private bool CheckPagesSaveRoles(AdminPageSave pageSave, Page editedPage, ApplicationUser newAuthor) { if (!pageSave.Id.HasValue && !HttpContext.UserHasClaimPermission(PermissionClaims.CreateNewPages)) { return(false); } if (pageSave.Id.HasValue && !HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages) && !(editedPage.Author.UserName == User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.EditOwnPages))) { return(false); } if (!HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages) && newAuthor.UserName != User.Identity.Name) { return(false); } if (pageSave.IsPublished && (!pageSave.Id.HasValue || !editedPage.IsPublished)) { string authorUserName = newAuthor.UserName; if (!(authorUserName != User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.PublishOtherUsersPages)) && !(authorUserName == User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.PublishOwnPages))) { return(false); } } return(true); }
private AdminPageSave CreateAdminPageSave(Page page) { IQueryable <ApplicationUser> authors = db.Users.Where(x => x.Enabled); if (!HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages)) { authors = authors.Where(x => x.UserName == User.Identity.Name); } AdminPageSave viewModel = new AdminPageSave(page, dateTimeUtil); viewModel.Authors = authors.ToList().Select(x => new SelectListItem { Value = x.Id.ToString(), Text = x.UserName }); viewModel.Pages = (from p in db.Pages where p.Id != page.Id select new { p.Id, p.Title }).ToList().Select(x => new SelectListItem { Value = x.Id.ToString(), Text = x.Title, Selected = x.Id == page.ParentId }); return(viewModel); }