public ActionResult Assertion(int userID, int achievementID) { string userEmail, achievementImageURL; DateTime achievementDate; using (UnitOfWork work = new UnitOfWork()) { // Verify user actually has achievement if (!work.AchievementRepository.DoesUserHaveAchievement(userID, achievementID)) { return(new HttpStatusCodeResult(HttpStatusCode.NotFound)); } // If so, get data and generate assertion userEmail = work.UserRepository.GetUser(userID).email; achievement_template achievementTemplate = work.AchievementRepository.GetTemplateById(achievementID); achievementImageURL = JppUriInfo.GetAbsoluteUri(Request, achievementTemplate.icon); achievement_instance achievementInstance = work.AchievementRepository.GetUserAchievementInstance(userID, achievementID); achievementDate = achievementInstance.achieved_date; } string salt = "CoeA8DQf"; // As we are exposing the salt anyway, using a constant isn't an issue, and it saves us from having to store every randomly-generated salt in the db string hashedEmail; hashedEmail = Sha256Helper.HashStringWithSalt(userEmail, salt); var badgeAssertion = new { uid = GenerateUniqueId(userID, achievementID), recipient = new { identity = "sha256$" + hashedEmail, type = "email", hashed = true, salt = salt }, image = achievementImageURL, badge = JppUriInfo.GetCurrentDomain(Request) + Url.RouteUrl("OpenBadgeDescriptionRoute", new { Action = "BadgeDescription", achievementID = achievementID }), verify = new { type = "hosted", url = JppUriInfo.GetCurrentDomain(Request) + Url.RouteUrl("OpenBadgeRoute", new { Action = "Assertion", userID = userID, achievementID = achievementID }), }, issuedOn = achievementDate.ToString("s", System.Globalization.CultureInfo.InvariantCulture), evidence = JppUriInfo.GetCurrentDomain(Request) + Url.RouteUrl("AchievementsPlayersRoute", new { id = achievementID, playerID = userID }), }; return(Json(badgeAssertion, JsonRequestBehavior.AllowGet)); }
/// <summary> /// Helper for enabling or disabling comments on earnings /// </summary> /// <param name="earningID">The id of the earning</param> /// <param name="earningIsAchievement">Is this earning an achievement? If not, assume quest.</param> /// <param name="newState">The new state (true = DISABLED, false = ENABLED)</param> /// <returns>True if successful, false otherwise</returns> private Boolean EnableDisable(int earningID, bool earningIsAchievement, bool newState) { UnitOfWork work = new UnitOfWork(); // Get the instance, check the user and alter if (earningIsAchievement) { // Only instance owners or admins achievement_instance instance = work.EntityContext.achievement_instance.Find(earningID); if (instance.user_id != WebSecurity.CurrentUserId && !Roles.IsUserInRole(JPPConstants.Roles.FullAdmin)) { return(false); } // Already enabled? if (instance.comments_disabled == newState) { return(false); } instance.comments_disabled = newState; } else { // Only instance owners or admins quest_instance instance = work.EntityContext.quest_instance.Find(earningID); if (instance.user_id != WebSecurity.CurrentUserId && !Roles.IsUserInRole(JPPConstants.Roles.FullAdmin)) { return(false); } // Already enabled? if (instance.comments_disabled == newState) { return(false); } instance.comments_disabled = newState; } work.SaveChanges(); return(true); }
/// <summary> /// Determines if the logged in user has access to the earning /// </summary> /// <param name="earningID">The ID of the earning</param> /// <param name="earningIsAchievement">Is the earning an achievement? If not, it's a quest</param> /// <param name="work">The DB access</param> /// <returns>True if the user can access, false otherwise</returns> private bool UserCanAccessEarning(int earningID, bool earningIsAchievement, UnitOfWork work, out user earningUser, out object earningTemplate) { // Set up out param earningUser = null; earningTemplate = null; // Assume invalid, then check bool valid = false; if (earningIsAchievement) { // Base query for achievements var q = from e in work.EntityContext.achievement_instance where e.id == earningID select e; // Can the user "see" this earning? var mine = from e in q where e.user_id == WebSecurity.CurrentUserId select e; var publicUsers = from e in q where e.user.privacy_settings != (int)JPPConstants.PrivacySettings.FriendsOnly select e; var friendOnlyFriends = from e in q join f in work.EntityContext.friend on e.user_id equals f.source_id where e.user.privacy_settings == (int)JPPConstants.PrivacySettings.FriendsOnly && f.destination_id == WebSecurity.CurrentUserId select e; // Concat the queries and see if we have anything achievement_instance instance = mine.Concat(publicUsers).Concat(friendOnlyFriends).FirstOrDefault(); if (instance != null) { valid = true; earningUser = instance.user; earningTemplate = instance.achievement_template; } } else { // Base query for quests var q = from e in work.EntityContext.quest_instance where e.id == earningID select e; // Check different scenarios var mine = from e in q where e.user_id == WebSecurity.CurrentUserId select e; var publicUsers = from e in q where e.user.privacy_settings != (int)JPPConstants.PrivacySettings.FriendsOnly select e; var friendOnlyFriends = from e in q join f in work.EntityContext.friend on e.user_id equals f.source_id where e.user.privacy_settings == (int)JPPConstants.PrivacySettings.FriendsOnly && f.destination_id == WebSecurity.CurrentUserId select e; // Concat the queries and see if we have anything quest_instance instance = mine.Concat(publicUsers).Concat(friendOnlyFriends).FirstOrDefault(); if (instance != null) { valid = true; earningUser = instance.user; earningTemplate = instance.quest_template; } } return(valid); }
/// <summary> /// Populates an achievement view model with information about a single achievement /// </summary> /// <param name="id">The id of the achievement</param> /// <param name="userID">The id of the user for achievement progress info</param> /// <param name="questID">Use this to return only achievements related to a particular quest.</param> /// <param name="work">The Unit of Work for DB access. If null, one will be created</param> /// <returns>Info about a single achievement</returns> public static AchievementViewModel Populate(int id, UnitOfWork work = null) { if (work == null) { work = new UnitOfWork(); } bool currentUserPendingSubmission = false; bool currentUserEarned = false; DateTime?currentUserEarnedDate = null; if (WebSecurity.IsAuthenticated) { achievement_instance instance = (from ai in work.EntityContext.achievement_instance where ai.achievement_id == id && ai.user_id == WebSecurity.CurrentUserId select ai).FirstOrDefault(); // If instance exists, we have the achievement if (instance != null) { currentUserEarnedDate = instance.achieved_date; currentUserEarned = true; } else { // No instance, but might be pending currentUserPendingSubmission = (from pending in work.EntityContext.achievement_user_content_pending where pending.achievement_id == id && pending.submitted_by_id == WebSecurity.CurrentUserId select pending).Any(); } } // Get basic achievement info return((from a in work.EntityContext.achievement_template where a.id == id select new AchievementViewModel() { Quests = from step in a.quest_achievement_step where step.achievement_id == id select new AssociatedQuest() { ID = step.quest_id, Title = step.quest_template.title, UserGenerated = step.quest_template.user_generated }, ID = a.id, Description = a.description, Image = a.icon, Requirements = from r in a.achievement_requirement select r.description, State = a.state, SubmissionType = a.content_type, Title = a.title, PointsCreate = a.points_create, PointsExplore = a.points_explore, PointsLearn = a.points_learn, PointsSocialize = a.points_socialize, CurrentUserPendingSubmission = currentUserPendingSubmission, CurrentUserEarnedDate = currentUserEarnedDate, CurrentUserHasEarned = currentUserEarned }).FirstOrDefault()); }