private static void LogUploadZipFileResults(List <ActionResult> results, AddMediaObjectSettings settings) { var isSuccessful = results.All(r => r.Status == ActionResultStatus.Success.ToString()); int? galleryId = null; IAlbum album = null; try { album = Factory.LoadAlbumInstance(settings.AlbumId); galleryId = album.GalleryId; } catch (InvalidAlbumException) { } if (isSuccessful) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "{0} files were successfully extracted from the file '{1}' and added to album '{2}'.", results.Count, settings.FileName, album != null ? album.Title : "<Unknown>"), galleryId); return; } // If we get here at least one of the results was an info, warning, error, etc. var succesfulResults = results.Where(m => m.Status == ActionResultStatus.Success.ToString()); var unsuccesfulResults = results.Where(m => m.Status != ActionResultStatus.Success.ToString()); var msg = String.Format(CultureInfo.InvariantCulture, "{0} items in the uploaded file '{1}' were added to the gallery, but {2} files were skipped. Review the details for additional information. The file was uploaded by user {3}.", succesfulResults.Count(), settings.FileName, unsuccesfulResults.Count(), settings.CurrentUserName); var ex = new UnsupportedMediaObjectTypeException(msg, null); var i = 1; foreach (var result in unsuccesfulResults) { ex.Data.Add("File " + i++, String.Format(CultureInfo.InvariantCulture, "{0}: {1}", result.Title, result.Message)); } AppEventController.LogError(ex, galleryId); }
/// <summary> /// Verifies the application is running an Enterprise License, throwing a <see cref="GallerySecurityException" /> /// if it is not. /// </summary> /// <exception cref="GallerySecurityException">Thrown when the application is not running an Enterprise License. /// </exception> private static void ValidateEnterpriseLicense() { if (AppSetting.Instance.License.LicenseType != LicenseLevel.Enterprise) { AppEventController.LogEvent("Attempt to use a feature that requires an Enterprise License.", null, EventType.Warning); throw new GallerySecurityException("Attempt to use a feature that requires an Enterprise License."); } }
/// <summary> /// Verifies the application is running an Enterprise License, throwing a <see cref="GallerySecurityException" /> /// if it is not. /// </summary> /// <param name="album">The album.</param> /// <exception cref="GallerySecurityException">Thrown when the application is not running an Enterprise License. /// </exception> private static void ValidateEnterpriseLicense(IAlbum album) { if (AppSetting.Instance.License.LicenseType != LicenseLevel.Enterprise) { AppEventController.LogEvent("RSS/Atom feeds require an Enterprise License.", album.GalleryId, EventType.Warning); throw new GallerySecurityException("RSS/Atom feeds require an Enterprise License."); } }
/// <summary> /// Adds a media file to an album. Prior to calling this method, the file should exist in the /// temporary upload directory (<see cref="GlobalConstants.TempUploadDirectory" />) in the /// App_Data directory with the name <see cref="AddMediaObjectSettings.FileNameOnServer" />. The /// file is copied to the destination album and given the name of /// <see cref="AddMediaObjectSettings.FileName" /> (instead of whatever name it currently has, which /// may contain a GUID). /// </summary> /// <param name="settings">The settings that contain data and configuration options for the media file.</param> /// <returns>List{ActionResult}.</returns> /// <exception cref="System.Web.Http.HttpResponseException">Thrown when the user does not have permission to add media /// objects or some other error occurs.</exception> public List <ActionResult> CreateFromFile(AddMediaObjectSettings settings) { try { settings.CurrentUserName = Utils.UserName; var fileExt = Path.GetExtension(settings.FileName); if (fileExt != null && fileExt.Equals(".zip", StringComparison.OrdinalIgnoreCase)) { Task.Factory.StartNew(() => { var results = GalleryObjectController.AddMediaObject(settings); // Since we don't have access to the user's session here, let's create a log entry. LogUploadZipFileResults(results, settings); }); return(new List <ActionResult> { new ActionResult { Title = settings.FileName, Status = ActionResultStatus.Async.ToString() } }); } else { var results = GalleryObjectController.AddMediaObject(settings); Utils.AddResultToSession(results); return(results); } } catch (GallerySecurityException) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from adding a media object."), null, EventType.Warning); throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)); } catch (Exception ex) { AppEventController.LogError(ex); throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError) { Content = Utils.GetExStringContent(ex), ReasonPhrase = "Server Error" }); } }
public async Task <IActionResult> CreateFromFile(AddMediaObjectSettings settings) { try { settings.CurrentUserName = _userController.UserName; var fileExt = Path.GetExtension(settings.FileName); if (fileExt != null && fileExt.Equals(".zip", StringComparison.OrdinalIgnoreCase)) { _galleryObjectController.AddMediaObject(settings); //Task.Factory.StartNew(async () => //{ // var results = await _galleryObjectController.AddMediaObject(settings); // // Since we don't have access to the user's session here, let's create a log entry. // //LogUploadZipFileResults(results, settings); //}); return(new JsonResult(new List <Business.ActionResult> { new Business.ActionResult { Title = settings.FileName, Status = ActionResultStatus.Async.ToString() } })); } else { var results = await _galleryObjectController.AddMediaObject(settings); //Utils.AddResultToSession(results); return(new JsonResult(results)); } } catch (GallerySecurityException) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from adding a media object."), null, EventType.Warning); return(Forbid()); } catch (Exception ex) { AppEventController.LogError(ex); return(StatusCode(500, _exController.GetExString(ex))); } }
/// <summary> /// Persists the media item to the data store. The current implementation requires that /// an existing item exist in the data store. /// </summary> /// <param name="mediaItem">An instance of <see cref="Entity.MediaItem"/> to persist to the data /// store.</param> /// <exception cref="System.Web.Http.HttpResponseException"></exception> public ActionResult PutMediaItem(Entity.MediaItem mediaItem) { try { var mo = Factory.LoadMediaObjectInstance(mediaItem.Id, true); var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.EditMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum); if (!isUserAuthorized) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from editing media object {0}.", mo.Id), mo.GalleryId, EventType.Warning); throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)); } mo.Title = mediaItem.Title; GalleryObjectController.SaveGalleryObject(mo); HelperFunctions.PurgeCache(); return(new ActionResult { Status = ActionResultStatus.Success.ToString(), Title = String.Empty, Message = String.Empty, ActionTarget = mediaItem }); } catch (InvalidMediaObjectException) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.NotFound) { Content = new StringContent(String.Format("Could not find media item with ID = {0}", mediaItem.Id)), ReasonPhrase = "Media Object Not Found" }); } catch (HttpResponseException) { throw; // Rethrow, since we've already logged it above } catch (Exception ex) { AppEventController.LogError(ex); throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError) { Content = Utils.GetExStringContent(ex), ReasonPhrase = "Server Error" }); } }
/// <summary> /// Permanently deletes the specified media object from the file system and data store. No action is taken if the /// user does not have delete permission. /// </summary> /// <param name="id">The ID of the media object to be deleted.</param> //public HttpResponseMessage DeleteMediaItem(Entity.MediaItem mediaItem) public void Delete(int id) { IGalleryObject mo = null; try { mo = Factory.LoadMediaObjectInstance(id); var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.DeleteMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum); var isGalleryReadOnly = Factory.LoadGallerySetting(mo.GalleryId).MediaObjectPathIsReadOnly; if (!isUserAuthorized || isGalleryReadOnly) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Unauthorized access detected. The security system prevented a user from deleting media object {0}.", mo.Id), mo.GalleryId, EventType.Warning); throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.Forbidden)); } mo.Delete(); HelperFunctions.PurgeCache(); } catch (InvalidMediaObjectException) { // HTTP specification says the DELETE method must be idempotent, so deleting a nonexistent item must have // the same effect as deleting an existing one. So we do nothing here and let the method return HttpStatusCode.OK. } catch (HttpResponseException) { throw; // Rethrow, since we've already logged it above } catch (Exception ex) { if (mo != null) { AppEventController.LogError(ex, mo.GalleryId); } else { AppEventController.LogError(ex); } throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.InternalServerError) { Content = Utils.GetExStringContent(ex), ReasonPhrase = "Server Error" }); } }
public async Task <IActionResult> Delete(int id) { IGalleryObject mo = null; try { mo = Factory.LoadMediaObjectInstance(id); var isUserAuthorized = (await _authorizationService.AuthorizeAsync(User, mo, Operations.DeleteMediaObject)).Succeeded; //var isUserAuthorized = Utils.IsUserAuthorized(SecurityActions.DeleteMediaObject, mo.Parent.Id, mo.GalleryId, mo.IsPrivate, ((IAlbum)mo.Parent).IsVirtualAlbum); var isGalleryReadOnly = Factory.LoadGallerySetting(mo.GalleryId).MediaObjectPathIsReadOnly; if (!isUserAuthorized || isGalleryReadOnly) { AppEventController.LogEvent($"Unauthorized access detected. The security system prevented a user from deleting media asset {mo.Id}.", mo.GalleryId, EventType.Warning); return(Forbid()); } mo.Delete(); return(Ok($"Media asset {id} deleted...")); } catch (InvalidMediaObjectException) { // HTTP specification says the DELETE method must be idempotent, so deleting a nonexistent item must have // the same effect as deleting an existing one. So we do nothing here and let the method return HttpStatusCode.OK. return(Ok($"Media asset with ID {id} does not exist.")); } catch (Exception ex) { if (mo != null) { AppEventController.LogError(ex, mo.GalleryId); } else { AppEventController.LogError(ex); } return(StatusCode(500, _exController.GetExString(ex))); } }
/// <summary> /// Validates that remote syncing is enabled and that the specified <paramref name="password" /> is valid. /// </summary> /// <param name="album">The album to synchronize.</param> /// <param name="password">The password that allows remote access to the synchronization API.</param> /// <returns><c>true</c> if validation succeeds, <c>false</c> otherwise</returns> private static bool ValidateRemoteSync(IAlbum album, string password) { IGallerySettings gallerySettings = Factory.LoadGallerySetting(album.GalleryId); if (!gallerySettings.EnableRemoteSync) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Cannot start synchronization: A web request to start synchronizing album '{0}' (ID {1}) was received, but the gallery is currently configured to disallow remote synchronizations. This feature can be enabled on the Albums page in the Site admin area.", album.Title, album.Id), album.GalleryId, EventType.Info); return(false); } if (!gallerySettings.RemoteAccessPassword.Equals(password)) { AppEventController.LogEvent(String.Format(CultureInfo.InvariantCulture, "Cannot start synchronization: A web service request to start synchronizing album '{0}' (ID {1}) was received, but the specified password is incorrect.", album.Title, album.Id), album.GalleryId, EventType.Info); return(false); } return(true); }