public async Task <FileModel> UpdateAsync(Guid fileId, FileUpdateForm form, CancellationToken ct)
{
var entity = await _context.Files
.Where(f => f.Id == fileId)
.Include(f => f.View)
.SingleOrDefaultAsync(ct);
if (entity == null)
{
throw new EntityNotFoundException <FileModel>();
}
if (!await TeamsInSameView(entity.View.Id, form.TeamIds, ct))
{
throw new ForbiddenException("Teams must be in same view");
}
// This authorization check assumes all teams for the file are in the same view, but we have verified
// that that is the case with the above check.
if (!(await _authorizationService.AuthorizeAsync(_user, null, new ManageViewRequirement(entity.View.Id))).Succeeded)
{
throw new ForbiddenException();
}
// File pointed to is being changed
if (form.ToUpload != null)
{
if (!ValidateFileExtension(form.ToUpload.FileName))
{
throw new ForbiddenException("Invalid file extension");
}
var name = SanitizeFileName(form.ToUpload.FileName);
var filePath = await uploadFile(form.ToUpload, entity.View.Id, GetNameToStore(name));
// File is now on disk, check if old file should be deleted (only has the one pointer)
if (await lastPointer(entity.Path, ct))
{
File.Delete(entity.Path);
}
// Move pointer to new file
entity.Path = filePath;
entity.Name = name;
}
// Teams are being changed and/or file is being renamed
else
{
entity.TeamIds = form.TeamIds;
entity.Name = form.Name;
}
_context.Update(entity);
await _context.SaveChangesAsync(ct);
return(_mapper.Map <FileModel>(entity));
}
public async Task <IActionResult> Update(Guid fileId, [FromForm] FileUpdateForm form, CancellationToken ct)
{
var updated = await _fileService.UpdateAsync(fileId, form, ct);
return(Ok(updated));
}