/// <summary>
/// Overrides API base class validate, uses website user rather than HTTP Basic
/// </summary>
/// <param name="type">The transaction type to validate</param>
/// <param name="co">the content object to validate the operation on</param>
/// <returns>True if the user may perform this operation on the contentobject</returns>
public override bool DoValidate(Security.TransactionType type, vwarDAL.ContentObject co)
{
vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager();
vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID);
prm.Dispose();
if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable)
{
return true;
}
if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable)
{
return true;
}
if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable)
{
return true;
}
if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
return false;
}
/// <summary>
/// User basic HTTP authorization, reads the header and does the auth
/// </summary>
/// <param name="type">The transaction type to validate</param>
/// <param name="co">the content object to validate the operation on</param>
/// <returns>True if the user may perform this operation on the contentobject</returns>
public virtual bool DoValidate(Security.TransactionType type, string PID)
{
//Return note about the authorization scheme used
WebOperationContext.Current.OutgoingResponse.Headers[System.Net.HttpResponseHeader.WwwAuthenticate] = "BASIC realm=\"3DR API\"";
//Start by assuming anonymous
string username = vwarDAL.DefaultUsers.Anonymous[0];
string password = "";
//if there is an auth header, check it
if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] != null)
{
//string should start with "BASIC ", remove this
string auth = WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization].Substring(6);
System.Text.Encoding enc = System.Text.Encoding.ASCII;
//Decode from base64
auth = enc.GetString(System.Convert.FromBase64String(auth));
username = auth.Split(new char[] { ':' })[0];
password = auth.Split(new char[] { ':' })[1];
//Dont bother checking password for anonymous
if (username != vwarDAL.DefaultUsers.Anonymous[0])
{
//Get the membership provider
Simple.Providers.MySQL.MysqlMembershipProvider provider = (Simple.Providers.MySQL.MysqlMembershipProvider)System.Web.Security.Membership.Providers["MysqlMembershipProvider"];
//Check if the suer is logged in correctly
bool validate = provider.ValidateUser(username, password);
//if they did not validate, then return false and send 401
if (!validate)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
}
}
if (!Convert.ToBoolean(ConfigurationManager.AppSettings["AssumeAnonymousUserWhenMissingAuthHeader"]))
{
//This will force uses to enter the username AnonymousUser! if you want to just assume it when there is no
//header, just remove this block,
if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] == null)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
}
//Do the actual check of permissions
vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager();
if (type != Security.TransactionType.Create)
{
vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, PID);
prm.Dispose();
if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable)
{
return true;
}
if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable)
{
return true;
}
if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable)
{
return true;
}
if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
}
prm.Dispose();
//If asking for create permission, and got here,then it must be a valid user. But, can't be anon.
if (type == Security.TransactionType.Create)
{
if (username == vwarDAL.DefaultUsers.Anonymous[0])
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
else return true;
}
//Set the status if they are not authourized
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
//Get the metadata object for a conten object
public Metadata GetMetadata(string pid, string key)
{
if (!CheckKey(key))
return null;
try
{
//Metadata to return
Metadata map = new Metadata();
pid = pid.Replace('_', ':');
//Get the content object
vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager();
vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], pid);
perm.Dispose();
//Check the permissions
if (!DoValidate(Security.TransactionType.Query, pid))
{
ReleaseRepo();
return null;
}
//removing to deal with stale issues when the GUI is used to update metadata.
Metadata fromcache = null;// CacheManager.CheckCache<Metadata>(new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA));
if (fromcache != null)
return fromcache;
vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false);
//If there is no location, dont return data
if (co.Location != "")
{
map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null;
map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable;
map.PID = co.PID;
map.Title = co.Title;
map.Keywords = co.Keywords;
map.Format = co.Format;
map.Downloads = co.Downloads.ToString();
map.DeveloperName = co.DeveloperName;
map.Description = co.Description;
map.ArtistName = co.ArtistName;
map.AssetType = co.AssetType;
map.NumPolygons = co.NumPolygons.ToString();
map.NumTextures = co.NumTextures.ToString();
map.SponsorName = co.SponsorName;
map.UnitScale = co.UnitScale;
map.UpAxis = co.UpAxis;
map.UploadedDate = co.UploadedDate.ToString();
map.Views = co.Views.ToString();
map.Revision = co.Revision.ToString();
map.TotalRevisions = co.NumberOfRevisions.ToString();
map.MoreInformationURL = co.MoreInformationURL;
map.License = co.CreativeCommonsLicenseURL;
map.Distribution_Contolling_Office = co.Distribution_Contolling_Office;
map.Distribution_Determination_Date = co.Distribution_Determination_Date.ToShortDateString();
map.Distribution_Grade = Enum.GetName(typeof(vwarDAL.DistributionGrade), co.Distribution_Grade);
map.Distribution_Reason = co.Distribution_Reason;
map.Distribution_Regulation = co.Distribution_Regulation;
map.RequiresResubmit = co.RequireResubmit;
// map.License = co.CreativeCommonsLicenseURL;
//Get the supporting files, and copy to a serializable class
map.SupportingFiles = new List<SupportingFile>();
foreach (vwarDAL.SupportingFile i in co.SupportingFiles)
{
SupportingFile f2 = new SupportingFile();
f2.Filename = i.Filename;
f2.Description = i.Description;
map.SupportingFiles.Add(f2);
}
//Get the texture references and copy to a serializable class
map.TextureReferences = new List<Texture>();
foreach (vwarDAL.Texture i in co.TextureReferences)
{
Texture f2 = new Texture();
f2.mFilename = i.mFilename;
f2.mType = i.mType;
f2.mUVSet = i.mUVSet;
map.TextureReferences.Add(f2);
}
//Get the missing textures, and copy to a serializable class
map.MissingTextures = new List<Texture>();
foreach (vwarDAL.Texture i in co.MissingTextures)
{
Texture f2 = new Texture();
f2.mFilename = i.mFilename;
f2.mType = i.mType;
f2.mUVSet = i.mUVSet;
map.MissingTextures.Add(f2);
}
CacheManager.Cache<Metadata>(ref map, new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA));
}
//Return the data
ReleaseRepo();
return map;
}
catch (Exception ex)
{
return new Metadata { Title = ex.Message };
}
ReleaseRepo();
return new Metadata { Title = "got here" };
}
//Get the metadata object for a conten object
public Metadata GetMetadata(string pid, string key)
{
if (!CheckKey(key))
return null;
try
{
//Metadata to return
Metadata map = new Metadata();
pid = pid.Replace('_', ':');
//Get the content object
vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false);
vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager();
vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], co.PID);
perm.Dispose();
//Check the permissions
if (!DoValidate(Security.TransactionType.Query, co))
{
ReleaseRepo();
return null;
}
//If there is no location, dont return data
if (co.Location != "")
{
map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null;
map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable;
map.PID = co.PID;
map.Title = co.Title;
map.Keywords = co.Keywords;
map.Format = co.Format;
map.Downloads = co.Downloads.ToString();
map.DeveloperName = co.DeveloperName;
map.Description = co.Description;
map.ArtistName = co.ArtistName;
map.AssetType = co.AssetType;
map.NumPolygons = co.NumPolygons.ToString();
map.NumTextures = co.NumTextures.ToString();
map.SponsorName = co.SponsorName;
map.UnitScale = co.UnitScale;
map.UpAxis = co.UpAxis;
map.UploadedDate = co.UploadedDate.ToString();
map.Views = co.Views.ToString();
map.Revision = co.Revision.ToString();
map.TotalRevisions = co.NumberOfRevisions.ToString();
map.MoreInformationURL = co.MoreInformationURL;
map.License = co.CreativeCommonsLicenseURL;
// map.License = co.CreativeCommonsLicenseURL;
//Get the supporting files, and copy to a serializable class
map.SupportingFiles = new List<SupportingFile>();
foreach (vwarDAL.SupportingFile i in co.SupportingFiles)
{
SupportingFile f2 = new SupportingFile();
f2.Filename = i.Filename;
f2.Description = i.Description;
map.SupportingFiles.Add(f2);
}
//Get the texture references and copy to a serializable class
map.TextureReferences = new List<Texture>();
foreach (vwarDAL.Texture i in co.TextureReferences)
{
Texture f2 = new Texture();
f2.mFilename = i.mFilename;
f2.mType = i.mType;
f2.mUVSet = i.mUVSet;
map.TextureReferences.Add(f2);
}
//Get the missing textures, and copy to a serializable class
map.MissingTextures = new List<Texture>();
foreach (vwarDAL.Texture i in co.MissingTextures)
{
Texture f2 = new Texture();
f2.mFilename = i.mFilename;
f2.mType = i.mType;
f2.mUVSet = i.mUVSet;
map.MissingTextures.Add(f2);
}
}
//Return the data
ReleaseRepo();
return map;
}
catch (Exception ex)
{
return new Metadata { Title = ex.Message };
}
ReleaseRepo();
return new Metadata { Title = "got here" };
}