public HttpResponseMessage PatchFile(Guid userId, Guid fileId, [FromUri] Guid version, [FromBody] JsonPatchDocument <Core.File> model, [FromHeader(Name = "opensheets-bypass-level")] Level bypassLevel = Level.Information)
{
if (bypassLevel > Level.Warning && (Level)Context.Principal.Metadata["Allowed-Bypass"] < bypassLevel)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden, new { Reason = $"Attempted to bypass validation of {bypassLevel} level, only allowed { (Level?)Context.Principal.Metadata["Allowed-Bypass"] ?? Level.Warning }" }));
}
GetResponse <Core.File> response = _router.Query <GetFileByIdRequest, GetResponse <Core.File> >(new GetFileByIdRequest()
{
FileId = fileId,
OwnerId = userId
});
if (response.Result == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest()
{
IdentityId = Context.Identity.Id,
OwnerId = userId,
FileId = fileId
});
bool canWrite = false;
if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Write, out canWrite) || !canWrite)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
if (response.Result.Version != version)
{
return(Request.CreateResponse(HttpStatusCode.Conflict));
}
ValidatePatchResponse validateResp = _router.Query <ValidatePatchRequest <Core.File>, ValidatePatchResponse>(new ValidatePatchRequest <Core.File>()
{
ObjectId = fileId,
ProposedPatch = model
});
if (validateResp.Results.Any(x => x.Level > bypassLevel))
{
return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } }));
}
PatchCommand <Core.File> request = new PatchCommand <Core.File>()
{
NewVersion = Guid.NewGuid(),
Patch = model
};
_router.Command(request);
return(Request.CreateResponse(HttpStatusCode.OK, new { Version = request.NewVersion }));
}
public HttpResponseMessage PatchIdentity(Guid identityId, Guid version, [FromBody] JsonPatchDocument <Identity> model, [FromUri] Level bypassLevel = Level.Information)
{
if (bypassLevel > Level.Warning && (Level)Context.Principal.Metadata["Allowed-Bypass"] < bypassLevel)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden, new { Reason = $"Attempted to bypass validation of {bypassLevel} level, only allowed { (Level?)Context.Principal.Metadata["Allowed-Bypass"] ?? Level.Warning }" }));
}
if (identityId == Guid.Empty)
{
return(Request.CreateResponse(HttpStatusCode.BadRequest));
}
GetResponse <Identity> response = _router.Query <GetIdentityByIdRequest, GetResponse <Identity> >(new GetIdentityByIdRequest()
{
IdentityId = identityId
});
if (response.Result == null)
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
if (response.Result.Version != version)
{
return(Request.CreateResponse(HttpStatusCode.Conflict));
}
ValidatePatchResponse validateResp = _router.Query <ValidatePatchRequest <Identity>, ValidatePatchResponse>(new ValidatePatchRequest <Identity>()
{
ObjectId = identityId,
ProposedPatch = model
});
if (validateResp.Results.Any(x => x.Level > bypassLevel))
{
return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } }));
}
PatchCommand <Identity> request = new PatchCommand <Identity>()
{
NewVersion = Guid.NewGuid(),
Patch = model
};
_router.Command(request);
return(Request.CreateResponse(HttpStatusCode.OK, new { Version = request.NewVersion }));
}
