public override async Task <IViewProviderResult> BuildEditAsync(File file, IViewProviderContext context) { // No need to update the Create / Add view if (file.Id == 0) { return(default(IViewProviderResult)); } // Get entity relationships for file var relationships = await _entityFileStore.QueryAsync() .Take(int.MaxValue, false) .Select <EntityFileQueryParams>(q => { q.FileId.Equals(file.Id); }) .ToList(); // Get entities for file IPagedResults <Entity> entities = null; if (relationships?.Data != null) { entities = await _entityStore.QueryAsync() .Take(int.MaxValue, false) .Select <EntityQueryParams>(q => { q.Id.IsIn(relationships.Data.Select(f => f.EntityId).ToArray()); }) .ToList(); } // Build view model var viewModel = new FileEntitiesViewModel() { Results = entities }; // Return view return(Views( View <FileEntitiesViewModel>("Admin.Edit.FileEntities", model => viewModel) .Zone("content-right").Order(5) )); }
// ------------------------------ async Task <bool> AuthorizeAsync(File file) { // Get all relationships for the file var relationships = await _entityFileStore .QueryAsync() .Select <EntityFileQueryParams>(q => { q.FileId.Equals(file.Id); }) .ToList(); // We don't have any relationships to check against // Allow access as the file may not have been associated yet if (relationships?.Data == null) { return(true); } // Get all entities for relationships var entities = await _entityService .ConfigureQuery(async q => { // Get all entities associated with file q.Id.IsIn(relationships.Data.Select(r => r.EntityId).ToArray()); // Hide private? if (!await _authorizationService.AuthorizeAsync(HttpContext.User, Questions.Permissions.ViewPrivateQuestions)) { q.HidePrivate.True(); } // Hide hidden? if (!await _authorizationService.AuthorizeAsync(HttpContext.User, Questions.Permissions.ViewHiddenQuestions)) { q.HideHidden.True(); } // Hide spam? if (!await _authorizationService.AuthorizeAsync(HttpContext.User, Questions.Permissions.ViewSpamQuestions)) { q.HideSpam.True(); } // Hide deleted? if (!await _authorizationService.AuthorizeAsync(HttpContext.User, Questions.Permissions.ViewDeletedQuestions)) { q.HideDeleted.True(); } }) .GetResultsAsync(); // If we have results we have permission to view // at least one of the entities associted with the file if (entities?.Data != null) { return(true); } return(false); }