public async Task <IHttpActionResult> Delete(Guid id)
{
var identity = User.Identity as ClaimsIdentity;
var privileged = identity.HasClaim(ClaimsIdentity.DefaultRoleClaimType, "Admin");
var fr8AccountId = identity.GetUserId();
var planTemplateCM = await _planTemplate.Get(fr8AccountId, id);
if (planTemplateCM != null)
{
if (planTemplateCM.OwnerId != fr8AccountId && !privileged)
{
return(Unauthorized());
}
await _planTemplate.Remove(fr8AccountId, id);
}
//if planTemplate is not in MT we should delete it from azure search
await _searchProvider.Remove(id);
return(Ok());
}
public async Task Unpublish(Guid planId, string userId, bool privileged)
{
//TODO: add security check with new security model
//var identity = User.Identity as ClaimsIdentity;
//var privileged = identity.HasClaim(ClaimsIdentity.DefaultRoleClaimType, "Admin");
//var fr8AccountId = identity.GetUserId();
var planTemplateCM = await _planTemplate.Get(userId, planId);
if (planTemplateCM != null)
{
if (planTemplateCM.OwnerId != userId && !privileged)
{
throw new UnauthorizedAccessException(); // Unauthorized();
}
await _planTemplate.Remove(userId, planId);
await _searchProvider.Remove(planId);
}
//var uri = new Uri(CloudConfigurationManager.GetSetting("PlanDirectoryUrl") + "/api/v1/plan_templates/?id=" + planId);
//var headers = await _hmacService.GenerateHMACHeader(
// uri,
// "PlanDirectory",
// CloudConfigurationManager.GetSetting("PlanDirectorySecret"),
// userId
//);
//await _client.DeleteAsync(uri, headers: headers);
// Notify user that plan successfully deleted
_pusherNotifier.NotifyUser(new NotificationMessageDTO
{
NotificationType = NotificationType.GenericSuccess,
Subject = "Success",
Message = $"Plan Unpublished.",
Collapsed = false
}, userId);
}
