public ActionResult RemoveSelectedEncounters(FormCollection collection)
{
int sessionId = 0;
var removeList = new List <int>();
foreach (var key in collection)
{
var keyName = key.ToString();
if (keyName == "Session.Id")
{
sessionId = int.Parse(collection[keyName]);
}
else if (keyName.StartsWith("chkRemoveEncounter"))
{
string chkVal = collection[keyName];
if (chkVal.Contains("true"))
{
int encId = int.Parse(keyName.Replace("chkRemoveEncounter", ""));
if (!removeList.Contains(encId))
{
removeList.Add(encId);
}
}
}
}
if (sessionId == 0)
{
return(View("InvalidResource", model: "session"));
}
if (removeList.Any())
{
var removeEncounterVm = new RemoveEncountersVM
{
SessionId = sessionId,
EncounterIds = new List <int>(removeList)
};
return(View("RemoveEncounters", removeEncounterVm));
//return RedirectToAction("RemoveEncounters", removeEncounterVm);
}
return(RedirectToAction("Detail", new { @id = sessionId }));
}
public ActionResult RemoveEncountersConfirmed(RemoveEncountersVM model)
{
if (!model.EncounterIds.Any())
{
return(RedirectToAction("Detail", new { @id = model.SessionId }));
}
// Double-check that this user is allowed to remove encounters for this session
// 3 possible cases: GlobalAdmin, Guild Administrator or Original Uploader
// Check we have a valid user
var user = _authRepository.GetUserAccount(User.Identity.GetUserId());
if (user == null)
{
HttpContext.GetOwinContext().Authentication.SignOut();
return(RedirectToAction("Index", "Home"));
}
var session = _sessionRepository.Get(model.SessionId);
if (session == null)
{
return(RedirectToAction("Index", "Home"));
}
var uploaderGuild = _guildRepository.Get(session.AuthUserCharacter.GuildId);
bool canRemove = false;
// Get the characters for this user
var userCharacters = _authUserCharacterRepository.GetCharacters(user.Email);
if (userCharacters.Any(c => c.GuildId == uploaderGuild.Id))
{
// Update the ranks from the DB
foreach (var character in userCharacters)
{
if (character.GuildId != null)
{
character.GuildRank = _authUserCharacterRepository.GetGuildRankForCharacter(character.Id);
}
}
// This user has one or more characters in this guild, so check if they are the original uploader or have a rank that allows modifications
if (userCharacters.Where(c => c.GuildId == uploaderGuild.Id).Any(userChar => userChar.GuildRank.CanModifyAnySession || userChar.Id == session.AuthUserCharacterId))
{
canRemove = true;
_logger.Debug(string.Format("Allowing {0} to remove 1 or more encounters from session {1} as they are the original uploader or a guild admin",
User.Identity.GetUserId(), model.SessionId));
}
}
if (User.IsInRole(UserGroups.Admin))
{
canRemove = true;
_logger.Debug(string.Format("Allowing {0} to remove {2} {3} from session {1} as they are a site administrator",
User.Identity.GetUserId(), model.SessionId, model.EncounterIds.Count, model.EncounterIds.Count == 1 ? "encounter" : "encounters"));
}
if (!canRemove)
{
_logger.Error(string.Format("Denying {0} from removing {2} {3} from session {1} as they do not have permission",
User.Identity.GetUserId(), model.SessionId, model.EncounterIds.Count, model.EncounterIds.Count == 1 ? "encounter" : "encounters"));
TempData.Add("flash", new FlashDangerViewModel("You don't have the correct permissions to do that!"));
return(RedirectToAction("Detail", new { @id = model.SessionId }));
}
var result = _encounterRepository.MarkEncountersForDeletion(model.EncounterIds, User.Identity.GetUserId());
if (result.Success)
{
TempData.Add("flash",
model.EncounterIds.Count == 1
? new FlashSuccessViewModel("1 encounter was successfully removed.")
: new FlashSuccessViewModel(string.Format("{0} encounters were successfully removed.",
model.EncounterIds.Count)));
}
else
{
TempData.Add("flash", new FlashDangerViewModel(string.Format("Error removing encounter(s): {0}", result.Message)));
}
return(RedirectToAction("Detail", new { @id = model.SessionId }));
}
