public void GrantAccess(int fileId, FileAccessType accessType, User toUser, DateTime?expires = null, Guid?token = null)
{
var access = new FileAccess()
{
Type = accessType,
User = toUser
};
if (expires.HasValue)
{
access.Expire = expires.Value;
}
if (token.HasValue)
{
access.Token = token.Value;
}
var q = new EntityQuery2(File.ENTITY, fileId);
q.Include(User.ENTITY, Roles.Access);
var file = new File(_repository.Read(q));
if (_securityService.CurrentUser.UserType == UserTypes.Admin || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Owner, null) || HasAccessInternal(_securityService.CurrentUser, file.Access, FileAccessType.Full, null))
{
if (!HasAccessInternal(toUser, file.Access, token)) //TODO: FileService - upgrade access
{
_repository.Attach(file, access);
}
}
else
{
throw new UnauthorizedAccessException("You don't have permissions to grant/deny permissions on that file.");//TODO: UnauthorizedAccessException
}
}
private EntityOperationResult UpdateInternal(EntityUpdate update)
{
if (!RunInspection(update))
{
return(EntityOperationResult.FailResult(new EntityOperationError("Insufficient rights to perform this operation.", EntityOperationError.ACCESS_VIOLATION)));
}
EntityOperationContext ctx = new EntityOperationContext();
this.AppyLogicBefore(update, ctx);
var entity = update.ToEntity();
EntityOperationResult result = null;
bool created = false;
try
{
if (update.Id.HasValue)
{
if (update.PropertyUpdates.Count > 0)
{
_repository.Update(entity);
}
}
else
{
update.Id = _repository.Create(entity);
created = true;
}
//Order by operation - process detach first
foreach (var relUpdate in update.RelationUpdates.OrderByDescending(ru => ru.Operation))
{
if (relUpdate.Operation == RelationOperation.Attach)
{
_repository.Attach(entity, relUpdate.ToRelation());
}
else if (relUpdate.Operation == RelationOperation.Detach)
{
_repository.Detach(entity, relUpdate.ToRelation());
}
else if (relUpdate.PropertyUpdates.Count > 0)
{
_repository.UpdateRelation(entity, relUpdate.ToRelation());
}
}
result = EntityOperationResult.SuccessResult();
if (created)
{
result.Data.Add("Created", update.Id.Value);
}
}
catch (UniqueRuleViolationException rex)
{
result = EntityOperationResult.FailResult(new EntityOperationError(rex.Message, EntityOperationError.UNIQUE_RULE_VIOLATION));
}
this.AppyLogicAfter(update, ctx, result);
return(result);
}
public void SendNotification(bool withEmail, IEnumerable <User> to, string subject, string body, IEnumerable <Domain.File> attachments, IEnumerable <Relation> relations = null)
{
using (var dbContext = _dbService.GetDatabaseContext(true))
{
foreach (var user in to)
{
Notification notif = new Notification()
{
Subject = subject,
Body = body,
Date = DateTime.Now,
Method = withEmail ? ReplyMethods.ByEmail : ReplyMethods.ByNotification
};
_repository.Create(notif);
_repository.Attach(notif, new Relation(Roles.Recipient, user));
_repository.Attach(notif, new Relation(Roles.Sender, _securityService.CurrentUser));
if (attachments != null)
{
foreach (var file in attachments)
{
_repository.Attach(notif, new Relation(Roles.Attachment, file));
_fileService.GrantAccess(file.Id, FileAccessType.Read, user);
}
}
if (relations != null)
{
foreach (var rel in relations)
{
var relToSave = new Relation(rel.Role, rel.Entity);
relToSave.Data = new Dictionary <string, object>(rel.Data);
_repository.Attach(notif, relToSave);
}
}
}
dbContext.Complete();
}
}
