public ActionResult Post(PostReviewModel reviewModel)
{
if (reviewModel == null || reviewModel.ContentLink == null || reviewModel.ReviewLocation == null)
{
return(new RestStatusCodeResult(HttpStatusCode.BadRequest));
}
var errorResult = ValidateContent(reviewModel.ContentLink);
if (errorResult != null)
{
return(errorResult);
}
try
{
var result = _approvalReviewsRepository.Update(reviewModel.ContentLink, reviewModel.ReviewLocation);
_reviewsNotifier.NotifyCmsEditor(reviewModel.ContentLink, reviewModel.ContentLink.ToString(), reviewModel.ReviewLocation.Data, true);
return(Rest(result));
}
catch (ReviewLocationNotFoundException)
{
return(new RestStatusCodeResult(HttpStatusCode.NotFound));
}
}
public ActionResult AddPin(ReviewLocation reviewLocation)
{
// get token based on URL segment
string GetToken()
{
var request = System.Web.HttpContext.Current.Request;
if (request.UrlReferrer == null)
{
return(null);
}
var segements = request.UrlReferrer.Segments;
if (segements.Length == 0)
{
return(null);
}
var lastSegment = segements.Last();
return(lastSegment);
}
var token = GetToken();
if (string.IsNullOrWhiteSpace(token))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var reviewLink = _externalReviewLinksRepository.GetContentByToken(token);
if (reviewLink == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
//TODO: verify number of items added with token. There should be max size
//TODO: security issue - we post whole item and external reviewer can modify this
var location = _approvalReviewsRepository.Update(reviewLink.ContentLink, reviewLocation);
return(new RestResult
{
Data = location
});
}
