public async Task <ActionResult> Edit([Bind(Include = "Id,Enabled,Name,MvvmTemplateCategoryId,Language,Tags,ViewModel,View")] MvvmTemplate mvvmTemplate) { // Have to retrieve and reassign the ApplicationUserId since it wasn't given // to the client (a security risk). Be sure to use AsNoTracking() so EF doesn't // think we're attaching a dupe on SaveChanges(). var t = db.MvvmTemplates.AsNoTracking().First(template => template.Id == mvvmTemplate.Id); mvvmTemplate.ApplicationUserId = t.ApplicationUserId; if (!AuthorizeTemplateAccess(t)) { return(new HttpUnauthorizedResult()); } if (ModelState.IsValid) { db.Entry(mvvmTemplate).State = EntityState.Modified; await db.SaveChangesAsync(); return(RedirectToAction("Index")); } var model = new TemplateEditViewModel(mvvmTemplate, db.MvvmTemplateCategories); return(View(model)); }
public async Task <IHttpActionResult> PostTemplate(MvvmTemplate mvvmTemplate) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } db.MvvmTemplates.Add(mvvmTemplate); await db.SaveChangesAsync(); return(CreatedAtRoute("DefaultApi", new { id = mvvmTemplate.Id }, mvvmTemplate)); }
public async Task <ActionResult> Create([Bind(Include = "Name,Language,MvvmTemplateCategoryId,Tags,ViewModel,View")] MvvmTemplate mvvmTemplate) { mvvmTemplate.ApplicationUserId = User.Identity.GetUserId(); if (ModelState.IsValid) { db.MvvmTemplates.Add(mvvmTemplate); await db.SaveChangesAsync(); return(RedirectToAction("Index")); } var model = new TemplateCreateViewModel(await db.MvvmTemplateCategories.ToListAsync()); return(View(model)); }
private bool AuthorizeTemplateAccess(MvvmTemplate mvvmTemplate) { return(AdminUserIsLoggedIn || mvvmTemplate.ApplicationUserId == User.Identity.GetUserId()); }
private Template CreateTemplateFromMvvmTemplate(MvvmTemplate mt) { return(new Template(mt.Id, mt.Enabled, mt.ApplicationUser.Author, mt.Name, mt.Language, mt.MvvmTemplateCategory.Name, mt.Tags, mt.ViewModel, mt.View)); }