コード例 #1
0
        public override void OnActionExecuting(HttpActionContext filterContext)
        {
            var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"];

            var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider);

            var itemDetails = new ItemDetail();

            if (itemRequest.ServerPath != null)
            {
                itemRequest.ItemId = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath).Id;
            }
            if (itemRequest.ItemId == Guid.Empty && (itemRequest.ItemType == ItemType.Datasource || itemRequest.ItemType == ItemType.File))
            {
                itemDetails = itemManagement.GetItemDetailsFromItemName(itemRequest.Name, itemRequest.ItemType);
                if (itemDetails != null)
                {
                    itemRequest.ItemId = itemDetails.Id;
                }
                else
                {
                    var apiResponse = new ItemResponse
                    {
                        Status        = false,
                        StatusMessage = "Invalid request values"
                    };
                    var response = new HttpResponseMessage
                    {
                        Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
                    };
                    filterContext.Response = response;
                }
            }

            filterContext.ActionArguments["itemRequest"] = itemRequest;
            var userId    = new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId(itemRequest.UserName);
            var itemsList =
                itemManagement.GetItems(
                    new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId(
                        itemRequest.UserName), ItemType, null, null, null, null, null, itemRequest.ItemId);

            HttpContext.Current.Session["UserId"] = userId;


            if (itemsList.result.Any(a => a.Id == itemRequest.ItemId && a.CanRead) == false)
            {
                var apiResponse = new ItemResponse
                {
                    Status        = false,
                    StatusMessage = "You do not have permission to access this item or the item does not exist."
                };
                var response = new HttpResponseMessage
                {
                    Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
                };
                filterContext.Response = response;
            }

            base.OnActionExecuting(filterContext);
        }
コード例 #2
0
        public override void OnActionExecuting(HttpActionContext filterContext)
        {
            var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"];
            var itemDetail  = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath);

            if (itemDetail == null)
            {
                var apiResponse = new ItemResponse
                {
                    Status        = false,
                    StatusMessage = "You do not have permission to edit this item or the item does not exist."
                };
                var response = new HttpResponseMessage
                {
                    Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
                };
                filterContext.Response = response;
            }
            itemRequest.ItemId     = itemDetail.Id;
            itemRequest.CategoryId = itemDetail.CategoryId;
            var itemId = itemRequest.ItemId;

            filterContext.ActionArguments["itemRequest"] = itemRequest;
            var userId = userManagement.GetUserId(itemRequest.UserName);

            var itemsList = itemManagement.GetItems(userId, ItemType, null, null, null, null, null, itemId);

            if (itemsList.result.Any(a => a.Id == itemId && a.CanWrite) == false)
            {
                var apiResponse = new ItemResponse
                {
                    Status        = false,
                    StatusMessage = "You do not have permission to edit this item or the item does not exist."
                };
                var response = new HttpResponseMessage
                {
                    Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
                };
                filterContext.Response = response;
            }
            else
            {
                if (itemManagement.IsItemNameAlreadyExistsForUpdate(itemRequest.Name, itemRequest.CategoryId, itemId))
                {
                    var apiResponse = new ItemResponse
                    {
                        Status        = false,
                        StatusMessage = "Item with the same name is already exist in the specified Category"
                    };
                    var response = new HttpResponseMessage
                    {
                        Content = new StringContent(javaScriptSerializer.Serialize(apiResponse))
                    };
                    filterContext.Response = response;
                }
            }

            base.OnActionExecuting(filterContext);
        }
コード例 #3
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var id = filterContext.HttpContext.Request["id"];

            var itemId = new Guid();

            if (String.IsNullOrEmpty(id) || Guid.TryParse(id, out itemId) == false)
            {
                filterContext.Result = new RedirectResult("/reports", true);
            }
            else
            {
                var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider);
                var itemDetail     = itemManagement.GetItemDetailsFromItemId(itemId, false);

                if (itemDetail == null)
                {
                    filterContext.Result = new ViewResult
                    {
                        ViewName = "../Home/PermissionDenied"
                    };
                }
                else
                {
                    var itemsList = itemManagement.GetItems(Convert.ToInt32(filterContext.HttpContext.User.Identity.Name), itemDetail.ItemType, null, null, null, null, null, itemId);
                    if (!itemsList.result.Any(a => a.Id == itemId && a.CanRead))
                    {
                        filterContext.Result = new ViewResult
                        {
                            ViewName = "../Home/PermissionDenied"
                        };
                    }
                }
            }

            base.OnActionExecuting(filterContext);
        }