private static void LogUploadZipFileResults(List <ActionResult> results, AddMediaObjectSettings settings)
{
var isSuccessful = results.All(r => r.Status == ActionResultStatus.Success.ToString());
int? galleryId = null;
IAlbum album = null;
try
{
album = Factory.LoadAlbumInstance(settings.AlbumId);
galleryId = album.GalleryId;
}
catch (InvalidAlbumException) { }
if (isSuccessful)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "{0} files were successfully extracted from the file '{1}' and added to album '{2}'.", results.Count, settings.FileName, album != null ? album.Title : "<Unknown>"), galleryId);
return;
}
// If we get here at least one of the results was an info, warning, error, etc.
var succesfulResults = results.Where(m => m.Status == ActionResultStatus.Success.ToString());
var unsuccesfulResults = results.Where(m => m.Status != ActionResultStatus.Success.ToString());
var msg = String.Format(CultureInfo.InvariantCulture, "{0} items in the uploaded file '{1}' were added to the gallery, but {2} files were skipped. Review the details for additional information. The file was uploaded by user {3}.", succesfulResults.Count(), settings.FileName, unsuccesfulResults.Count(), settings.CurrentUserName);
var ex = new UnsupportedMediaObjectTypeException(msg, null);
var i = 1;
foreach (var result in unsuccesfulResults)
{
ex.Data.Add("File " + i++, String.Format(CultureInfo.InvariantCulture, "{0}: {1}", result.Title, result.Message));
}
AppEventController.LogError(ex, galleryId);
}
/// <summary>
/// Verifies the application is running an Enterprise License, throwing a <see cref="GallerySecurityException" />
/// if it is not.
/// </summary>
/// <exception cref="GallerySecurityException">Thrown when the application is not running an Enterprise License.
/// </exception>
private static void ValidateEnterpriseLicense()
{
if (AppSetting.Instance.License.LicenseType != LicenseLevel.Enterprise)
{
AppEventController.LogEvent("Attempt to use a feature that requires an Enterprise License.", null, EventType.Warning);
throw new GallerySecurityException("Attempt to use a feature that requires an Enterprise License.");
}
}
/// <summary>
/// Verifies the application is running an Enterprise License, throwing a <see cref="GallerySecurityException" />
/// if it is not.
/// </summary>
/// <param name="album">The album.</param>
/// <exception cref="GallerySecurityException">Thrown when the application is not running an Enterprise License.
/// </exception>
private static void ValidateEnterpriseLicense(IAlbum album)
{
if (AppSetting.Instance.License.LicenseType != LicenseLevel.Enterprise)
{
AppEventController.LogEvent("RSS/Atom feeds require an Enterprise License.", album.GalleryId, EventType.Warning);
throw new GallerySecurityException("RSS/Atom feeds require an Enterprise License.");
}
}
/// <summary>
/// Adds a media file to an album. Prior to calling this method, the file should exist in the
/// temporary upload directory (<see cref="GlobalConstants.TempUploadDirectory" />) in the
/// App_Data directory with the name <see cref="AddMediaObjectSettings.FileNameOnServer" />. The
/// file is copied to the destination album and given the name of
/// <see cref="AddMediaObjectSettings.FileName" /> (instead of whatever name it currently has, which
/// may contain a GUID).
/// </summary>
/// <param name="settings">The settings that contain data and configuration options for the media file.</param>
/// <returns>List{ActionResult}.</returns>
/// <exception cref="System.Web.Http.HttpResponseException">Thrown when the user does not have permission to add media
/// objects or some other error occurs.</exception>
public List <ActionResult> CreateFromFile(AddMediaObjectSettings settings)
{
try
{
settings.CurrentUserName = Utils.UserName;
var fileExt = Path.GetExtension(settings.FileName);
if (fileExt != null && fileExt.Equals(".zip", StringComparison.OrdinalIgnoreCase))
{
Task.Factory.StartNew(() =>
{
var results = GalleryObjectController.AddMediaObject(settings);
// Since we don't have access to the user's session here, let's create a log entry.
LogUploadZipFileResults(results, settings);
});
return(new List <ActionResult>
{
new ActionResult
{
Title = settings.FileName,
Status = ActionResultStatus.Async.ToString()
}
});
}
else
{
var results = GalleryObjectController.AddMediaObject(settings);
Utils.AddResultToSession(results);
return(results);
}
}
catch (GallerySecurityException)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from adding a media object."), null, EventType.Warning);
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
catch (Exception ex)
{
AppEventController.LogError(ex);
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = Utils.GetExStringContent(ex),
ReasonPhrase = "Server Error"
});
}
}
public async Task <IActionResult> CreateFromFile(AddMediaObjectSettings settings)
{
try
{
settings.CurrentUserName = _userController.UserName;
var fileExt = Path.GetExtension(settings.FileName);
if (fileExt != null && fileExt.Equals(".zip", StringComparison.OrdinalIgnoreCase))
{
_galleryObjectController.AddMediaObject(settings);
//Task.Factory.StartNew(async () =>
//{
// var results = await _galleryObjectController.AddMediaObject(settings);
// // Since we don't have access to the user's session here, let's create a log entry.
// //LogUploadZipFileResults(results, settings);
//});
return(new JsonResult(new List <Business.ActionResult>
{
new Business.ActionResult
{
Title = settings.FileName,
Status = ActionResultStatus.Async.ToString()
}
}));
}
else
{
var results = await _galleryObjectController.AddMediaObject(settings);
//Utils.AddResultToSession(results);
return(new JsonResult(results));
}
}
catch (GallerySecurityException)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from adding a media object."), null, EventType.Warning);
return(Forbid());
}
catch (Exception ex)
{
AppEventController.LogError(ex);
return(StatusCode(500, _exController.GetExString(ex)));
}
}
/// <summary>
/// Persists the media item to the data store. The current implementation requires that
/// an existing item exist in the data store.
/// </summary>
/// <param name="mediaItem">An instance of <see cref="Entity.MediaItem"/> to persist to the data
/// store.</param>
/// <exception cref="System.Web.Http.HttpResponseException"></exception>
public ActionResult PutMediaItem(Entity.MediaItem mediaItem)
{
try
{
var mo = Factory.LoadMediaObjectInstance(mediaItem.Id, true);
var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.EditMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum);
if (!isUserAuthorized)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from editing media object {0}.", mo.Id), mo.GalleryId, EventType.Warning);
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
mo.Title = mediaItem.Title;
GalleryObjectController.SaveGalleryObject(mo);
HelperFunctions.PurgeCache();
return(new ActionResult
{
Status = ActionResultStatus.Success.ToString(),
Title = String.Empty,
Message = String.Empty,
ActionTarget = mediaItem
});
}
catch (InvalidMediaObjectException)
{
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.NotFound)
{
Content = new StringContent(String.Format("Could not find media item with ID = {0}", mediaItem.Id)),
ReasonPhrase = "Media Object Not Found"
});
}
catch (HttpResponseException)
{
throw; // Rethrow, since we've already logged it above
}
catch (Exception ex)
{
AppEventController.LogError(ex);
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = Utils.GetExStringContent(ex),
ReasonPhrase = "Server Error"
});
}
}
/// <summary>
/// Permanently deletes the specified media object from the file system and data store. No action is taken if the
/// user does not have delete permission.
/// </summary>
/// <param name="id">The ID of the media object to be deleted.</param>
//public HttpResponseMessage DeleteMediaItem(Entity.MediaItem mediaItem)
public void Delete(int id)
{
IGalleryObject mo = null;
try
{
mo = Factory.LoadMediaObjectInstance(id);
var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.DeleteMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum);
var isGalleryReadOnly = Factory.LoadGallerySetting(mo.GalleryId).MediaObjectPathIsReadOnly;
if (!isUserAuthorized || isGalleryReadOnly)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from deleting media object {0}.", mo.Id), mo.GalleryId, EventType.Warning);
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden));
}
mo.Delete();
HelperFunctions.PurgeCache();
}
catch (InvalidMediaObjectException)
{
// HTTP specification says the DELETE method must be idempotent, so deleting a nonexistent item must have
// the same effect as deleting an existing one. So we do nothing here and let the method return HttpStatusCode.OK.
}
catch (HttpResponseException)
{
throw; // Rethrow, since we've already logged it above
}
catch (Exception ex)
{
if (mo != null)
{
AppEventController.LogError(ex, mo.GalleryId);
}
else
{
AppEventController.LogError(ex);
}
throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError)
{
Content = Utils.GetExStringContent(ex),
ReasonPhrase = "Server Error"
});
}
}
public async Task <IActionResult> Delete(int id)
{
IGalleryObject mo = null;
try
{
mo = Factory.LoadMediaObjectInstance(id);
var isUserAuthorized = (await _authorizationService.AuthorizeAsync(User, mo, Operations.DeleteMediaObject)).Succeeded;
//var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.DeleteMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum);
var isGalleryReadOnly = Factory.LoadGallerySetting(mo.GalleryId).MediaObjectPathIsReadOnly;
if (!isUserAuthorized || isGalleryReadOnly)
{
AppEventController.LogEvent($"Unauthorized access detected. The security system prevented a user from deleting media asset {mo.Id}.", mo.GalleryId, EventType.Warning);
return(Forbid());
}
mo.Delete();
return(Ok($"Media asset {id} deleted..."));
}
catch (InvalidMediaObjectException)
{
// HTTP specification says the DELETE method must be idempotent, so deleting a nonexistent item must have
// the same effect as deleting an existing one. So we do nothing here and let the method return HttpStatusCode.OK.
return(Ok($"Media asset with ID {id} does not exist."));
}
catch (Exception ex)
{
if (mo != null)
{
AppEventController.LogError(ex, mo.GalleryId);
}
else
{
AppEventController.LogError(ex);
}
return(StatusCode(500, _exController.GetExString(ex)));
}
}
/// <summary>
/// Validates that remote syncing is enabled and that the specified <paramref name="password" /> is valid.
/// </summary>
/// <param name="album">The album to synchronize.</param>
/// <param name="password">The password that allows remote access to the synchronization API.</param>
/// <returns><c>true</c> if validation succeeds, <c>false</c> otherwise</returns>
private static bool ValidateRemoteSync(IAlbum album, string password)
{
IGallerySettings gallerySettings = Factory.LoadGallerySetting(album.GalleryId);
if (!gallerySettings.EnableRemoteSync)
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Cannot start synchronization: A web request to start synchronizing album '{0}' (ID {1}) was received, but the gallery is currently configured to disallow remote synchronizations. This feature can be enabled on the Albums page in the Site admin area.", album.Title, album.Id), album.GalleryId, EventType.Info);
return(false);
}
if (!gallerySettings.RemoteAccessPassword.Equals(password))
{
AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Cannot start synchronization: A web service request to start synchronizing album '{0}' (ID {1}) was received, but the specified password is incorrect.", album.Title, album.Id), album.GalleryId, EventType.Info);
return(false);
}
return(true);
}