public HttpResponseMessage GetShouts() { int moduleId = Request.FindModuleId(); int tabId = Request.FindTabId(); bool allowEdit = false; bool allowInput = true; ShoutBoxModuleSettings.ProfileImage profileImg = 0; Log.DebugFormat("moduleId:{0}, tabId:{1}", moduleId, tabId); var moduleSettings = new ShoutBoxModuleSettings(moduleId, tabId); allowInput = moduleSettings.AllowAnonymous; profileImg = moduleSettings.ProfileImageSource; var posts = _repository .GetDisplayPosts(moduleId, moduleSettings.NumberOfPostsToReturn); if (this.UserInfo != null) { //work out if the userinfo //object has edit permission on this module var moduleInfo = ModuleController.Instance.GetModule(moduleId, this.Request.FindTabId(), false); allowEdit = ModulePermissionController .HasModuleAccess(SecurityAccessLevel.Edit, null, moduleInfo); //if we don't allow anonymous check to see if we are auth'd if (!allowInput) { allowInput = this.UserInfo != null && this.UserInfo.UserID > 0; } } Log.DebugFormat("Sending {0} posts to the client", posts.Count()); var response = new { success = true, data = new { posts = posts.ToArray(), allowEdit = allowEdit, allowInput = allowInput, profileImage = profileImg } }; return(this.Request.CreateResponse(response)); }