/// <summary>
/// Overrides API base class validate, uses website user rather than HTTP Basic
/// </summary>
/// <param name="type">The transaction type to validate</param>
/// <param name="co">the content object to validate the operation on</param>
/// <returns>True if the user may perform this operation on the contentobject</returns>
public override bool DoValidate(Security.TransactionType type, vwarDAL.ContentObject co)
{
vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager();
vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID);
prm.Dispose();
if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable)
{
return true;
}
if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable)
{
return true;
}
if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable)
{
return true;
}
if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
return false;
}
//Do the business logic related to checking a url against the auth string, and checking if the user is allowed
//to do the operation on the content object
public static bool ValidateUserTransaction(string url, string auth, TransactionType type, vwarDAL.ContentObject co)
{
//For now, anyone can query
if (type == TransactionType.Query)
{
return true;
}
if (type == TransactionType.Access)
{
//No auth control for Access transactions
return true;
}
if (type == TransactionType.Create)
{
//The user exists in the provider and gave the correct url+password hash
//Here we assume that any user can create content
return ValidateURL(url, GetUsernameFromHeader(auth), GetHashFromHeader(auth));
}
if (type == TransactionType.Modify)
{
//The user exists in the provider and gave the correct url+password hash
if (ValidateURL(url, GetUsernameFromHeader(auth), GetHashFromHeader(auth)))
{
//the user must be the owner of the content object
if (Security.GetProvider().GetUser(GetUsernameFromHeader(auth), false).Email == co.SubmitterEmail || GetUsernameFromHeader(auth) == "API_USER")
{
return true;
}
}
return false;
}
if (type == TransactionType.Delete)
{
//The user exists in the provider and gave the correct url+password hash
if (ValidateURL(url, GetUsernameFromHeader(auth), GetHashFromHeader(auth)))
{
//the user must be the owner of the content object
if (Security.GetProvider().GetUser(GetUsernameFromHeader(auth), false).Email == co.SubmitterEmail || GetUsernameFromHeader(auth) == "API_USER")
{
return true;
}
}
return false;
}
return false;
}
public static void SendModelUploaded(vwarDAL.ContentObject co)
{
if (!System.Convert.ToBoolean(ConfigurationManager.AppSettings["EMAIL_UploadedEnabled"]))
return;
string body = ConfigurationManager.AppSettings["EMAIL_UploadedBody"];
string subject = ConfigurationManager.AppSettings["EMAIL_UploadedSubject"];
string Uploader = HttpContext.Current.User.Identity.Name;
body = body.Replace("{pid}", co.PID);
body = body.Replace("{username}", Uploader);
body = body.Replace("{title}", co.Title);
subject = subject.Replace("{pid}", co.PID);
subject = subject.Replace("{username}", Uploader);
subject = subject.Replace("{title}", co.Title);
Website.Mail.SendSingleMessage(body,ConfigurationManager.AppSettings["SupportEmail"], subject,ConfigurationManager.AppSettings["SupportEmail"], ConfigurationManager.AppSettings["SiteName"], "", "", false, "");
}
private static void CopyContentObjectData(Metadata md, vwarDAL.ContentObject co)
{
//Copy the data from the input object
co.Title = md.Title;
co.Keywords = md.Keywords;
co.Format = md.Format;
//co.CreativeCommonsLicenseURL = md.License;
//Need to add logic to change values of texture references
co.DeveloperName = md.DeveloperName;
co.Description = md.Description;
co.ArtistName = md.ArtistName;
co.AssetType = md.AssetType;
co.NumPolygons = System.Convert.ToInt32(md.NumPolygons);
co.NumTextures = System.Convert.ToInt32(md.NumTextures);
co.SponsorName = md.SponsorName;
co.CreativeCommonsLicenseURL = md.License;
co.Distribution_Contolling_Office = md.Distribution_Contolling_Office;
co.Distribution_Determination_Date = DateTime.Parse(md.Distribution_Determination_Date);
co.Distribution_Grade = (vwarDAL.DistributionGrade)Enum.Parse(typeof(vwarDAL.DistributionGrade), md.Distribution_Grade);
co.Distribution_Reason = md.Distribution_Reason;
co.Distribution_Regulation = co.Distribution_Regulation;
co.UnitScale = md.UnitScale;
co.UpAxis = md.UpAxis;
co.RequireResubmit = md.RequiresResubmit;
co.MoreInformationURL = md.MoreInformationURL;
}
/// <summary>
/// User basic HTTP authorization, reads the header and does the auth
/// </summary>
/// <param name="type">The transaction type to validate</param>
/// <param name="co">the content object to validate the operation on</param>
/// <returns>True if the user may perform this operation on the contentobject</returns>
public virtual bool DoValidate(Security.TransactionType type, vwarDAL.ContentObject co)
{
//Return note about the authorization scheme used
WebOperationContext.Current.OutgoingResponse.Headers[System.Net.HttpResponseHeader.WwwAuthenticate] = "BASIC realm=\"3DR API\"";
//Start by assuming anonymous
string username = vwarDAL.DefaultUsers.Anonymous[0];
string password = "";
//if there is an auth header, check it
if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] != null)
{
//string should start with "BASIC ", remove this
string auth = WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization].Substring(6);
System.Text.Encoding enc = System.Text.Encoding.ASCII;
//Decode from base64
auth = enc.GetString( System.Convert.FromBase64String(auth));
username = auth.Split(new char[] { ':' })[0];
password = auth.Split(new char[] { ':' })[1];
//Dont bother checking password for anonymous
if (username != vwarDAL.DefaultUsers.Anonymous[0])
{
//Get the membership provider
Simple.Providers.MySQL.MysqlMembershipProvider provider = (Simple.Providers.MySQL.MysqlMembershipProvider)System.Web.Security.Membership.Providers["MysqlMembershipProvider"];
//Check if the suer is logged in correctly
bool validate = provider.ValidateUser(username, password);
//if they did not validate, then return false and send 401
if (!validate)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
}
}
if (!Convert.ToBoolean(ConfigurationManager.AppSettings["AssumeAnonymousUserWhenMissingAuthHeader"]))
{
//This will force uses to enter the username AnonymousUser! if you want to just assume it when there is no
//header, just remove this block,
if (WebOperationContext.Current.IncomingRequest.Headers[System.Net.HttpRequestHeader.Authorization] == null)
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
}
//Do the actual check of permissions
vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager();
if (type != Security.TransactionType.Create)
{
vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID);
prm.Dispose();
if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable)
{
return true;
}
if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable)
{
return true;
}
if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable)
{
return true;
}
if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return true;
}
}
prm.Dispose();
//If asking for create permission, and got here,then it must be a valid user. But, can't be anon.
if (type == Security.TransactionType.Create)
{
if (username == vwarDAL.DefaultUsers.Anonymous[0])
{
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
else return true;
}
//Set the status if they are not authourized
WebOperationContext.Current.OutgoingResponse.StatusCode = System.Net.HttpStatusCode.Unauthorized;
return false;
}
private static void CopyContentObjectData(Metadata md, vwarDAL.ContentObject co)
{
//Copy the data from the input object
co.Title = md.Title;
co.Keywords = md.Keywords;
co.Format = md.Format;
//co.CreativeCommonsLicenseURL = md.License;
//Need to add logic to change values of texture references
co.DeveloperName = md.DeveloperName;
co.Description = md.Description;
co.ArtistName = md.ArtistName;
co.AssetType = md.AssetType;
co.NumPolygons = System.Convert.ToInt32(md.NumPolygons);
co.NumTextures = System.Convert.ToInt32(md.NumTextures);
co.SponsorName = md.SponsorName;
co.UnitScale = md.UnitScale;
co.UpAxis = md.UpAxis;
co.MoreInformationURL = md.MoreInformationURL;
}
