//would be nice to wrap in transaction, when multiple instances co-exist: public Boolean ExecuteDeleteImage(string deleteQuery, DeleteImageUserModel imageUserModel) { bool success = true; //NpgsqlTransaction transaction = null; //first fetch the table to see owner and permissions: string selectSql = "SELECT * FROM public.\"Image\" WHERE \"Id\" = @id"; //transaction = connection.BeginTransaction(); DataTable dt = SelectData(selectSql, "Id", imageUserModel.ImageId); var objList = DataTableToList <Image>(dt); objList.Cast <Image>().ToList(); if (!objList.Any()) { Console.WriteLine("Image cannot be deleted as it does not exist"); //transaction.Rollback(); return(false); } int OwnerId = objList[0].UserId; var isPrivate = objList[0].Isprivate; //images not marked private could be modified by anyone, else check for user modifying if (isPrivate && imageUserModel.UserId != OwnerId) { Console.WriteLine("Image cannot be deleted as the current user does not have rights to modify!"); //transaction.Rollback(); return(false); } connection.Open(); using (var cmd = new NpgsqlCommand(deleteQuery, connection)) { try { cmd.Parameters.AddWithValue("ImageId", imageUserModel.ImageId); int result = cmd.ExecuteNonQuery(); if (result < 0) { success = false; } } catch (SqlException e) { Console.WriteLine("SqlException caught " + e); } } //transaction.Commit(); connection.Close(); return(success); }
public IActionResult DeleteImage(DeleteImageUserModel imageModel) { if (imageModel == null) { throw new ArgumentException("invalid imageModel"); } string sql = "DELETE FROM public.\"Image\" WHERE \"Id\" = @ImageId"; return(ExecuteDeleteImage(sql, imageModel) == true?Json(HttpStatusCode.OK) : Json(HttpStatusCode.BadRequest)); }