/// <summary>
/// Dispose of the ADO for connection tidy-up
/// </summary>
protected void Dispose()
{
if (SamAccountName != null && AuthenticationType == AuthenticationType.local)
{
Login_BSO.ExtendSession(Ado, SamAccountName);
}
// Dispose the ADO
Ado.Dispose();
// To be reviewed...
PxStat.RequestLanguage.LngIsoCode = null;
}
/// <summary>
/// Constructor
/// </summary>
/// <returns></returns>
public BaseTemplate_Read <T, V> Read()
{
try
{
// first of all, we check if user has the right to perform this operation!
if (HasUserToBeAuthenticated())
{
if (!IsUserAuthenticated() || !HasUserPrivilege())
{
OnAuthenticationFailed();
return(this);
}
}
//if we didn't attempt to authenticate and it's an external call then we still need to the the SamAccountName
if (SamAccountName == null && Request.sessionCookie != null)
{
Log.Instance.Debug("Session cookie: " + Request.sessionCookie.Value);
//Does the cookie correspond with a live token for a user?
ADO_readerOutput user;
using (Login_BSO lBso = new Login_BSO())
{
user = lBso.ReadBySession(Request.sessionCookie.Value);
if (user.hasData)
{
SamAccountName = user.data[0].CcnUsername;
}
}
}
//Run the parameters through the cleanse process
dynamic cleansedParams;
//If the API has the IndividualCleanseNoHtml attribute then parameters are cleansed individually
//Any of these parameters whose corresponding DTO property contains the NoHtmlStrip attribute will not be cleansed of HTML tags
if (Resources.MethodReader.MethodHasAttribute(Request.method, "IndividualCleanseNoHtml"))
{
dynamic dto = GetDTO(Request.parameters);
cleansedParams = Cleanser.Cleanse(Request.parameters, dto);
}
else
{
cleansedParams = Cleanser.Cleanse(Request.parameters);
}
try
{
DTO = GetDTO(cleansedParams);
}
catch
{
throw new InputFormatException();
}
DTO = Sanitizer.Sanitize(DTO);
DTOValidationResult = Validator.Validate(DTO);
if (!DTOValidationResult.IsValid)
{
OnDTOValidationError();
return(this);
}
////Has the user hit a limit of how many queries are allowed?
//if (Throttle_BSO.IsThrottled(Ado, HttpContext.Current.Request, Request, SamAccountName))
//{
// OnThrottle();
// return this;
//}
//Create the analytic data if required
Security.Analytic_BSO_Create.Create(Ado, DTO, HttpContext.Current.Request, Request);
//See if there's a cache in the process
if (MethodReader.MethodHasAttribute(Request.method, "CacheRead"))
{
cDTO = new CacheMetadata("CacheRead", Request.method, DTO);
MemCachedD_Value cache = MemCacheD.Get_BSO <dynamic>(cDTO.Namespace, cDTO.ApiName, cDTO.Method, DTO);
if (cache.hasData)
{
Response.data = cache.data;
return(this);
}
}
// The Actual Read should happen here by the specific class!
if (!Execute())
{
OnExecutionError();
}
else
{
OnExecutionSuccess();
}
return(this);
}
catch (UnmatchedParametersException unmatchException)
{
Log.Instance.Debug(unmatchException);
OnDTOValidationError();
return(this);
}
catch (FormatException formatException)
{
//A FormatException error has been caught, log the error and return a message to the caller
Log.Instance.Error(formatException);
Response.error = Label.Get("error.schema");
return(this);
}
catch (Exception ex)
{
//An error has been caught, log the error and return a message to the caller
Log.Instance.Error(ex);
Response.error = Label.Get("error.exception");
return(this);
}
finally
{
Dispose();
}
}
/// <summary>
/// Constructor
/// </summary>
/// <returns></returns>
public BaseTemplate_Update <T, V> Update()
{
try
{
// first of all, we check if user has the right to perform this operation!
if (HasUserToBeAuthenticated())
{
if (!IsUserAuthenticated() || !HasUserPrivilege())
{
OnAuthenticationFailed();
return(this);
}
}
//if we didn't attempt to authenticate and it's an external call then we still need to the the SamAccountName
if (SamAccountName == null && Request.sessionCookie != null)
{
//Does the cookie correspond with a live token for a user?
ADO_readerOutput user;
using (Login_BSO lBso = new Login_BSO())
{
user = lBso.ReadBySession(Request.sessionCookie.Value);
if (user.hasData)
{
SamAccountName = user.data[0].CcnUsername;
}
}
}
//Run the parameters through the cleanse process
dynamic cleansedParams;
//If the API has the IndividualCleanseNoHtml attribute then parameters are cleansed individually
//Any of these parameters whose corresponding DTO property contains the NoHtmlStrip attribute will not be cleansed of HTML tags
if (Resources.MethodReader.MethodHasAttribute(Request.method, "IndividualCleanseNoHtml"))
{
dynamic dto = GetDTO(Request.parameters);
cleansedParams = Cleanser.Cleanse(Request.parameters, dto);
}
else
{
cleansedParams = Cleanser.Cleanse(Request.parameters);
}
try
{
DTO = GetDTO(cleansedParams);
}
catch
{
throw new InputFormatException();
}
DTO = Sanitizer.Sanitize(DTO);
DTOValidationResult = Validator.Validate(DTO);
if (!DTOValidationResult.IsValid)
{
OnDTOValidationError();
return(this);
}
Ado.StartTransaction();
// The Actual Creation should happen here by the specific class!
if (!Execute())
{
Ado.RollbackTransaction();
OnExecutionError();
}
else
{
Ado.CommitTransaction();
OnExecutionSuccess();
}
return(this);
}
catch (FormatException formatException)
{
//An error has been caught, rollback the transaction, log the error and return a message to the caller
Ado.RollbackTransaction();
Log.Instance.Error(formatException);
Response.error = Label.Get("error.schema");
return(this);
}
catch (InputFormatException inputError)
{
//An error has been caught, rollback the transaction, log the error and return a message to the caller
Ado.RollbackTransaction();
Log.Instance.Error(inputError);
Response.error = Label.Get("error.schema");
return(this);
}
catch (Exception ex)
{
Ado.RollbackTransaction();
//An error has been caught, rollback the transaction, log the error and return a message to the caller
Log.Instance.Error(ex);
Response.error = Label.Get("error.exception");
return(this);
}
finally
{
Dispose();
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
virtual protected bool IsUserAuthenticated()
{
if (Request.userPrincipal != null)
{
if (!ActiveDirectory.IsAuthenticated(Request.userPrincipal))
{
OnAuthenticationFailed();
return(false);
}
//check in case the account is locked
Account_ADO aAdo = new Account_ADO();
ADO_readerOutput response = aAdo.Read(Ado, new Account_DTO_Read()
{
CcnUsername = Request.userPrincipal.SamAccountName
});
if (!response.hasData)
{
OnAuthenticationFailed();
return(false);
}
if (response.data[0].CcnLockedFlag)
{
OnAuthenticationFailed();
return(false);
}
AuthenticationType = AuthenticationType.windows;
}
else
{
//This may be application authenticated, let's check..
Response.error = null;
if (Request.sessionCookie != null)
{
//Does the cookie correspond with a live token for a user? If so then return the user.
ADO_readerOutput user;
using (Login_BSO lBso = new Login_BSO())
{
user = lBso.ReadBySession(Request.sessionCookie.Value);
if (!user.hasData)
{
Response.error = Label.Get("error.authentication");;
return(false);
}
else
{
SamAccountName = user.data[0].CcnUsername;
if (!HasUserPrivilege())
{
return(false);
}
}
}
AuthenticationType = AuthenticationType.local;
}
else
{
return(false);
}
}
OnAuthenticationSuccessful();
return(true);
}
