public async Task <IHttpActionResult> PostNewCampaign([FromBody] Campaign_CreateBM model)
{
if (db.Campaigns.Where(c => c.Title == model.Title).Count() > 0)
{
return(Conflict());
}
var thisUserId = int.Parse(User.Identity.GetUserId());
if (db.Campaigns.Where(c => c.CreatedById == thisUserId &&
(c.Status == CampaignStatus.PreliminaryRegistered ||
c.Status == CampaignStatus.CompletelyRegistered ||
c.Status == CampaignStatus.Waiting)).Count() >= 2)
{
CustomHttpExceptions.CustomHttpException(HttpStatusCode.Conflict, "The user cannot create a campaign because they already have maximum two 'Not-Accepted' campaigns");
}
var todayUtc = DateTime.UtcNow.Date;
if (
db.Campaigns.Where(c => c.CreatedById == thisUserId && c.CreatedDateUtc >= todayUtc).Count()
>= ApplicationDbContext.GlobalSettings.SecurityDoSMaxCampaignsPerUserPerDay
)
{
CustomHttpExceptions.CustomHttpException(HttpStatusCode.Conflict, "The user must wait up to one day to create a new campaign");
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
//NOTE: We use Ganss sanitizer for HTML (perhaps only Story) and our own MySanitizer for the rest
model.Title = Helpers.MySanitizer.StrictSanitize(model.Title);
model.Tagline = Helpers.MySanitizer.StrictSanitize(model.Tagline);
var campaign = new Campaign
{
Status = CampaignStatus.PreliminaryRegistered,
CreatedById = thisUserId,
TargetFund = model.TargetFund,
Title = model.Title,
Tagline = model.Tagline
};
AddOrUpdateSlug(ref campaign);
db.Campaigns.Add(campaign);
await db.SaveChangesAsync();
// return CreatedAtRoute("DefaultApi", new { id = campaign.Id }, campaign);
return(Created <Campaign>("DefaultApi", campaign));
}
public async Task <IHttpActionResult> PostCampaign(string id_or_slug, Campaign_UpdateBM model, bool soft_delete = false)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var campaign = GetCampaignByIdOrSlug(id_or_slug);
//Only the one who created the campaign can edit it
//TODO: What about admins?
var userId = User.Identity.GetUserId();
var user = db.Users.Find(int.Parse(userId));
if (campaign.CreatedById.ToString() != userId)
{
CustomHttpExceptions.CustomHttpException(HttpStatusCode.Unauthorized,
string.Format(
"Unauthorized: The user (Id = {0}) who has requested the update is not the creator of the campaign!",
userId)
);
}
/*TODO: think about these conditions and code business logic accordingly:
* 1) The user decides to cancel campaign in 'Waiting' status
* 2) The user decides to interrupt 'Waiting' status and do some changes
* 3) The user decides to remove an 'Approved' or 'Waiting' campaign
*/
if (campaign.Status.HasFlag(CampaignStatus.ReadOnly))
{
CustomHttpExceptions.CustomHttpException(HttpStatusCode.Forbidden, "Campaign can not be modified because of its current status");
}
if (soft_delete)
{
campaign.RemovedFlagUtc = DateTime.UtcNow;
db.Entry(campaign).State = EntityState.Modified;
await db.SaveChangesAsync();
return(StatusCode(HttpStatusCode.NoContent));
}
UpdateCampaignByUpdateCampaignVM(ref campaign, model);
AddOrUpdateSlug(ref campaign);
//Checks whether there is a base64 thumbnail
if (model.Base64Thumbnail != null)
{
var uploaderResponse = await Helpers.UploadHelper.UploadBase64ImageAsync(db, userId, model.Base64Thumbnail, FileServerTokenType.CampaignImageUpload);
if (uploaderResponse.StatusCode == HttpStatusCode.OK || uploaderResponse.StatusCode == HttpStatusCode.Created)
{
model.ThumbnailPath = uploaderResponse.FilePath;
model.ThumbnailServerId = uploaderResponse.FileServerId;
campaign.ThumbnailFileServerId = model.ThumbnailServerId;
campaign.ThumbnailFilePath = model.ThumbnailPath;
Console.WriteLine("Thumbnail Uploaded. Thumbnail Path:" + campaign.ThumbnailFilePath);
}
else
{
Console.WriteLine("Thumbnail Upload Error Code:" + uploaderResponse.StatusCode);
Console.WriteLine(uploaderResponse.Message);
}
}
if (model.CityId != null)
{
if (campaign.Location != null)
{
var location = campaign.Location;
location.CityId = (int)model.CityId;
db.Entry(location).State = EntityState.Modified;
}
else
{
campaign.Location = new Location {
CityId = (int)model.CityId
};
}
}
var waitingStatus = CheckandUpdateWaitingStatus(campaign, model.Status);
if (waitingStatus)
{
campaign.Status = CampaignStatus.Waiting | CampaignStatus.ReadOnly;
if (campaign.Account == null)
{
campaign.Account = new Account {
AccountName = "cmp_" + campaign.Id.ToString(), AccountType = AccountType.CampaignAccount
};
}
}
if (model.Tags != null)
{
AddTags(model.Tags, campaign);
}
db.Entry(campaign).State = EntityState.Modified;
await db.SaveChangesAsync();
return(StatusCode(HttpStatusCode.NoContent));
}