public ActionResult Delete(int id)
{
var comment = dbContext.Comments.FirstOrDefault(c => c.Id == id);
//Check if comment owner or if admin
if (comment != null)
{
if (
//User is not admin (user, owner) AND
!currentUserProvider.IsUserInRole("admin") &&
//Comment owner Id != Logged User Id
comment.UserId != currentUserProvider.UserId
)
{
//Return access denied
return(Json(new ResultViewModel()
{
Status = (int)ResultStatus.Error,
Message = "Access denied"
}));
}
dbContext.Comments.Remove(comment);
}
return(Json(new ResultViewModel()
{
Status = (int)ResultStatus.Success
}));
}
public ActionResult Right()
{
var isLogged = ViewBag.IsLogged = ViewBag.IsOwner = currentUserProvider.IsAuthenticated;
if (isLogged)
{
ViewBag.IsOwner = currentUserProvider.IsUserInRole("owner");
}
return(View());
}
public ActionResult Index(int page = 1, string search = null)
{
ViewBag.IsEditable = (
currentUserProvider.IsAuthenticated &&
currentUserProvider.IsUserInRole("admin")
);
if (search != null && search.Length > 3)
{
ViewBag.List = dbContext.News
.Where(n => n.Title.Contains(search) || n.Content.Contains(search))
.OrderByDescending(n => n.Created)
.ToPagedList(page, TOTAL_LIST_ENTRIES);
}
else
{
ViewBag.List = dbContext.News
.OrderByDescending(n => n.Created)
.ToPagedList(page, TOTAL_LIST_ENTRIES);
}
return(View());
}
public ActionResult Save(ObjectViewModel model)
{
var insertId = 0;
if (model.Id <= 0)
{
var newObject = (Models.Place)model;
newObject.OwnerId = currentUserProvider.UserId;
objectsActivator.ActivateObjectIfOwnerSubscribed(newObject, newObject.OwnerId);
dbContext.Places.Add(newObject);
dbContext.SaveChanges();
insertId = newObject.Id;
}
else
{
var place = dbContext.Places.Where(p => p.Id == model.Id)
.FirstOrDefault();
//Verify if object exists and belongs to logged user
if (
place == null ||
!(
place.OwnerId == currentUserProvider.UserId ||
currentUserProvider.IsUserInRole("admin")
)
)
{
return(Json(new ResultViewModel()
{
Status = (int)ResultStatus.Error,
Message = "Invalid entity"
}));
}
insertId = place.Id;
//Mark every price for removal
dbContext.Prices.RemoveRange(place.Prices);
place.Extend(model);
foreach (var price in place.Prices)
{
price.PlaceId = place.Id;
}
place.Options.PlaceId = place.Id;
dbContext.Entry(place).State = EntityState.Modified;
try
{
dbContext.SaveChanges();
}
catch (Exception exception)
{
return(Json(new ResultViewModel()
{
Status = (int)ResultStatus.Error,
Message = exception.Message
}));
}
}
return(Json(new ResultViewModel()
{
Status = (int)ResultStatus.Success,
Message = insertId.ToString()
}));
}