private bool IsUserAuthorizedToEdit(Skizone skizone)
{
bool isAdmin = this.User.IsInRole("Admin");
bool isAuthor = skizone.IsAuthor(this.User.Identity.GetUserId());
return(isAdmin || isAuthor);
}
public ActionResult Create(SkizoneViewModel model, HttpPostedFileBase image)
{
if (ModelState.IsValid)
{
using (var db = new BlogDbContext())
{
var authorId = User.Identity.GetUserId();
model.AuthorId = authorId;
if (image != null)
{
var allowedContentTypes = new[]
{
"image/jpeg", "image/jpg", "image/png"
};
if (allowedContentTypes.Contains(image.ContentType))
{
var imagesPath = "/Content/Images/";
var filename = image.FileName;
var uploadPath = imagesPath + filename;
var physicalPath = Server.MapPath(uploadPath);
image.SaveAs(physicalPath);
model.ImagePath = uploadPath;
}
}
var skizone = new Skizone(authorId, model.Name, model.ElevationInfo, model.CategoryId, model.Slopes, model.LiftTicket, model.ContentInfo, model.ImagePath);
db.Skizones.Add(skizone);
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
return(View(model));
}