protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { var team = new UserTeamManagement(Global.ConnectionString, SessionProps).GetTeam(TeamId); //check that it's the users team //verify team owner if (team.UserGUID != SessionProps.UserGuid && !SessionProps.HasPermission("ADMIN")) { //log the attempted breach MailAndLog.SendMessage("Försök att sabba lag", String.Format("Användaren: {0} med guid: {1} försökte ändra bild på laget: {2} med guid: {3}", SessionProps.UserName, SessionProps.UserGuid.ToString(), team.Name, team.GUID), Parameters.Instance.MailSender, Parameters.Instance.SupportMail); throw new AccessViolationException("Attempt to tamper with other users team"); } if (!String.IsNullOrEmpty(team.Picture)) { uploadImage.UploadUserImage(team.Picture); } else { uploadImage.UploadUserImage(); } } }
public void ProcessRequest(HttpContext context) { var userTeamId = context.Request.Params["UserTeamId"]; if (userTeamId == null) { //send error SendException(context, new BadRequestException("GetUserTeam called without UserTeamId")); } Guid userTeamGuid; if (!Guid.TryParse(userTeamId, out userTeamGuid)) { //send error SendException(context, new BadRequestException("GetUserTeam called without valid UserTeamId")); } var userTeamManagement = new UserTeamManagement(Global.ConnectionString, Global.SessionProperties); var userTeam = userTeamManagement.GetTeam(userTeamGuid); var userTeamDto = new UserTeamDTO(); userTeamDto.Id = userTeam.GUID.ToString(); userTeamDto.Name = userTeam.Name; userTeamDto.Description = userTeam.Presentation; //are we in a transfer period? var transferPeriod = new CommonDataFetches(Global.ConnectionString, Global.SessionProperties); JsonResponse(context, userTeamDto); }
protected void btnToggleFavorite_Click(object sender, EventArgs e) { var trans = new UserTeamManagement(Global.ConnectionString, SessionProps); trans.ToggleUserFavoriteTeam(TeamId); LoadTeam(); }
protected void uploadImage_ImageUploaded() { //store the new image name var trans = new UserTeamManagement(Global.ConnectionString, SessionProps); trans.UpdateTeamImage(TeamId, uploadImage.ImageNameToStore); uploadImage.Visible = false; lblMessage.Text = "Bilden är uppladdad..."; }