private bool CheckPagesSaveRoles(AdminPageSave pageSave, Page editedPage, ApplicationUser newAuthor)
{
if (!pageSave.Id.HasValue && !HttpContext.UserHasClaimPermission(PermissionClaims.CreateNewPages))
{
return(false);
}
if (pageSave.Id.HasValue && !HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages) &&
!(editedPage.Author.UserName == User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.EditOwnPages)))
{
return(false);
}
if (!HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages) && newAuthor.UserName != User.Identity.Name)
{
return(false);
}
if (pageSave.IsPublished && (!pageSave.Id.HasValue || !editedPage.IsPublished))
{
string authorUserName = newAuthor.UserName;
if (!(authorUserName != User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.PublishOtherUsersPages)) &&
!(authorUserName == User.Identity.Name && HttpContext.UserHasClaimPermission(PermissionClaims.PublishOwnPages)))
{
return(false);
}
}
return(true);
}
private AdminPageSave CreateAdminPageSave(Page page)
{
IQueryable <ApplicationUser> authors = db.Users.Where(x => x.Enabled);
if (!HttpContext.UserHasClaimPermission(PermissionClaims.EditOtherUsersPages))
{
authors = authors.Where(x => x.UserName == User.Identity.Name);
}
AdminPageSave viewModel = new AdminPageSave(page, dateTimeUtil);
viewModel.Authors = authors.ToList().Select(x => new SelectListItem {
Value = x.Id.ToString(), Text = x.UserName
});
viewModel.Pages = (from p in db.Pages
where p.Id != page.Id
select new { p.Id, p.Title }).ToList().Select(x => new SelectListItem {
Value = x.Id.ToString(), Text = x.Title, Selected = x.Id == page.ParentId
});
return(viewModel);
}