public ActionResult CreateNewStatement(TrustLessModelLib.Statement statement)
{
using (DataContext context = new DataContext())
{
if (!PersonController.ValidateLoginSession(context,statement.Person.LoginSession.Token))
return new HttpStatusCodeResult((int)HttpStatusCode.Forbidden);
var match =
context.Statements.FirstOrDefault(x => x.MedicinOne == statement.MedicinOne && x.MedicinTwo == statement.MedicinTwo);
//Does a statement already exists with the same two medicins.
if (match != null) // && IsStatementValid(context,match)
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
//Security: Don't allow user to specify the person who created the statement. Set it to the current user logged in.
statement.Person =
context.Persons.FirstOrDefault(x => x.Username == statement.Person.Username);
//If the person does not exist, abort.
if (statement.Person == null)
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
//Rule: refuse a user with zero trust from creating statements.
if (CalculateBayesianModelTrust(statement.Person) == 0)
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
context.Statements.Add(statement);
//Add recommendation from user
var recommendation = new TrustLessModelLib.Recommendation(){ Person = statement.Person, Statement = statement, IsRecommended = true, Transaction = null, Description = statement.Description, CreationDate = DateTime.Now};
//This will fail if a racecondition was to add two recommendations (given that our key assignment of the table ensures only one of the same recommendation exist).
context.Recommendations.Add (recommendation);
context.SaveChanges ();
BlockChain.MakeRecommendation (context, recommendation);
return new HttpStatusCodeResult((int)HttpStatusCode.Created);
}
}
public ActionResult Recommend(int statement, string token, bool trust)
{
var possibleStatements = GetStatements (token);
if(possibleStatements.GetType() != typeof(ContentResult))
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
if (!JsonConvert.DeserializeObject<List<Statement>>(((ContentResult)possibleStatements).Content, new JsonSerializerSettings{
MissingMemberHandling = MissingMemberHandling.Ignore
}).Any(x => x.Id == statement))
return new HttpStatusCodeResult((int)HttpStatusCode.Forbidden);
Stream req = Request.InputStream;
req.Seek (0, System.IO.SeekOrigin.Begin);
string description = new StreamReader(req).ReadToEnd();
using (DataContext context = new DataContext())
{
if (!PersonController.ValidateLoginSession(context,token))
return new HttpStatusCodeResult((int)HttpStatusCode.Forbidden);
Person person = context.Persons.FirstOrDefault (x => x.LoginSessionToken != null && x.LoginSessionToken == token);
var statementObject =
context.Statements.FirstOrDefault(x => x.Id == statement);
if (statementObject == null)
return new HttpStatusCodeResult((int)HttpStatusCode.NotFound);
var recommendation =
context.Recommendations.FirstOrDefault(x => x.StatementId== statement && x.PersonUsername == person.Username);
if (recommendation != null)
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
if (IsStatementRecommendationsComplete (context, statementObject))
return new HttpStatusCodeResult((int)HttpStatusCode.Forbidden);
recommendation = new TrustLessModelLib.Recommendation(){ Person = person, Statement = statementObject, IsRecommended = trust, Transaction = null, Description = description, CreationDate = DateTime.Now};
lock (recommendationLock)
{
if (IsStatementRecommendationsComplete(context, statementObject))
return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest);
//This will fail if a racecondition was to add two recommendations (given that our key assignment of the table ensures only one of the same recommendation exist).
context.Recommendations.Add(recommendation);
//Race condition is not possible after the next line of code, only one will succeed in adding the row below from the same user.
context.SaveChanges();
}
BlockChain.MakeRecommendation(context, recommendation);
if (IsStatementRecommendationsComplete (context, statementObject))
IssueTrustForStatement (context, statementObject);
return new HttpStatusCodeResult((int)HttpStatusCode.Created);
}
}