protected JsonResult UpdateUserOwnedEntity(UserOwnedEntity entity)
{
if (ModelState.IsValid)
{
try
{
var userId = CurrentUserId;
entity.UserId = userId;
_db.Entry(entity).State = entity.EntityKey == 0 ? EntityState.Added : EntityState.Modified;
_db.SaveChanges();
}
catch (SimpleException ex)
{
ModelState.AddModelError("", ex.Message);
}
catch (Exception)
{
ModelState.AddModelError("", Strings.UpdateFailed);
}
}
var errMsgs = GetModelStateErrorMsgs();
var jsonResult = new
{
errMsg = errMsgs.Any() ? errMsgs[0] : null,
};
return(Json(jsonResult));
}
protected JsonResult DeleteUserOwned(UserOwnedEntity entity)
{
if (entity != null && entity.UserId == CurrentUserId)
{
_db.Entry(entity).State = EntityState.Deleted;
_db.SaveChanges();
}
else
{
return(Json("Failed to delete"));
}
return(Json("Deleted"));
}
// base code to process message and deserialize body to expected type
protected HttpStatusCode ProcessRequestBody <T>(HttpRequestMessage req, out T entity, out Operation operation, bool skipOperation = false)
{
TraceLog.TraceFunction();
operation = null;
entity = default(T);
Type t = typeof(T);
if (req == null)
{
TraceLog.TraceError("HttpRequestMessage is null");
return(HttpStatusCode.BadRequest);
}
try
{
string contentType = req.Content.Headers.ContentType.MediaType;
switch (contentType)
{
case "application/json":
DataContractJsonSerializer dcjs = new DataContractJsonSerializer(t);
entity = (T)dcjs.ReadObject(req.Content.ReadAsStreamAsync().Result);
break;
case "text/xml":
case "application/xml":
DataContractSerializer dc = new DataContractSerializer(t);
entity = (T)dc.ReadObject(req.Content.ReadAsStreamAsync().Result);
break;
default:
TraceLog.TraceError("Content-type unrecognized: " + contentType);
break;
}
}
catch (Exception ex)
{
TraceLog.TraceException("Deserialization failed", ex);
}
if (skipOperation)
{
return(HttpStatusCode.OK);
}
try
{
// initialize the body / oldbody
object body = entity;
object oldBody = null;
// if this is an update, get the payload as a list
switch (req.Method.Method)
{
case "DELETE":
case "POST":
if (entity is UserOwnedEntity)
{
UserOwnedEntity currentEntity = entity as UserOwnedEntity;
// if the entity doesn't have a userid, assign it now to the current user
if (currentEntity.UserID == null || currentEntity.UserID == Guid.Empty)
{
currentEntity.UserID = CurrentUser.ID;
}
// if the entity does not belong to the authenticated user, return 403 Forbidden
if (currentEntity.UserID != CurrentUser.ID)
{
TraceLog.TraceError("Entity does not belong to current user");
return(HttpStatusCode.Forbidden);
}
// fill out the ID if it's not set (e.g. from a javascript client)
if (currentEntity.ID == null || currentEntity.ID == Guid.Empty)
{
currentEntity.ID = Guid.NewGuid();
}
}
break;
case "PUT":
// body should contain two entities, the original and new values
IList list = (IList)entity;
if (list.Count != 2)
{
TraceLog.TraceError("Bad Request (malformed body)");
return(HttpStatusCode.BadRequest);
}
oldBody = list[0];
body = list[1];
if (body is UserOwnedEntity && oldBody is UserOwnedEntity)
{
UserOwnedEntity oldEntity = oldBody as UserOwnedEntity;
UserOwnedEntity newEntity = body as UserOwnedEntity;
// make sure the entity ID's match
if (oldEntity.ID != newEntity.ID)
{
TraceLog.TraceError("Original and updated IDs do not match");
return(HttpStatusCode.BadRequest);
}
// if the entity doesn't have a userid, assign it now to the current user
if (oldEntity.UserID == null || oldEntity.UserID == Guid.Empty)
{
oldEntity.UserID = CurrentUser.ID;
}
if (newEntity.UserID == null || newEntity.UserID == Guid.Empty)
{
newEntity.UserID = CurrentUser.ID;
}
// make sure the entity belongs to the authenticated user
if (oldEntity.UserID != CurrentUser.ID || newEntity.UserID != CurrentUser.ID)
{
TraceLog.TraceError("Entity does not belong to current user");
return(HttpStatusCode.Forbidden);
}
}
break;
}
// if the body is a BasicAuthCredentials, this likely means that we are in the process
// of creating the user, and the CurrentUser property is null
User user = null;
if (body is BasicAuthCredentials)
{
// create a user from the body so that the CreateOperation call can succeed
var userCred = body as BasicAuthCredentials;
user = userCred.AsUser();
// make sure the password doesn't get traced
userCred.Password = "";
// create an operation with the User as the body, not the BasicAuthCredentials entity
body = user;
}
else
{
user = CurrentUser;
}
// get the session from the session header if it's present
TraceLog.Session = GetSessionFromMessageHeaders(req);
// create the operation
if (user != null)
{
operation = this.StorageContext.CreateOperation(user, req.Method.Method, null, body, oldBody, TraceLog.Session);
}
return(HttpStatusCode.OK);
}
catch (Exception ex)
{
TraceLog.TraceException("Request body processing failed", ex);
return(HttpStatusCode.BadRequest);
}
}
