/// <summary>
/// Checks if the action requester is authorised to access the enquired resource.
/// </summary>
/// <param name="actionContext">The action context, which encapsulates information for using the filter.</param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
try
{
if (!authorisationService.IsAuthorised(actionContext.Request.Headers, sessionToken, serviceName, permission, privilege))
{
throw new RejectedException("Request is not authorized.");
}
}
catch (InvalidSessionException e)
{
throw new HttpResponseException(actionContext.Request.CreateErrorResponse(HttpStatusCode.BadRequest, e.Message, e));
}
catch (UnauthorizedAccessException e)
{
throw new HttpResponseException(actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, e.Message, e));
}
catch (RejectedException e)
{
throw new HttpResponseException(actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, e.Message, e));
}
}
/// <summary>
/// <see cref="IProvider{TTSingle,TMultiple,TPrimaryKey}.Post(TTSingle, string[], string[])">Post</see>
/// </summary>
public virtual IHttpActionResult Post(TSingle obj, [MatrixParameter] string[] zoneId = null, [MatrixParameter] string[] contextId = null)
{
string sessionToken;
if (!authenticationService.VerifyAuthenticationHeader(Request.Headers, out sessionToken))
{
return(Unauthorized());
}
// Check ACLs and return StatusCode(HttpStatusCode.Forbidden) if appropriate.
if (!authorisationService.IsAuthorised(Request.Headers, sessionToken, $"{TypeName}s", RightType.CREATE))
{
return(StatusCode(HttpStatusCode.Forbidden));
}
if ((zoneId != null && zoneId.Length != 1) || (contextId != null && contextId.Length != 1))
{
return(BadRequest("Request failed for object " + typeof(TSingle).Name + " as Zone and/or Context are invalid."));
}
IHttpActionResult result;
try
{
bool hasAdvisoryId = !string.IsNullOrWhiteSpace(obj.RefId);
bool?mustUseAdvisory = HttpUtils.GetMustUseAdvisory(Request.Headers);
if (mustUseAdvisory.HasValue && mustUseAdvisory.Value == true)
{
if (hasAdvisoryId)
{
TSingle createdObject = service.Create(obj, mustUseAdvisory, zoneId: (zoneId == null ? null : zoneId[0]), contextId: (contextId == null ? null : contextId[0]));
string uri = Url.Link("DefaultApi", new { controller = TypeName, id = createdObject.RefId });
result = Created(uri, createdObject);
}
else
{
result = BadRequest($"Request failed for object {TypeName} as object ID is not provided, but mustUseAdvisory is true.");
}
}
else
{
TSingle createdObject = service.Create(obj, zoneId: (zoneId == null ? null : zoneId[0]), contextId: (contextId == null ? null : contextId[0]));
string uri = Url.Link("DefaultApi", new { controller = typeof(TSingle).Name, id = createdObject.RefId });
result = Created(uri, createdObject);
}
}
catch (AlreadyExistsException)
{
result = Conflict();
}
catch (ArgumentException e)
{
result = BadRequest("Object to create of type " + typeof(TSingle).Name + " is invalid.\n " + e.Message);
}
catch (CreateException e)
{
result = BadRequest("Request failed for object " + typeof(TSingle).Name + ".\n " + e.Message);
}
catch (RejectedException e)
{
result = this.NotFound("Create request rejected for object " + typeof(TSingle).Name + " with ID of " + obj.RefId + ".\n" + e.Message);
}
catch (QueryException e)
{
result = BadRequest("Request failed for object " + typeof(TSingle).Name + ".\n " + e.Message);
}
catch (Exception e)
{
result = InternalServerError(e);
}
return(result);
}