/// <summary> /// Handles the Click event of the btnDelete control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param> protected void btnDelete_Click(object sender, EventArgs e) { using (var rockContext = new RockContext()) { EventCalendarService eventCalendarService = new EventCalendarService(rockContext); AuthService authService = new AuthService(rockContext); EventCalendar eventCalendar = eventCalendarService.Get(int.Parse(hfEventCalendarId.Value)); if (eventCalendar != null) { bool adminAllowed = UserCanAdministrate || eventCalendar.IsAuthorized(Authorization.ADMINISTRATE, CurrentPerson); if (!adminAllowed) { mdDeleteWarning.Show("You are not authorized to delete this calendar.", ModalAlertType.Information); return; } string errorMessage; if (!eventCalendarService.CanDelete(eventCalendar, out errorMessage)) { mdDeleteWarning.Show(errorMessage, ModalAlertType.Information); return; } eventCalendarService.Delete(eventCalendar); rockContext.SaveChanges(); } } NavigateToParentPage(); }
/// <summary> /// Ensure the current user is authorized to view the calendar. If all are allowed then current user is not evaluated. /// </summary> /// <param name="context">The context.</param> /// <returns></returns> private bool ValidateSecurity(HttpContext context) { int calendarId; if (request.QueryString["calendarid"] == null || !int.TryParse(request.QueryString["calendarId"], out calendarId)) { SendNotAuthorized(context); return(false); } RockContext rockContext = new RockContext(); EventCalendarService eventCalendarService = new EventCalendarService(rockContext); EventCalendar eventCalendar = eventCalendarService.Get(calendarId); if (eventCalendar == null) { SendBadRequest(context); return(false); } // Need to replace CurrentUser with the result of a person token, in the meantime this will always create a null person unless directly downloadng the ical when logged into the site UserLogin currentUser = new UserLoginService(rockContext).GetByUserName(UserLogin.GetCurrentUserName()); Person currentPerson = currentUser != null ? currentUser.Person : null; var isAuthorized = eventCalendar.IsAuthorized(Rock.Security.Authorization.VIEW, currentPerson); if (isAuthorized) { return(true); } SendNotAuthorized(context); return(false); }
/// <summary> /// Ensure the current user is authorized to view the calendar. If all are allowed then current user is not evaluated. /// </summary> /// <param name="context">The context.</param> /// <returns></returns> private bool ValidateSecurity(HttpContext context) { int calendarId; if (request.QueryString["calendarid"] == null || !int.TryParse(request.QueryString["calendarId"], out calendarId)) { SendNotAuthorized(context); return(false); } RockContext rockContext = new RockContext(); EventCalendarService eventCalendarService = new EventCalendarService(rockContext); EventCalendar eventCalendar = eventCalendarService.Get(calendarId); if (eventCalendar == null) { SendBadRequest(context); return(false); } // If this is a public calendar then just return true if (eventCalendar.IsAllowedByDefault("View")) { return(true); } UserLogin currentUser = new UserLoginService(rockContext).GetByUserName(UserLogin.GetCurrentUserName()); Person currentPerson = currentUser != null ? currentUser.Person : null; if (currentPerson != null && eventCalendar.IsAuthorized(Rock.Security.Authorization.VIEW, currentPerson)) { return(true); } SendNotAuthorized(context); return(false); }