public override void OnException(ExceptionContext context)
{
CfTrace.Error(context.Exception);
if (context.Exception is AccessViolationException)
{
context.Result = new ViewResult()
{
ViewName = "Unauthorized"
};
(context.Result as ViewResult).ViewBag.Msg = context.Exception.Message;
context.ExceptionHandled = true;
}
else
{
var ex = getBaseException(context.Exception);
var errorDisplayText = ex.Message;
if (CfIdentity.IsAuthenticated && CfPrincipal.IsGod())
{
errorDisplayText = ex.ToString();
}
context.Result = new ViewResult()
{
ViewName = "Error"
};
(context.Result as ViewResult).ViewBag.Msg = errorDisplayText;
context.ExceptionHandled = true;
}
base.OnException(context);
}
public ActionResult PlaceAjaxRefresh(Guid id)
{
var posts = new List <PostRendered>();
var postType = GetPostTypeFromQueryString();
if (id == Guid.Empty)
{
posts = postSvc.GetPostForEverywhere(postType, ClientAppType.CfWeb);
}
else if (id == Stgs.MyFeedID)
{
posts = postSvc.GetUsersFeed(CfIdentity.UserID, postType, ClientAppType.CfWeb).Posts;
}
else
{
var place = AppLookups.GetCacheIndexEntry(id);
if (place.Type.ToPlaceCateogry() == PlaceCategory.Area)
{
posts = postSvc.GetPostForArea(id, postType, ClientAppType.CfWeb);
}
else
{
posts = postSvc.GetPostForLocation(id, postType, ClientAppType.CfWeb);
}
}
return(PartialView("Partials/FeedPostList", new FeedPostListViewData()
{
FeedPosts = posts, UserHasDeletePostRights = CfPrincipal.IsGod()
}));
}
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
public void DeleteArea(Area obj)
{
var meta = DeleteAreaAuthorization(obj);
//-- TODO: Shoot off notifications
areaRepo.Delete(obj);
//-- Update the cache
AppLookups.RemoveCacheIndexEntry(obj.ID);
var modWhoAddedArea = modProfileRepo.GetByID(meta.CreatedByUserID);
if (modWhoAddedArea.PlacesAdded > 0)
{
modWhoAddedArea.PlacesAdded--;
modProfileRepo.Update(modWhoAddedArea);
//-- Remove the points associated with this place
var actionsWithPoints = modActionRepo.GetAll().Where(a => a.OnObjectID == meta.ID);
ReverseActions(actionsWithPoints);
}
//-- update the principal details with the details we just updated (if they are the same person who deleted it)
CfPrincipal.AttachModProfile(modProfileRepo.GetByID(currentUser.UserID));
meta.Name = obj.VerboseDisplayName;
var action = SaveModActionAndUpdateModProfile(ModActionType.AreaDelete, obj, null, meta,
(m, actionID) => m.SetDeleted(actionID), null, "deleted {0} {1}", obj.Type, obj.Name);
postSvc.DeleteContentAddPost(action);
}
/// <summary>
/// Here we keep track of all the moderator happenings & associated post content
/// </summary>
/// <param name="obj"></param>
public void DeleteClimbOutdoor(ClimbOutdoor obj)
{
var meta = DeleteClimbOutdoorAuthorization(obj);
DeleteClimb(obj);
var modWhoAdded = modProfileRepo.GetByID(meta.CreatedByUserID);
if (modWhoAdded.ClimbsAdded > 0)
{
modWhoAdded.ClimbsAdded--;
modProfileRepo.Update(modWhoAdded);
//-- Remove the points associated with this place
var actionsWithPoints = modActionRepo.GetAll().Where(a => a.OnObjectID == meta.ID);
ReverseActions(actionsWithPoints);
}
//-- update the principal details with the details we just updated (if they are the same person who deleted it)
CfPrincipal.AttachModProfile(modProfileRepo.GetByID(currentUser.UserID));
meta.Name = obj.Name;
var action = SaveModActionAndUpdateModProfile(ModActionType.ClimbDelete, obj, null, meta,
(m, actionID) => m.SetDeleted(actionID), null, "deleted climb {0}", obj.Name);
postSvc.DeleteContentAddPost(action);
//-- TODO: Shoot off notifications to claimed users
}
public bool DeleteUser(string email)
{
var usr = profileRepo.GetProfileByEmail(email);
//-- Delete CF4 Profile
if (usr != default(Profile))
{
if (CfIdentity.UserID != usr.ID && !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot delete a profile that does not belong to you.");
}
DeleteCfProfileAndRelatedData(usr);
}
//-- Delete CF3 Profile
var cf3Profile = new cf.DataAccess.cf3.ClimberProfileDA().GetClimberProfile(email);
if (cf3Profile != default(Cf3Profile))
{
new cf.DataAccess.cf3.ClimberProfileDA().DeleteUserCompletely(cf3Profile.ID);
}
//-- Delete Membership User
var mUser = Membership.GetUser(email);
if (mUser != default(MembershipUser))
{
Membership.DeleteUser(email);
}
return(true);
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (!CfPrincipal.IsGod())
{
HandleUnauthorizedRequest(filterContext);
}
}
public ActionResult CountryEdit(string id)
{
if (CfPrincipal.IsGod())
{
//-- TODO Put error check
var cachedCountry = AppLookups.Countries.Where(c => c.NameUrlPart == id).SingleOrDefault();
var country = geoSvc.GetCountryByID(cachedCountry.ID);
ViewBag.Country = country;
var geoJsonUrl = Stgs.MapSvcRelativeUrl + "country/" + id;
var mapModel = new Bing7GeoJsonMapViewModel("climbing-map-" + id, 720, 480, geoJsonUrl);
//mapModel.Buttons.Add(new Bing7MapButtonModel() { ButtonText = "Track LatLong", ButtonEventInitializer = "toggleTrackLatLong()" });
ViewBag.MapModel = mapModel;
return(View(new CountryEditViewModel()
{
WKT = new string(country.Geo.STAsText().Value),
GeoReduceThreshold = country.GeoReduceThreshold
}));
}
else
{
throw new AccessViolationException("You must be a GOD level Climbfind user to moderate country data! Moderate province or city level data instead.");
}
}
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
public void DeleteLocationIndoor(LocationIndoor obj)
{
var meta = DeleteLocationIndoorAuthorization(obj);
locIndoorRepo.Delete(obj.ID);
//-- Update the cache
AppLookups.RemoveCacheIndexEntry(obj.ID);
var modWhoAddedArea = modProfileRepo.GetByID(meta.CreatedByUserID);
if (modWhoAddedArea.PlacesAdded > 0)
{
modWhoAddedArea.PlacesAdded--;
modProfileRepo.Update(modWhoAddedArea);
//-- Remove the points associated with this place
var actionsWithPoints = modActionRepo.GetAll().Where(a => a.OnObjectID == meta.ID);
ReverseActions(actionsWithPoints);
}
//-- update the principal details with the details we just updated (if they are the same person who deleted it)
CfPrincipal.AttachModProfile(modProfileRepo.GetByID(currentUser.UserID));
//-- Incase the name changed during the life of the object, we want to save the meta with the same name as the object was when it was deleted.
meta.Name = obj.VerboseDisplayName;
var action = SaveModActionAndUpdateModProfile(ModActionType.LocationIndoorDelete, obj, null, meta,
(m, actionID) => m.SetDeleted(actionID), null, "deleted {0} {1}", obj.Type, obj.Name);
postSvc.DeleteContentAddPost(action);
}
public void SetModDetailsOnPrincipal()
{
if (CfPrincipal.ModDetails == null)
{
var modProfile = GetModProfile(currentUserID);
CfPrincipal.AttachModProfile(modProfile);
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var modProfile = new GeoService().GetModProfile(CfIdentity.UserID);
if (modProfile != null)
{
CfPrincipal.AttachModProfile(modProfile);
}
}
}
public void DeleteMediaOpinion(MediaOpinion obj)
{
if (obj.UserID != CfIdentity.UserID & !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot delete opinion that was not added by you");
}
medRatingRepo.Delete(obj.ID);
UpdateMediaOpinionMeta(obj.MediaID);
}
public void DeleteMedia(Media obj)
{
if (obj.AddedByUserID != CfIdentity.UserID & !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot delete media that was not added by you");
}
//var comments = obj.MediaOpinion;
medRatingRepo.Delete(medRatingRepo.GetAll().Where(r => r.MediaID == obj.ID).Select(r => r.ID).ToList());
medRepo.Delete(obj.ID);
}
public void DeletePost(Post obj)
{
var currentUserID = CfIdentity.UserID;
var userHasRightsToDeletePost = (currentUserID == obj.UserID) || CfPrincipal.IsGod();
if (!userHasRightsToDeletePost)
{
throw new AccessViolationException("Delete Post: Cannot delete this post, it does not belong to the current user.");
}
postRepo.Delete(obj.ID);
}
public void RemoveMediaTag(Media media, Guid onObjectID)
{
var tag = media.ObjectMedias.Where(om => om.OnOjectID == onObjectID).SingleOrDefault();
if (media.AddedByUserID != CfIdentity.UserID & !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot untag media that was not added by you");
}
if (tag == null)
{
throw new AccessViolationException("Cannot tag media that already has tag with objID " + onObjectID);
}
medRepo.RemoveMediaTag(tag);
}
/// <summary>
///
/// </summary>
/// <param name="obj"></param>
/// <returns></returns>
public void DeleteOpinion(Opinion obj)
{
if (obj.UserID != CfIdentity.UserID & !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot delete Opinion that was not added by you");
}
rateRepo.Delete(obj.ID);
var objectsRatins = rateRepo.GetAll().Where(r => r.ObjectID == obj.ObjectID).ToList();
UpdateRatedObject(obj.ObjectID, objectsRatins);
postSvc.DeleteOpinionPost(obj);
}
public ObjectMedia AddMediaTag(Media media, Guid onObjectID)
{
var alreadyTagged = media.ObjectMedias.Where(om => om.OnOjectID == onObjectID).Count() > 0;
if (media.AddedByUserID != CfIdentity.UserID & !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot tag media that was not added by you");
}
if (alreadyTagged)
{
throw new AccessViolationException("Cannot tag media that already has tag with objID " + onObjectID);
}
var tag = new ObjectMedia()
{
MediaID = media.ID, OnOjectID = onObjectID
};
medRepo.AddMediaTag(tag);
return(tag);
}
public void DeleteComment(Guid postID, Guid commentID)
{
var post = GetPostByID(postID);
var comment = post.PostComments.Where(c => c.ID == commentID).Single();
var userID = CfIdentity.UserID;
var userHasRightsToDeletePost = (userID == post.UserID) || (userID == comment.UserID) || CfPrincipal.IsGod();
if (!userHasRightsToDeletePost)
{
throw new AccessViolationException("Delete Post: Cannot delete this comment, because neither the post nor the comment belong to the current user.");
}
postRepo.DeletePostComment(post.ID, commentID);
}
/// <summary>
/// Used when needing to add (append) messages to a specific conversation
/// </summary>
/// <param name="id"></param>
/// <returns></returns>
public Conversation GetConversationById(Guid id)
{
var convo = convoRepo.GetByID(id);
if (convo.PartyBID != CfIdentity.UserID && convo.PartyAID != CfIdentity.UserID && !CfPrincipal.IsGod())
{
throw new AccessViolationException("Cannot retrieve conversation that you are not part of");
}
return(convo);
}
