protected JsonResult UpdateUserOwnedEntity(UserOwnedEntity entity) { if (ModelState.IsValid) { try { var userId = CurrentUserId; entity.UserId = userId; _db.Entry(entity).State = entity.EntityKey == 0 ? EntityState.Added : EntityState.Modified; _db.SaveChanges(); } catch (SimpleException ex) { ModelState.AddModelError("", ex.Message); } catch (Exception) { ModelState.AddModelError("", Strings.UpdateFailed); } } var errMsgs = GetModelStateErrorMsgs(); var jsonResult = new { errMsg = errMsgs.Any() ? errMsgs[0] : null, }; return(Json(jsonResult)); }
protected JsonResult DeleteUserOwned(UserOwnedEntity entity) { if (entity != null && entity.UserId == CurrentUserId) { _db.Entry(entity).State = EntityState.Deleted; _db.SaveChanges(); } else { return(Json("Failed to delete")); } return(Json("Deleted")); }
// base code to process message and deserialize body to expected type protected HttpStatusCode ProcessRequestBody <T>(HttpRequestMessage req, out T entity, out Operation operation, bool skipOperation = false) { TraceLog.TraceFunction(); operation = null; entity = default(T); Type t = typeof(T); if (req == null) { TraceLog.TraceError("HttpRequestMessage is null"); return(HttpStatusCode.BadRequest); } try { string contentType = req.Content.Headers.ContentType.MediaType; switch (contentType) { case "application/json": DataContractJsonSerializer dcjs = new DataContractJsonSerializer(t); entity = (T)dcjs.ReadObject(req.Content.ReadAsStreamAsync().Result); break; case "text/xml": case "application/xml": DataContractSerializer dc = new DataContractSerializer(t); entity = (T)dc.ReadObject(req.Content.ReadAsStreamAsync().Result); break; default: TraceLog.TraceError("Content-type unrecognized: " + contentType); break; } } catch (Exception ex) { TraceLog.TraceException("Deserialization failed", ex); } if (skipOperation) { return(HttpStatusCode.OK); } try { // initialize the body / oldbody object body = entity; object oldBody = null; // if this is an update, get the payload as a list switch (req.Method.Method) { case "DELETE": case "POST": if (entity is UserOwnedEntity) { UserOwnedEntity currentEntity = entity as UserOwnedEntity; // if the entity doesn't have a userid, assign it now to the current user if (currentEntity.UserID == null || currentEntity.UserID == Guid.Empty) { currentEntity.UserID = CurrentUser.ID; } // if the entity does not belong to the authenticated user, return 403 Forbidden if (currentEntity.UserID != CurrentUser.ID) { TraceLog.TraceError("Entity does not belong to current user"); return(HttpStatusCode.Forbidden); } // fill out the ID if it's not set (e.g. from a javascript client) if (currentEntity.ID == null || currentEntity.ID == Guid.Empty) { currentEntity.ID = Guid.NewGuid(); } } break; case "PUT": // body should contain two entities, the original and new values IList list = (IList)entity; if (list.Count != 2) { TraceLog.TraceError("Bad Request (malformed body)"); return(HttpStatusCode.BadRequest); } oldBody = list[0]; body = list[1]; if (body is UserOwnedEntity && oldBody is UserOwnedEntity) { UserOwnedEntity oldEntity = oldBody as UserOwnedEntity; UserOwnedEntity newEntity = body as UserOwnedEntity; // make sure the entity ID's match if (oldEntity.ID != newEntity.ID) { TraceLog.TraceError("Original and updated IDs do not match"); return(HttpStatusCode.BadRequest); } // if the entity doesn't have a userid, assign it now to the current user if (oldEntity.UserID == null || oldEntity.UserID == Guid.Empty) { oldEntity.UserID = CurrentUser.ID; } if (newEntity.UserID == null || newEntity.UserID == Guid.Empty) { newEntity.UserID = CurrentUser.ID; } // make sure the entity belongs to the authenticated user if (oldEntity.UserID != CurrentUser.ID || newEntity.UserID != CurrentUser.ID) { TraceLog.TraceError("Entity does not belong to current user"); return(HttpStatusCode.Forbidden); } } break; } // if the body is a BasicAuthCredentials, this likely means that we are in the process // of creating the user, and the CurrentUser property is null User user = null; if (body is BasicAuthCredentials) { // create a user from the body so that the CreateOperation call can succeed var userCred = body as BasicAuthCredentials; user = userCred.AsUser(); // make sure the password doesn't get traced userCred.Password = ""; // create an operation with the User as the body, not the BasicAuthCredentials entity body = user; } else { user = CurrentUser; } // get the session from the session header if it's present TraceLog.Session = GetSessionFromMessageHeaders(req); // create the operation if (user != null) { operation = this.StorageContext.CreateOperation(user, req.Method.Method, null, body, oldBody, TraceLog.Session); } return(HttpStatusCode.OK); } catch (Exception ex) { TraceLog.TraceException("Request body processing failed", ex); return(HttpStatusCode.BadRequest); } }