public void AmazonUploadRequestTest() { TestUtils.Security.SetCurrentUser(TestEnums.User.constPatientUserID); var target = AppFileEN.GetService(""); AppFileAmazonUploadRequestSP p = new AppFileAmazonUploadRequestSP() { FileName = "images.jpg" , AppEntityRecordIDValue = (long)TestEnums.User.constPatientUserID , AppFileTypeID = (int)EntityEnums.AppEntityFileTypeEnum.Test_Picture_Upload }; var result = target.AmazonUploadRequest(p); string expectedKey = "systemtest/testfile.jpg"; //string expectedPolicyString = ""; (it can variate and has time added by 10 hours so, it's hard to have an exact policy) Assert.IsTrue(result.AppFileID > 0); Assert.AreEqual(result.Key, expectedKey); //Assert.AreEqual(System.Text.UTF8Encoding.UTF8.GetString(Convert.FromBase64String(result.PolicyBase64)), expectedPolicyString); string actualPolicyText = System.Text.UTF8Encoding.UTF8.GetString(Convert.FromBase64String(result.PolicyBase64)); Assert.IsTrue(string.IsNullOrEmpty(actualPolicyText) == false, "policy text base 64 can't be null or empty."); Assert.IsTrue(FWUtils.EntityUtils.JsonIsValidThenDeserialize(actualPolicyText) != null, "policy string should be a valid json object"); Assert.IsTrue(string.IsNullOrEmpty(System.Text.UTF8Encoding.UTF8.GetString(Convert.FromBase64String(result.SignatureBase64))) == false, "signature base 64 can't be null or empty."); }
public void AmazonUploadRequest(AppFileType type, AppFileAmazonUploadRequestSP p) { if (type == null) { throw new Exception("File type is not specified AmazonUploadRequest."); } // checking file size if (string.IsNullOrEmpty(p.FileSize) == false) { int size = 0; if (int.TryParse(p.FileSize, out size)) { if (size < type.MinFileSize || size > type.MaxFileSize) { throw new BRException( string.Format(BusinessErrorStrings.AppFile.InvalidFileSize_MinMax, FWUtils.MiscUtils.GetReadableFileSize(type.MinFileSize), FWUtils.MiscUtils.GetReadableFileSize(type.MaxFileSize) )); } } } // checking file type string fileType = FWUtils.MiscUtils.GetFileTypeByFileName(p.FileName); if (string.IsNullOrEmpty(p.FileName) == false && string.IsNullOrEmpty(type.AcceptableFormatsCommaSeparated) == false) { if (string.IsNullOrEmpty(fileType)) { throw new BRException(BusinessErrorStrings.AppFile.FileTypeEmpty); } string[] acceptableFileTypeArray = type.AcceptableFormatsCommaSeparated.Split(','); bool isAcceptable = false; foreach (string s in acceptableFileTypeArray) { if (s.ToLower() == fileType) { isAcceptable = true; break; } } if (isAcceptable == false) { throw new BRException(string.Format(BusinessErrorStrings.AppFile.InvalidFileType, fileType, type.AcceptableFormatsCommaSeparated )); } } }
//Please write your properties and functions here. This part will not be replaced. public void AmazonUploadRequestPre(AppFileAmazonUploadRequestSP p) { if (p.AppFileTypeID == 0) { throw new Exception("File type is not specified AmazonUploadRequestPre."); } if (string.IsNullOrEmpty(p.FileName)) { throw new Exception("File name is not specified AmazonUploadRequestPre."); } if (p.AppEntityRecordIDValue == 0) { throw new Exception("RecordID is not specified for AmazonUploadRequestPre."); } }
/// <summary> /// Amazons the upload request information of for Amazon S3 /// </summary> /// <param name="p">parameters</param> /// <returns></returns> public AppFileAmazonS3DirectHttpUploadData AmazonUploadRequest(AppFileAmazonUploadRequestSP p) { Check.Require(string.IsNullOrEmpty(p.FileName) == false); Check.Require(p.AppFileTypeID > 0); Check.Require(p.AppEntityRecordIDValue > 0); var biz = (AppFileBR)BusinessLogicObject; biz.AmazonUploadRequestPre(p); vAppFile appFile = null; AppFileType fileType = (AppFileType)AppFileTypeEN.GetService().GetByID(p.AppFileTypeID, new GetByIDParameters()); // checking business rules at first biz.AmazonUploadRequest(fileType, p); if (fileType.HasSecurityCheck == true) { CheckUploadRequestSecurity((EntityEnums.AppEntityFileTypeEnum)fileType.AppFileTypeID, p); } if (fileType.MaxNumberOfFiles == 1) // single file upload { FilterExpression filter = new FilterExpression(); filter.AddFilter(vAppFile.ColumnNames.AppFileTypeID, p.AppFileTypeID); filter.AddFilter(vAppFile.ColumnNames.AppEntityRecordIDValue, p.AppEntityRecordIDValue); IList <vAppFile> list = GetByFilterV(new GetByFilterParameters(filter)); if (list.Count == 0) // create a record { appFile = InsertNewFile(p.FileName, p.AppFileTypeID, p.AppEntityRecordIDValue); } else { appFile = list[0]; } } else // multiple file upload { appFile = InsertNewFile(p.FileName, p.AppFileTypeID, p.AppEntityRecordIDValue); } long userId = FWUtils.SecurityUtils.GetCurrentUserIDLong(); var result = GetAmazonUploadData(fileType, appFile); return(result); }
/// <summary> /// Checks the upload request security. /// </summary> /// <param name="fileType">Type of the file.</param> /// <param name="p">The p.</param> /// <exception cref="ServiceSecurityException"> /// You can't change profile picture of other users. /// or /// You can't upload medical documents for other users. /// or /// Only doctor of a visit can attach a file to a visit /// </exception> /// <exception cref="System.NotImplementedException"></exception> private void CheckUploadRequestSecurity(EntityEnums.AppEntityFileTypeEnum fileType, AppFileAmazonUploadRequestSP p) { long userId = FWUtils.SecurityUtils.GetCurrentUserIDLong(); switch (fileType) { case EntityEnums.AppEntityFileTypeEnum.Test_Picture_Upload: // this is for test purposes so no security! break; case EntityEnums.AppEntityFileTypeEnum.User_Profile_Picture: if (p.AppEntityRecordIDValue != userId) { throw new ServiceSecurityException("You can't change profile picture of other users."); } break; case EntityEnums.AppEntityFileTypeEnum.User_MedicalDocuments: if (p.AppEntityRecordIDValue != userId) { if (FWUtils.SecurityUtils.HasRole("Doctor") == false) { throw new ServiceSecurityException("You can't upload medical documents for other users. Only the patient and doctors can upload medical documents"); } } break; case EntityEnums.AppEntityFileTypeEnum.Visit_Attachments: var visit = VisitEN.GetService().GetByIDV(p.AppEntityRecordIDValue, new GetByIDParameters()); if (visit.DoctorID != userId) { throw new ServiceSecurityException("Only doctor of a visit can attach a file to a visit"); } break; default: throw new NotImplementedException(); //KEEP this line. This is to know if a new type added and how to check security for it. } }