public ActionResult Delete(int id) { var comment = dbContext.Comments.FirstOrDefault(c => c.Id == id); //Check if comment owner or if admin if (comment != null) { if ( //User is not admin (user, owner) AND !currentUserProvider.IsUserInRole("admin") && //Comment owner Id != Logged User Id comment.UserId != currentUserProvider.UserId ) { //Return access denied return(Json(new ResultViewModel() { Status = (int)ResultStatus.Error, Message = "Access denied" })); } dbContext.Comments.Remove(comment); } return(Json(new ResultViewModel() { Status = (int)ResultStatus.Success })); }
public ActionResult Right() { var isLogged = ViewBag.IsLogged = ViewBag.IsOwner = currentUserProvider.IsAuthenticated; if (isLogged) { ViewBag.IsOwner = currentUserProvider.IsUserInRole("owner"); } return(View()); }
public ActionResult Index(int page = 1, string search = null) { ViewBag.IsEditable = ( currentUserProvider.IsAuthenticated && currentUserProvider.IsUserInRole("admin") ); if (search != null && search.Length > 3) { ViewBag.List = dbContext.News .Where(n => n.Title.Contains(search) || n.Content.Contains(search)) .OrderByDescending(n => n.Created) .ToPagedList(page, TOTAL_LIST_ENTRIES); } else { ViewBag.List = dbContext.News .OrderByDescending(n => n.Created) .ToPagedList(page, TOTAL_LIST_ENTRIES); } return(View()); }
public ActionResult Save(ObjectViewModel model) { var insertId = 0; if (model.Id <= 0) { var newObject = (Models.Place)model; newObject.OwnerId = currentUserProvider.UserId; objectsActivator.ActivateObjectIfOwnerSubscribed(newObject, newObject.OwnerId); dbContext.Places.Add(newObject); dbContext.SaveChanges(); insertId = newObject.Id; } else { var place = dbContext.Places.Where(p => p.Id == model.Id) .FirstOrDefault(); //Verify if object exists and belongs to logged user if ( place == null || !( place.OwnerId == currentUserProvider.UserId || currentUserProvider.IsUserInRole("admin") ) ) { return(Json(new ResultViewModel() { Status = (int)ResultStatus.Error, Message = "Invalid entity" })); } insertId = place.Id; //Mark every price for removal dbContext.Prices.RemoveRange(place.Prices); place.Extend(model); foreach (var price in place.Prices) { price.PlaceId = place.Id; } place.Options.PlaceId = place.Id; dbContext.Entry(place).State = EntityState.Modified; try { dbContext.SaveChanges(); } catch (Exception exception) { return(Json(new ResultViewModel() { Status = (int)ResultStatus.Error, Message = exception.Message })); } } return(Json(new ResultViewModel() { Status = (int)ResultStatus.Success, Message = insertId.ToString() })); }