/// <summary> /// Overrides API base class validate, uses website user rather than HTTP Basic /// </summary> /// <param name="type">The transaction type to validate</param> /// <param name="co">the content object to validate the operation on</param> /// <returns>True if the user may perform this operation on the contentobject</returns> public override bool DoValidate(Security.TransactionType type, vwarDAL.ContentObject co) { vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID); prm.Dispose(); if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable) { return true; } if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable) { return true; } if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable) { return true; } if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } return false; }
/// <summary> /// User basic HTTP authorization, reads the header and does the auth /// </summary> /// <param name="type">The transaction type to validate</param> /// <param name="co">the content object to validate the operation on</param> /// <returns>True if the user may perform this operation on the contentobject</returns> public virtual bool DoValidate(Security.TransactionType type, string PID) { //Return note about the authorization scheme used WebOperationContext.Current.OutgoingResponse.Headers[System.Net.HttpResponseHeader.WwwAuthenticate] = "BASIC realm=\"3DR API\""; //Start by assuming anonymous string username = vwarDAL.DefaultUsers.Anonymous[0]; string password = ""; //if there is an auth header, check it if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] != null) { //string should start with "BASIC ", remove this string auth = WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization].Substring(6); System.Text.Encoding enc = System.Text.Encoding.ASCII; //Decode from base64 auth = enc.GetString(System.Convert.FromBase64String(auth)); username = auth.Split(new char[] { ':' })[0]; password = auth.Split(new char[] { ':' })[1]; //Dont bother checking password for anonymous if (username != vwarDAL.DefaultUsers.Anonymous[0]) { //Get the membership provider Simple.Providers.MySQL.MysqlMembershipProvider provider = (Simple.Providers.MySQL.MysqlMembershipProvider)System.Web.Security.Membership.Providers["MysqlMembershipProvider"]; //Check if the suer is logged in correctly bool validate = provider.ValidateUser(username, password); //if they did not validate, then return false and send 401 if (!validate) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } } } if (!Convert.ToBoolean(ConfigurationManager.AppSettings["AssumeAnonymousUserWhenMissingAuthHeader"])) { //This will force uses to enter the username AnonymousUser! if you want to just assume it when there is no //header, just remove this block, if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] == null) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } } //Do the actual check of permissions vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); if (type != Security.TransactionType.Create) { vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, PID); prm.Dispose(); if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable) { return true; } if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable) { return true; } if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable) { return true; } if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return true; } } prm.Dispose(); //If asking for create permission, and got here,then it must be a valid user. But, can't be anon. if (type == Security.TransactionType.Create) { if (username == vwarDAL.DefaultUsers.Anonymous[0]) { WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; } else return true; } //Set the status if they are not authourized WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized; return false; }
//Get the metadata object for a conten object public Metadata GetMetadata(string pid, string key) { if (!CheckKey(key)) return null; try { //Metadata to return Metadata map = new Metadata(); pid = pid.Replace('_', ':'); //Get the content object vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], pid); perm.Dispose(); //Check the permissions if (!DoValidate(Security.TransactionType.Query, pid)) { ReleaseRepo(); return null; } //removing to deal with stale issues when the GUI is used to update metadata. Metadata fromcache = null;// CacheManager.CheckCache<Metadata>(new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA)); if (fromcache != null) return fromcache; vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); //If there is no location, dont return data if (co.Location != "") { map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null; map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable; map.PID = co.PID; map.Title = co.Title; map.Keywords = co.Keywords; map.Format = co.Format; map.Downloads = co.Downloads.ToString(); map.DeveloperName = co.DeveloperName; map.Description = co.Description; map.ArtistName = co.ArtistName; map.AssetType = co.AssetType; map.NumPolygons = co.NumPolygons.ToString(); map.NumTextures = co.NumTextures.ToString(); map.SponsorName = co.SponsorName; map.UnitScale = co.UnitScale; map.UpAxis = co.UpAxis; map.UploadedDate = co.UploadedDate.ToString(); map.Views = co.Views.ToString(); map.Revision = co.Revision.ToString(); map.TotalRevisions = co.NumberOfRevisions.ToString(); map.MoreInformationURL = co.MoreInformationURL; map.License = co.CreativeCommonsLicenseURL; map.Distribution_Contolling_Office = co.Distribution_Contolling_Office; map.Distribution_Determination_Date = co.Distribution_Determination_Date.ToShortDateString(); map.Distribution_Grade = Enum.GetName(typeof(vwarDAL.DistributionGrade), co.Distribution_Grade); map.Distribution_Reason = co.Distribution_Reason; map.Distribution_Regulation = co.Distribution_Regulation; map.RequiresResubmit = co.RequireResubmit; // map.License = co.CreativeCommonsLicenseURL; //Get the supporting files, and copy to a serializable class map.SupportingFiles = new List<SupportingFile>(); foreach (vwarDAL.SupportingFile i in co.SupportingFiles) { SupportingFile f2 = new SupportingFile(); f2.Filename = i.Filename; f2.Description = i.Description; map.SupportingFiles.Add(f2); } //Get the texture references and copy to a serializable class map.TextureReferences = new List<Texture>(); foreach (vwarDAL.Texture i in co.TextureReferences) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.TextureReferences.Add(f2); } //Get the missing textures, and copy to a serializable class map.MissingTextures = new List<Texture>(); foreach (vwarDAL.Texture i in co.MissingTextures) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.MissingTextures.Add(f2); } CacheManager.Cache<Metadata>(ref map, new CacheIdentifier(pid, "", CacheIdentifier.FILETYPE.METADATA)); } //Return the data ReleaseRepo(); return map; } catch (Exception ex) { return new Metadata { Title = ex.Message }; } ReleaseRepo(); return new Metadata { Title = "got here" }; }
//Get the metadata object for a conten object public Metadata GetMetadata(string pid, string key) { if (!CheckKey(key)) return null; try { //Metadata to return Metadata map = new Metadata(); pid = pid.Replace('_', ':'); //Get the content object vwarDAL.ContentObject co = GetRepo().GetContentObjectById(pid, false); vwarDAL.PermissionsManager perm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel plevel = perm.GetPermissionLevel(vwarDAL.DefaultUsers.Anonymous[0], co.PID); perm.Dispose(); //Check the permissions if (!DoValidate(Security.TransactionType.Query, co)) { ReleaseRepo(); return null; } //If there is no location, dont return data if (co.Location != "") { map.ConversionAvailable = co.DisplayFileId != "" && co.DisplayFileId != null; map.AnonymousDownloadAvailable = plevel >= vwarDAL.ModelPermissionLevel.Fetchable; map.PID = co.PID; map.Title = co.Title; map.Keywords = co.Keywords; map.Format = co.Format; map.Downloads = co.Downloads.ToString(); map.DeveloperName = co.DeveloperName; map.Description = co.Description; map.ArtistName = co.ArtistName; map.AssetType = co.AssetType; map.NumPolygons = co.NumPolygons.ToString(); map.NumTextures = co.NumTextures.ToString(); map.SponsorName = co.SponsorName; map.UnitScale = co.UnitScale; map.UpAxis = co.UpAxis; map.UploadedDate = co.UploadedDate.ToString(); map.Views = co.Views.ToString(); map.Revision = co.Revision.ToString(); map.TotalRevisions = co.NumberOfRevisions.ToString(); map.MoreInformationURL = co.MoreInformationURL; map.License = co.CreativeCommonsLicenseURL; // map.License = co.CreativeCommonsLicenseURL; //Get the supporting files, and copy to a serializable class map.SupportingFiles = new List<SupportingFile>(); foreach (vwarDAL.SupportingFile i in co.SupportingFiles) { SupportingFile f2 = new SupportingFile(); f2.Filename = i.Filename; f2.Description = i.Description; map.SupportingFiles.Add(f2); } //Get the texture references and copy to a serializable class map.TextureReferences = new List<Texture>(); foreach (vwarDAL.Texture i in co.TextureReferences) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.TextureReferences.Add(f2); } //Get the missing textures, and copy to a serializable class map.MissingTextures = new List<Texture>(); foreach (vwarDAL.Texture i in co.MissingTextures) { Texture f2 = new Texture(); f2.mFilename = i.mFilename; f2.mType = i.mType; f2.mUVSet = i.mUVSet; map.MissingTextures.Add(f2); } } //Return the data ReleaseRepo(); return map; } catch (Exception ex) { return new Metadata { Title = ex.Message }; } ReleaseRepo(); return new Metadata { Title = "got here" }; }