/// <summary> /// Overrides API base class validate, uses website user rather than HTTP Basic /// </summary> /// <param name="type">The transaction type to validate</param> /// <param name="co">the content object to validate the operation on</param> /// <returns>True if the user may perform this operation on the contentobject</returns> public override bool DoValidate(Security.TransactionType type, vwarDAL.ContentObject co) { vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID); prm.Dispose(); if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable) { return true; } if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable) { return true; } if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable) { return true; } if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } return false; }
/// <summary> /// /// </summary> public static void CreateRolesAndAdministrativeUser() { if (Website.Config.GenerateDefaultAdministratorOnApplicationStartup) { try { var userName = System.Configuration.ConfigurationManager.AppSettings["DefaultAdminName"]; var password = System.Configuration.ConfigurationManager.AppSettings["DefaultAdminPassword"]; if (!Roles.RoleExists("Administrators")) { Roles.CreateRole("Administrators"); } if (!Roles.RoleExists("Users")) { Roles.CreateRole("Users"); } if (Membership.FindUsersByName(userName).Count == 0) { Membership.CreateUser(userName, password, userName); } if (!Roles.IsUserInRole(userName, "Administrators")) { Roles.AddUserToRole(userName, "Administrators"); } vwarDAL.PermissionsManager pmgr = new vwarDAL.PermissionsManager(); pmgr.CreateGroup(vwarDAL.DefaultGroups.AllUsers, userName, vwarDAL.DefaultGroups.AllUsers, vwarDAL.GroupPolicyLevel.UsersAddRemove); pmgr.CreateGroup(vwarDAL.DefaultGroups.AnonymousUsers, userName, vwarDAL.DefaultGroups.AnonymousUsers, vwarDAL.GroupPolicyLevel.UsersAddRemove); pmgr.Dispose(); } catch (Exception ex) { //throw new ApplicationException("Unable to connect to the membership database. Please contact support"); } } }
//Get the metadata object for a conten object public Metadata GetMetadata(string pid, string key) { if (!CheckKey(key)) return null; try { //Metadata to return Metadata map = new Metadata(); pid = pid.Replace('_', ':'); //Get the content object vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], pid); perm.Dispose(); //Check the permissions if (!DoValidate(Security.TransactionType.Query, pid)) { ReleaseRepo(); return null; } //removing to deal with stale issues when the GUI is used to update metadata. Metadata fromcache = null;// CacheManager.CheckCache<Metadata>(new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA)); if (fromcache != null) return fromcache; vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); //If there is no location, dont return data if (co.Location != "") { map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null; map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable; map.PID = co.PID; map.Title = co.Title; map.Keywords = co.Keywords; map.Format = co.Format; map.Downloads = co.Downloads.ToString(); map.DeveloperName = co.DeveloperName; map.Description = co.Description; map.ArtistName = co.ArtistName; map.AssetType = co.AssetType; map.NumPolygons = co.NumPolygons.ToString(); map.NumTextures = co.NumTextures.ToString(); map.SponsorName = co.SponsorName; map.UnitScale = co.UnitScale; map.UpAxis = co.UpAxis; map.UploadedDate = co.UploadedDate.ToString(); map.Views = co.Views.ToString(); map.Revision = co.Revision.ToString(); map.TotalRevisions = co.NumberOfRevisions.ToString(); map.MoreInformationURL = co.MoreInformationURL; map.License = co.CreativeCommonsLicenseURL; map.Distribution_Contolling_Office = co.Distribution_Contolling_Office; map.Distribution_Determination_Date = co.Distribution_Determination_Date.ToShortDateString(); map.Distribution_Grade = Enum.GetName(typeof(vwarDAL.DistributionGrade), co.Distribution_Grade); map.Distribution_Reason = co.Distribution_Reason; map.Distribution_Regulation = co.Distribution_Regulation; map.RequiresResubmit = co.RequireResubmit; // map.License = co.CreativeCommonsLicenseURL; //Get the supporting files, and copy to a serializable class map.SupportingFiles = new List<SupportingFile>(); foreach (vwarDAL.SupportingFile i in co.SupportingFiles) { SupportingFile f2 = new SupportingFile(); f2.Filename = i.Filename; f2.Description = i.Description; map.SupportingFiles.Add(f2); } //Get the texture references and copy to a serializable class map.TextureReferences = new List<Texture>(); foreach (vwarDAL.Texture i in co.TextureReferences) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.TextureReferences.Add(f2); } //Get the missing textures, and copy to a serializable class map.MissingTextures = new List<Texture>(); foreach (vwarDAL.Texture i in co.MissingTextures) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.MissingTextures.Add(f2); } CacheManager.Cache<Metadata>(ref map, new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA)); } //Return the data ReleaseRepo(); return map; } catch (Exception ex) { return new Metadata { Title = ex.Message }; } ReleaseRepo(); return new Metadata { Title = "got here" }; }
public List<SearchResult> AdvancedSearch(string searchmethod, string searchstring, string key) { if (!CheckKey(key)) return null; try { searchstring = HttpUtility.UrlDecode(searchstring); String[] termpairlist = searchstring.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); System.Collections.Specialized.NameValueCollection searchFieldsAndTerms = new System.Collections.Specialized.NameValueCollection(); foreach (string s in termpairlist) { string[] t = s.Split(new char[] { '=' }); searchFieldsAndTerms[t[0]] = t[1]; } string username = GetUsername(); if (username == "") return null; //Do the search List<SearchResult> results = new List<SearchResult>(); vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); vwarDAL.DataAccessFactory factory = new vwarDAL.DataAccessFactory(); vwarDAL.ISearchProxy search = factory.CreateSearchProxy(username); vwarDAL.SearchMethod method = vwarDAL.SearchMethod.OR; if (searchmethod.Equals("AND", StringComparison.CurrentCultureIgnoreCase)) method = vwarDAL.SearchMethod.AND; IEnumerable<vwarDAL.ContentObject> caresults = search.SearchByFields(searchFieldsAndTerms, method); //Build the search results foreach (vwarDAL.ContentObject co in caresults) { SearchResult r = new SearchResult(); r.PID = co.PID; r.Title = co.Title; results.Add(r); } search.Dispose(); return results; } catch (Exception ex) { List<SearchResult> results = new List<SearchResult>(); results.Add(new SearchResult { Title = ex.Message }); return results; } //return them }
/// <summary> /// User basic HTTP authorization, reads the header and does the auth /// </summary> /// <param name="type">The transaction type to validate</param> /// <param name="co">the content object to validate the operation on</param> /// <returns>True if the user may perform this operation on the contentobject</returns> public virtual bool DoValidate(Security.TransactionType type, string PID) { //Return note about the authorization scheme used WebOperationContext.Current.OutgoingResponse.Headers[System.Net.HttpResponseHeader.WwwAuthenticate] = "BASIC realm=\"3DR API\""; //Start by assuming anonymous string username = vwarDAL.DefaultUsers.Anonymous[0]; string password = ""; //if there is an auth header, check it if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] != null) { //string should start with "BASIC ", remove this string auth = WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization].Substring(6); System.Text.Encoding enc = System.Text.Encoding.ASCII; //Decode from base64 auth = enc.GetString(System.Convert.FromBase64String(auth)); username = auth.Split(new char[] { ':' })[0]; password = auth.Split(new char[] { ':' })[1]; //Dont bother checking password for anonymous if (username != vwarDAL.DefaultUsers.Anonymous[0]) { //Get the membership provider Simple.Providers.MySQL.MysqlMembershipProvider provider = (Simple.Providers.MySQL.MysqlMembershipProvider)System.Web.Security.Membership.Providers["MysqlMembershipProvider"]; //Check if the suer is logged in correctly bool validate = provider.ValidateUser(username, password); //if they did not validate, then return false and send 401 if (!validate) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } } } if (!Convert.ToBoolean(ConfigurationManager.AppSettings["AssumeAnonymousUserWhenMissingAuthHeader"])) { //This will force uses to enter the username AnonymousUser! if you want to just assume it when there is no //header, just remove this block, if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] == null) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } } //Do the actual check of permissions vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); if (type != Security.TransactionType.Create) { vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, PID); prm.Dispose(); if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable) { return true; } if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable) { return true; } if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable) { return true; } if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } } prm.Dispose(); //If asking for create permission, and got here,then it must be a valid user. But, can't be anon. if (type == Security.TransactionType.Create) { if (username == vwarDAL.DefaultUsers.Anonymous[0]) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } else return true; } //Set the status if they are not authourized WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; }
//Upload the screenshot for the model public string GetGroupPermission(string pid, string groupname, string key) { if (!CheckKey(key)) return null; pid = pid.Replace('_', ':'); //Get the content obhect vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); //Check the permissions if (!DoValidate(Security.TransactionType.Query, pid)) { ReleaseRepo(); return ""; } vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel level = perm.CheckGroupPermissions(perm.GetUserGroup(groupname), pid); perm.Dispose(); ReleaseRepo(); return System.Enum.GetName(typeof(vwarDAL.ModelPermissionLevel), level); }
//Upload a new content object. Returns the pid of the uploaded file public string UploadFile(byte[] data, string pid, string key) { if (!CheckKey(key)) return null; //Check permissions if (!DoValidate(Security.TransactionType.Create, null)) return "Not authorized"; vwarDAL.ContentObject co = null; //Create a new object if (pid == "") { co = GetRepo().GetNewContentObject(); co.Revision = 0; //Setup some default values co.Title = "tempupload"; co.Views = 0; } if (pid != "") { co = GetRepo().GetContentObjectById(pid, false); if (co == null) { ReleaseRepo(); return "PID does not exist"; } co.Revision = co.Revision + 1; } co.UploadedDate = DateTime.Now; co.LastModified = DateTime.Now; //The owner of this content is the person whose credentials were used to upload it co.SubmitterEmail = GetUserEmail(); Utility_3D.ConvertedModel model; try { //Setup the conversion library Utility_3D _3d = new Utility_3D(); _3d.Initialize(ConfigurationManager.AppSettings["LibraryLocation"]); Utility_3D.Model_Packager converter = new Utility_3D.Model_Packager(); Utility_3D.ConverterOptions opts = new Utility_3D.ConverterOptions(); //We do want metadata gathered with this conversion opts.EnableMetadataGathering(); opts.EnableScaleTextures(512); opts.EnableTextureConversion("png"); //Try to convert the model package into a dae //Note that the system might allow you to input an skp, so this should probably take a filename //The conversion needs to be told that the input is skp, and currently it's hardcoded to show it as a zip model = converter.Convert(new MemoryStream(data), "content.zip", "dae", opts); } catch (Utility_3D.ConversionException e) { model = null; } catch (System.Exception e) { model = null; } if (model != null) { //Copy the data gathered by the converter to the metadata co.NumPolygons = model._ModelData.VertexCount.Polys; co.NumTextures = model.textureFiles.Count; co.UpAxis = model._ModelData.TransformProperties.UpAxis; co.UnitScale = model._ModelData.TransformProperties.UnitMeters.ToString(); co.LastModified = System.DateTime.Now; co.Views = 0; } co.UploadedDate = System.DateTime.Now; //Place this new object in the repo if (pid != "") { GetRepo().InsertContentRevision(co); } else { GetRepo().InsertContentObject(co); } if (model != null) { //Set the stream from the conversion to the content of this object co.SetContentFile(new MemoryStream(model.data), "content.zip"); //Set the display file Stream displayfile = ConvertFileToO3D(new MemoryStream(model.data)); if (displayfile != null) co.SetDisplayFile(displayfile, "content.o3d"); //Add the references to textrues discovered by the converter to the database foreach (string i in model._ModelData.ReferencedTextures) co.AddTextureReference(i.ToLower(), "Diffuse", 0); //Add the references to missing textures to the database foreach (string i in model.missingTextures) co.AddMissingTexture(i.ToLower(), "Diffuse", 0); } //set the original file data co.OriginalFileName = "OriginalUpload.zip"; co.OriginalFileId = GetRepo().SetContentFile(new MemoryStream(data), co.PID, co.OriginalFileName); co.CommitChanges(); //setup the default permissions vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); perm.SetModelToGroupLevel(GetUserEmail(), co.PID, vwarDAL.DefaultGroups.AllUsers, vwarDAL.ModelPermissionLevel.Fetchable); perm.SetModelToGroupLevel(GetUserEmail(), co.PID, vwarDAL.DefaultGroups.AnonymousUsers, vwarDAL.ModelPermissionLevel.Searchable); perm.Dispose(); ReleaseRepo(); //return the pid of this new object return co.PID; }
//Upload the screenshot for the model public string SetUserPermission(string pid, string username, string level, string key) { if (!CheckKey(key)) return null; pid = pid.Replace('_', ':'); //Get the content obhect vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); //Check the permissions if (!DoValidate(Security.TransactionType.Modify, pid)) { ReleaseRepo(); return ""; } vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.PermissionErrorCode code = perm.SetModelToUserLevel(GetUsername(), pid, username, (vwarDAL.ModelPermissionLevel)Enum.Parse(typeof(vwarDAL.ModelPermissionLevel), level)); perm.Dispose(); ReleaseRepo(); return System.Enum.GetName(typeof(vwarDAL.PermissionErrorCode), code); }
//Search the repo for a list of pids that match a search term //This returns the results as a list of pairs of titles and pids //will eventually take a pagenum and other params for more advanced searching public List<SearchResult> Search(string terms, string key) { if (!CheckKey(key)) return null; try { terms = HttpUtility.UrlDecode(terms); String[] termlist = terms.Split(new char[] {';', ',', '&' }, StringSplitOptions.RemoveEmptyEntries); string username = GetUsername(); if (username == "") return null; //Do the search List<SearchResult> results = new List<SearchResult>(); vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); vwarDAL.DataAccessFactory factory = new vwarDAL.DataAccessFactory(); vwarDAL.ISearchProxy search = factory.CreateSearchProxy(username); bool usingKeyword = false; if (termlist[0] == "Keywords") { List<String> temp = new List<string>(termlist); temp.RemoveAt(0); termlist = temp.ToArray(); usingKeyword = true; } foreach (string searchterm in termlist) { IEnumerable<vwarDAL.ContentObject> caresults; if (! usingKeyword) caresults = search.DeepSearch(searchterm); else caresults = search.QuickSearch(searchterm); //Build the search results if (caresults != null) foreach (vwarDAL.ContentObject co in caresults) { SearchResult r = new SearchResult(); r.PID = co.PID; r.Title = co.Title; results.Add(r); } } search.Dispose(); prm.Dispose(); return results; } catch (Exception ex) { List<SearchResult> results = new List<SearchResult>(); results.Add(new SearchResult { Title = ex.Message + ex.StackTrace }); return results; } //return them }
//Upload the screenshot for the model public string GetUserPermission(string pid, string username, string key) { if (!CheckKey(key)) return null; pid = pid.Replace('_', ':'); //Get the content obhect vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); //Check the permissions if (!DoValidate(Security.TransactionType.Query, pid)) { ReleaseRepo(); return ""; } //tells you what hte level is for this user, taking into account group membership vwarDAL.ModelPermissionLevel level = vwarDAL.ModelPermissionLevel.NotSet; vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); foreach (vwarDAL.UserGroup g in perm.GetUsersGroups(username)) { if (perm.CheckGroupPermissions(g, pid) > level) level = perm.CheckGroupPermissions(g, pid); } perm.Dispose(); ReleaseRepo(); return System.Enum.GetName(typeof(vwarDAL.ModelPermissionLevel), level); }
//Get the metadata object for a conten object public Metadata GetMetadata(string pid, string key) { if (!CheckKey(key)) return null; try { //Metadata to return Metadata map = new Metadata(); pid = pid.Replace('_', ':'); //Get the content object vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], co.PID); perm.Dispose(); //Check the permissions if (!DoValidate(Security.TransactionType.Query, co)) { ReleaseRepo(); return null; } //If there is no location, dont return data if (co.Location != "") { map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null; map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable; map.PID = co.PID; map.Title = co.Title; map.Keywords = co.Keywords; map.Format = co.Format; map.Downloads = co.Downloads.ToString(); map.DeveloperName = co.DeveloperName; map.Description = co.Description; map.ArtistName = co.ArtistName; map.AssetType = co.AssetType; map.NumPolygons = co.NumPolygons.ToString(); map.NumTextures = co.NumTextures.ToString(); map.SponsorName = co.SponsorName; map.UnitScale = co.UnitScale; map.UpAxis = co.UpAxis; map.UploadedDate = co.UploadedDate.ToString(); map.Views = co.Views.ToString(); map.Revision = co.Revision.ToString(); map.TotalRevisions = co.NumberOfRevisions.ToString(); map.MoreInformationURL = co.MoreInformationURL; map.License = co.CreativeCommonsLicenseURL; // map.License = co.CreativeCommonsLicenseURL; //Get the supporting files, and copy to a serializable class map.SupportingFiles = new List<SupportingFile>(); foreach (vwarDAL.SupportingFile i in co.SupportingFiles) { SupportingFile f2 = new SupportingFile(); f2.Filename = i.Filename; f2.Description = i.Description; map.SupportingFiles.Add(f2); } //Get the texture references and copy to a serializable class map.TextureReferences = new List<Texture>(); foreach (vwarDAL.Texture i in co.TextureReferences) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.TextureReferences.Add(f2); } //Get the missing textures, and copy to a serializable class map.MissingTextures = new List<Texture>(); foreach (vwarDAL.Texture i in co.MissingTextures) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.MissingTextures.Add(f2); } } //Return the data ReleaseRepo(); return map; } catch (Exception ex) { return new Metadata { Title = ex.Message }; } ReleaseRepo(); return new Metadata { Title = "got here" }; }