public void ApplyToPermissionView(EntityPackage package, IPermissionView view)
{
if (package.HasRelation(Keys.ParentRelation))
{
view.parentId = package.GetRelation(Keys.ParentRelation).entityId1;
}
view.permissions = ToPerms(package.Relations);
}
// Edit vview applications
public void ApplyToEditView(EntityPackage package, IEditView view)
{
ApplyToBaseView(package.Entity, view);
//History has a creator and an editor. The create date comes from base
var creatorRelation = package.GetRelation(Keys.CreatorRelation);
view.editDate = (DateTime)creatorRelation.createDateProper();
view.createUserId = creatorRelation.entityId1;
view.editUserId = long.Parse(creatorRelation.value);
}
/// <summary>
/// Clean the view specifically for updates, run AFTER general
/// </summary>
/// <param name="view"></param>
/// <param name="existing"></param>
/// <returns></returns>
public virtual Task <V> CleanViewUpdateAsync(V view, EntityPackage existing, Requester requester)
{
//FORCE these to be what they were before.
view.createDate = (DateTime)existing.Entity.createDateProper();
view.createUserId = existing.GetRelation(Keys.CreatorRelation).entityId1;
//Don't allow posting over some other entity! THIS IS SUUUUPER IMPORTANT!!!
if (!existing.Entity.type.StartsWith(EntityType))
{
throw new BadRequestException($"No entity of proper type with id {view.id}");
}
return(Task.FromResult(view));
}
/// <summary>
/// Do this on post update
/// </summary>
/// <param name="view"></param>
/// <param name="standin"></param>
/// <param name="existing"></param>
/// <returns></returns>
public override async Task <V> CleanViewUpdateAsync(V view, EntityPackage existing, Requester requester)
{
view = await base.CleanViewUpdateAsync(view, existing, requester);
if (!CanUser(requester, Keys.UpdateAction, existing))
{
throw new ForbiddenException("User cannot update this entity");
}
//Restore the permissions from the package, don't bother throwing an error.
if (!services.permissions.IsSuper(requester) && existing.GetRelation(Keys.CreatorRelation).entityId1 != requester.userId)
{
var existingView = converter.ToView(existing);
view.permissions = existingView.permissions;
}
return(view);
}
public override bool CanUser(Requester requester, string action, EntityPackage package)
{
var result = base.CanUser(requester, action, package);
if (cachedSupers == null)
{
logger.LogWarning("CanUser called without cached supers");
}
else
{
var parentId = package.HasRelation(Keys.ParentRelation) ? package.GetRelation(Keys.ParentRelation).entityId1 : -1;
result = result || action != Keys.ReadAction &&
(cachedSupers.ContainsKey(parentId) && cachedSupers[parentId].Contains(requester.userId) ||
cachedSupers.ContainsKey(package.Entity.id) && cachedSupers[package.Entity.id].Contains(requester.userId));
}
return(result);
}
