public IHttpActionResult Delete(long id)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
validation = ValidateUserCanBeDeleted(token);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User target = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (target.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
User removed = ws.RemoveUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
RestUser res = CreateRestUser(removed);
res.href = "";
return(Ok(res));
}
private bool ValidateUserExists(string token, long id)
{
DataAccessSoapClient dataWS = new DataAccessSoapClient();
User target = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
return(target != null);
}
private bool ValidateClientIdentity(string token, long userId)
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
DataAccessSoapClient dataWS = new DataAccessSoapClient();
User target = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, userId);
return(identity != null && target != null &&
identity.Username.Equals(target.Username) && identity.Role.ToString().Equals(target.Role.ToString()));
}
private IHttpActionResult ValidateProductData(ProductData product, string token, bool editing)
{
if (product == null)
{
return(BadRequest("Product data is missing"));
}
if (!editing && !product.IsComplete())
{
return(BadRequest("Product data missing some required field"));
}
if (product.Price != null && product.Price <= 0)
{
return(BadRequest("Product price must be a positive decimal number"));
}
if (product.Units != null && product.Units < 1)
{
return(BadRequest("Product units must be a positive integer"));
}
if (product.SellerId != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
User seller = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.SellerId.Value);
if (seller == null || seller.Role != DataAccessWS.UserRole.SELLER)
{
return(BadRequest("Seller with id " + product.SellerId.Value + " not found in the system"));
}
}
if (product.CategoryId != null)
{
DataAccessSoapClient ws = new DataAccessSoapClient();
Category category = ws.FindCategory(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.CategoryId.Value);
if (category == null)
{
return(BadRequest("Category with id " + product.CategoryId.Value + " not found in the system"));
}
}
return(null);
}
public IHttpActionResult Get(long id)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User user = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (user.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
return(Ok(CreateRestUser(user)));
}
private void assignProperties(Product product, ProductData data, string token)
{
if (!string.IsNullOrEmpty(data.Name))
{
product.Name = data.Name;
}
if (!string.IsNullOrEmpty(data.Description))
{
product.Description = data.Description;
}
if (data.Price != null)
{
product.Price = data.Price.Value;
}
if (data.Units != null)
{
product.Units = data.Units.Value;
}
if (data.Image != null)
{
product.image = data.Image;
}
if (data.SellerId != null)
{
product.seller_id = data.SellerId.Value;
DataAccessSoapClient ws = new DataAccessSoapClient();
dynamic user = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.seller_id);
product.seller = user;
}
if (data.CategoryId != null)
{
product.category_id = data.CategoryId.Value;
DataAccessSoapClient ws = new DataAccessSoapClient();
dynamic category = ws.FindCategory(new DataAccessWS.Security {
BinarySecurityToken = token
}, product.category_id);
product.category = category;
}
}
public IHttpActionResult Put(long id, [FromBody] UserData userData)
{
string token = GetAuthToken();
IHttpActionResult validation = Validate(token, id);
if (validation != null)
{
return(validation);
}
if (userData == null)
{
return(BadRequest("Missing user data"));
}
DataAccessSoapClient ws = new DataAccessSoapClient();
User target = ws.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, id);
if (target.Role != DataAccessWS.UserRole.BUYER)
{
return(NotFound());
}
IHttpActionResult userValidation = ValidateUserData(userData, target);
if (userValidation != null)
{
return(userValidation);
}
User inputUser = userData.CreateBuyer();
inputUser.Id = id;
User updated = ws.UpdateUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, inputUser);
return(Ok(CreateRestUser(updated)));
}
private IHttpActionResult ValidateOwnerProduct(string token, long productId)
{
try
{
IdentityWSSoapClient ws = new IdentityWSSoapClient();
IdentityData identity = ws.GetIdentity(new IdentityWS.Security {
BinarySecurityToken = token
});
if (identity == null)
{
return(Unauthorized());
}
DataAccessSoapClient dataWS = new DataAccessSoapClient();
var binding = dataWS.ChannelFactory.Endpoint.Binding as BasicHttpBinding;
binding.MaxReceivedMessageSize = int.MaxValue;
Product target = dataWS.FindProduct(new DataAccessWS.Security {
BinarySecurityToken = token
}, productId);
if (target == null)
{
return(NotFound());
}
User owner = dataWS.FindUser(new DataAccessWS.Security {
BinarySecurityToken = token
}, target.seller_id);
if (!owner.Username.Equals(identity.Username))
{
return(Unauthorized());
}
}
catch (FaultException ex)
{
return(BadRequest("Invalid security token"));
}
return(null);
}