public async Task <IHttpActionResult> PostNewCampaign([FromBody] Campaign_CreateBM model) { if (db.Campaigns.Where(c => c.Title == model.Title).Count() > 0) { return(Conflict()); } var thisUserId = int.Parse(User.Identity.GetUserId()); if (db.Campaigns.Where(c => c.CreatedById == thisUserId && (c.Status == CampaignStatus.PreliminaryRegistered || c.Status == CampaignStatus.CompletelyRegistered || c.Status == CampaignStatus.Waiting)).Count() >= 2) { CustomHttpExceptions.CustomHttpException(HttpStatusCode.Conflict, "The user cannot create a campaign because they already have maximum two 'Not-Accepted' campaigns"); } var todayUtc = DateTime.UtcNow.Date; if ( db.Campaigns.Where(c => c.CreatedById == thisUserId && c.CreatedDateUtc >= todayUtc).Count() >= ApplicationDbContext.GlobalSettings.SecurityDoSMaxCampaignsPerUserPerDay ) { CustomHttpExceptions.CustomHttpException(HttpStatusCode.Conflict, "The user must wait up to one day to create a new campaign"); } if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //NOTE: We use Ganss sanitizer for HTML (perhaps only Story) and our own MySanitizer for the rest model.Title = Helpers.MySanitizer.StrictSanitize(model.Title); model.Tagline = Helpers.MySanitizer.StrictSanitize(model.Tagline); var campaign = new Campaign { Status = CampaignStatus.PreliminaryRegistered, CreatedById = thisUserId, TargetFund = model.TargetFund, Title = model.Title, Tagline = model.Tagline }; AddOrUpdateSlug(ref campaign); db.Campaigns.Add(campaign); await db.SaveChangesAsync(); // return CreatedAtRoute("DefaultApi", new { id = campaign.Id }, campaign); return(Created <Campaign>("DefaultApi", campaign)); }
public async Task <IHttpActionResult> PostCampaign(string id_or_slug, Campaign_UpdateBM model, bool soft_delete = false) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } var campaign = GetCampaignByIdOrSlug(id_or_slug); //Only the one who created the campaign can edit it //TODO: What about admins? var userId = User.Identity.GetUserId(); var user = db.Users.Find(int.Parse(userId)); if (campaign.CreatedById.ToString() != userId) { CustomHttpExceptions.CustomHttpException(HttpStatusCode.Unauthorized, string.Format( "Unauthorized: The user (Id = {0}) who has requested the update is not the creator of the campaign!", userId) ); } /*TODO: think about these conditions and code business logic accordingly: * 1) The user decides to cancel campaign in 'Waiting' status * 2) The user decides to interrupt 'Waiting' status and do some changes * 3) The user decides to remove an 'Approved' or 'Waiting' campaign */ if (campaign.Status.HasFlag(CampaignStatus.ReadOnly)) { CustomHttpExceptions.CustomHttpException(HttpStatusCode.Forbidden, "Campaign can not be modified because of its current status"); } if (soft_delete) { campaign.RemovedFlagUtc = DateTime.UtcNow; db.Entry(campaign).State = EntityState.Modified; await db.SaveChangesAsync(); return(StatusCode(HttpStatusCode.NoContent)); } UpdateCampaignByUpdateCampaignVM(ref campaign, model); AddOrUpdateSlug(ref campaign); //Checks whether there is a base64 thumbnail if (model.Base64Thumbnail != null) { var uploaderResponse = await Helpers.UploadHelper.UploadBase64ImageAsync(db, userId, model.Base64Thumbnail, FileServerTokenType.CampaignImageUpload); if (uploaderResponse.StatusCode == HttpStatusCode.OK || uploaderResponse.StatusCode == HttpStatusCode.Created) { model.ThumbnailPath = uploaderResponse.FilePath; model.ThumbnailServerId = uploaderResponse.FileServerId; campaign.ThumbnailFileServerId = model.ThumbnailServerId; campaign.ThumbnailFilePath = model.ThumbnailPath; Console.WriteLine("Thumbnail Uploaded. Thumbnail Path:" + campaign.ThumbnailFilePath); } else { Console.WriteLine("Thumbnail Upload Error Code:" + uploaderResponse.StatusCode); Console.WriteLine(uploaderResponse.Message); } } if (model.CityId != null) { if (campaign.Location != null) { var location = campaign.Location; location.CityId = (int)model.CityId; db.Entry(location).State = EntityState.Modified; } else { campaign.Location = new Location { CityId = (int)model.CityId }; } } var waitingStatus = CheckandUpdateWaitingStatus(campaign, model.Status); if (waitingStatus) { campaign.Status = CampaignStatus.Waiting | CampaignStatus.ReadOnly; if (campaign.Account == null) { campaign.Account = new Account { AccountName = "cmp_" + campaign.Id.ToString(), AccountType = AccountType.CampaignAccount }; } } if (model.Tags != null) { AddTags(model.Tags, campaign); } db.Entry(campaign).State = EntityState.Modified; await db.SaveChangesAsync(); return(StatusCode(HttpStatusCode.NoContent)); }