public override void OnActionExecuting(HttpActionContext filterContext) { var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"]; var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider); var itemDetails = new ItemDetail(); if (itemRequest.ServerPath != null) { itemRequest.ItemId = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath).Id; } if (itemRequest.ItemId == Guid.Empty && (itemRequest.ItemType == ItemType.Datasource || itemRequest.ItemType == ItemType.File)) { itemDetails = itemManagement.GetItemDetailsFromItemName(itemRequest.Name, itemRequest.ItemType); if (itemDetails != null) { itemRequest.ItemId = itemDetails.Id; } else { var apiResponse = new ItemResponse { Status = false, StatusMessage = "Invalid request values" }; var response = new HttpResponseMessage { Content = new StringContent(javaScriptSerializer.Serialize(apiResponse)) }; filterContext.Response = response; } } filterContext.ActionArguments["itemRequest"] = itemRequest; var userId = new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId(itemRequest.UserName); var itemsList = itemManagement.GetItems( new UserManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider).GetUserId( itemRequest.UserName), ItemType, null, null, null, null, null, itemRequest.ItemId); HttpContext.Current.Session["UserId"] = userId; if (itemsList.result.Any(a => a.Id == itemRequest.ItemId && a.CanRead) == false) { var apiResponse = new ItemResponse { Status = false, StatusMessage = "You do not have permission to access this item or the item does not exist." }; var response = new HttpResponseMessage { Content = new StringContent(javaScriptSerializer.Serialize(apiResponse)) }; filterContext.Response = response; } base.OnActionExecuting(filterContext); }
public override void OnActionExecuting(HttpActionContext filterContext) { var itemRequest = (ItemRequest)filterContext.ActionArguments["itemRequest"]; var itemDetail = itemManagement.GetItemDetailsFromItemPath(itemRequest.ServerPath); if (itemDetail == null) { var apiResponse = new ItemResponse { Status = false, StatusMessage = "You do not have permission to edit this item or the item does not exist." }; var response = new HttpResponseMessage { Content = new StringContent(javaScriptSerializer.Serialize(apiResponse)) }; filterContext.Response = response; } itemRequest.ItemId = itemDetail.Id; itemRequest.CategoryId = itemDetail.CategoryId; var itemId = itemRequest.ItemId; filterContext.ActionArguments["itemRequest"] = itemRequest; var userId = userManagement.GetUserId(itemRequest.UserName); var itemsList = itemManagement.GetItems(userId, ItemType, null, null, null, null, null, itemId); if (itemsList.result.Any(a => a.Id == itemId && a.CanWrite) == false) { var apiResponse = new ItemResponse { Status = false, StatusMessage = "You do not have permission to edit this item or the item does not exist." }; var response = new HttpResponseMessage { Content = new StringContent(javaScriptSerializer.Serialize(apiResponse)) }; filterContext.Response = response; } else { if (itemManagement.IsItemNameAlreadyExistsForUpdate(itemRequest.Name, itemRequest.CategoryId, itemId)) { var apiResponse = new ItemResponse { Status = false, StatusMessage = "Item with the same name is already exist in the specified Category" }; var response = new HttpResponseMessage { Content = new StringContent(javaScriptSerializer.Serialize(apiResponse)) }; filterContext.Response = response; } } base.OnActionExecuting(filterContext); }