void EnsureUserCanAssignRights(ApplicationDbContext db, Guid organizationId)
{
if (!OrganizationHelper.DoesUserHaveRight(db, User, organizationId, Right.CanAssignRights))
{
throw new HttpException(403, "Forbidden");
}
}
public ActionResult AddUser(Guid orgId, Guid userId)
{
if (!ModelState.IsValid)
{
return(RedirectToAction("Details", new { id = orgId }));
}
using (var db = ApplicationDbContext.Create())
{
if (!OrganizationHelper.DoesUserHaveRight(db, User, orgId, Right.CanEditOrganization))
{
throw new HttpException(403, "Forbidden");
}
var organization = db.Organizations.Find(orgId);
var userToAdd = db.Users.FirstOrDefault(x => x.Id == userId.ToString());
if (organization != null &&
userToAdd != null)
{
organization.ApplicationUsers.Add(userToAdd);
db.SaveChanges();
}
return(RedirectToAction("Details", new { id = orgId }));
}
}
public ActionResult UserSpecificNavigation()
{
using (var db = ApplicationDbContext.Create())
{
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
bool isOrgAdmin = false;
if (org != null)
{
isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanEditOrganization);
}
var model = new UserInfoModel()
{
IsOrgAdmin = isOrgAdmin,
IsSiteAdministrator = thisUser.IsAdministrator,
Organization = org
};
return(PartialView("_UserSpecificNavigation", model));
}
}
public ActionResult Create()
{
using (var db = ApplicationDbContext.Create())
{
var thisUser = db.Users.Single(x => x.UserName == User.Identity.Name);
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
bool isOrgAdmin = false;
if (org != null)
{
isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
}
if (thisUser == null ||
(!thisUser.IsAdministrator &&
!isOrgAdmin))
{
throw new HttpException(403, "Only administrators can create new users.");
}
var model = new RegisterViewModel();
return(View(model));
}
}
public ActionResult Index()
{
using (var db = ApplicationDbContext.Create())
{
if (!User.Identity.IsAuthenticated)
{
throw new HttpException(403, "Forbidden");
}
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
List <Organization> orgs = OrganizationHelper.GetAvailableOrganizationsForUser(db, User);
var model = new OrganizationIndexModel();
model.IsSiteAdministrator = thisUser.IsAdministrator;
foreach (var org in orgs)
{
var orgModel = new OrganizationInListModel()
{
Organization = org,
CanUserAssignRights = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights)
};
model.Organizations.Add(orgModel);
}
return(View(model));
}
}
public ActionResult Editor(Guid id)
{
var logger = LogManager.GetLogger("VariableController");
logger.Debug("Entering Variable.Editor()");
using (var db = ApplicationDbContext.Create())
{
logger.Debug("Getting file information");
var file = GetFile(id, db);
logger.Debug("Got file information");
try
{
logger.Debug("Creating model");
var model = FileToVariableEditorMapper.GetModelFromFile(file);
logger.Debug("Created model");
var user = db.Users
.Where(x => x.UserName == User.Identity.Name)
.FirstOrDefault();
var permissions = db.Permissions
.Where(x => x.User.Id == user.Id && x.Organization.Id == file.CatalogRecord.Organization.Id);
bool userCanViewAll = permissions.Any(x => x.Right == Right.CanViewAllCatalogRecords);
string createdByUserName = file.CatalogRecord.CreatedBy != null ? file.CatalogRecord.CreatedBy.UserName : string.Empty;
bool isUserCreator = createdByUserName == User.Identity.Name;
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
bool isApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove));
if (!isUserCreator &&
!model.IsUserCurator &&
!isApprover &&
!userCanViewAll)
{
logger.Warn("No permissions to show variable information");
throw new HttpException(403, "You must be a curator or an administrator to perform this action.");
}
logger.Debug("Leaving Variable.Editor()");
return(View("~/Areas/Ddi/Views/Variables/Editor.cshtml", model));
}
catch (Exception ex)
{
logger.Error("Unhandled exception", ex);
var model = new MissingPhysicalInstanceModel()
{
File = file,
IsLocked = file.CatalogRecord.IsLocked,
IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name),
IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove),
OperationStatus = file.CatalogRecord.OperationStatus
};
return(View("~/Areas/Ddi/Views/Variables/MissingPhysicalInstance.cshtml", model));
}
}
}
public ActionResult Index()
{
using (var db = ApplicationDbContext.Create())
{
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
List <ApplicationUser> users = null;
if (org != null)
{
bool isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
// Site administrators can see all users of the current organization.
if (thisUser.IsAdministrator)
{
users = db.Organizations
.Where(x => x.Id == org.Id)
.Include(x => x.ApplicationUsers)
.Include("ApplicationUsers.Organizations")
.FirstOrDefault()
?.ApplicationUsers
?.ToList();
}
else if (isOrgAdmin)
{
// Organization administrators can see that organization's users.
users = db.Organizations
.Where(x => x.Id == org.Id)
.Include(x => x.ApplicationUsers)
.Include("ApplicationUsers.Organizations")
.FirstOrDefault()
?.ApplicationUsers
?.ToList();
}
else
{
// Regular users should just see their own page.
return(RedirectToAction("Details", new { id = thisUser.UserName }));
}
}
else
{
// When not on an organization-specific site, show all users.
users = db.Users
.Include(x => x.Organizations)
.OrderBy(x => x.Email)
.ToList();
}
var model = new UsersViewModel(users);
return(View(model));
}
}
public ActionResult Permissions(UserDetailsModel model)
{
using (var db = ApplicationDbContext.Create())
{
// Only allow Admins to edit.
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
if (org == null)
{
return(RedirectToAction("Index"));
}
bool isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
if (!thisUser.IsAdministrator &&
!isOrgAdmin)
{
throw new HttpException(403, "Only administrators can edit users permissions.");
}
var user = db.Users.Where(x => x.UserName == model.UserName)
.Include(x => x.Permissions)
.FirstOrDefault();
if (user == null)
{
throw new HttpException(404, "NotFound");
}
// Add or remove site administrator status.
if (thisUser.IsAdministrator)
{
user.IsAdministrator = model.IsSiteAdministrator;
}
// Add or remove permissions.
SetPermission(user, org, Right.CanAssignRights, model.CanAssignRights);
SetPermission(user, org, Right.CanViewAllCatalogRecords, model.CanViewAllCatalogRecords);
SetPermission(user, org, Right.CanAssignCurator, model.CanAssignCurator);
SetPermission(user, org, Right.CanEditOrganization, model.CanEditOrganization);
SetPermission(user, org, Right.CanApprove, model.CanApprove);
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
public ActionResult Notes(string editorName, Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(id, db);
if (!file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name) &&
!file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) &&
file.CatalogRecord.CreatedBy.UserName != User.Identity.Name &&
!OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove))
{
throw new HttpException(403, "Only curators may perform this task.");
}
var model = new NotesModel();
model.CatalogRecord = file.CatalogRecord;
model.File = file;
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
model.IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove);
var notes = db.Notes.Where(x => x.File.Id == id)
.Include(x => x.User);
// If the user is the depositor, only show notes made by the depositor.
if (file.CatalogRecord.CreatedBy.UserName == User.Identity.Name &&
!model.IsUserCurator &&
!model.IsUserApprover)
{
notes = notes.Where(x => x.User.UserName == User.Identity.Name);
}
foreach (var note in notes)
{
model.Comments.Add(new UserCommentModel
{
Text = note.Text,
UserName = note.User.UserName,
Timestamp = note.Timestamp,
});
}
return(View("Notes", model));
}
}
public async Task <ActionResult> Create(RegisterViewModel model)
{
using (var db = ApplicationDbContext.Create())
{
var thisUser = db.Users.Single(x => x.UserName == User.Identity.Name);
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
bool isOrgAdmin = false;
if (org != null)
{
isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
}
if (thisUser == null ||
(!thisUser.IsAdministrator && !isOrgAdmin))
{
throw new HttpException(403, "Forbidden");
}
if (ModelState.IsValid)
{
// If they specified an existing organization for the user, add the user to that.
if (org == null)
{
org = db.Organizations.FirstOrDefault();
}
var userManager = HttpContext.GetOwinContext().GetUserManager <ApplicationUserManager>();
var user = await CreateUser(model.Email, model.Password, model.FirstName, model.LastName,
false,
org,
userManager,
ModelState,
db);
if (user != null)
{
return(RedirectToAction("Index"));
}
}
return(View(model));
}
}
public ActionResult Status(Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(id, db);
EnsureUserIsAllowed(file.CatalogRecord, db);
var model = FileStatusHelper.GetFileStatusModel(file, db);
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
model.IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove);
model.IsUserAdmin = OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanEditOrganization);
return(View(model));
}
}
public ActionResult Edit(UserDetailsModel model)
{
using (var db = ApplicationDbContext.Create())
{
// Only allow Admins or the actual user to edit.
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
bool isOrgAdmin = false;
if (org != null)
{
isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
}
if (!thisUser.IsAdministrator &&
!isOrgAdmin &&
thisUser.UserName != model.UserName)
{
throw new HttpException(403, "Only administrators can edit users");
}
if (!ModelState.IsValid)
{
return(RedirectToAction("Edit", new { id = thisUser.UserName }));
}
var user = db.Users.Where(x => x.UserName == model.UserName).FirstOrDefault();
if (user == null)
{
throw new HttpException(404, "Not Found");
}
Mapper.Map(model, user);
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
public ActionResult Edit(Organization organization)
{
if (!ModelState.IsValid)
{
return(View(organization));
}
using (var db = ApplicationDbContext.Create())
{
if (!OrganizationHelper.DoesUserHaveRight(db, User, organization.Id, Right.CanEditOrganization))
{
throw new HttpException(403, "Forbidden");
}
db.Entry(organization).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
}
private void EnsureUserHasPermission(ManagedFile file, ApplicationDbContext db)
{
var user = db.Users
.Where(x => x.UserName == User.Identity.Name)
.FirstOrDefault();
var permissions = db.Permissions
.Where(x => x.User.Id == user.Id && x.Organization.Id == file.CatalogRecord.Organization.Id);
bool userCanViewAll = permissions.Any(x => x.Right == Right.CanViewAllCatalogRecords);
string createdByUserName = file.CatalogRecord.CreatedBy != null ? file.CatalogRecord.CreatedBy.UserName : string.Empty;
if (createdByUserName != User.Identity.Name &&
!file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name) &&
!file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) &&
!OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove) &&
!userCanViewAll)
{
throw new HttpException(403, "Only curators may perform this task.");
}
}
void EnsureUserIsAllowed(CatalogRecord record, ApplicationDbContext db)
{
var user = db.Users
.Where(x => x.UserName == User.Identity.Name)
.FirstOrDefault();
var permissions = db.Permissions
.Where(x => x.User.Id == user.Id && x.Organization.Id == record.Organization.Id);
bool userCanViewAll = permissions.Any(x => x.Right == Right.CanViewAllCatalogRecords);
string createdByUserName = record.CreatedBy != null ? record.CreatedBy.UserName : string.Empty;
if (createdByUserName != User.Identity.Name &&
!record.Curators.Any(x => x.UserName == User.Identity.Name) &&
!record.Approvers.Any(x => x.UserName == User.Identity.Name) &&
!OrganizationHelper.DoesUserHaveRight(db, User, record.Organization.Id, Right.CanApprove) &&
!userCanViewAll)
{
throw new HttpException(403, "This view is only available for the record's creator, curators, and administrators.");
}
}
public ActionResult General(Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var logger = LogManager.GetLogger("FileController");
var file = GetFile(id, db);
logger.Debug("Got file");
EnsureUserIsAllowed(file.CatalogRecord, db);
logger.Debug("User is allowed");
var model = new FileViewModel(file) as FileViewModel;
model.TermsOfUse = file.CatalogRecord.Organization.TermsOfService;
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
model.IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove);
var user = db.Users.Where(x => x.UserName == User.Identity.Name).FirstOrDefault();
model.IsUserAdmin = user.IsAdministrator;
string lowerExtension = Path.GetExtension(file.Name).ToLower();
string[] autoDetectedFileTypes = { ".dta", ".sav", ".rdata", ".csv", ".do", ".r", ".sps" };
model.IsFileTypeAutoDetected = autoDetectedFileTypes.Contains(lowerExtension);
model.HasAllDataTasks = TaskHelpers.FileHasAllDataTasks(file, file.CatalogRecord, db);
model.HasAllCodeTasks = TaskHelpers.FileHasAllCodeTasks(file, file.CatalogRecord, db);
logger.Debug("Mapped");
logger.Debug($"Record Status: {model.File.CatalogRecord.Status}");
logger.Debug($"IsCurator: {model.IsUserCurator}");
logger.Debug($"IsApprover: {model.IsUserApprover}");
logger.Debug($"IsReadOnly: {model.IsReadOnly}");
logger.Debug($"Persistent link: {model.File.PersistentLink}");
return(View(model));
}
}
public ActionResult CreatePhysicalInstance(Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(id, db);
var record = file.CatalogRecord;
var user = db.Users.Where(x => x.UserName == User.Identity.Name).FirstOrDefault();
var permissions = db.Permissions
.Where(x => x.User.Id == user.Id && x.Organization.Id == record.Organization.Id);
bool userCanViewAll = permissions.Any(x => x.Right == Right.CanViewAllCatalogRecords);
if (!record.Curators.Any(x => x.UserName == User.Identity.Name) &&
!record.Approvers.Any(x => x.UserName == User.Identity.Name) &&
!OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove) &&
!userCanViewAll)
{
throw new HttpException(403, "Only curators and administrators can perform this action.");
}
// Add an operation to make the PhysicalInstance.
var operation = new CreatePhysicalInstances()
{
Name = "Creating variable-level metadata" + (string.IsNullOrWhiteSpace(record.Title) ? "" : " for " + record.Title),
UserId = user.Id,
CatalogRecordId = record.Id,
ProcessingDirectory = SettingsHelper.GetProcessingDirectory(record.Organization, db)
};
bool queued = db.Enqueue(record.Id, user.Id, operation);
db.SaveChanges();
return(RedirectToAction("Files", "CatalogRecord", new { id = file.CatalogRecord.Id }));
}
}
public ActionResult Index()
{
using (var db = ApplicationDbContext.Create())
{
var model = new DashboardViewModel();
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
if (org == null)
{
model.IsOrganizationAmbiguous = true;
model.Organizations = db.Organizations.ToList();
}
else
{
model.IsAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanViewAllCatalogRecords);
// Restrict queries to files and users to which the current user shared an organization.
// Maybe it would be nicer to do per-organization dashboards, or to allow filtering
// of this information dynamically.
IEnumerable <CatalogRecord> userRecords = null;
IEnumerable <ManagedFile> userFiles = null;
IEnumerable <ApplicationUser> userUsers = null;
if (model.IsAdmin)
{
userRecords = db.CatalogRecords.Where(x => x.Organization.Id == org.Id);
userFiles = db.Files.Where(x => x.CatalogRecord.Organization.Id == org.Id);
userUsers = db.Users
.Where(u => u.Organizations.Any(o => o.Id == org.Id));
}
else
{
userRecords = db.CatalogRecords.Where(x => x.Organization.Id == org.Id &&
x.CreatedBy.UserName == thisUser.UserName ||
x.Owner.UserName == thisUser.UserName ||
x.Curators.Any(u => u.UserName == thisUser.UserName) ||
x.Authors.Any(u => u.UserName == thisUser.UserName));
userFiles = db.Files.Where(x => x.CatalogRecord.Organization.Id == org.Id &&
x.CatalogRecord.CreatedBy.UserName == thisUser.UserName ||
x.CatalogRecord.Owner.UserName == thisUser.UserName ||
x.CatalogRecord.Curators.Any(u => u.UserName == thisUser.UserName) ||
x.CatalogRecord.Authors.Any(u => u.UserName == thisUser.UserName));
}
// CatalogRecords
model.NewCatalogRecordCount = userRecords
.Where(x => x.Status == CatalogRecordStatus.New)
.Count();
model.ProcessingCatalogRecordCount = userRecords
.Where(x => x.Status == CatalogRecordStatus.Processing ||
x.Status == CatalogRecordStatus.PublicationRequested ||
x.Status == CatalogRecordStatus.PublicationApproved)
.Count();
model.PublishedCatalogRecordCount = userRecords
.Where(x => x.Status == CatalogRecordStatus.Published)
.Count();
// Files
model.FileCount = userFiles.Where(x => x.Status == FileStatus.Accepted).Count();
model.FileSize = userFiles.Where(x => x.Status == FileStatus.Accepted).Select(x => x.Size).DefaultIfEmpty(0).Sum();
// Users
if (model.IsAdmin)
{
model.UserCount = userUsers.Count();
}
}
return(View(model));
}
}
public ActionResult Details(string id)
{
if (id == null)
{
throw new HttpException(400, "Bad Request");
}
using (var db = ApplicationDbContext.Create())
{
var user = db.Users
.Where(x => x.UserName == id)
.Include(x => x.Organizations)
.Include(x => x.AuthorFor)
.Include(x => x.CuratorFor)
.Include(x => x.ApproverFor)
.FirstOrDefault();
if (user == null)
{
throw new HttpException(404, "Not Found");
}
// Information about the requesting user.
var thisUser = db.Users.Where(x => x.UserName == User.Identity.Name)
.Include(x => x.Organizations)
.FirstOrDefault();
var model = new UserDetailsModel();
model.User = user;
// Get information about each organization the user belongs to.
foreach (var o in user.Organizations)
{
var orgModel = new UserInOrganizationModel();
orgModel.OrganizationId = o.Id;
orgModel.OrganizationName = o.Name;
model.Organizations.Add(orgModel);
// TODO better to do this in one query above.
var permissions = db.Permissions
.Where(x => x.User.Id == user.Id && x.Organization.Id == o.Id);
foreach (var permission in permissions)
{
switch (permission.Right)
{
case Right.CanAssignRights:
orgModel.CanAssignRights = true;
break;
case Right.CanViewAllCatalogRecords:
orgModel.CanViewAllCatalogRecords = true;
break;
case Right.CanAssignCurator:
orgModel.CanAssignCurators = true;
break;
default:
break;
}
}
}
// Get history information for the user.
var events = db.Events
.Where(x => x.User.UserName == id)
.OrderByDescending(x => x.Timestamp)
.Include(x => x.RelatedCatalogRecord)
.Include(x => x.RelatedManagedFiles);
foreach (var userEvent in events)
{
var eventModel = HistoryEventModel.FromEvent(userEvent, user);
model.Events.Add(eventModel);
}
// Ideas for more events to add
// TODO Show when this user was created?
// TODO Show when this user creates other users?
// TODO Show when records, files, and anything else is edited?
// Can the requesting user edit the user?
var org = OrganizationHelper.GetOrganizationByHost(Request, db);
if (org == null)
{
model.IsOrganizationAmbiguous = true;
}
bool isOrgAdmin = false;
if (org != null)
{
isOrgAdmin = OrganizationHelper.DoesUserHaveRight(db, User, org.Id, Right.CanAssignRights);
}
model.CanEditUser = thisUser.IsAdministrator ||
isOrgAdmin ||
thisUser.UserName == id;
// Permissions
model.CanEditPermissions = thisUser.IsAdministrator || isOrgAdmin;
model.IsEditingUserSiteAdministrator = thisUser.IsAdministrator;
if (org != null)
{
model.OrganizationName = org.Name;
}
else
{
model.OrganizationName = string.Join(", ", user.Organizations.Select(x => x.Name));
}
model.IsSiteAdministrator = user.IsAdministrator;
if (org != null)
{
var orgPermissions = user.Permissions.Where(x => x.Organization.Id == org.Id);
model.CanAssignRights = orgPermissions.Any(x => x.Right == Right.CanAssignRights);
model.CanViewAllCatalogRecords = orgPermissions.Any(x => x.Right == Right.CanViewAllCatalogRecords);
model.CanAssignCurator = orgPermissions.Any(x => x.Right == Right.CanAssignCurator);
model.CanEditOrganization = orgPermissions.Any(x => x.Right == Right.CanEditOrganization);
model.CanApprove = orgPermissions.Any(x => x.Right == Right.CanApprove);
}
// Map information from the user object to the view model.
model.UserName = user.UserName;
model.FirstName = user.FirstName;
model.LastName = user.LastName;
model.Affiliation = user.Affiliation;
model.ContactInformation = user.ContactInformation;
model.Orcid = user.Orcid;
model.Email = user.Email;
model.PhoneNumber = user.PhoneNumber;
return(View(model));
}
}
public ActionResult Revisions(Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(id, db);
EnsureUserIsAllowed(file.CatalogRecord, db);
var model = new ManagedFileHistoryModel();
model.File = file;
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
model.IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove);
string processingDirectory = SettingsHelper.GetProcessingDirectory(file.CatalogRecord.Organization, db);
string path = Path.Combine(processingDirectory, file.CatalogRecord.Id.ToString());
using (var repo = new LibGit2Sharp.Repository(path))
{
List <Tuple <Commit, TreeEntry> > modificationCommits = new List <Tuple <Commit, TreeEntry> >();
string currentSha = null; // startingItemSha;
string currentPath = model.File.Name; //startingItemPath;
Tuple <Commit, TreeEntry> current = null;
foreach (Commit c in repo.Commits)
{
if (c.Tree.Any <TreeEntry>(entry => entry.Name == currentPath))
{
// If file with given name was found, check its SHA
TreeEntry te = c.Tree.First <TreeEntry>(entry => entry.Name == currentPath);
if (te.Target.Sha == currentSha)
{
// In case if file's SHA matches
// file was not changed in this commit
// and temporary commit need to be updated to current one
current = new Tuple <Commit, TreeEntry>(c, te);
}
else
{
// file's SHA doesn't match
// file was changed during commit (or is first one)
// current commit needs to be added to the commits collection
// The file's SHA updated to current one
modificationCommits.Add(new Tuple <Commit, TreeEntry>(c, te));
currentSha = te.Target.Sha;
current = null;
}
}
else
{
// File with given name not found. this means it was renamed.
// SHA should still be the same
if (c.Tree.Any <TreeEntry>(entry => entry.Target.Sha == currentSha))
{
TreeEntry te = c.Tree.First <TreeEntry>(entry => entry.Target.Sha == currentSha);
currentPath = te.Name;
modificationCommits.Add(new Tuple <Commit, TreeEntry>(c, te));
current = null;
}
}
}
if (current != null)
{
modificationCommits.Add(current);
}
foreach (var m in modificationCommits)
{
RevisionModel h = RevisionModel.FromCommit(m.Item1, m.Item2, file);
// replace uuid with real user name
ApplicationUser user = db.Users
.Where(x => x.Id == h.CommitterName)
.FirstOrDefault();
if (user != null)
{
h.CommitterName = user.FullName;
h.CommitterEmail = user.Email;
h.CommitterId = user.Id;
}
model.Revisions.Add(h);
}
}
return(View(model));
}
}
public ActionResult AddNote(Guid id, string text)
{
if (string.IsNullOrWhiteSpace(text))
{
return(Content(string.Empty));
}
// Get the CatalogRecord, so we can figure out what agency ID to use.
using (var db = ApplicationDbContext.Create())
{
var user = db.Users.Where(x => x.UserName == User.Identity.Name)
.FirstOrDefault();
if (user == null)
{
return(RedirectToAction("Index"));
}
var file = GetFile(id, db);
if (!file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name) &&
!file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) &&
file.CatalogRecord.CreatedBy.UserName != User.Identity.Name &&
!OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove))
{
throw new HttpException(403, "Only curators may perform this task.");
}
try
{
var note = new Data.Note()
{
CatalogRecord = file.CatalogRecord,
File = file,
Timestamp = DateTime.UtcNow,
User = user,
Text = text
};
db.Notes.Add(note);
// Log the adding of the note.
var log = new Event()
{
EventType = EventTypes.AddNote,
Timestamp = DateTime.UtcNow,
User = user,
RelatedCatalogRecord = file.CatalogRecord,
Title = "Add a Note",
Details = text
};
log.RelatedManagedFiles.Add(file);
db.Events.Add(log);
db.SaveChanges();
return(Content(string.Empty));
}
catch (Exception ex)
{
throw new HttpException(500, ex.Message);
}
}
}
public ActionResult Editor(Guid id)
{
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(id, db);
EnsureUserHasPermission(file, db);
var model = new PreviewFileModel();
model.FileName = file.Name;
model.CatalogRecordId = file.CatalogRecord.Id;
model.CatalogRecordTitle = file.CatalogRecord.Title;
model.File = file;
model.IsUserCurator = file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name);
model.IsUserApprover = file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) ||
OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove);
if (file.IsTextFile())
{
model.PreviewType = PreviewType.Text;
model.Syntax = GetSyntax(Path.GetExtension(file.Name));
string path = string.Empty;
string processingDirectory = SettingsHelper.GetProcessingDirectory(file.CatalogRecord.Organization, db);
if (!string.IsNullOrWhiteSpace(processingDirectory))
{
path = Path.Combine(processingDirectory, file.CatalogRecord.Id.ToString(), file.Name);
if (System.IO.File.Exists(path))
{
model.Content = System.IO.File.ReadAllText(path);
}
}
}
else if (file.Name.ToLower().EndsWith(".pdf"))
{
model.PreviewType = PreviewType.Pdf;
}
else if (file.Name.ToLower().EndsWith(".rtf"))
{
model.PreviewType = PreviewType.Text;
string path = string.Empty;
string processingDirectory = SettingsHelper.GetProcessingDirectory(file.CatalogRecord.Organization, db);
if (!string.IsNullOrWhiteSpace(processingDirectory))
{
path = Path.Combine(processingDirectory, file.CatalogRecord.Id.ToString(), file.Name);
if (System.IO.File.Exists(path))
{
string richContent = System.IO.File.ReadAllText(path);
model.Content = richContent.ConvertRtfToPlainText();
}
}
}
else if (file.IsImageFile())
{
model.PreviewType = PreviewType.Image;
}
return(View("~/Areas/Ddi/Views/Preview/Editor.cshtml", model));
}
}
public ActionResult AddNote(Guid id, Guid fileId, string note)
{
if (string.IsNullOrWhiteSpace(note))
{
return(Content(string.Empty));
}
using (var db = ApplicationDbContext.Create())
{
var file = GetFile(fileId, db);
var user = db.Users.Where(x => x.UserName == User.Identity.Name)
.FirstOrDefault();
if (!file.CatalogRecord.Curators.Any(x => x.UserName == User.Identity.Name) &&
!file.CatalogRecord.Approvers.Any(x => x.UserName == User.Identity.Name) &&
!OrganizationHelper.DoesUserHaveRight(db, User, file.CatalogRecord.Organization.Id, Right.CanApprove))
{
throw new HttpException(403, "Only curators may perform this task.");
}
string agency = file.CatalogRecord.Organization.AgencyID;
try
{
var client = RepositoryHelper.GetClient();
var variable = client.GetLatestItem(id, agency) as Variable;
var noteObj = new Data.Note()
{
CatalogRecord = file.CatalogRecord,
File = file,
Timestamp = DateTime.UtcNow,
User = user,
Text = note,
VariableAgency = variable.AgencyId,
VariableId = variable.Identifier,
VariableName = variable.ItemName.Best
};
db.Notes.Add(noteObj);
// Log the adding of the note.
var log = new Event()
{
EventType = EventTypes.AddNote,
Timestamp = DateTime.UtcNow,
User = user,
RelatedCatalogRecord = file.CatalogRecord,
Title = "Add a Note",
Details = note
};
log.RelatedManagedFiles.Add(file);
db.Events.Add(log);
db.SaveChanges();
var comment = new CommentModel()
{
UserName = User.Identity.Name,
Date = noteObj.Timestamp.ToShortDateString(),
Comment = noteObj.Text
};
return(Json(comment));
}
catch (Exception ex)
{
throw new HttpException(500, ex.Message);
}
}
}