Example #1
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();

        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login to do this.");
        }

        if (!WebUser.HasRole(UserRoles.Admin) &&
            !WebUser.HasRole(UserRoles.Editor) &&
            !WebUser.HasRole(UserRoles.Author))
        {
            throw new HttpException(401, "You do not have permission to do that.");
        }

        var mode               = context.Request.Form["mode"];
        var title              = context.Request.Form["postTitle"];
        var content            = context.Request.Form["postContent"];
        var slug               = context.Request.Form["postSlug"];
        var id                 = context.Request.Form["postId"];
        var datePublished      = context.Request.Form["postDatePublished"];
        var postTags           = context.Request.Form["postTags"];
        var authorId           = context.Request.Form["postAuthorId"];
        IEnumerable <int> tags = new int[] { };

        if (!string.IsNullOrEmpty(postTags))
        {
            tags = postTags.Split(',').Select(v => Convert.ToInt32(v));
        }

        if ((mode == "edit" || mode == "delete") && WebUser.HasRole(UserRoles.Author))
        {
            if (WebUser.UserId != Convert.ToInt32(authorId))
            {
                throw new HttpException(401, "You do not have permission to do that.");
            }
        }

        if (string.IsNullOrWhiteSpace(slug))
        {
            slug = CreateSlug(title);
        }

        if (mode == "edit")
        {
            EditPost(Convert.ToInt32(id), title, content, slug, datePublished, Convert.ToInt32(authorId), tags);
        }
        else if (mode == "new")
        {
            CreatePost(title, content, slug, datePublished, WebUser.UserId, tags);
        }
        else if (mode == "delete")
        {
            DeletePost(slug);
        }


        context.Response.Redirect("~/admin/post/");
    }
Example #2
0
        public void ProcessRequest(HttpContext context)
        {
            AntiForgery.Validate();
            if (!WebUser.IsAuthenticated)
            {
                throw new HttpException(401, "You must login to do this.");
            }

            if (!WebUser.HasRole(UserRoles.Admin))
            {
                throw new HttpException(401, "You do not have permission to do this.");
            }

            var mode         = context.Request.Form["mode"];
            var name         = context.Request.Form["roleName"];
            var id           = context.Request.Form["roleId"];
            var resourceItem = context.Request.Form["resourceItem"];

            if (mode == "edit")
            {
                Edit(Convert.ToInt32(id), name);
            }
            else if (mode == "new")
            {
                Create(name);
            }
            else if (mode == "delete")
            {
                Delete(name ?? resourceItem);
            }
            if (string.IsNullOrEmpty(resourceItem))
            {
                context.Response.Redirect("~/admin/role/");
            }
        }
Example #3
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();

        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login to do this.");
        }

        if (!WebUser.HasRole(UserRoles.Admin))
        {
            throw new HttpException(401, "You do not have permission to do this.");
        }


        var mode      = context.Request.Form["mode"];
        var username  = context.Request.Form["accountName"];
        var password1 = context.Request.Form["accountPassword1"];
        var password2 = context.Request.Form["accountPassword2"];
        var id        = context.Request.Form["accountId"];
        var email     = context.Request.Form["accountEmail"];
        var userRoles = context.Request.Form["accountRoles"];
        var roles     = userRoles.Split(',').Select(v => Convert.ToInt32(v));


        if (mode == "delete")
        {
            Delete(username);
        }
        else
        {
            if (password1 != password2)
            {
                throw new Exception("Passwords do not match.");
            }

            if (string.IsNullOrWhiteSpace(email))
            {
                throw new Exception("Email cannot be blank.");
            }

            if (string.IsNullOrWhiteSpace(username))
            {
                throw new Exception("Username cannot be blank.");
            }

            if (mode == "edit")
            {
                Edit(Convert.ToInt32(id), username, password1, email, roles);
            }
            else if (mode == "new")
            {
                Create(username, password1, email, roles);
            }
        }

        context.Response.Redirect("~/admin/account/");
    }
Example #4
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();

        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login to do this");
        }
        if (!WebUser.HasRole(UserRoles.Admin) && !WebUser.HasRole(UserRoles.Editor))
        {
            throw new HttpException(401, "You do not have permission to do that");
        }

        var mode         = context.Request.Form["mode"];
        var name         = context.Request.Form["tagName"];
        var friendlyName = context.Request.Form["tagFriendlyName"];
        var id           = context.Request.Form["tagId"];
        var resourceItem = context.Request.Form["resourceItem"];

        if (mode == "delete")
        {
            DeleteTag(friendlyName ?? resourceItem);
        }
        else
        {
            if (string.IsNullOrWhiteSpace(friendlyName))
            {
                friendlyName = CreateTag(name);
            }

            if (mode == "edit")
            {
                EditTag(Convert.ToInt32(id), name, friendlyName);
            }
            else if (mode == "new")
            {
                CreateTag(name, friendlyName);
            }
        }
        if (string.IsNullOrEmpty(resourceItem))
        {
            context.Response.Redirect("~/admin/tag");
        }
    }
Example #5
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();

        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login !");
        }

        if (!WebUser.HasRole(UserRoles.Admin) && !WebUser.HasRole(UserRoles.Editor))
        {
            throw new HttpException(401, "You must be admin or editor!");
        }

        //treba nam mode jer cemo u zavisnosti od njega, ako je edit da ispravljamo post ako je new da pravimo novi...
        var mode = context.Request.Form["mode"];

        var name         = context.Request.Form["tagName"];
        var friendlyName = context.Request.Form["tagFriendlyName"];
        var id           = context.Request.Form["tagId"];

        if (string.IsNullOrWhiteSpace(friendlyName))
        {
            friendlyName = CreateFriendlyName(name);
        }

        if (mode == "edit")
        {
            EditTag(Convert.ToInt32(id), name, friendlyName);
        }
        else if (mode == "new")
        {
            CreateTag(name, friendlyName);
        }
        else if (mode == "delete")
        {
            DeleteTag(friendlyName);
        }

        context.Response.Redirect("~/admin/tag/");
    }
Example #6
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();

        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login !");
        }


        if (!WebUser.HasRole(UserRoles.Admin))
        {
            throw new HttpException(401, "You do not have permission to do this");
        }

        //treba nam mode jer cemo u zavisnosti od njega, ako je edit da ispravljamo post ako je new da pravimo novi...
        var mode = context.Request.Form["mode"];

        var name = context.Request.Form["roleName"];
        var id   = context.Request.Form["roleId"];

        if (mode == "edit")
        {
            Edit(Convert.ToInt32(id), name);
        }
        else if (mode == "new")
        {
            Create(name);
        }
        else if (mode == "delete")
        {
            Delete(name);
        }

        context.Response.Redirect("~/admin/role/");
    }
Example #7
0
    public void ProcessRequest(HttpContext context)
    {
        AntiForgery.Validate();


        if (!WebUser.IsAuthenticated)
        {
            throw new HttpException(401, "You must login !");
        }


        if (!WebUser.HasRole(UserRoles.Admin))
        {
            throw new HttpException(401, "You do not have permission to do this");
        }


        //treba nam mode jer cemo u zavisnosti od njega, ako je edit da ispravljamo post ako je new da pravimo novi...
        var mode      = context.Request.Form["mode"];
        var username  = context.Request.Form["accountName"];
        var password1 = context.Request.Form["accountPassword1"];
        var password2 = context.Request.Form["accountPassword2"];
        //var datePublished = context.Request.Form["postDatePublished"];
        var id        = context.Request.Form["accountId"];
        var email     = context.Request.Form["accountEmail"];
        var userRoles = context.Request.Form["accountRoles"];
        var roles     = userRoles.Split(',').Select(v => Convert.ToInt32(v));


        if (mode == "delete")
        {
            Delete(username);
        }
        else
        {
            if (password1 != password2)
            {
                throw new Exception("Password dont match!");
            }

            if (string.IsNullOrWhiteSpace(email))
            {
                throw new Exception("Email cannot be blank!");
            }

            if (string.IsNullOrWhiteSpace(username))
            {
                throw new Exception("Username cannot be blank!");
            }

            if (mode == "edit")
            {
                Edit(Convert.ToInt32(id), username, password1, email, roles);
            }
            else if (mode == "new")
            {
                Create(username, password1, email, roles);
            }
        }

        context.Response.Redirect("~/admin/account/");
    }