public ActionResult Post(PostReviewModel reviewModel) { if (reviewModel == null || reviewModel.ContentLink == null || reviewModel.ReviewLocation == null) { return(new RestStatusCodeResult(HttpStatusCode.BadRequest)); } var errorResult = ValidateContent(reviewModel.ContentLink); if (errorResult != null) { return(errorResult); } try { var result = _approvalReviewsRepository.Update(reviewModel.ContentLink, reviewModel.ReviewLocation); _reviewsNotifier.NotifyCmsEditor(reviewModel.ContentLink, reviewModel.ContentLink.ToString(), reviewModel.ReviewLocation.Data, true); return(Rest(result)); } catch (ReviewLocationNotFoundException) { return(new RestStatusCodeResult(HttpStatusCode.NotFound)); } }
public ActionResult AddPin(ReviewLocation reviewLocation) { // get token based on URL segment string GetToken() { var request = System.Web.HttpContext.Current.Request; if (request.UrlReferrer == null) { return(null); } var segements = request.UrlReferrer.Segments; if (segements.Length == 0) { return(null); } var lastSegment = segements.Last(); return(lastSegment); } var token = GetToken(); if (string.IsNullOrWhiteSpace(token)) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } var reviewLink = _externalReviewLinksRepository.GetContentByToken(token); if (reviewLink == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } //TODO: verify number of items added with token. There should be max size //TODO: security issue - we post whole item and external reviewer can modify this var location = _approvalReviewsRepository.Update(reviewLink.ContentLink, reviewLocation); return(new RestResult { Data = location }); }