Beispiel #1
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            object reviewIdObj;
            if (!filterContext.ActionParameters.TryGetValue("id", out reviewIdObj))
                return;

            var reviewId = ActionFilterExtensions.GetIdAsInt(reviewIdObj);
            var db = new DatabaseContext();

            if (reviewId == 0 || db.ReviewConfigurations.Count(r => r.ReviewId == reviewId) < 1) {
                filterContext.Result = new HttpNotFoundResult("No review with the given id can be found.");
            }
            else {
                base.OnActionExecuting(filterContext);
            }
        }
Beispiel #2
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            var reviewId = this.GetIdValue(filterContext);
            var db = new DatabaseContext();

            Expression<Func<ReviewConfiguration, bool>> userHasAlreadyProvidedFeedback =
                r =>
                r.ReviewId == reviewId &&
                r.Feedback.Any(fb => fb.Reviewer.EmailAddress == filterContext.HttpContext.User.Identity.Name);
            var review = db.ReviewConfigurations.Where(userHasAlreadyProvidedFeedback).SingleOrDefault();
            if (review != null) {
                filterContext.Controller.TempData["Message"] =
                    string.Format("You have already completed the review '{0}'. Thank you!", review.Name);
                filterContext.Result =
                    new RedirectToRouteResult(new RouteValueDictionary(new { action = "Index", controller = "Review" }));
            }

            base.OnActionExecuting(filterContext);
        }
Beispiel #3
0
        public ActionResult CompleteRegistration(RegisterModel model)
        {
            if (ModelState.IsValid) {
                try {
                    WebSecurity.ChangePassword(model.EmailAddress, PasswordPlaceholder, model.Password);
                    var db = new DatabaseContext();
                    var user = db.UserProfiles.Find(WebSecurity.GetUserId(model.EmailAddress));
                    user.UserName = model.UserName;
                    db.SaveChanges();
                    WebSecurity.Login(model.EmailAddress, model.Password);
                    return RedirectToAction("Index", "Review");
                }
                catch (MembershipCreateUserException e) {
                    ModelState.AddModelError("", ErrorCodeToString(e.StatusCode));
                }
            }

            // If we got this far, something failed, redisplay form
            return View(model);
        }
Beispiel #4
0
            public SimpleMembershipInitializer()
            {
                Database.SetInitializer<DatabaseContext>(null);

                try {
                    using (var context = new DatabaseContext()) {
                        if (!context.Database.Exists()) {
                            // Create the SimpleMembership database without Entity Framework migration schema
                            ((IObjectContextAdapter) context).ObjectContext.CreateDatabase();
                        }
                    }

                    WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "EmailAddress",
                                                             autoCreateTables: true);
                }
                catch (Exception ex) {
                    throw new InvalidOperationException(
                        "The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588",
                        ex);
                }
            }
Beispiel #5
0
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
            Func<string, bool> containsCurrentActionName =
                name => name.Equals(filterContext.ActionDescriptor.ActionName, StringComparison.OrdinalIgnoreCase);

            if (!_actionNamesToIgnore.Any(containsCurrentActionName)) {
                var reviewId = this.GetIdValue(filterContext);

                var db = new DatabaseContext();
                if (db.ReviewConfigurations.Count(r => r.ReviewId == reviewId) == 1) {
                    var loggedInUserEmailAddress = filterContext.HttpContext.User.Identity.Name;
                    if (db.ReviewConfigurations.Where(r => r.ReviewId == reviewId)
                            .Count(r => r.Peers.Any(p => p.EmailAddress == loggedInUserEmailAddress)) < 1) {
                        // for something more fancy, see: http://stackoverflow.com/a/13905859/177710
                        filterContext.Result = new HttpStatusCodeResult(
                            HttpStatusCode.Forbidden, "You don't have permission to access this page.");
                    }
                }
                else {
                    base.OnActionExecuting(filterContext);
                }
            }
        }
Beispiel #6
0
        public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
        {
            string provider;
            string providerUserId;

            if (User.Identity.IsAuthenticated ||
                !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId)) {
                return RedirectToAction("Manage");
            }

            if (ModelState.IsValid) {
                // Insert a new user into the database
                using (var db = new DatabaseContext()) {
                    // Check if user already exists
                    var user = db.UserProfiles.FirstOrDefault(u => u.EmailAddress.ToLower() == model.EmailAddress.ToLower());
                    if (user != null) {
                        // Update UserName
                        user.UserName = model.UserName;
                    }
                    else {
                        // Insert new user into the profile table
                        db.UserProfiles.Add(new UserProfile {UserName = model.UserName, EmailAddress = model.EmailAddress});
                    }
                    db.SaveChanges();

                    OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.EmailAddress);
                    OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);

                    return RedirectToLocal(returnUrl);
                }
            }

            ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
            ViewBag.ReturnUrl = returnUrl;
            return View(model);
        }