public ReturnStatus SetPermission(SetPermission req)
{
using (var connection = new SqlConnection(_connectionString.HotelManagement))
{
var cmd = new SqlCommand(p_Permissions_Set, connection)
{
CommandType = CommandType.StoredProcedure
};
cmd.Parameters.AddWithValue("@UserID", _requestInfo.UserId);
cmd.Parameters.Add("@RetVal", SqlDbType.Int).Direction = ParameterDirection.Output;
cmd.Parameters.Add("@RetMsg", SqlDbType.VarChar, 500).Direction = ParameterDirection.Output;
cmd.Parameters.AddWithValue("@PermissionID", req.PermissionId);
cmd.Parameters.AddWithValue("@ParentID", req.ParentId);
cmd.Parameters.AddWithValue("@Code", req.Code);
cmd.Parameters.AddWithValue("@Name", req.Name);
cmd.Parameters.AddWithValue("@Description", req.Description);
cmd.Parameters.AddWithValue("@Disable", req.Disable);
connection.Open();
cmd.ExecuteNonQuery();
return(new ReturnStatus(cmd.Parameters["@RetVal"].Value.ToSafeInt32(), cmd.Parameters["@RetMsg"].Value.ToSafeString()));
}
}
public async Task <CommandResponse <bool?> > SetSubverseListChange(DomainReference setReference, string subverse, SubscriptionAction action)
{
DemandAuthentication();
var set = GetSet(setReference.Name, setReference.OwnerName);
if (set == null)
{
return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Set cannot be found"));
}
//Check Perms
var perms = SetPermission.GetPermissions(set.Map(), User.Identity);
if (!perms.EditList)
{
return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "User not authorized to modify set"));
}
var sub = GetSubverseInfo(subverse);
if (sub == null)
{
return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Subverse cannot be found"));
}
return(await SetSubverseListChange(set, sub, action).ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT));
}
public async Task <CommandResponse <bool?> > DeleteSet(DomainReference setReference)
{
DemandAuthentication();
var set = GetSet(setReference.Name, setReference.OwnerName);
if (set == null)
{
return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "Set cannot be found"));
}
//Check Perms
var perms = SetPermission.GetPermissions(set.Map(), User.Identity);
if (!perms.Delete)
{
return(CommandResponse.FromStatus <bool?>(null, Status.Denied, "User not authorized to delete set"));
}
var param = new DynamicParameters();
param.Add("ID", set.ID);
var conn = _db.Connection;
//var tran = conn.BeginTransaction(System.Data.IsolationLevel.Serializable);
try
{
var d = new DapperDelete();
d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSetSubscription"));
d.Where = "\"SubverseSetID\" = @ID";
await conn.ExecuteAsync(d.ToString(), param);
d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSetList"));
d.Where = "\"SubverseSetID\" = @ID";
await conn.ExecuteAsync(d.ToString(), param);
d.Delete = SqlFormatter.DeleteBlock(SqlFormatter.Table("SubverseSet"));
d.Where = "\"ID\" = @ID";
await conn.ExecuteAsync(d.ToString(), param);
//tran.Commit();
return(CommandResponse.FromStatus <bool?>(true, Status.Success));
}
catch (Exception ex)
{
//tran.Rollback();
return(CommandResponse.Error <CommandResponse <bool?> >(ex));
}
}
public PermissionsViewModel()
{
_dialogs = new DialogObjects();
_dialogs.SetViewModel(this);
_service = new PermissionsService();
SearchCmd = new DelegateCommand(OnSearchUser);
MenuCmd = new DelegateCommand(OnSetUserPermissions);
GetPermissionsReq = new GetPermissions();
SetPermissionsReq = new SetPermission();
SearchUser = string.Empty;
SearchPermission = string.Empty;
}
public ReturnStatus SetPermission(SetPermission req)
{
return(null);
}
public void Set_Permission_Tests()
{
Set s = null;
SetPermission perms = null;
string loggedInUserName = null;
s = new Set()
{
Name = "Front",
Type = SetType.Front,
UserName = "******",
IsPublic = true,
};
//Unathenticated on Public Set
var user = TestHelper.SetPrincipal(null);
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
//Owner on Non-Normal Set
user = TestHelper.SetPrincipal("Joe");
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(true, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
s = new Set()
{
Name = "RandomSet",
Type = SetType.Normal,
UserName = "******",
IsPublic = false,
};
//Unathenticated on Private Set
user = TestHelper.SetPrincipal(null);
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(false, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
//Owner on Normal Private Set
user = TestHelper.SetPrincipal("Joe");
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(true, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(true, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(true, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
//Non-owner on Private Set
user = TestHelper.SetPrincipal("Eddy");
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(false, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
s = new Set()
{
Name = "SystemSet",
Type = SetType.Normal,
UserName = null,
IsPublic = true,
};
//Unathenticated on Private Set
TestHelper.SetPrincipal(null);
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
//Non-Owner on Normal System Public Set
user = TestHelper.SetPrincipal("Joe");
loggedInUserName = (user.Identity.IsAuthenticated ? user.Identity.Name : "<not authenticated>");
perms = SetPermission.GetPermissions(s, user.Identity);
Assert.AreEqual(true, perms.View, $"View permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditList, $"Edit List permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.EditProperties, $"Edit Properties permission mismatch on {s.Name} with account {loggedInUserName}");
Assert.AreEqual(false, perms.Delete, $"Delete permission mismatch on {s.Name} with account {loggedInUserName}");
}
public async Task <CommandResponse <Domain.Models.Set> > CreateOrUpdateSet(Set set)
{
DemandAuthentication();
set.Name = set.Name.TrimSafe();
//Evaulate Rules
var context = new VoatRuleContext(User);
context.PropertyBag.Set = set;
var outcome = VoatRulesEngine.Instance.EvaluateRuleSet(context, RuleScope.CreateSet);
if (!outcome.IsAllowed)
{
return(MapRuleOutCome <Set>(outcome, null));
}
var existingSet = _db.SubverseSet.FirstOrDefault(x => x.ID == set.ID);
if (existingSet != null)
{
var perms = SetPermission.GetPermissions(existingSet.Map(), User.Identity);
if (!perms.EditProperties)
{
return(CommandResponse.FromStatus <Set>(null, Status.Denied, "User does not have permission to edit this set"));
}
//HACK: Need to clear this entry out of cache if name changes and check name
if (!existingSet.Name.IsEqual(set.Name))
{
if (_db.SubverseSet.Any(x => x.Name.ToLower() == set.Name.ToLower() && x.UserName.ToLower() == UserName.ToLower()))
{
return(CommandResponse.FromStatus <Set>(null, Status.Denied, "A set with this name already exists"));
}
CacheHandler.Instance.Remove(CachingKey.Set(existingSet.Name, existingSet.UserName));
}
existingSet.Name = set.Name;
existingSet.Title = set.Title;
existingSet.Description = set.Description;
existingSet.IsPublic = set.IsPublic;
await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT);
return(CommandResponse.FromStatus <Set>(existingSet.Map(), Status.Success));
}
else
{
//Validation - MOVE TO RULES SYSTEM MAYBE
if (!VoatSettings.Instance.SetCreationEnabled || VoatSettings.Instance.MaximumOwnedSets <= 0)
{
return(CommandResponse.FromStatus <Set>(null, Status.Denied, "Set creation is currently disabled"));
}
if (VoatSettings.Instance.MaximumOwnedSets > 0)
{
var d = new DapperQuery();
d.Select = $"SELECT COUNT(*) FROM {SqlFormatter.Table("SubverseSet", "subSet")}";
d.Where = "subSet.\"Type\" = @Type AND subSet.\"UserName\" = @UserName";
d.Parameters.Add("Type", (int)SetType.Normal);
d.Parameters.Add("UserName", UserName);
var setCount = _db.Connection.ExecuteScalar <int>(d.ToString(), d.Parameters);
if (setCount >= VoatSettings.Instance.MaximumOwnedSets)
{
return(CommandResponse.FromStatus <Set>(null, Status.Denied, $"Sorry, Users are limited to {VoatSettings.Instance.MaximumOwnedSets} sets and you currently have {setCount}"));
}
}
//Create new set
try
{
var setCheck = GetSet(set.Name, UserName);
if (setCheck != null)
{
return(CommandResponse.FromStatus <Set>(null, Status.Denied, "A set with same name and owner already exists"));
}
var newSet = new SubverseSet
{
Name = set.Name,
Title = set.Title,
Description = set.Description,
UserName = UserName,
Type = (int)SetType.Normal,
IsPublic = set.IsPublic,
CreationDate = Repository.CurrentDate,
SubscriberCount = 1, //Owner is a subscriber. Reminds me of that hair club commercial: I"m not only the Set Owner, I'm also a subscriber.
};
_db.SubverseSet.Add(newSet);
await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT);
_db.SubverseSetSubscription.Add(new SubverseSetSubscription()
{
SubverseSetID = newSet.ID, UserName = UserName, CreationDate = CurrentDate
});
await _db.SaveChangesAsync().ConfigureAwait(CONSTANTS.AWAIT_CAPTURE_CONTEXT);
return(CommandResponse.Successful(newSet.Map()));
}
catch (Exception ex)
{
return(CommandResponse.Error <CommandResponse <Set> >(ex));
}
}
}
public async Task <ActionResult> Index(string name, string sort)
{
var domainReference = DomainReference.Parse(name, DomainType.Set);
//var domainReference = new DomainReference(DomainType.Set, name, userName);
var qSet = new QuerySet(domainReference.Name, domainReference.OwnerName);
var set = await qSet.ExecuteAsync();
if (set == null)
{
return(ErrorView(new ErrorViewModel()
{
Title = "Can't find this set", Description = "Maybe it's gone?", Footer = "Probably yeah"
}));
}
var perms = SetPermission.GetPermissions(set, User.Identity);
if (!perms.View)
{
return(ErrorView(new ErrorViewModel()
{
Title = "Set is Private", Description = "This set doesn't allow viewing. It is private.", Footer = "Sometimes sets are shy around others."
}));
}
var options = new SearchOptions(Request.QueryString.Value);
//Set sort because it is part of path
if (!String.IsNullOrEmpty(sort))
{
options.Sort = (SortAlgorithm)Enum.Parse(typeof(SortAlgorithm), sort, true);
}
else
{
//Set Default Set to Relative if no sort is provided
if (set.Name.IsEqual("Default") && String.IsNullOrEmpty(set.UserName))
{
options.Sort = SortAlgorithm.Relative;
}
}
//set span to day if not specified explicitly
if (options.Sort == SortAlgorithm.Top && !Request.Query.ContainsKey("span"))
{
options.Span = SortSpan.Day;
}
var q = new QuerySubmissions(domainReference, options).SetUserContext(User);
var result = await q.ExecuteAsync();
var model = new ListViewModel <Domain.Models.Submission>();
model.Items = new Utilities.PaginatedList <Domain.Models.Submission>(result, options.Page, options.Count);
model.Items.RouteName = "SetIndex";
model.Context = domainReference;
model.Sort = options.Sort;// == SortAlgorithm.RelativeRank ? SortAlgorithm.Hot :options.Sort; //UI doesn't want relative rank
model.Span = options.Span;
ViewBag.NavigationViewModel = new NavigationViewModel()
{
Description = "Set Description Here",
Name = name,
MenuType = MenuType.Set,
BasePath = model.Context.BasePath(),
Sort = model.Sort
};
return(View(ViewPath(model.Context), model));
}
public async Task <ActionResult> Details(string name)
{
//TODO: Implement Command/Query - Remove direct Repository access
using (var repo = new Repository(User))
{
var domainReference = DomainReference.Parse(name, DomainType.Set);
var set = repo.GetSet(domainReference.Name, domainReference.OwnerName);
if (set == null)
{
//Since system sets are not created until needed we show a slightly better error message for front/blocked.
if (name.IsEqual(SetType.Front.ToString()))
{
ViewBag.NavigationViewModel = new Models.ViewModels.NavigationViewModel()
{
Description = "Discover Search",
Name = "No Idea",
MenuType = Models.ViewModels.MenuType.Discovery,
BasePath = VoatUrlFormatter.BasePath(domainReference),
Sort = null
};
return(ErrorView(new ErrorViewModel()
{
Title = "No Subscriptions!", Description = "You don't have any subscriptions so we have to show you this instead", Footer = "Subscribe to a subverse you silly goat"
}));
}
else if (name.IsEqual(SetType.Blocked.ToString()))
{
ViewBag.NavigationViewModel = new Models.ViewModels.NavigationViewModel()
{
Description = "Discover Search",
Name = "No Idea",
MenuType = Models.ViewModels.MenuType.Discovery,
BasePath = VoatUrlFormatter.BasePath(domainReference),
Sort = null
};
return(ErrorView(new ErrorViewModel()
{
Title = "No Blocked Subs!", Description = "You don't have any blocked subs. Golf clap.", Footer = "Block some subs and this page will magically change!"
}));
}
else
{
return(ErrorView(new ErrorViewModel()
{
Title = "Can't find this set", Description = "Maybe it's gone?", Footer = "Probably yeah"
}));
}
}
var perms = SetPermission.GetPermissions(set.Map(), User.Identity);
if (!perms.View)
{
return(ErrorView(new ErrorViewModel()
{
Title = "Set is Private", Description = "This set doesn't allow the viewing of its properties", Footer = "It's ok, I can't see it either"
}));
}
var options = new SearchOptions(Request.QueryString.Value);
options.Count = 50;
var setList = await repo.GetSetListDescription(set.ID, options.Page);
var model = new SetViewModel();
model.Permissions = perms;
model.Set = set.Map();
model.List = new PaginatedList <Domain.Models.SubverseSubscriptionDetail>(setList, options.Page, options.Count);
model.List.RouteName = "SetDetails";
ViewBag.NavigationViewModel = new NavigationViewModel()
{
Name = domainReference.FullName,
Description = set.Description,
BasePath = VoatUrlFormatter.BasePath(domainReference),
MenuType = (set.Type == (int)SetType.Front || set.Type == (int)SetType.Blocked ? MenuType.Discovery : MenuType.Set)
};
return(View("Details", model));
}
}
