public HttpResponseMessage PatchFile(Guid userId, Guid fileId, [FromUri] Guid version, [FromBody] JsonPatchDocument <Core.File> model, [FromHeader(Name = "opensheets-bypass-level")] Level bypassLevel = Level.Information) { if (bypassLevel > Level.Warning && (Level)Context.Principal.Metadata["Allowed-Bypass"] < bypassLevel) { return(Request.CreateResponse(HttpStatusCode.Forbidden, new { Reason = $"Attempted to bypass validation of {bypassLevel} level, only allowed { (Level?)Context.Principal.Metadata["Allowed-Bypass"] ?? Level.Warning }" })); } GetResponse <Core.File> response = _router.Query <GetFileByIdRequest, GetResponse <Core.File> >(new GetFileByIdRequest() { FileId = fileId, OwnerId = userId }); if (response.Result == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } CheckPermissionResponse permissionResponse = _router.Query <CheckPermissionRequest, CheckPermissionResponse>(new CheckPermissionRequest() { IdentityId = Context.Identity.Id, OwnerId = userId, FileId = fileId }); bool canWrite = false; if (!permissionResponse.EffectivePermissions.TryGetValue(FilePermissionAction.Write, out canWrite) || !canWrite) { return(Request.CreateResponse(HttpStatusCode.Forbidden)); } if (response.Result.Version != version) { return(Request.CreateResponse(HttpStatusCode.Conflict)); } ValidatePatchResponse validateResp = _router.Query <ValidatePatchRequest <Core.File>, ValidatePatchResponse>(new ValidatePatchRequest <Core.File>() { ObjectId = fileId, ProposedPatch = model }); if (validateResp.Results.Any(x => x.Level > bypassLevel)) { return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } })); } PatchCommand <Core.File> request = new PatchCommand <Core.File>() { NewVersion = Guid.NewGuid(), Patch = model }; _router.Command(request); return(Request.CreateResponse(HttpStatusCode.OK, new { Version = request.NewVersion })); }
public HttpResponseMessage PatchIdentity(Guid identityId, Guid version, [FromBody] JsonPatchDocument <Identity> model, [FromUri] Level bypassLevel = Level.Information) { if (bypassLevel > Level.Warning && (Level)Context.Principal.Metadata["Allowed-Bypass"] < bypassLevel) { return(Request.CreateResponse(HttpStatusCode.Forbidden, new { Reason = $"Attempted to bypass validation of {bypassLevel} level, only allowed { (Level?)Context.Principal.Metadata["Allowed-Bypass"] ?? Level.Warning }" })); } if (identityId == Guid.Empty) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } GetResponse <Identity> response = _router.Query <GetIdentityByIdRequest, GetResponse <Identity> >(new GetIdentityByIdRequest() { IdentityId = identityId }); if (response.Result == null) { return(Request.CreateResponse(HttpStatusCode.NotFound)); } if (response.Result.Version != version) { return(Request.CreateResponse(HttpStatusCode.Conflict)); } ValidatePatchResponse validateResp = _router.Query <ValidatePatchRequest <Identity>, ValidatePatchResponse>(new ValidatePatchRequest <Identity>() { ObjectId = identityId, ProposedPatch = model }); if (validateResp.Results.Any(x => x.Level > bypassLevel)) { return(Request.CreateResponse((HttpStatusCode)422, new { Validation = new { Errors = validateResp.Results } })); } PatchCommand <Identity> request = new PatchCommand <Identity>() { NewVersion = Guid.NewGuid(), Patch = model }; _router.Command(request); return(Request.CreateResponse(HttpStatusCode.OK, new { Version = request.NewVersion })); }