private ProfileDto MakeDto(Player p) { var result = new ProfileDto { Name = p.Name, Uri = Url.Link("GetProfileByName", new { name = p.Name }), Attributes = new Dictionary <string, string>(), }; foreach (var pair in p.GetAllAttributes()) { if (Request.CheckAccess( GunchoResources.UserActions.View, GunchoResources.User, p.Name, GunchoResources.Attribute, pair.Key)) { result.Attributes.Add(pair); } } return(result); }
public async Task <IHttpActionResult> PutProfileByNameAsync(string name, [FromBody] ProfileDto newProfile) { var player = playersService.GetPlayerByName(name); if (player == null) { return(NotFound()); } if (!Request.CheckAccess( GunchoResources.UserActions.Edit, GunchoResources.User, player.Name)) { return(Forbidden()); } var checks = new Queue <Func <Player, bool> >(); var updates = new Queue <Action <Player> >(); // TODO: don't modify Player objects, do everything through service methods if (newProfile.Name != null && newProfile.Name != player.Name) { checks.Enqueue(p => playersService.IsValidNameChange(p.Name, newProfile.Name) && Request.CheckAccess( GunchoResources.UserActions.Edit, GunchoResources.User, p.Name, GunchoResources.Field, GunchoResources.UserFields.Name)); updates.Enqueue(p => p.Name = newProfile.Name); } if (newProfile.Attributes != null) { foreach (var pair in newProfile.Attributes) { var key = pair.Key; var value = pair.Value; if (!writableAttributes.Contains(key)) { ModelState.AddModelError("Attributes", string.Format("Attribute {0} is not writable.", key)); continue; } if (value == null || value.Length == 0) { checks.Enqueue(p => Request.CheckAccess( GunchoResources.AttributeActions.Delete, GunchoResources.User, p.Name, GunchoResources.Attribute, key)); } else { checks.Enqueue(p => Request.CheckAccess( GunchoResources.AttributeActions.Edit, GunchoResources.User, p.Name, GunchoResources.Attribute, key)); } updates.Enqueue(p => p.SetAttribute(key, value)); } } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var result = await playersService.TransactionalUpdateAsync( player, p => { foreach (var check in checks) { if (!check(p)) { return(false); } } foreach (var update in updates) { update(p); } return(true); }); if (result == false) { return(BadRequest(ModelState)); } return(GetProfileByName(name)); }
public Task <IHttpActionResult> PutMyAsync(ProfileDto newProfile) { return(PutProfileByNameAsync(User.Identity.Name, newProfile)); }