public ActionResult Create(ProjectCreateViewModel model)
{
if (!ModelState.IsValid)
return View(model);
var owner = new ApplicationUser() { Id = User.Identity.GetUserId() };
Project project = new Project(model) { Owner = owner };
var initialAuth = new ProjectAuthorization
{
Project = project,
User = owner,
Permission = Permission.Administrator
};
db.Entry(owner).State = EntityState.Unchanged;
db.Entry(project).State = EntityState.Added;
db.Entry(initialAuth).State = EntityState.Added;
db.SaveChanges();
return RedirectToAction("Index");
}
public ActionResult EditPermissions(ProjectRolesViewModel model)
{
if (!ModelState.IsValid)
return View(model);
Project project = db.Projects
.Include(p => p.Authorizations)
.First(p => p.Id == model.Id);
var currentUserId = User.Identity.GetUserId();
var auths = project.Authorizations
.Where(auth => auth.User_ID == currentUserId);
if (!auths.Any(auth => auth.Permission == Permission.Administrator))
{
return new HttpStatusCodeResult(HttpStatusCode.Forbidden,
"You do not have sufficient permissions for that resource.");
}
foreach(var userRoleModel in model.UserRoles)
{
foreach(var permModel in userRoleModel.Permissions)
{
var projAuth = new ProjectAuthorization()
{
User_ID = userRoleModel.UserId,
Permission = permModel.Permission,
Project_ID = model.Id.Value
};
if (permModel.Removed)
{
projAuth = project.Authorizations.FirstOrDefault(
existingAuth =>
existingAuth.User_ID == projAuth.User_ID
&& existingAuth.Permission == projAuth.Permission);
project.Authorizations.Remove(projAuth);
}
else if (permModel.Added)
{
project.Authorizations.Add(projAuth);
}
}
}
db.SaveChanges();
// Before redirecting to project, make sure the user didn't
// remove all permissions from himself.
if (model.UserRoles.Any(userRole =>
userRole.UserId == currentUserId
&& userRole.Permissions.Any(perm => perm.Selected)))
{
return RedirectToAction("Details", new { id = model.Id });
}
else
{
return RedirectToAction("Index", "Home");
}
}
