/// <summary>
/// Overrides API base class validate, uses website user rather than HTTP Basic
/// </summary>
/// <param name="type">The transaction type to validate</param>
/// <param name="co">the content object to validate the operation on</param>
/// <returns>True if the user may perform this operation on the contentobject</returns>
public override bool DoValidate(Security.TransactionType type, string PID)
{
vwarDAL.PermissionsManager prm = new vwarDAL.PermissionsManager();
vwarDAL.ModelPermissionLevel Permission = prm.GetPermissionLevel(username, PID);
prm.Dispose();
if (type == Security.TransactionType.Query && Permission >= vwarDAL.ModelPermissionLevel.Searchable)
{
return(true);
}
if (type == Security.TransactionType.Access && Permission >= vwarDAL.ModelPermissionLevel.Fetchable)
{
return(true);
}
if (type == Security.TransactionType.Modify && Permission >= vwarDAL.ModelPermissionLevel.Editable)
{
return(true);
}
if (type == Security.TransactionType.Delete && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return(true);
}
if (type == Security.TransactionType.Create && Permission >= vwarDAL.ModelPermissionLevel.Admin)
{
return(true);
}
return(false);
}
public IEnumerable <ContentObject> FilterResultsBasedOnPermissions(string username, IEnumerable <ContentObject> input, int total)
{
PermissionsManager prm = new PermissionsManager();
List <ContentObject> output = new List <ContentObject>();
foreach (ContentObject co in input)
{
ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID);
if (Permission >= ModelPermissionLevel.Searchable)
{
output.Add(co);
}
}
if (output.Count > total)
{
return(output.GetRange(0, total));
}
return(output);
}
