public async Task <TalkSubmission> Submit(TalkSubmission talk) { var mostRecentEvent = await DbSession .Query <Event>() .OrderByDescending(e => e.DateTime) .FirstAsync(); // Make sure the event is not closed for talks. if (!mostRecentEvent.IsAcceptingTalkSubmissions) { throw new InvalidOperationException("This event is not currently accepting talk submissions"); } if (mostRecentEvent.NoTalkSubmissionsAfter.HasValue && DateTime.UtcNow > mostRecentEvent.NoTalkSubmissionsAfter) { throw new InvalidOperationException("This event is closed for new talks"); } talk.Id = null; talk.AuthorEmail = User.Identity.Name; talk.SubmissionDate = DateTime.UtcNow; talk.SubmittedByUserId = "ApplicationUsers/" + User.Identity.Name; talk.EventId = mostRecentEvent.Id; await DbSession.StoreAsync(talk); return(talk); }
public async Task <TalkSubmission> Update(TalkSubmission talk) { // Authorize: you can only update your talks. var existingTalk = await DbSession.LoadRequiredAsync <TalkSubmission>(talk.Id); var currentUser = await this.GetUserOrThrow(); var isTalkOwner = string.Equals(currentUser.Id, existingTalk.SubmittedByUserId, StringComparison.InvariantCultureIgnoreCase); var isAdmin = currentUser.Roles.Contains(Roles.Admin); if (!isTalkOwner && !isAdmin) { throw new UnauthorizedAccessException(); } existingTalk.Update(talk); return(existingTalk); }