public void ApplyToPermissionView(EntityPackage package, IPermissionView view) { if (package.HasRelation(Keys.ParentRelation)) { view.parentId = package.GetRelation(Keys.ParentRelation).entityId1; } view.permissions = ToPerms(package.Relations); }
// Edit vview applications public void ApplyToEditView(EntityPackage package, IEditView view) { ApplyToBaseView(package.Entity, view); //History has a creator and an editor. The create date comes from base var creatorRelation = package.GetRelation(Keys.CreatorRelation); view.editDate = (DateTime)creatorRelation.createDateProper(); view.createUserId = creatorRelation.entityId1; view.editUserId = long.Parse(creatorRelation.value); }
/// <summary> /// Clean the view specifically for updates, run AFTER general /// </summary> /// <param name="view"></param> /// <param name="existing"></param> /// <returns></returns> public virtual Task <V> CleanViewUpdateAsync(V view, EntityPackage existing, Requester requester) { //FORCE these to be what they were before. view.createDate = (DateTime)existing.Entity.createDateProper(); view.createUserId = existing.GetRelation(Keys.CreatorRelation).entityId1; //Don't allow posting over some other entity! THIS IS SUUUUPER IMPORTANT!!! if (!existing.Entity.type.StartsWith(EntityType)) { throw new BadRequestException($"No entity of proper type with id {view.id}"); } return(Task.FromResult(view)); }
/// <summary> /// Do this on post update /// </summary> /// <param name="view"></param> /// <param name="standin"></param> /// <param name="existing"></param> /// <returns></returns> public override async Task <V> CleanViewUpdateAsync(V view, EntityPackage existing, Requester requester) { view = await base.CleanViewUpdateAsync(view, existing, requester); if (!CanUser(requester, Keys.UpdateAction, existing)) { throw new ForbiddenException("User cannot update this entity"); } //Restore the permissions from the package, don't bother throwing an error. if (!services.permissions.IsSuper(requester) && existing.GetRelation(Keys.CreatorRelation).entityId1 != requester.userId) { var existingView = converter.ToView(existing); view.permissions = existingView.permissions; } return(view); }
public override bool CanUser(Requester requester, string action, EntityPackage package) { var result = base.CanUser(requester, action, package); if (cachedSupers == null) { logger.LogWarning("CanUser called without cached supers"); } else { var parentId = package.HasRelation(Keys.ParentRelation) ? package.GetRelation(Keys.ParentRelation).entityId1 : -1; result = result || action != Keys.ReadAction && (cachedSupers.ContainsKey(parentId) && cachedSupers[parentId].Contains(requester.userId) || cachedSupers.ContainsKey(package.Entity.id) && cachedSupers[package.Entity.id].Contains(requester.userId)); } return(result); }