private ActionResult AddView()
{
var POST = this.GetJsonPostObjectFromRequest();
if (POST["name"] != null &&
POST["description"] != null &&
POST["id"] != null &&
POST["notes"] != null &&
POST["profile_url"] != null &&
POST["name"].ToString() != "" &&
POST["name"].ToString() != " " &&
POST["description"].ToString() != "" &&
POST["description"].ToString() != " " &&
POST["id"].ToString() != "" &&
POST["id"].ToString() != " " &&
POST["notes"].ToString() != "" &&
POST["notes"].ToString() != " " &&
POST["profile_url"].ToString() != "" &&
POST["profile_url"].ToString() != " ")
{
string name = _context.SQLEscape(POST["name"].ToString());
string description = _context.SQLEscape(POST["description"].ToString());
string id = _context.SQLEscape(POST["id"].ToString());
string notes = _context.SQLEscape(POST["notes"].ToString());
string profile_url = _context.SQLEscape(POST["profile_url"].ToString());
if (!id.Contains(" ") && !profile_url.Contains(" "))
{
var listForExistingID = _context.fv_views.Where(x =>
x.v_y_year == year.ToString() &&
x.v_u_name == username &&
x.v_html_id == id
).ToList();
var listForExistingName = _context.fv_views.Where(x =>
x.v_y_year == year.ToString() &&
x.v_u_name == username &&
x.v_name == name
).ToList();
if (listForExistingName.Count >= 1 || listForExistingID.Count >= 1)
{
Response.StatusCode = 400;
return(Content("ID or Name does already exist"));
}
else
{
//add View:
fv_views newView = new fv_views()
{
v_y_year = year.ToString(),
v_u_name = username,
v_name = name,
v_description = description,
v_html_id = id,
v_notes = notes,
v_profile_url = profile_url,
v_month_01 = "0",
v_month_02 = "0",
v_month_03 = "0",
v_month_04 = "0",
v_month_05 = "0",
v_month_06 = "0",
v_month_07 = "0",
v_month_08 = "0",
v_month_09 = "0",
v_month_10 = "0",
v_month_11 = "0",
v_month_12 = "0"
};
_context.fv_views.Add(newView);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content("Could not create a new view. SQL Execution failed."));
}
throw;
}
//check if view was saved:
fv_views finalView = null;
try
{
finalView = _context.fv_views.Single(x =>
x.v_y_year == year.ToString() &&
x.v_u_name == username &&
x.v_html_id == id
);
}
catch (InvalidOperationException) { }
if (finalView == null)
{
Response.StatusCode = 400;
return(Content("View was created but cannot be accessed. SQL Execution failed."));
}
Response.StatusCode = 200;
return(Json(GetViewArrayByRowResult(finalView), JsonRequestBehavior.AllowGet));
}
}
else
{
Response.StatusCode = 400;
return(Content("Profile_Url or id should not contain whitespaces."));
}
}
else
{
Response.StatusCode = 400;
return(Content("Not all values are set."));
}
}
private ActionResult AddUser()
{
JObject POST = this.GetJsonPostObjectFromRequest();
if (Request.HttpMethod == "POST" &&
POST["id"] != null &&
POST["username"] != null &&
POST["firstname"] != null &&
POST["lastname"] != null &&
POST["isLocked"] != null &&
POST["password"] != null &&
POST["username"].ToString() != "" &&
POST["username"].ToString() != " " &&
POST["firstname"].ToString() != "" &&
POST["firstname"].ToString() != " " &&
POST["lastname"].ToString() != "" &&
POST["lastname"].ToString() != " " &&
POST["isLocked"].ToString() != "" &&
POST["isLocked"].ToString() != " " &&
POST["password"].ToString() != "" &&
POST["password"].ToString() != " " &&
POST["username"].ToString() != AdminCredentials.Username)
{
string username = _context.SQLEscape(POST["username"].ToString());
string firstname = _context.SQLEscape(POST["firstname"].ToString());
string lastname = _context.SQLEscape(POST["lastname"].ToString());
bool isLocked = Boolean.Parse(_context.SQLEscape(POST["isLocked"].ToString()));
string password = Crypto.HashPassword(Crypto.SHA256(POST["password"].ToString()));
if (!username.Contains(" "))
{
fv_users user = new fv_users()
{
u_name = username,
u_password = password,
u_isLocked = isLocked ? 1:0,
u_firstName = firstname,
u_lastName = lastname
};
var newUser = _context.fv_users.Add(user);
_context.AddNewYearForUser(DateTime.Today.Year, username, false);
_context.AddNewYearForUser((DateTime.Today.Year + 1), username, false);
try
{
_context.SaveChanges();
}
catch (Exception ex)
{
if (ex is DbEntityValidationException || ex is DbUpdateException || ex is SqlException)
{
Response.StatusCode = 400;
return(Content("Could not create a new user. SQL Execution failed."));
}
throw;
}
NewUser userResult = new NewUser()
{
id = POST["id"].ToString(),
username = newUser.u_name,
origianlUsername = newUser.u_name,
firstname = newUser.u_firstName,
lastname = newUser.u_lastName,
isLocked = newUser.u_isLocked,
years = new int[] { DateTime.Today.Year, DateTime.Today.Year + 1 }
};
Response.StatusCode = 200;
return(Json(userResult, JsonRequestBehavior.AllowGet));
}
else
{
Response.StatusCode = 400;
return(Content("Username should not contain whitespaces."));
}
}
else
{
Response.StatusCode = 400;
return(Content("Not all values are set."));
}
}