public HttpResponseMessage Delete(string ticket, int id)
{
var securityProvider = new SecurityProvider(_connectionString);
var sessionInfo = securityProvider.GetSessionInfo(ticket);
if (sessionInfo == null)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
var deleteRequest = new DeleteDashRequest
{
DashboardId = id,
UserId = sessionInfo.User.Id //fix
};
var handler = new DeleteDashHandler(_connectionString);
var response = handler.Handle(deleteRequest);
var statusCode = ResolveStatusCode(response);
return(Request.CreateResponse(statusCode, response));
}
private IList <ErrorStatus> Validate(DeleteDashRequest request)
{
var errors = new List <ErrorStatus>();
var dash = _dashRepository.Get(request.DashboardId);
if (dash == null)
{
errors.Add(new ErrorStatus("DASH_NOT_FOUND"));
return(errors);
}
if (request.UserId != dash.UserId)
{
errors.Add(new ErrorStatus("UNAUTHORIZED_ACCESS"));
return(errors);
}
return
(errors);
}
public DeleteDashResponse Handle(DeleteDashRequest request)
{
var response = new DeleteDashResponse {
Errors = Validate(request)
};
if (response.HasErrors)
{
return(response);
}
try
{
int userId = _usersRepository.Get(request.UserId).Id;
_dashRepository.DeleteDashboard(userId, request.DashboardId);
}
catch (Exception ex)
{
response.Errors.Add(new ErrorStatus("BAD_REQUEST"));
}
return(response);
}
