public virtual async Task <HttpResponseMessage> DeletePackage(
string id,
string version,
CancellationToken token)
{
if (_authenticationService == null)
{
return(Request.CreateErrorResponse(HttpStatusCode.Forbidden, "Package delete is not allowed"));
}
var apiKey = GetApiKeyFromHeader();
var requestedPackage = await RetrieveFromRepositoryAsync(id, version, token);
if (requestedPackage == null || !requestedPackage.Listed)
{
// Package not found
return(CreateStringResponse(HttpStatusCode.NotFound, string.Format("'Package {0} {1}' Not found.", id, version))); // Request.CreateErrorResponse(HttpStatusCode.NotFound, string.Format("'Package {0} {1}' Not found.", id, version));
}
// Make sure the user can access this package
if (_authenticationService.IsAuthenticated(User, apiKey, requestedPackage.Id))
{
await _serverRepository.RemovePackageAsync(requestedPackage.Id, requestedPackage.Version, token);
return(Request.CreateResponse(HttpStatusCode.NoContent));
}
else
{
return(CreateStringResponse(HttpStatusCode.Forbidden, string.Format("Access denied for package '{0}', version '{1}'.", requestedPackage.Id, version)));
}
}
private void Authenticate(HttpContextBase context, string apiKey, string packageId, Action action)
{
if (_authenticationService.IsAuthenticated(context.User, apiKey, packageId))
{
action();
}
else
{
WriteForbidden(context, packageId);
}
}
private bool Authenticate(HttpContextBase context, string apiKey, string packageId)
{
if (_authenticationService.IsAuthenticated(context.User, apiKey, packageId))
{
return(true);
}
else
{
WriteForbidden(context, packageId);
return(false);
}
}