private void CheckNote(Item note)
{
if (!userDb.ItemAllowed(User.Identity.Name, note))
{
throw HttpExceptionFactory.Forbidden();
}
if (!ModelState.IsValid)
{
throw HttpExceptionFactory.InvalidModel();
}
}
public void Delete(int id)
{
if (!userDb.GridAllowed(User.Identity.Name, id))
{
throw HttpExceptionFactory.Forbidden();
}
if (db.Exsist(id))
{
db.Delete(id);
}
}
public void Update(Coords grid)
{
if (!ModelState.IsValid)
{
throw HttpExceptionFactory.InvalidModel();
}
if (!userDb.CoordsAllowed(User.Identity.Name, grid) && !User.IsInRole("Admin"))
{
throw HttpExceptionFactory.Forbidden();
}
db.UpdateCoord(grid.coords);
}
private void CheckGridItem(Item grid)
{
if (!userDb.ItemAllowed(User.Identity.Name, grid))
{
throw HttpExceptionFactory.Forbidden();
}
if (!ModelState.IsValid)
{
throw HttpExceptionFactory.InvalidModel();
}
if (!db.IsCorrectSlug(grid.slug, grid.id))
{
throw HttpExceptionFactory.BadSlug();
}
}
public void Update(PartialGrid grid)
{
if (!userDb.GridAllowed(User.Identity.Name, grid.Id))
{
throw HttpExceptionFactory.Forbidden();
}
if (!ModelState.IsValid)
{
throw HttpExceptionFactory.InvalidModel();
}
if (!db.IsCorrectSlug(grid.Slug, grid.Id))
{
throw HttpExceptionFactory.BadSlug();
}
if (db.Exsist(grid.Id))
{
db.Update(grid);
}
}
public String Login(User user)
{
if (!ModelState.IsValid)
{
throw HttpExceptionFactory.InvalidModel();
}
user.Login = EvalMD5(user.Login);
user.Password = EvalMD5(user.Password);
var realPassword = db.GetPassword(user.Login);
if (realPassword == null || user.Password != realPassword)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var token = CreateToken();
var name = db.Login(user.Login, token);
return(user.Login + ":" + token + "#" + name);
}
