/// <summary>
/// Gets a list of entry statuses that the user can edit or set.
/// This means, the user is allowed to edit entries with any of these statuses,
/// and the user is able to change the entry status to any of these.
/// </summary>
/// <remarks>
/// Most of the time the allowed entry statuses are global, but associating a user account with an artist entry
/// gives special entry-specific permissions for the user editing that entry.
/// </remarks>
/// <param name="permissionContext">User permission context identifying the user's global permissions.</param>
/// <param name="entry">Entry to be checked. Can be null. If null, only global permissions will be checked.</param>
/// <returns>A list of permissions that can be set by the user.</returns>
public static StatusSet AllowedEntryStatuses(IUserPermissionContext permissionContext, IEntryBase entry = null)
{
// Check for basic edit permissions, without these the user is limited or disabled
if (!permissionContext.HasPermission(PermissionToken.ManageDatabase))
{
return(StatusSet.Empty);
}
// Moderators with lock permissions can edit everything
if (permissionContext.HasPermission(PermissionToken.LockEntries))
{
return(allPermissions);
}
// Trusted users can edit approved entries
if (permissionContext.HasPermission(PermissionToken.ApproveEntries))
{
return(trustedStatusPermissions);
}
// Verified artists get trusted permissions for their own entry
if (IsVerifiedFor(permissionContext, entry))
{
return(trustedStatusPermissions);
}
// Normal user permissions
if (permissionContext.HasPermission(PermissionToken.ManageDatabase))
{
return(normalStatusPermissions);
}
return(StatusSet.Empty);
}
public static bool CanEdit(IUserPermissionContext permissionContext, DiscussionTopic topic)
{
if (!permissionContext.HasPermission(PermissionToken.CreateComments))
{
return(false);
}
if (permissionContext.HasPermission(PermissionToken.DeleteComments))
{
return(true);
}
return(topic.Author != null && topic.Author.IsTheSameUser(permissionContext.LoggedUser));
}
public static bool CanDelete <TEntry>(IUserPermissionContext permissionContext, TEntry entry)
where TEntry : IEntryWithVersions, IEntryWithStatus
{
if (!permissionContext.IsLoggedIn)
{
return(false);
}
// Deleting requires edit permission
if (!CanEdit(permissionContext, entry))
{
return(false);
}
if (permissionContext.HasPermission(PermissionToken.DeleteEntries))
{
return(true);
}
// Verified artists can delete their entries
if (IsVerifiedFor(permissionContext, entry))
{
return(true);
}
return(entry.ArchivedVersionsManager.VersionsBase.All(v => v.Author != null && v.Author.Id == permissionContext.LoggedUserId));
}
public static bool CanEdit(IUserPermissionContext permissionContext, Comment comment)
{
if (!permissionContext.HasPermission(PermissionToken.CreateComments))
{
return(false);
}
return(comment.Author != null && comment.Author.IsTheSameUser(permissionContext.LoggedUser));
}
public static EntryStatus[] AllowedEntryStatuses(IUserPermissionContext permissionContext)
{
if (permissionContext.HasPermission(PermissionToken.LockEntries))
{
return(allPermissions);
}
if (permissionContext.HasPermission(PermissionToken.ApproveEntries))
{
return(trustedStatusPermissions);
}
if (permissionContext.HasPermission(PermissionToken.ManageDatabase))
{
return(normalStatusPermissions);
}
return(new EntryStatus[] {});
}
public RatedSongForUserForApiContract(FavoriteSongForUser ratedSong, IUserIconFactory userIconFactory, UserOptionalFields userFields,
IUserPermissionContext userPermissionContext)
{
Date = ratedSong.Date;
Rating = ratedSong.Rating;
if (ratedSong.User.Options.PublicRatings || userPermissionContext.HasPermission(PermissionToken.ViewHiddenRatings))
{
User = new UserForApiContract(ratedSong.User, userIconFactory, userFields);
}
}
public static bool CanEdit(IUserPermissionContext permissionContext, DiscussionTopic topic)
{
if (!permissionContext.HasPermission(PermissionToken.CreateComments))
{
return(false);
}
// TODO: admins should be able to edit all topics, even locked
return(topic.Author != null && topic.Author.IsTheSameUser(permissionContext.LoggedUser));
}
/// <summary>
/// Gets versions before the specified version.
/// </summary>
/// <param name="beforeVer">Version to be compared. Can be null in which case all versions are returned.</param>
/// <returns>Versions whose number is lower than the compared version. Cannot be null.</returns>
public virtual IEnumerable <TVersion> GetPreviousVersions(TVersion beforeVer, IUserPermissionContext permissionContext)
{
if (beforeVer == null)
{
return(Versions);
}
return(Versions
.Where(a => a.Version < beforeVer.Version)
.Where(v => permissionContext.HasPermission(PermissionToken.ViewHiddenRevisions) || !v.Hidden));
}
public static bool CanEdit(IUserPermissionContext permissionContext, IEntryWithStatus entry)
{
ParamIs.NotNull(() => entry);
if (!permissionContext.HasPermission(PermissionToken.ManageDatabase))
{
return(false);
}
if (permissionContext.HasPermission(PermissionToken.LockEntries))
{
return(true);
}
if (permissionContext.HasPermission(PermissionToken.ApproveEntries))
{
return(trustedStatusPermissions.Contains(entry.Status));
}
return(normalStatusPermissions.Contains(entry.Status));
}
public static bool CanEdit(IUserPermissionContext permissionContext, SongList songList)
{
if (songList.FeaturedList && CanManageFeaturedLists(permissionContext))
{
return(true);
}
if (permissionContext.HasPermission(PermissionToken.EditAllSongLists))
{
return(true);
}
return(songList.Author.IsTheSameUser(permissionContext.LoggedUser));
}
public static bool CanRemoveTagUsages(IUserPermissionContext permissionContext, IEntryBase entry)
{
if (!permissionContext.IsLoggedIn)
{
return(false);
}
if (permissionContext.HasPermission(PermissionToken.RemoveTagUsages))
{
return(true);
}
return(IsVerifiedFor(permissionContext, entry));
}
public static bool CanManageFeaturedLists(IUserPermissionContext permissionContext)
{
return(permissionContext.HasPermission(PermissionToken.EditFeaturedLists));
}
public ActivityEntryForApiContract(ActivityEntry activityEntry, EntryForApiContract entryForApiContract,
IUserIconFactory userIconFactory,
IUserPermissionContext permissionContext,
ActivityEntryOptionalFields fields)
{
CreateDate = activityEntry.CreateDate.ToUniversalTime();
EditEvent = activityEntry.EditEvent;
if (activityEntry.Author != null &&
((permissionContext.IsLoggedIn && (permissionContext.LoggedUserId == activityEntry.Author.Id || permissionContext.HasPermission(PermissionToken.DisableUsers))) ||
!activityEntry.Author.AnonymousActivity))
{
Author = new UserForApiContract(activityEntry.Author, userIconFactory, UserOptionalFields.MainPicture);
}
if (fields.HasFlag(ActivityEntryOptionalFields.ArchivedVersion) && activityEntry.ArchivedVersionBase != null)
{
ArchivedVersion = new ArchivedObjectVersionForApiContract(activityEntry.ArchivedVersionBase);
}
Entry = entryForApiContract;
}
public override bool IsAuthorized(IUserPermissionContext permissionContext)
{
return(permissionContext != null && permissionContext.HasPermission(PermissionToken.AddRawFileMedia));
}
public TagUsageForApiContract[] AddTags <TEntry, TTag>(int entryId,
TagBaseContract[] tags,
bool onlyAdd,
IRepository <User> repository,
IEntryLinkFactory entryLinkFactory,
IEnumTranslations enumTranslations,
Func <TEntry, TagManager <TTag> > tagFunc,
Func <TEntry, IDatabaseContext <TTag>, ITagUsageFactory <TTag> > tagUsageFactoryFactory)
where TEntry : IEntryWithNames, IEntryWithTags where TTag : TagUsage
{
ParamIs.NotNull(() => tags);
permissionContext.VerifyPermission(PermissionToken.EditTags);
tags = tags.Where(IsValid).ToArray();
if (onlyAdd && !tags.Any())
{
return(new TagUsageForApiContract[0]);
}
return(repository.HandleTransaction(ctx => {
// Tags are primarily added by Id, secondarily by translated name.
// First separate given tags for tag IDs and tag names
var tagIds = tags.Where(HasId).Select(t => t.Id).ToArray();
var translatedTagNames = tags.Where(t => !HasId(t) && !string.IsNullOrEmpty(t.Name)).Select(t => t.Name).ToArray();
// Load existing tags by name and ID.
var tagsFromIds = ctx.Query <Tag>().Where(t => tagIds.Contains(t.Id)).ToArray();
var tagsFromNames = ctx.Query <Tag>().WhereHasName(translatedTagNames).ToArray();
// Figure out tags that don't exist yet (no ID and no matching name).
var newTagNames = translatedTagNames.Except(tagsFromNames.SelectMany(t => t.Names.AllValues), StringComparer.InvariantCultureIgnoreCase).ToArray();
var user = ctx.OfType <User>().GetLoggedUser(permissionContext);
var tagFactory = new TagFactoryRepository(ctx.OfType <Tag>(), new AgentLoginData(user));
var newTags = newTagNames.Select(t => tagFactory.CreateTag(t)).ToArray();
var entry = ctx.OfType <TEntry>().Load(entryId);
// Get the final list of tag names with translations
var appliedTags = tagsFromNames
.Concat(tagsFromIds)
.Where(t => permissionContext.HasPermission(PermissionToken.ApplyAnyTag) || t.IsValidFor(entry.EntryType))
.Concat(newTags)
.Distinct()
.ToArray();
var tagUsageFactory = tagUsageFactoryFactory(entry, ctx.OfType <TTag>());
var tagNames = appliedTags.Select(t => t.DefaultName);
ctx.AuditLogger.AuditLog(string.Format("tagging {0} with {1}",
entryLinkFactory.CreateEntryLink(entry), string.Join(", ", tagNames)), user);
var addedTags = appliedTags.Except(entry.Tags.Tags).ToArray();
new FollowedTagNotifier().SendNotifications(ctx, entry, addedTags, new[] { user.Id }, entryLinkFactory, enumTranslations);
var updatedTags = tagFunc(entry).SyncVotes(user, appliedTags, tagUsageFactory, onlyAdd: onlyAdd);
var tagCtx = ctx.OfType <Tag>();
foreach (var tag in updatedTags)
{
tagCtx.Update(tag);
}
RecomputeTagUsagesCounts(tagCtx, updatedTags);
ctx.AuditLogger.SysLog("finished tagging");
return tagFunc(entry).ActiveUsages.Select(t => new TagUsageForApiContract(t, permissionContext.LanguagePreference)).ToArray();
}));
}
public override bool IsAuthorized(IUserPermissionContext permissionContext) {
return permissionContext.HasPermission(PermissionToken.AddRawFileMedia);
}