// GET api/posts/5
public async Task<HttpResponseMessage> Get(int id)
{
HttpResponseMessage result;
ClaimsPrincipal user = User as ClaimsPrincipal;
Claim userIdClaim = user.Claims.FirstOrDefault(claim => claim.Type == ClaimTypes.NameIdentifier);
if (userIdClaim == null || string.IsNullOrEmpty(userIdClaim.Value))
{
result = Request.CreateResponse(HttpStatusCode.InternalServerError);
}
else
{
BlogPost blogPost = await RavenSession.LoadAsync<BlogPost>(id);
if (blogPost == null)
{
result = Request.CreateResponse(HttpStatusCode.NotFound);
}
else
{
if (userIdClaim.Value.Equals(blogPost.AuthorId, StringComparison.InvariantCultureIgnoreCase) == false)
{
// TODO: Log here
// Basically, the blogPost author is not the one who has been authenticated. return 404 for security reasons.
result = Request.CreateResponse(HttpStatusCode.NotFound);
}
else
{
PostModel post = new PostModel(blogPost, GetCategoryScheme());
result = Request.CreateResponse(HttpStatusCode.OK, post);
}
}
}
return result;
}
private void Enrich(PostModel post, UrlHelper url)
{
string selfUrl = url.Link("DefaultApi", new { controller = "posts", id = post.Id });
post.AddLink(new SelfLink(selfUrl));
post.AddLink(new EditLink(selfUrl));
}