public ActionResult AddPin(ReviewLocation reviewLocation)
{
var token = GetToken();
if (string.IsNullOrWhiteSpace(token))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var reviewLink = _externalReviewLinksRepository.GetContentByToken(token);
if (reviewLink == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
if (!ValidateReviewLocation(reviewLocation))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
//TODO: security issue - we post whole item and external reviewer can modify this
var location = _approvalReviewsRepository.Update(reviewLink.ContentLink, reviewLocation);
if (location == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
return(new RestResult
{
Data = location
});
}
private bool ValidateReviewLocation(ReviewLocation reviewLocation)
{
bool ValidateComment(CommentDto comment)
{
return(comment.Text.Length <= _externalReviewOptions.Restrictions.MaxCommentLength);
}
var serializer = _serializerFactory.GetSerializer(KnownContentTypes.Json);
var reviewLocationDto = serializer.Deserialize <ReviewLocationDto>(reviewLocation.Data);
if (reviewLocationDto == null)
{
return(false);
}
if (!ValidateComment(reviewLocationDto.FirstComment))
{
return(false);
}
if (reviewLocationDto.Comments.Count() > _externalReviewOptions.Restrictions.MaxCommentsForReviewLocation)
{
return(false);
}
foreach (var comment in reviewLocationDto.Comments)
{
if (!ValidateComment(comment))
{
return(false);
}
}
return(true);
}
public ActionResult AddPin(ReviewLocation reviewLocation)
{
// get token based on URL segment
string GetToken()
{
var request = System.Web.HttpContext.Current.Request;
if (request.UrlReferrer == null)
{
return(null);
}
var segements = request.UrlReferrer.Segments;
if (segements.Length == 0)
{
return(null);
}
var lastSegment = segements.Last();
return(lastSegment);
}
var token = GetToken();
if (string.IsNullOrWhiteSpace(token))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var reviewLink = _externalReviewLinksRepository.GetContentByToken(token);
if (reviewLink == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
if (!ValidateReviewLocation(reviewLocation))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
//TODO: security issue - we post whole item and external reviewer can modify this
var location = _approvalReviewsRepository.Update(reviewLink.ContentLink, reviewLocation);
if (location == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
return(new RestResult
{
Data = location
});
}
