public async Task Create([FromBody] EditathonConfig cfg) { var user = _identity.GetUserInfo().Username; if (_session.Query <Editathon>().Any(_ => _.Code == cfg.Code || _.Name == cfg.Name)) { throw Forbidden(); } var rights = _identity.GetUserRights(); await rights.Actualize(); var publish = rights.IsAdminIn(cfg.Wiki); if (!publish && _session.Query <Editathon>().Any(_ => _.Creator == user && !_.IsPublished)) { throw Forbidden(); } var e = new Editathon { Creator = user, IsPublished = publish, }; ApplyConfig(e, cfg); _session.Save(e); }
public async Task SetConfig(EditathonCode code, [FromBody] EditathonConfig cfg) { var e = code.Get(q => q .Fetch(_ => _.Jury) .Fetch(_ => _.Rules), false); if (_session.Query <Editathon>().Any(_ => (_.Code == cfg.Code || _.Name == cfg.Name) && _ != e)) { throw Forbidden(); } var user = _identity.GetUserInfo(); var rights = _identity.GetUserRights(); await rights.Actualize(); if (!e.IsPublished) { // before publishing only creator and admins of the source wiki can edit if (e.Creator != user.Username && !rights.IsAdminIn(e.Wiki)) { throw Forbidden(); } } else { if (e.Code != cfg.Code) { throw Forbidden(); } // after publishing only admins of the source wiki can edit if (!rights.IsAdminIn(e.Wiki)) { throw Forbidden(); } if (e.Wiki != cfg.Wiki) { // changing wikis is prohibited if editathon has any articles if (_session.Query <Article>().Any(a => a.Editathon == e)) { throw Forbidden(); } // don't publish to target wiki if user is not admin there if (!rights.IsAdminIn(cfg.Wiki)) { e.IsPublished = false; } } } ApplyConfig(e, cfg); }
private void ApplyConfig(Editathon e, EditathonConfig cfg) { e.Code = cfg.Code; e.Name = cfg.Name; e.Description = cfg.Description; e.Start = cfg.Start; e.Finish = cfg.Finish; e.Wiki = cfg.Wiki; e.Flags = cfg.Flags; e.Rules.Clear(); e.Rules.UnionWith(cfg.Rules.Select(_session.Merge)); e.Marks = cfg.Marks; e.Template = cfg.Template; e.Jury.Clear(); e.Jury.UnionWith(cfg.Jury); }