public async Task <IHttpActionResult> GetByNumber(string number, [FromUri] string respGroup = null)
{
var searchCriteria = AbstractTypeFactory <CustomerOrderSearchCriteria> .TryCreateInstance();
searchCriteria.Number = number;
var userName = User.Identity.Name;
var user = await _securityService.FindByNameAsync(userName, UserDetails.Reduced);
searchCriteria.ResponseGroup = OrderReadPricesPermission.ApplyResponseGroupFiltering(user, _securityService.GetUserPermissions(userName), respGroup);
var result = _searchService.SearchCustomerOrders(searchCriteria);
var retVal = result.Results.FirstOrDefault();
if (retVal != null)
{
var scopes = _permissionScopeService.GetObjectPermissionScopeStrings(retVal).ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, OrderPredefinedPermissions.Read))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
//Set scopes for UI scope bounded ACL checking
retVal.Scopes = scopes;
}
return(Ok(retVal));
}
public IHttpActionResult GetStoreById(string id)
{
var result = _storeService.GetById(id);
CheckCurrentUserHasPermissionForObjects(StorePredefinedPermissions.Read, result);
result.Scopes = _permissionScopeService.GetObjectPermissionScopeStrings(result).ToArray();
return(Ok(result));
}
public IHttpActionResult GetStoreById(string id)
{
var store = _storeService.GetById(id);
if (store == null)
{
return(NotFound());
}
CheckCurrentUserHasPermissionForObjects(StorePredefinedPermissions.Read, store);
var retVal = store.ToWebModel();
retVal.SecurityScopes = _permissionScopeService.GetObjectPermissionScopeStrings(store).ToArray();
return(Ok(retVal));
}
public IHttpActionResult GetPromotionById(string id)
{
var retVal = _promotionService.GetPromotionsByIds(new[] { id }).FirstOrDefault();
if (retVal != null)
{
var scopes = _permissionScopeService.GetObjectPermissionScopeStrings(retVal).ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, MarketingPredefinedPermissions.Read))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
return(Ok(retVal.ToWebModel(_marketingExtensionManager.PromotionDynamicExpressionTree)));
}
return(NotFound());
}
protected void CheckCurrentUserHasPermissionForObjects(string permission, params object[] objects)
{
//Scope bound security check
var scopes = objects.SelectMany(x => _permissionScopeService.GetObjectPermissionScopeStrings(x)).Distinct().ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, permission))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
}
public IHttpActionResult GetByNumber(string number)
{
var result = _searchService.SearchCustomerOrders(new CustomerOrderSearchCriteria {
Number = number, ResponseGroup = CustomerOrderResponseGroup.Full.ToString()
});
var retVal = result.Results.FirstOrDefault();
if (retVal != null)
{
var scopes = _permissionScopeService.GetObjectPermissionScopeStrings(retVal).ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, OrderPredefinedPermissions.Read))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
//Set scopes for UI scope bounded ACL checking
retVal.Scopes = scopes;
}
return(Ok(retVal));
}
public IHttpActionResult GetById(string id)
{
var retVal = _customerOrderService.GetById(id, coreModel.CustomerOrderResponseGroup.Full);
if (retVal == null)
{
return(NotFound());
}
//Scope bound security check
var scopes = _permissionScopeService.GetObjectPermissionScopeStrings(retVal).ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, OrderPredefinedPermissions.Read))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
var result = retVal.ToWebModel();
//Set scopes for UI scope bounded ACL checking
result.Scopes = scopes;
return(Ok(result));
}
public IHttpActionResult GetByNumber(string number, [FromUri] string respGroup = null)
{
var searchCriteria = AbstractTypeFactory <CustomerOrderSearchCriteria> .TryCreateInstance();
searchCriteria.Number = number;
searchCriteria.ResponseGroup = respGroup;
var result = _searchService.SearchCustomerOrders(searchCriteria);
var retVal = result.Results.FirstOrDefault();
if (retVal != null)
{
var scopes = _permissionScopeService.GetObjectPermissionScopeStrings(retVal).ToArray();
if (!_securityService.UserHasAnyPermission(User.Identity.Name, scopes, OrderPredefinedPermissions.Read))
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
//Set scopes for UI scope bounded ACL checking
retVal.Scopes = scopes;
}
return(Ok(retVal));
}
protected string[] GetObjectPermissionScopeStrings(object obj)
{
return(_permissionScopeService.GetObjectPermissionScopeStrings(obj).ToArray());
}