public ActionResult RemoveSelectedEncounters(FormCollection collection) { int sessionId = 0; var removeList = new List <int>(); foreach (var key in collection) { var keyName = key.ToString(); if (keyName == "Session.Id") { sessionId = int.Parse(collection[keyName]); } else if (keyName.StartsWith("chkRemoveEncounter")) { string chkVal = collection[keyName]; if (chkVal.Contains("true")) { int encId = int.Parse(keyName.Replace("chkRemoveEncounter", "")); if (!removeList.Contains(encId)) { removeList.Add(encId); } } } } if (sessionId == 0) { return(View("InvalidResource", model: "session")); } if (removeList.Any()) { var removeEncounterVm = new RemoveEncountersVM { SessionId = sessionId, EncounterIds = new List <int>(removeList) }; return(View("RemoveEncounters", removeEncounterVm)); //return RedirectToAction("RemoveEncounters", removeEncounterVm); } return(RedirectToAction("Detail", new { @id = sessionId })); }
public ActionResult RemoveEncountersConfirmed(RemoveEncountersVM model) { if (!model.EncounterIds.Any()) { return(RedirectToAction("Detail", new { @id = model.SessionId })); } // Double-check that this user is allowed to remove encounters for this session // 3 possible cases: GlobalAdmin, Guild Administrator or Original Uploader // Check we have a valid user var user = _authRepository.GetUserAccount(User.Identity.GetUserId()); if (user == null) { HttpContext.GetOwinContext().Authentication.SignOut(); return(RedirectToAction("Index", "Home")); } var session = _sessionRepository.Get(model.SessionId); if (session == null) { return(RedirectToAction("Index", "Home")); } var uploaderGuild = _guildRepository.Get(session.AuthUserCharacter.GuildId); bool canRemove = false; // Get the characters for this user var userCharacters = _authUserCharacterRepository.GetCharacters(user.Email); if (userCharacters.Any(c => c.GuildId == uploaderGuild.Id)) { // Update the ranks from the DB foreach (var character in userCharacters) { if (character.GuildId != null) { character.GuildRank = _authUserCharacterRepository.GetGuildRankForCharacter(character.Id); } } // This user has one or more characters in this guild, so check if they are the original uploader or have a rank that allows modifications if (userCharacters.Where(c => c.GuildId == uploaderGuild.Id).Any(userChar => userChar.GuildRank.CanModifyAnySession || userChar.Id == session.AuthUserCharacterId)) { canRemove = true; _logger.Debug(string.Format("Allowing {0} to remove 1 or more encounters from session {1} as they are the original uploader or a guild admin", User.Identity.GetUserId(), model.SessionId)); } } if (User.IsInRole(UserGroups.Admin)) { canRemove = true; _logger.Debug(string.Format("Allowing {0} to remove {2} {3} from session {1} as they are a site administrator", User.Identity.GetUserId(), model.SessionId, model.EncounterIds.Count, model.EncounterIds.Count == 1 ? "encounter" : "encounters")); } if (!canRemove) { _logger.Error(string.Format("Denying {0} from removing {2} {3} from session {1} as they do not have permission", User.Identity.GetUserId(), model.SessionId, model.EncounterIds.Count, model.EncounterIds.Count == 1 ? "encounter" : "encounters")); TempData.Add("flash", new FlashDangerViewModel("You don't have the correct permissions to do that!")); return(RedirectToAction("Detail", new { @id = model.SessionId })); } var result = _encounterRepository.MarkEncountersForDeletion(model.EncounterIds, User.Identity.GetUserId()); if (result.Success) { TempData.Add("flash", model.EncounterIds.Count == 1 ? new FlashSuccessViewModel("1 encounter was successfully removed.") : new FlashSuccessViewModel(string.Format("{0} encounters were successfully removed.", model.EncounterIds.Count))); } else { TempData.Add("flash", new FlashDangerViewModel(string.Format("Error removing encounter(s): {0}", result.Message))); } return(RedirectToAction("Detail", new { @id = model.SessionId })); }