public HttpResponseMessage DeleteFile(Guid userId, Guid fileId)
{
GetResponse <Core.File> response = _router.Query <GetFileByIdRequest, GetResponse <Core.File> >(new GetFileByIdRequest()
{
FileId = fileId
});
if (response.Result == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = userId,
FileId = fileId
});
bool canDelete = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Write, out canDelete) || !canDelete)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
_router.Command(new RemoveCommand <Core.File>()
{
ObjectId = fileId,
Object = response.Result
});
return(Request.CreateResponse(HttpStatusCode.OK));
}
public HttpResponseMessage GetFiles(Guid subjectId, Guid directoryId, string filter = "*", bool showHidden = false, bool showSystem = false)
{
HashSet <FileFlag> flags = new HashSet <FileFlag>();
if (!Context.Identity.Flags.Contains(IdentityFlag.SysAdmin) || !showSystem)
{
flags.Add(FileFlag.System);
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = subjectId,
FileId = directoryId
});
bool canSee = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Read, out canSee) || !canSee)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
if (!showHidden)
{
flags.Add(FileFlag.Hidden);
}
EnumerateDirectoryResponse enumerateResponse = _router.Query <EnumerateDirectoryRequest, EnumerateDirectoryResponse>(
new EnumerateDirectoryRequest()
{
RequesterId = Context.Identity.Id,
SubjectId = subjectId,
DirectoryId = directoryId,
ExcludeFlags = flags,
IncludeFlags = new HashSet <FileFlag>(),
Filter = filter
});
BuildPathResponse pathResponse = _router.Query <BuildPathRequest, BuildPathResponse>(new BuildPathRequest()
{
SubjectId = subjectId,
FileId = directoryId
});
return(Request.CreateResponse(HttpStatusCode.OK, new
{
Path = pathResponse.Path,
Contents = enumerateResponse.Contents.Select(x => new
{
x.Id,
x.Name,
x.Type,
x.Flags,
x.Length,
x.Created,
x.Updated
})
}));
}
public HttpResponseMessage PatchFile(Guid userId, Guid fileId, [FromUri] Guid version, [FromBody] JsonPatchDocument <Core.File> model, [FromHeader(Name = "opensheets-bypass-level")] Level bypassLevel = Level.Information)
{
if (bypassLevel > Level.Warning && (Level)Context.Principal.Metadata["Allowed-Bypass"] < bypassLevel)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden, new { Reason = $"Attempted to bypass validation of {bypassLevel} level, only allowed { (Level?)Context.Principal.Metadata["Allowed-Bypass"] ?? Level.Warning }" }));
}
GetResponse <Core.File> response = _router.Query <GetFileByIdRequest, GetResponse <Core.File> >(new GetFileByIdRequest()
{
FileId = fileId,
OwnerId = userId
});
if (response.Result == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = userId,
FileId = fileId
});
bool canWrite = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Write, out canWrite) || !canWrite)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
if (response.Result.Version != version)
{
return(Request.CreateResponse(HttpStatusCode.Conflict));
}
ValidatePatchResponse validateResp = _router.Query <ValidatePatchRequest <Core.File>, ValidatePatchResponse>(new ValidatePatchRequest <Core.File>()
{
ObjectId = fileId,
ProposedPatch = model
});
if (validateResp.Results.Any(x => x.Level > bypassLevel))
{
return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } }));
}
PatchCommand <Core.File> request = new PatchCommand <Core.File>()
{
NewVersion = Guid.NewGuid(),
Patch = model
};
_router.Command(request);
return(Request.CreateResponse(HttpStatusCode.OK, new { Version = request.NewVersion }));
}
public HttpResponseMessage CreateFile(Guid userId, Guid directoryId, Core.File fileData)
{
if (fileData.DirectoryId == Guid.Empty)
{
fileData.DirectoryId = directoryId;
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = userId,
FileId = directoryId
});
bool canWrite = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Write, out canWrite) || !canWrite)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
fileData.Id = Guid.NewGuid();
ValidateResponse validateResp = _router.Query <ValidateRequest <Core.File>, ValidateResponse>(new ValidateRequest <Core.File>()
{
ObjectId = fileData.Id,
Object = fileData
});
if (validateResp.Results.Any(x => x.Level > Level.Information))
{
return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } }));
}
_router.Command(new CreateCommand <Core.File>()
{
Object = fileData
});
return(Request.CreateResponse(HttpStatusCode.OK, new { FileId = fileData.Id }));
}
public HttpResponseMessage GetFileDetails(Guid userId, Guid fileId)
{
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = userId,
FileId = fileId
});
bool canSee = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Read, out canSee) || !canSee)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
GetResponse <Core.File> fileResp = _router.Query <GetFileByIdRequest, GetResponse <Core.File> >(new GetFileByIdRequest()
{
OwnerId = userId,
FileId = fileId
});
return(Request.CreateResponse(HttpStatusCode.OK, fileResp.Result));
}