//would be nice to wrap in transaction, when multiple instances co-exist:
public Boolean ExecuteDeleteImage(string deleteQuery, DeleteImageUserModel imageUserModel)
{
bool success = true;
//NpgsqlTransaction transaction = null;
//first fetch the table to see owner and permissions:
string selectSql = "SELECT * FROM public.\"Image\" WHERE \"Id\" = @id";
//transaction = connection.BeginTransaction();
DataTable dt = SelectData(selectSql, "Id", imageUserModel.ImageId);
var objList = DataTableToList <Image>(dt);
objList.Cast <Image>().ToList();
if (!objList.Any())
{
Console.WriteLine("Image cannot be deleted as it does not exist");
//transaction.Rollback();
return(false);
}
int OwnerId = objList[0].UserId;
var isPrivate = objList[0].Isprivate;
//images not marked private could be modified by anyone, else check for user modifying
if (isPrivate && imageUserModel.UserId != OwnerId)
{
Console.WriteLine("Image cannot be deleted as the current user does not have rights to modify!");
//transaction.Rollback();
return(false);
}
connection.Open();
using (var cmd = new NpgsqlCommand(deleteQuery, connection))
{
try
{
cmd.Parameters.AddWithValue("ImageId", imageUserModel.ImageId);
int result = cmd.ExecuteNonQuery();
if (result < 0)
{
success = false;
}
}
catch (SqlException e)
{
Console.WriteLine("SqlException caught " + e);
}
}
//transaction.Commit();
connection.Close();
return(success);
}
public IActionResult DeleteImage(DeleteImageUserModel imageModel)
{
if (imageModel == null)
{
throw new ArgumentException("invalid imageModel");
}
string sql = "DELETE FROM public.\"Image\" WHERE \"Id\" = @ImageId";
return(ExecuteDeleteImage(sql, imageModel) == true?Json(HttpStatusCode.OK) : Json(HttpStatusCode.BadRequest));
}
