internal ContextActionValidationRequest(
IContextDataObject orignalState = null,
IContextDataObject newState = null,
Dictionary <object, object> validationParams = null)
{
_orignalState = orignalState;
_newState = newState;
_params = validationParams;
}
public bool Validate(IContextDataObject oldState, IContextDataObject newState, Dictionary <object, object> validationParams = null)
{
//if (Credentials.Account.IsOnline && Credentials.Account.IsApproved && !Credentials.Account.IsLockedOut) //This does not work, for now
if (SiteMember.Account.IsAuthenticated)
{
return(true);
}
return(false);
}
private static Guid GetGuidFromDataContextObject(IContextDataObject dataObject)
{
Guid itemId;
//Guid test = Guid.Parse(dataObject.Id.ToString());
if (!Guid.TryParse(dataObject.Id.ToString(), out itemId))
{
itemId = Guid.NewGuid();
}
return(itemId);
}
public bool Validate(
IContextDataObject oldState,
IContextDataObject newState,
Dictionary <object, object> validationParams = null)
{
// To defend against internal tampering or someone doing something wierd in the code we make sure
// the old state and new state records have matching memberIds.
//
// NOTE: This is fine for now but we may want to strenghen this to an internal hash or key which would
// prevent sloppy/malicious API consumers from cirumventing this core validation rule when enabled.
//
// PSS: A hash would also give the added benefit of quick object state comparision between old and new records
// which could be used to abort an update call that has no real changes.
if (oldState.MemberId.ToString() == newState.MemberId.ToString() &&
SiteMember.Account.Id.ToString() == oldState.Id.ToString())
{
return(true);
}
return(false);
}
