/// <summary>
/// Handles the Click event of the btnDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param>
protected void btnDelete_Click(object sender, EventArgs e)
{
using (var rockContext = new RockContext())
{
EventCalendarService eventCalendarService = new EventCalendarService(rockContext);
AuthService authService = new AuthService(rockContext);
EventCalendar eventCalendar = eventCalendarService.Get(int.Parse(hfEventCalendarId.Value));
if (eventCalendar != null)
{
bool adminAllowed = UserCanAdministrate || eventCalendar.IsAuthorized(Authorization.ADMINISTRATE, CurrentPerson);
if (!adminAllowed)
{
mdDeleteWarning.Show("You are not authorized to delete this calendar.", ModalAlertType.Information);
return;
}
string errorMessage;
if (!eventCalendarService.CanDelete(eventCalendar, out errorMessage))
{
mdDeleteWarning.Show(errorMessage, ModalAlertType.Information);
return;
}
eventCalendarService.Delete(eventCalendar);
rockContext.SaveChanges();
}
}
NavigateToParentPage();
}
/// <summary>
/// Ensure the current user is authorized to view the calendar. If all are allowed then current user is not evaluated.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
private bool ValidateSecurity(HttpContext context)
{
int calendarId;
if (request.QueryString["calendarid"] == null || !int.TryParse(request.QueryString["calendarId"], out calendarId))
{
SendNotAuthorized(context);
return(false);
}
RockContext rockContext = new RockContext();
EventCalendarService eventCalendarService = new EventCalendarService(rockContext);
EventCalendar eventCalendar = eventCalendarService.Get(calendarId);
if (eventCalendar == null)
{
SendBadRequest(context);
return(false);
}
// Need to replace CurrentUser with the result of a person token, in the meantime this will always create a null person unless directly downloadng the ical when logged into the site
UserLogin currentUser = new UserLoginService(rockContext).GetByUserName(UserLogin.GetCurrentUserName());
Person currentPerson = currentUser != null ? currentUser.Person : null;
var isAuthorized = eventCalendar.IsAuthorized(Rock.Security.Authorization.VIEW, currentPerson);
if (isAuthorized)
{
return(true);
}
SendNotAuthorized(context);
return(false);
}
/// <summary>
/// Ensure the current user is authorized to view the calendar. If all are allowed then current user is not evaluated.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
private bool ValidateSecurity(HttpContext context)
{
int calendarId;
if (request.QueryString["calendarid"] == null || !int.TryParse(request.QueryString["calendarId"], out calendarId))
{
SendNotAuthorized(context);
return(false);
}
RockContext rockContext = new RockContext();
EventCalendarService eventCalendarService = new EventCalendarService(rockContext);
EventCalendar eventCalendar = eventCalendarService.Get(calendarId);
if (eventCalendar == null)
{
SendBadRequest(context);
return(false);
}
// If this is a public calendar then just return true
if (eventCalendar.IsAllowedByDefault("View"))
{
return(true);
}
UserLogin currentUser = new UserLoginService(rockContext).GetByUserName(UserLogin.GetCurrentUserName());
Person currentPerson = currentUser != null ? currentUser.Person : null;
if (currentPerson != null && eventCalendar.IsAuthorized(Rock.Security.Authorization.VIEW, currentPerson))
{
return(true);
}
SendNotAuthorized(context);
return(false);
}
