public ReturnStatus SetPermission(SetPermission req) { using (var connection = new SqlConnection(_connectionString.HotelManagement)) { var cmd = new SqlCommand(p_Permissions_Set, connection) { CommandType = CommandType.StoredProcedure }; cmd.Parameters.AddWithValue("@UserID", _requestInfo.UserId); cmd.Parameters.Add("@RetVal", SqlDbType.Int).Direction = ParameterDirection.Output; cmd.Parameters.Add("@RetMsg", SqlDbType.VarChar, 500).Direction = ParameterDirection.Output; cmd.Parameters.AddWithValue("@PermissionID", req.PermissionId); cmd.Parameters.AddWithValue("@ParentID", req.ParentId); cmd.Parameters.AddWithValue("@Code", req.Code); cmd.Parameters.AddWithValue("@Name", req.Name); cmd.Parameters.AddWithValue("@Description", req.Description); cmd.Parameters.AddWithValue("@Disable", req.Disable); connection.Open(); cmd.ExecuteNonQuery(); return(new ReturnStatus(cmd.Parameters["@RetVal"].Value.ToSafeInt32(), cmd.Parameters["@RetMsg"].Value.ToSafeString())); } }
public async Task <CommandResponse <bool?> > SetSubverseListChange(DomainReference setReference, string subverse, SubscriptionAction action) { DemandAuthentication(); var set = GetSet(setReference.Name, setReference.OwnerName); if (set == null) { return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Set cannot be found")); } //Check Perms var perms = SetPermission.GetPermissions(set.Map(), User.Identity); if (!perms.EditList) { return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "User not authorized to modify set")); } var sub = GetSubverseInfo(subverse); if (sub == null) { return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Subverse cannot be found")); } return(await SetSubverseListChange(set, sub, action).ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT)); }
public async Task <CommandResponse <bool?> > DeleteSet(DomainReference setReference) { DemandAuthentication(); var set = GetSet(setReference.Name, setReference.OwnerName); if (set == null) { return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Set cannot be found")); } //Check Perms var perms = SetPermission.GetPermissions(set.Map(), User.Identity); if (!perms.Delete) { return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "User not authorized to delete set")); } var param = new DynamicParameters(); param.Add("ID", set.ID); var conn = _db.Connection; //var tran = conn.BeginTransaction(System.Data.IsolationLevel.Serializable); try { var d = new DapperDelete(); d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSetSubscription")); d.Where = "\"SubverseSetID\" = @ID"; await conn.ExecuteAsync(d.ToString(), param); d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSetList")); d.Where = "\"SubverseSetID\" = @ID"; await conn.ExecuteAsync(d.ToString(), param); d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSet")); d.Where = "\"ID\" = @ID"; await conn.ExecuteAsync(d.ToString(), param); //tran.Commit(); return(CommandResponse.FromStatus <bool?>(true, Status.Success)); } catch (Exception ex) { //tran.Rollback(); return(CommandResponse.Error <CommandResponse <bool?> >(ex)); } }
public PermissionsViewModel() { _dialogs = new DialogObjects(); _dialogs.SetViewModel(this); _service = new PermissionsService(); SearchCmd = new DelegateCommand(OnSearchUser); MenuCmd = new DelegateCommand(OnSetUserPermissions); GetPermissionsReq = new GetPermissions(); SetPermissionsReq = new SetPermission(); SearchUser = string.Empty; SearchPermission = string.Empty; }
public ReturnStatus SetPermission(SetPermission req) { return(null); }
public void Set_Permission_Tests() { Set s = null; SetPermission perms = null; string loggedInUserName = null; s = new Set() { Name = "Front", Type = SetType.Front, UserName = "******", IsPublic = true, }; //Unathenticated on Public Set var user = TestHelper.SetPrincipal(null); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); //Owner on Non-Normal Set user = TestHelper.SetPrincipal("Joe"); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(true, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); s = new Set() { Name = "RandomSet", Type = SetType.Normal, UserName = "******", IsPublic = false, }; //Unathenticated on Private Set user = TestHelper.SetPrincipal(null); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(false, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); //Owner on Normal Private Set user = TestHelper.SetPrincipal("Joe"); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(true, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(true, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(true, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); //Non-owner on Private Set user = TestHelper.SetPrincipal("Eddy"); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(false, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); s = new Set() { Name = "SystemSet", Type = SetType.Normal, UserName = null, IsPublic = true, }; //Unathenticated on Private Set TestHelper.SetPrincipal(null); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); //Non-Owner on Normal System Public Set user = TestHelper.SetPrincipal("Joe"); loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>"); perms = SetPermission.GetPermissions(s, user.Identity); Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}"); Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}"); }
public async Task <CommandResponse <Domain.Models.Set> > CreateOrUpdateSet(Set set) { DemandAuthentication(); set.Name = set.Name.TrimSafe(); //Evaulate Rules var context = new VoatRuleContext(User); context.PropertyBag.Set = set; var outcome = VoatRulesEngine.Instance.EvaluateRuleSet(context, RuleScope.CreateSet); if (!outcome.IsAllowed) { return(MapRuleOutCome <Set>(outcome, null)); } var existingSet = _db.SubverseSet.FirstOrDefault(x => x.ID == set.ID); if (existingSet != null) { var perms = SetPermission.GetPermissions(existingSet.Map(), User.Identity); if (!perms.EditProperties) { return(CommandResponse.FromStatus <Set>(null, Status.Denied, "User does not have permission to edit this set")); } //HACK: Need to clear this entry out of cache if name changes and check name if (!existingSet.Name.IsEqual(set.Name)) { if (_db.SubverseSet.Any(x => x.Name.ToLower() == set.Name.ToLower() && x.UserName.ToLower() == UserName.ToLower())) { return(CommandResponse.FromStatus <Set>(null, Status.Denied, "A set with this name already exists")); } CacheHandler.Instance.Remove(CachingKey.Set(existingSet.Name, existingSet.UserName)); } existingSet.Name = set.Name; existingSet.Title = set.Title; existingSet.Description = set.Description; existingSet.IsPublic = set.IsPublic; await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT); return(CommandResponse.FromStatus <Set>(existingSet.Map(), Status.Success)); } else { //Validation - MOVE TO RULES SYSTEM MAYBE if (!VoatSettings.Instance.SetCreationEnabled || VoatSettings.Instance.MaximumOwnedSets <= 0) { return(CommandResponse.FromStatus <Set>(null, Status.Denied, "Set creation is currently disabled")); } if (VoatSettings.Instance.MaximumOwnedSets > 0) { var d = new DapperQuery(); d.Select = $"SELECT COUNT(*) FROM {SqlFormatter.Table("SubverseSet", "subSet")}"; d.Where = "subSet.\"Type\" = @Type AND subSet.\"UserName\" = @UserName"; d.Parameters.Add("Type", (int)SetType.Normal); d.Parameters.Add("UserName", UserName); var setCount = _db.Connection.ExecuteScalar <int>(d.ToString(), d.Parameters); if (setCount >= VoatSettings.Instance.MaximumOwnedSets) { return(CommandResponse.FromStatus <Set>(null, Status.Denied, $"Sorry, Users are limited to {VoatSettings.Instance.MaximumOwnedSets} sets and you currently have {setCount}")); } } //Create new set try { var setCheck = GetSet(set.Name, UserName); if (setCheck != null) { return(CommandResponse.FromStatus <Set>(null, Status.Denied, "A set with same name and owner already exists")); } var newSet = new SubverseSet { Name = set.Name, Title = set.Title, Description = set.Description, UserName = UserName, Type = (int)SetType.Normal, IsPublic = set.IsPublic, CreationDate = Repository.CurrentDate, SubscriberCount = 1, //Owner is a subscriber. Reminds me of that hair club commercial: I"m not only the Set Owner, I'm also a subscriber. }; _db.SubverseSet.Add(newSet); await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT); _db.SubverseSetSubscription.Add(new SubverseSetSubscription() { SubverseSetID = newSet.ID, UserName = UserName, CreationDate = CurrentDate }); await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT); return(CommandResponse.Successful(newSet.Map())); } catch (Exception ex) { return(CommandResponse.Error <CommandResponse <Set> >(ex)); } } }
public async Task <ActionResult> Index(string name, string sort) { var domainReference = DomainReference.Parse(name, DomainType.Set); //var domainReference = new DomainReference(DomainType.Set, name, userName); var qSet = new QuerySet(domainReference.Name, domainReference.OwnerName); var set = await qSet.ExecuteAsync(); if (set == null) { return(ErrorView(new ErrorViewModel() { Title = "Can't find this set", Description = "Maybe it's gone?", Footer = "Probably yeah" })); } var perms = SetPermission.GetPermissions(set, User.Identity); if (!perms.View) { return(ErrorView(new ErrorViewModel() { Title = "Set is Private", Description = "This set doesn't allow viewing. It is private.", Footer = "Sometimes sets are shy around others." })); } var options = new SearchOptions(Request.QueryString.Value); //Set sort because it is part of path if (!String.IsNullOrEmpty(sort)) { options.Sort = (SortAlgorithm)Enum.Parse(typeof(SortAlgorithm), sort, true); } else { //Set Default Set to Relative if no sort is provided if (set.Name.IsEqual("Default") && String.IsNullOrEmpty(set.UserName)) { options.Sort = SortAlgorithm.Relative; } } //set span to day if not specified explicitly if (options.Sort == SortAlgorithm.Top && !Request.Query.ContainsKey("span")) { options.Span = SortSpan.Day; } var q = new QuerySubmissions(domainReference, options).SetUserContext(User); var result = await q.ExecuteAsync(); var model = new ListViewModel <Domain.Models.Submission>(); model.Items = new Utilities.PaginatedList <Domain.Models.Submission>(result, options.Page, options.Count); model.Items.RouteName = "SetIndex"; model.Context = domainReference; model.Sort = options.Sort;// == SortAlgorithm.RelativeRank ? SortAlgorithm.Hot :options.Sort; //UI doesn't want relative rank model.Span = options.Span; ViewBag.NavigationViewModel = new NavigationViewModel() { Description = "Set Description Here", Name = name, MenuType = MenuType.Set, BasePath = model.Context.BasePath(), Sort = model.Sort }; return(View(ViewPath(model.Context), model)); }
public async Task <ActionResult> Details(string name) { //TODO: Implement Command/Query - Remove direct Repository access using (var repo = new Repository(User)) { var domainReference = DomainReference.Parse(name, DomainType.Set); var set = repo.GetSet(domainReference.Name, domainReference.OwnerName); if (set == null) { //Since system sets are not created until needed we show a slightly better error message for front/blocked. if (name.IsEqual(SetType.Front.ToString())) { ViewBag.NavigationViewModel = new Models.ViewModels.NavigationViewModel() { Description = "Discover Search", Name = "No Idea", MenuType = Models.ViewModels.MenuType.Discovery, BasePath = VoatUrlFormatter.BasePath(domainReference), Sort = null }; return(ErrorView(new ErrorViewModel() { Title = "No Subscriptions!", Description = "You don't have any subscriptions so we have to show you this instead", Footer = "Subscribe to a subverse you silly goat" })); } else if (name.IsEqual(SetType.Blocked.ToString())) { ViewBag.NavigationViewModel = new Models.ViewModels.NavigationViewModel() { Description = "Discover Search", Name = "No Idea", MenuType = Models.ViewModels.MenuType.Discovery, BasePath = VoatUrlFormatter.BasePath(domainReference), Sort = null }; return(ErrorView(new ErrorViewModel() { Title = "No Blocked Subs!", Description = "You don't have any blocked subs. Golf clap.", Footer = "Block some subs and this page will magically change!" })); } else { return(ErrorView(new ErrorViewModel() { Title = "Can't find this set", Description = "Maybe it's gone?", Footer = "Probably yeah" })); } } var perms = SetPermission.GetPermissions(set.Map(), User.Identity); if (!perms.View) { return(ErrorView(new ErrorViewModel() { Title = "Set is Private", Description = "This set doesn't allow the viewing of its properties", Footer = "It's ok, I can't see it either" })); } var options = new SearchOptions(Request.QueryString.Value); options.Count = 50; var setList = await repo.GetSetListDescription(set.ID, options.Page); var model = new SetViewModel(); model.Permissions = perms; model.Set = set.Map(); model.List = new PaginatedList <Domain.Models.SubverseSubscriptionDetail>(setList, options.Page, options.Count); model.List.RouteName = "SetDetails"; ViewBag.NavigationViewModel = new NavigationViewModel() { Name = domainReference.FullName, Description = set.Description, BasePath = VoatUrlFormatter.BasePath(domainReference), MenuType = (set.Type == (int)SetType.Front || set.Type == (int)SetType.Blocked ? MenuType.Discovery : MenuType.Set) }; return(View("Details", model)); } }