Example #1
0
        public CommentForApiContract Create(int entryId, CommentForApiContract contract)
        {
            ParamIs.NotNull(() => contract);

            permissionContext.VerifyPermission(PermissionToken.CreateComments);

            if (contract.Author == null || contract.Author.Id != permissionContext.LoggedUserId)
            {
                throw new NotAllowedException("Can only post as self");
            }

            var entry = Load(entryId);
            var agent = ctx.OfType <User>().CreateAgentLoginData(permissionContext, ctx.OfType <User>().Load(contract.Author.Id));

            var comment = entry.CreateComment(contract.Message, agent);

            ctx.Save(comment);

            ctx.AuditLogger.AuditLog(string.Format("creating comment for {0}: '{1}'",
                                                   entryLinkFactory.CreateEntryLink(entry),
                                                   HttpUtility.HtmlEncode(contract.Message)),
                                     agent);

            new UserCommentNotifier().CheckComment(comment, entryLinkFactory, ctx.OfType <User>());

            return(new CommentForApiContract(comment, userIconFactory));
        }
Example #2
0
        public string[] GetTempBannedIPs()
        {
            userContext.VerifyPermission(PermissionToken.ManageIPRules);

            var hosts = ipRuleManager.TempBannedIPs.Hosts;

            return(hosts);
        }
        public async Task DeleteIPRule(int ruleID)
        {
            userContext.VerifyPermission(PermissionToken.ManageIPRules);

            await repo.HandleTransactionAsync(async ctx => {
                var rule = await ctx.LoadAsync <IPRule>(ruleID);
                await ctx.DeleteAsync(rule);
                ipRuleManager.RemovePermBannedIP(rule.Address);
                ctx.AuditLogger.SysLog($"removed {rule.Address} from banned IPs");
            });
        }
Example #4
0
        public WebhookContract[] GetWebhooks()
        {
            _permissionContext.VerifyPermission(PermissionToken.ManageWebhooks);

            return(_repo.HandleQuery(ctx =>
            {
                return ctx.Query <Webhook>()
                .ToArray()
                .Select(w => new WebhookContract(w))
                .ToArray();
            }));
        }
Example #5
0
        public static void UpdateEntity <TEntity, TRepositoryContext>(this IRepositoryBase <TRepositoryContext> repository, int id,
                                                                      Action <TRepositoryContext, TEntity> func, PermissionToken permissionFlags, IUserPermissionContext permissionContext,
                                                                      bool skipLog = false) where TRepositoryContext : IDatabaseContext
        {
            var typeName = typeof(TEntity).Name;

            permissionContext.VerifyPermission(permissionFlags);

            repository.HandleTransaction(session => {
                session.AuditLogger.SysLog(string.Format("is about to update {0} with Id {1}", typeName, id));

                var entity = session.Load <TEntity>(id);

                if (!skipLog)
                {
                    session.AuditLogger.AuditLog("updating " + entity);
                }
                else
                {
                    session.AuditLogger.SysLog("updating " + entity);
                }

                func(session, entity);

                session.OfType <TEntity>().Update(entity);
            }, "Unable to update " + typeName);
        }
Example #6
0
        public void UpdateVersionVisibility <TArchivedVersion>(int archivedVersionId, bool hidden) where TArchivedVersion : class, IArchivedObjectVersion
        {
            permissionContext.VerifyPermission(PermissionToken.ViewHiddenRevisions);

            repository.HandleTransaction(session => {
                var archivedVersion = session.Load <TArchivedVersion>(archivedVersionId);

                archivedVersion.Hidden = hidden;

                AuditLog($"updated version visibility for {archivedVersion} to Hidden = {hidden}", session);
            });
        }
Example #7
0
        public int RemoveTagUsage <TUsage, TEntry>(long tagUsageId, IRepository <TEntry> repository) where TUsage : TagUsage
        {
            permissionContext.VerifyPermission(PermissionToken.RemoveTagUsages);

            return(repository.HandleTransaction(ctx => {
                ctx.AuditLogger.SysLog(string.Format("deleting tag usage with Id {0}", tagUsageId));

                var tagUsage = ctx.Load <TUsage>(tagUsageId);

                ctx.AuditLogger.AuditLog(string.Format("removing {0}", tagUsage));

                tagUsage.Delete();
                ctx.Delete(tagUsage);
                ctx.Update(tagUsage.Tag);

                return tagUsage.Entry.Id;
            }));
        }
 public static void VerifyManageDatabase(this IUserPermissionContext permissionContext)
 {
     permissionContext.VerifyPermission(PermissionToken.ManageDatabase);
 }
Example #9
0
        public WebhookContract[] GetWebhooks()
        {
            _userContext.VerifyPermission(PermissionToken.ManageWebhooks);

            return(_queries.GetWebhooks());
        }
Example #10
0
        public TagUsageForApiContract[] AddTags <TEntry, TTag>(int entryId,
                                                               TagBaseContract[] tags,
                                                               bool onlyAdd,
                                                               IRepository <User> repository,
                                                               IEntryLinkFactory entryLinkFactory,
                                                               IEnumTranslations enumTranslations,
                                                               Func <TEntry, TagManager <TTag> > tagFunc,
                                                               Func <TEntry, IDatabaseContext <TTag>, ITagUsageFactory <TTag> > tagUsageFactoryFactory)
            where TEntry : IEntryWithNames, IEntryWithTags where TTag : TagUsage
        {
            ParamIs.NotNull(() => tags);

            permissionContext.VerifyPermission(PermissionToken.EditTags);

            tags = tags.Where(IsValid).ToArray();

            if (onlyAdd && !tags.Any())
            {
                return(new TagUsageForApiContract[0]);
            }

            return(repository.HandleTransaction(ctx => {
                // Tags are primarily added by Id, secondarily by translated name.
                // First separate given tags for tag IDs and tag names
                var tagIds = tags.Where(HasId).Select(t => t.Id).ToArray();
                var translatedTagNames = tags.Where(t => !HasId(t) && !string.IsNullOrEmpty(t.Name)).Select(t => t.Name).ToArray();

                // Load existing tags by name and ID.
                var tagsFromIds = ctx.Query <Tag>().Where(t => tagIds.Contains(t.Id)).ToArray();

                var tagsFromNames = ctx.Query <Tag>().WhereHasName(translatedTagNames).ToArray();

                // Figure out tags that don't exist yet (no ID and no matching name).
                var newTagNames = translatedTagNames.Except(tagsFromNames.SelectMany(t => t.Names.AllValues), StringComparer.InvariantCultureIgnoreCase).ToArray();

                var user = ctx.OfType <User>().GetLoggedUser(permissionContext);
                var tagFactory = new TagFactoryRepository(ctx.OfType <Tag>(), new AgentLoginData(user));
                var newTags = newTagNames.Select(t => tagFactory.CreateTag(t)).ToArray();

                var entry = ctx.OfType <TEntry>().Load(entryId);

                // Get the final list of tag names with translations
                var appliedTags = tagsFromNames
                                  .Concat(tagsFromIds)
                                  .Where(t => permissionContext.HasPermission(PermissionToken.ApplyAnyTag) || t.IsValidFor(entry.EntryType))
                                  .Concat(newTags)
                                  .Distinct()
                                  .ToArray();

                var tagUsageFactory = tagUsageFactoryFactory(entry, ctx.OfType <TTag>());

                var tagNames = appliedTags.Select(t => t.DefaultName);
                ctx.AuditLogger.AuditLog(string.Format("tagging {0} with {1}",
                                                       entryLinkFactory.CreateEntryLink(entry), string.Join(", ", tagNames)), user);

                var addedTags = appliedTags.Except(entry.Tags.Tags).ToArray();
                new FollowedTagNotifier().SendNotifications(ctx, entry, addedTags, new[] { user.Id }, entryLinkFactory, enumTranslations);

                var updatedTags = tagFunc(entry).SyncVotes(user, appliedTags, tagUsageFactory, onlyAdd: onlyAdd);
                var tagCtx = ctx.OfType <Tag>();

                foreach (var tag in updatedTags)
                {
                    tagCtx.Update(tag);
                }

                RecomputeTagUsagesCounts(tagCtx, updatedTags);

                ctx.AuditLogger.SysLog("finished tagging");

                return tagFunc(entry).ActiveUsages.Select(t => new TagUsageForApiContract(t, permissionContext.LanguagePreference)).ToArray();
            }));
        }