private ProfileDto MakeDto(Player p)
{
var result = new ProfileDto
{
Name = p.Name,
Uri = Url.Link("GetProfileByName", new { name = p.Name }),
Attributes = new Dictionary <string, string>(),
};
foreach (var pair in p.GetAllAttributes())
{
if (Request.CheckAccess(
GunchoResources.UserActions.View,
GunchoResources.User, p.Name,
GunchoResources.Attribute, pair.Key))
{
result.Attributes.Add(pair);
}
}
return(result);
}
public async Task <IHttpActionResult> PutProfileByNameAsync(string name, [FromBody] ProfileDto newProfile)
{
var player = playersService.GetPlayerByName(name);
if (player == null)
{
return(NotFound());
}
if (!Request.CheckAccess(
GunchoResources.UserActions.Edit,
GunchoResources.User, player.Name))
{
return(Forbidden());
}
var checks = new Queue <Func <Player, bool> >();
var updates = new Queue <Action <Player> >();
// TODO: don't modify Player objects, do everything through service methods
if (newProfile.Name != null && newProfile.Name != player.Name)
{
checks.Enqueue(p =>
playersService.IsValidNameChange(p.Name, newProfile.Name) &&
Request.CheckAccess(
GunchoResources.UserActions.Edit,
GunchoResources.User, p.Name,
GunchoResources.Field, GunchoResources.UserFields.Name));
updates.Enqueue(p => p.Name = newProfile.Name);
}
if (newProfile.Attributes != null)
{
foreach (var pair in newProfile.Attributes)
{
var key = pair.Key;
var value = pair.Value;
if (!writableAttributes.Contains(key))
{
ModelState.AddModelError("Attributes", string.Format("Attribute {0} is not writable.", key));
continue;
}
if (value == null || value.Length == 0)
{
checks.Enqueue(p =>
Request.CheckAccess(
GunchoResources.AttributeActions.Delete,
GunchoResources.User, p.Name,
GunchoResources.Attribute, key));
}
else
{
checks.Enqueue(p =>
Request.CheckAccess(
GunchoResources.AttributeActions.Edit,
GunchoResources.User, p.Name,
GunchoResources.Attribute, key));
}
updates.Enqueue(p => p.SetAttribute(key, value));
}
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var result = await playersService.TransactionalUpdateAsync(
player,
p =>
{
foreach (var check in checks)
{
if (!check(p))
{
return(false);
}
}
foreach (var update in updates)
{
update(p);
}
return(true);
});
if (result == false)
{
return(BadRequest(ModelState));
}
return(GetProfileByName(name));
}
public Task <IHttpActionResult> PutMyAsync(ProfileDto newProfile)
{
return(PutProfileByNameAsync(User.Identity.Name, newProfile));
}
