/// <summary> /// Overrides API base class validate, uses website user rather than HTTP Basic /// </summary> /// <param name="type">The transaction type to validate</param> /// <param name="co">the content object to validate the operation on</param> /// <returns>True if the user may perform this operation on the contentobject</returns> public override bool DoValidate(Security.TransactionType type, string PID) { vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager(); vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, PID); prm.Dispose(); if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable) { return(true); } if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable) { return(true); } if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable) { return(true); } if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return(true); } if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin) { return(true); } return(false); }
public IEnumerable <ContentObject> FilterResultsBasedOnPermissions(string username, IEnumerable <ContentObject> input, int total) { PermissionsManager prm = new PermissionsManager(); List <ContentObject> output = new List <ContentObject>(); foreach (ContentObject co in input) { ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID); if (Permission >= ModelPermissionLevel.Searchable) { output.Add(co); } } if (output.Count > total) { return(output.GetRange(0, total)); } return(output); }