public IHttpActionResult Delete(long id)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
validation = ValidateUserCanBeDeleted(token);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User target = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (target.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
User removed = ws.RemoveUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
RestUser res = CreateRestUser(removed);
res.href = "";
return(Ok(res));
}
private async Task <bool> authenticate(Message message)
{
string[] parts = message.Text.Split(new char[0]);
if (parts.Length != 3)
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "Authentication command format: /authenticate username password");
return(false);
}
else
{
DataAccessSoapClient ws = new DataAccessSoapClient();
string token = ws.Login(parts[1], parts[2], new DataAccessWS.UserRole[1] {
DataAccessWS.UserRole.BUYER
});
if (string.IsNullOrEmpty(token))
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "Invalid authentication data");
return(false);
}
else
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "Auth token: " + token);
return(true);
}
}
}
// POST: api/Products
public IHttpActionResult Post([FromBody] ProductData value)
{
string token = GetAuthToken();
IHttpActionResult userValidation = ValidateClientIsSeller(token);
if (userValidation != null)
{
return(userValidation);
}
IHttpActionResult productValidation = ValidateProductData(value, token, false);
if (productValidation != null)
{
return(productValidation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product product = ws.CreateProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, value.CreateProduct());
return(Created(
Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("GetProductById", new { id = product.Id }),
CreateRestProduct(product)));
}
private IHttpActionResult ValidateUserData(UserData User, User currentUser = null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
User[] users = ws.FindUsersByFilter(new UserSearchFilter {
Email = User.email
});
if (!string.IsNullOrEmpty(User.email) && users != null && users.Length > 0 &&
(currentUser == null || currentUser.Id != users[0].Id))
{
return(BadRequest("Another user has already registered the email " + User.email));
}
users = ws.FindUsersByFilter(new UserSearchFilter {
IdDocument = User.document
});
if (!string.IsNullOrEmpty(User.document) && users != null && users.Length > 0 &&
(currentUser == null || currentUser.Id != users[0].Id))
{
return(BadRequest("Another user has already registered the document " + User.document));
}
users = ws.FindUsersByFilter(new UserSearchFilter {
Username = User.username
});
if (!string.IsNullOrEmpty(User.username) && users != null && users.Length > 0 &&
(currentUser == null || currentUser.Id != users[0].Id))
{
return(BadRequest("Another user has already registered the username " + User.username));
}
return(null);
}
public IHttpActionResult Delete(int id)
{
string token = GetAuthToken();
IHttpActionResult validation = ValidateOwnerProduct(token, id);
if (validation != null)
{
return(validation);
}
validation = ValidateProductCanBeRemoved(id);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product removed = ws.RemoveProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
RestProduct res = CreateRestProduct(removed);
res.href = "";
return(Ok(res));
}
public IHttpActionResult Put(int id, [FromBody] ProductData value)
{
string token = GetAuthToken();
IHttpActionResult validation = ValidateOwnerProduct(token, id);
if (validation != null)
{
return(validation);
}
validation = ValidateProductData(value, token, true);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product target = ws.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
assignProperties(target, value, token);
target.Id = id;
Product updated = ws.UpdateProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, target);
return(Ok(CreateRestProduct(updated)));
}
// POST: api/Authentication
public IHttpActionResult Post(Authentication AuthData)
{
if (AuthData == null || !AuthData.IsComplete())
{
return(BadRequest("Authentication data required but not provided"));
}
DataAccessSoapClient ws = new DataAccessSoapClient();
string token = ws.Login(AuthData.username, AuthData.password, new DataAccessWS.UserRole[2] {
DataAccessWS.UserRole.BUYER, DataAccessWS.UserRole.SELLER
});
if (string.IsNullOrEmpty(token))
{
return(StatusCode(HttpStatusCode.Unauthorized));
}
IdentityWSSoapClient idWS = new IdentityWSSoapClient();
IdentityData idData = idWS.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
User user = ws.FindUserByUsername(idData.Username);
return(Ok(new AuthToken {
Token = token,
Username = idData.Username,
Role = idData.Role.ToString(),
Id = user.Id
}));
}
private bool ValidateUserExists(string token, long id)
{
DataAccessSoapClient dataWS = new DataAccessSoapClient();
User target = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
return(target != null);
}
private IHttpActionResult ValidateProductCanBeRemoved(long id)
{
DataAccessSoapClient dataWS = new DataAccessSoapClient();
int orders = dataWS.CountOrdersByProduct(id);
if (orders > 0)
{
return(BadRequest("Product cannot be removed since some customers have purchased it"));
}
return(null);
}
private bool ValidateProductExists(string token, long id)
{
DataAccessSoapClient dataWS = new DataAccessSoapClient();
var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product target = dataWS.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
return(target != null);
}
private bool ValidateClientIdentity(string token, long userId)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
DataAccessSoapClient dataWS = new DataAccessSoapClient();
User target = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, userId);
return(identity != null && target != null &&
identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString()));
}
// GET: api/Categories
public IHttpActionResult Get()
{
string token = GetAuthToken();
if (string.IsNullOrEmpty(token))
{
return(Unauthorized());
}
DataAccessSoapClient ws = new DataAccessSoapClient();
Category[] categories = ws.FindAllCategories(new Security {
BinarySecurityToken = token
});
return(Ok(categories.Select(c => new { Id = c.Id, Name = c.Name })));
}
// GET: api/Buyers
public IHttpActionResult Get()
{
string token = GetAuthToken();
IHttpActionResult validateToken = ValidateToken(token);
if (validateToken != null)
{
return(validateToken);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User[] buyers = ws.FindUsersByFilter(new UserSearchFilter {
Roles = new DataAccessWS.UserRole[] { DataAccessWS.UserRole.BUYER }
});
return(Ok(buyers.Select(b => CreateRestUser(b))));
}
private IHttpActionResult ValidateUserCanBeDeleted(string authToken)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = authToken
});
DataAccessSoapClient dataWS = new DataAccessSoapClient();
OrderData[] orders = dataWS.FindOrdersByUsername(new DataAccessWS.Security {
BinarySecurityToken = authToken
}, identity.Username);
if (orders != null && orders.Length > 0)
{
return(BadRequest("User cannot be removed since he/she has registered orders"));
}
return(null);
}
private async Task <bool> listOrders(Message message)
{
string[] parts = message.Text.Split(new char[0]);
if (parts.Length != 2)
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "Listorders command format: /listorders authToken");
return(false);
}
else
{
string authToken = parts[1];
IdentityWSSoapClient iWS = new IdentityWSSoapClient();
IdentityData identity = null;
try
{
identity = iWS.GetIdentity(new identityWS.Security {
BinarySecurityToken = authToken
});
}
catch (Exception ex)
{
await BotClient.SendTextMessageAsync(message.Chat.Id, "An error occurred " + ex.Message);
return(false);
}
if (identity != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
OrderData[] orders = ws.FindOrdersByUsername(new DataAccessWS.Security {
BinarySecurityToken = authToken
}, identity.Username);
string response = "";
foreach (var o in orders)
{
response += "{" + o.OrderNumber + "} " + o.DateCreated.ToShortDateString() +
" [" + o.State.ToString() + "]\n";
}
await BotClient.SendTextMessageAsync(message.Chat.Id, response);
return(true);
}
return(false);
}
}
// POST: api/Buyers
public IHttpActionResult Post(UserData User)
{
if (User == null || !User.IsComplete())
{
return(BadRequest("Missing user data"));
}
IHttpActionResult userValidation = ValidateUserData(User);
if (userValidation != null)
{
return(userValidation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User NewUser = ws.CreateUser(User.CreateBuyer());
return(Created(Request.RequestUri.GetLeftPart(UriPartial.Authority) + Url.Route("GetBuyerById", new { id = NewUser.Id }),
CreateRestUser(NewUser)));
}
// GET: api/Products
public IHttpActionResult Get()
{
string token = GetAuthToken();
IHttpActionResult validateToken = ValidateToken(token);
if (validateToken != null)
{
return(validateToken);
}
Dictionary <String, String> query =
ActionContext.Request.GetQueryNameValuePairs().ToDictionary(q => q.Key, q => q.Value);
ProductSearchFilter filter = new ProductSearchFilter();
if (query.ContainsKey("Name"))
{
filter.Name = query["Name"];
}
if (query.ContainsKey("Description"))
{
filter.Description = query["Description"];
}
if (query.ContainsKey("PriceFrom"))
{
filter.PriceFrom = Double.Parse(query["PriceFrom"]);
}
if (query.ContainsKey("PriceTo"))
{
filter.PriceTo = Double.Parse(query["PriceTo"]);
}
if (query.ContainsKey("Category"))
{
filter.Category = query["Category"];
}
DataAccessSoapClient ws = new DataAccessSoapClient();
var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product[] prods = ws.FindProductsByFilter(new DataAccessWS.Security {
BinarySecurityToken = token
}, filter);
return(Ok(prods.Select(p => CreateRestProduct(p))));
}
private IHttpActionResult ValidateProductData(ProductData product, string token, bool editing)
{
if (product == null)
{
return(BadRequest("Product data is missing"));
}
if (!editing && !product.IsComplete())
{
return(BadRequest("Product data missing some required field"));
}
if (product.Price != null && product.Price <= 0)
{
return(BadRequest("Product price must be a positive decimal number"));
}
if (product.Units != null && product.Units < 1)
{
return(BadRequest("Product units must be a positive integer"));
}
if (product.SellerId != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
User seller = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.SellerId.Value);
if (seller == null || seller.Role != DataAccessWS.UserRole.SELLER)
{
return(BadRequest("Seller with id " + product.SellerId.Value + " not found in the system"));
}
}
if (product.CategoryId != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
Category category = ws.FindCategory(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.CategoryId.Value);
if (category == null)
{
return(BadRequest("Category with id " + product.CategoryId.Value + " not found in the system"));
}
}
return(null);
}
public IHttpActionResult Get(long id)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User user = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (user.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
return(Ok(CreateRestUser(user)));
}
private void assignProperties(Product product, ProductData data, string token)
{
if (!string.IsNullOrEmpty(data.Name))
{
product.Name = data.Name;
}
if (!string.IsNullOrEmpty(data.Description))
{
product.Description = data.Description;
}
if (data.Price != null)
{
product.Price = data.Price.Value;
}
if (data.Units != null)
{
product.Units = data.Units.Value;
}
if (data.Image != null)
{
product.image = data.Image;
}
if (data.SellerId != null)
{
product.seller_id = data.SellerId.Value;
DataAccessSoapClient ws = new DataAccessSoapClient();
dynamic user = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.seller_id);
product.seller = user;
}
if (data.CategoryId != null)
{
product.category_id = data.CategoryId.Value;
DataAccessSoapClient ws = new DataAccessSoapClient();
dynamic category = ws.FindCategory(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.category_id);
product.category = category;
}
}
public IHttpActionResult Get(string username)
{
DataAccessSoapClient dataWS = new DataAccessSoapClient();
var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
string token = GetAuthToken();
IHttpActionResult validation = ValidateSeller(token, username);
if (validation != null)
{
return(validation);
}
Product[] products = dataWS.FindProductsByFilter(new DataAccessWS.Security {
BinarySecurityToken = token
},
new ProductSearchFilter {
Seller = username
});
return(Ok(products.Select(p => CreateRestProduct(p))));
}
public IHttpActionResult Get(int id)
{
string token = GetAuthToken();
IHttpActionResult validation = ValidateToken(token);
if (validation != null)
{
return(validation);
}
if (!ValidateProductExists(token, id))
{
return(NotFound());
}
DataAccessSoapClient ws = new DataAccessSoapClient();
var binding = ws.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product product = ws.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
return(Ok(CreateRestProduct(product)));
}
public IHttpActionResult Put(long id, [FromBody] UserData userData)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
if (userData == null)
{
return(BadRequest("Missing user data"));
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User target = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (target.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
IHttpActionResult userValidation = ValidateUserData(userData, target);
if (userValidation != null)
{
return(userValidation);
}
User inputUser = userData.CreateBuyer();
inputUser.Id = id;
User updated = ws.UpdateUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, inputUser);
return(Ok(CreateRestUser(updated)));
}
private IHttpActionResult ValidateOwnerProduct(string token, long productId)
{
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
if (identity == null)
{
return(Unauthorized());
}
DataAccessSoapClient dataWS = new DataAccessSoapClient();
var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product target = dataWS.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, productId);
if (target == null)
{
return(NotFound());
}
User owner = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, target.seller_id);
if (!owner.Username.Equals(identity.Username))
{
return(Unauthorized());
}
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}
