyId", babyevent.BabyId);
cmd.Parameters.AddWithValue ("@type", babyevent.Type);
cmd.Parameters.AddWithValue ("@subtype", babyevent.Subtype);
cmd.Parameters.AddWithValue ("@reported", babyevent.ReportTime.ToString (DB_DATE_FORMAT));
cmd.Parameters.AddWithValue ("@details", babyevent.Details);
cmd.Parameters.AddWithValue ("@id", babyevent.Id);
int items = cmd.ExecuteNonQuery();
return items > 0;
}
public User CreateUser(User target, User user)
{
User u = new User();
SqliteCommand cmd = new SqliteCommand (CREATE_USER, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@username", target.Username);
cmd.Parameters.AddWithValue ("@email", target.Email);
cmd.Parameters.AddWithValue ("@salt", target.Salt);
cmd.Parameters.AddWithValue ("@hash", target.Hash);
cmd.Parameters.AddWithValue ("@image", target.Image);
cmd.Parameters.AddWithValue ("@role", (int)target.Role);
cmd.Parameters.AddWithValue ("@flag", (int)target.Flag);
cmd.Parameters.AddWithValue ("@joined", DateTime.Now.ToString(DB_DATE_FORMAT));
int saved = cmd.ExecuteNonQuery ();
if (saved > 0) {
return target;
}
return u;
}
public BabyEvent CreateBabyEvent(BabyEvent babyevent, User user)
{
BabyEvent be = babyevent;
SqliteCommand cmd = new SqliteCommand (CREATE_BABYEVENT, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@username", babyevent.ReportUser);
cmd.Parameters.AddWithValue ("@babyId", babyevent.BabyId);
cmd.Parameters.AddWithValue ("@type", babyevent.Type);
cmd.Parameters.AddWithValue ("@subtype", babyevent.Subtype);
cmd.Parameters.AddWithValue ("@reported", babyevent.ReportTime.ToString (DB_DATE_FORMAT));
cmd.Parameters.AddWithValue ("@details", babyevent.Details);
bool saved = cmd.ExecuteNonQuery () > 0;
if (saved) {
return babyevent;
}
return be;
}
public virtual void RespondToRequest(User user,
HttpRequest request,
HttpResponse response,
IBabyDataSource DataSource)
{
}
public Baby ReadBaby(string Id, User user)
{
Baby b = new Baby ();
SqliteCommand cmd = new SqliteCommand (READ_BABY, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@Id", Id);
SqliteDataReader r = cmd.ExecuteReader ();
if (r.Read ()) {
b.Id = Id;
b.DOB = DateTime.ParseExact (r ["DateOfBirth"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture);
b.Name = r ["Name"].ToString ();
b.Image = r ["Image"].ToString ();
b.Sex = r ["Sex"].ToString ();
b.IsPublic = r ["IsPublic"].ToString () == "1";
} else {
throw new ArgumentException ("No baby found for that id. ");
}
r.Close();
return b;
}
public List<Permission> GetPermissionsForUser( User user)
{
List<Permission> Permissions = new List<Permission> ();
SqliteCommand cmd = new SqliteCommand (READ_USER_PERMISSIONS, this.db);
cmd.Parameters.AddWithValue ("@username", user.Username);
SqliteDataReader r = cmd.ExecuteReader ();
while (r.Read ()) {
Permission p = new Permission ();
int.TryParse (r ["Id"].ToString (),out p.Id);
p.Added = DateTime.ParseExact(r ["Added"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture );
p.BabyId = r ["BabyId"].ToString ();
p.Type = (Permission.Types)int.Parse (r ["Type"].ToString ());
p.Username = r ["Username"].ToString ();
p.BabyName = r ["Name"].ToString ();
Permissions.Add (p);
}
r.Close ();
return Permissions;
}
public List<BabyEvent> GetEventsForBaby(Baby baby, User user ,Filter filter)
{
List<BabyEvent> Events = new List<BabyEvent> ();
SqliteCommand cmd = new SqliteCommand (READ_BABY_EVENTS, this.db);
cmd.Parameters.AddWithValue ("@id", baby.Id);
cmd.CommandText = cmd.CommandText.Replace ("ORDER BY Reported DESC", "");
if (filter.Start > DateTime.MinValue) {
cmd.CommandText += " AND Reported >= @start ";
cmd.Parameters.AddWithValue ("@start", filter.Start);
}
if (filter.End > DateTime.MinValue) {
cmd.CommandText += " AND Reported <= @end ";
cmd.Parameters.AddWithValue ("@end", filter.End);
}
if (!String.IsNullOrEmpty (filter.EventType)) {
switch(filter.Match){
case Filter.Matches.EQUAL:
cmd.CommandText += " AND Type = @type ";
cmd.Parameters.AddWithValue ("@type", filter.EventType);
break;
case Filter.Matches.LIKE:
cmd.CommandText += " AND Type like @type ";
cmd.Parameters.AddWithValue ("@type", filter.EventType);
break;
case Filter.Matches.NOT_EQUAL:
cmd.CommandText += " AND Type like @type ";
cmd.Parameters.AddWithValue ("@type", filter.EventType);
break;
}
}
cmd.CommandText += " ORDER BY Reported DESC ";
if (filter.Count > 0) {
cmd.CommandText += " LIMIT @count ";
cmd.Parameters.AddWithValue ("@count", filter.Count);
if (filter.Offset > 0 ) {
cmd.CommandText += " OFFSET @offset ";
cmd.Parameters.AddWithValue("@offset", filter.Offset);
}
}
SqliteDataReader r = cmd.ExecuteReader ();
while (r.Read ()) {
BabyEvent be = new BabyEvent ();
int.TryParse (r ["Id"].ToString (),out be.Id );
be.ReportUser = r ["Username"].ToString ();
be.BabyId = r ["BabyId"].ToString ();
be.ReportTime = DateTime.ParseExact(r ["Reported"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture
);
be.Type = r ["Type"].ToString ();
be.Subtype = r ["Subtype"].ToString ();
be.Details = r ["Details"].ToString ();
Events.Add (be);
}
r.Close ();
return Events;
}
public List<BabyEvent> GetEventsForBaby(Baby baby, User user)
{
return GetEventsForBaby (baby, user, Filter.Empty);
}
public void ProcessRequest(HttpContext context)
{
try{
IBabyDataSource ds = new SqliteWrapper (ConfigurationManager.ConnectionStrings["baby_data"].ConnectionString);
List<string> errors = new List<string> ();
string username = context.Request["user"];
string password = context.Request["pass"];
string email = context.Request["mail"];
if(String.IsNullOrEmpty(username)){
errors.Add("Must specify Username");
}
if(String.IsNullOrEmpty(password)){
errors.Add("Must specify Password");
}
if(String.IsNullOrEmpty(email)){
errors.Add("Must specify email");
}
User u=null;
if(errors.Count == 0){
//confirm that there is no user with that username
u = ds.ReadUser(username);
if (u != null && u.Username == username) {
errors.Add ("Username in use");
}
//confirm password meets requirements
if (password.Length < MIN_PW_LENGTH) {
errors.Add ("Password must be at least " + MIN_PW_LENGTH +
" characters long");
}
if (!email.Contains ("@")) {
errors.Add ("Email addresses must contain @");
}
}
//set headers
context.Response.ContentType = "application/json";
context.Response.ContentEncoding = System.Text.Encoding.GetEncoding ("UTF-8");
//create a new user
if(errors.Count ==0 ){
u = new User();
u.Username = username;
u.Email = email;
u.Hash = u.BuildHash (password);
u = ds.CreateUser (u, u);
context.Response.Write(String.Format(
@"{{success:{{registered:{0} }} }}", u.ToJSON()));
}
else{
context.Response.Write(String.Format(
@"{{errors:[""{0}""]}}", String.Join("\",\"",errors)));
}
}
catch(Exception ex){
context.Response.StatusCode = 500;
context.Response.Write(String.Format(
@"{{server_error:{{""message"":""{0}"",""type"":""{1}""}}}}",
ex.Message, ex.GetType()));
}
}
public virtual void Logout(User user)
{
throw new AuthException ("Authentication method does not support logout");
}
public Permission ReadPermission(int Id, User user)
{
Permission p = new Permission ();
SqliteCommand cmd = new SqliteCommand (READ_PERMISSION, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue("@id",Id);
SqliteDataReader r = cmd.ExecuteReader ();
if (r.Read ()) {
p.Id = Id;
p.Added = DateTime.ParseExact(r ["Added"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture );
p.BabyId = r ["BabyId"].ToString ();
p.Type = (Permission.Types)int.Parse (r ["Type"].ToString ());
p.Username = r ["Username"].ToString ();
}
r.Close ();
return p;
}
public Baby CreateBaby(Baby baby, User user)
{
Baby b = baby;
SqliteCommand cmd = new SqliteCommand (CREATE_BABY, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
if (String.IsNullOrEmpty (baby.Id)) {
Random r = new Random ();
//TODO Collision Checks
byte[] id =new byte[BABY_ID_LENGTH];
r.NextBytes (id);
b.Id = Convert.ToBase64String (id)
.Replace ('+', '-')
.Replace('/','_')
.TrimEnd(new char[]{'='});
cmd.Parameters.AddWithValue ("@Id",b.Id);
} else {
cmd.Parameters.AddWithValue ("@Id", baby.Id);
}
cmd.Parameters.AddWithValue("@name",b.Name);
cmd.Parameters.AddWithValue("@image",b.Image);
cmd.Parameters.AddWithValue("@sex",b.Sex);
cmd.Parameters.AddWithValue("@dateofbirth",b.DOB.ToString(DB_DATE_FORMAT));
cmd.Parameters.AddWithValue("@ispublic",b.IsPublic);
bool saved = cmd.ExecuteNonQuery () > 0;
if (saved) {
Permission p = new Permission (b.Id,user.Username,Permission.Types.PARENT);
this.CreatePermission (p,user);
b.Permissions.Add (p);
BabyEvent be = new BabyEvent (b.Id, user.Username, "INFO", "CREATED");
this.CreateBabyEvent (be, user);
b.Events.Add (be);
return b;
}
return new Baby();
}
public User ReadUser(string username)
{
User u = new User ();
SqliteCommand cmd = new SqliteCommand (READ_USER, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@username", username);
SqliteDataReader r = cmd.ExecuteReader ();
if (r.Read ()) {
u.Username = username;
u.Email = r ["Email"].ToString ();
u.Hash = r ["Hash"].ToString ();
u.Salt = r ["Salt"].ToString ();
u.Image = r ["Image"].ToString ();
u.DisplayJson = r ["DisplayJSON"].ToString ();
u.Joined = DateTime.ParseExact(r ["Joined"].ToString (),
DB_DATE_FORMAT,
CultureInfo.InvariantCulture );
u.Role = (User.Roles)int.Parse (r ["Role"].ToString());
u.Flag = (User.Flags)int.Parse (r ["Flag"].ToString());
}
r.Close ();
return u;
}
public bool SaveBaby(Baby baby, User user)
{
SqliteCommand cmd = new SqliteCommand (SAVE_BABY, db);
if (db.State != System.Data.ConnectionState.Open) {
db.Open ();
}
cmd.Parameters.AddWithValue ("@Id", baby.Id);
cmd.Parameters.AddWithValue("@name",baby.Name);
cmd.Parameters.AddWithValue("@image",baby.Image);
cmd.Parameters.AddWithValue("@sex",baby.Sex);
cmd.Parameters.AddWithValue("@dateofbirth",baby.DOB.ToString(DB_DATE_FORMAT));
cmd.Parameters.AddWithValue("@ispublic",baby.IsPublic);
int items = cmd.ExecuteNonQuery();
return items > 0;
}
public virtual User Register(User user)
{
throw new RegistrationException ("Authentication method does not support registration");
}
public override void Logout(User user)
{
base.Logout (user);
}