예제 #1
0
        /// <summary>
        /// Helper method to verify that a given news item has not expired
        /// (see documentation for expiration definition)
        /// </summary>
        /// <param name="newsItem">The news item to verify</param>
        /// <returns>true if unexpired, otherwise throws some kind of meaningful exception</returns>
        private bool VerifyUnexpired(StudentNews newsItem)
        {
            // DateTime of date entered is nullable, so we need to check that here before comparing
            // If the entered date is null we shouldn't allow deletion to be safe
            // Note: This check has been duplicated from StateYourBusiness because we do not SuperAdmins
            //    to be able to delete expired news, this should be fixed eventually by removing some of
            //    the SuperAdmin permissions that are not explicitly given
            if (newsItem.Entered == null)
            {
                throw new ResourceNotFoundException()
                      {
                          ExceptionMessage = "The news item date could not be verified."
                      };
            }
            var todaysDate = DateTime.Now;
            var newsDate   = (DateTime)newsItem.Entered;
            var dateDiff   = (todaysDate - newsDate).Days;

            if (dateDiff >= 14)
            {
                throw new Exceptions.CustomExceptions.UnauthorizedAccessException()
                      {
                          ExceptionMessage = "Unauthorized to delete expired news items."
                      };
            }
            return(true);
        }
예제 #2
0
        /// <summary>
        /// Adds a news item record to storage.
        /// </summary>
        /// <param name="newsItem">The news item to be added</param>
        /// <param name="username">username</param>
        /// <param name="id">id</param>
        /// <returns>The newly added Membership object</returns>
        public StudentNews SubmitNews(StudentNews newsItem, string username, string id)
        {
            // Not currently used
            ValidateNewsItem(newsItem);

            VerifyAccount(id);

            // SQL Parameters
            var usernameParam   = new SqlParameter("@Username", username);
            var categoryIDParam = new SqlParameter("@CategoryID", newsItem.categoryID);
            var subjectParam    = new SqlParameter("@Subject", newsItem.Subject);
            var bodyParam       = new SqlParameter("@Body", newsItem.Body);

            // Run stored procedure
            var result = RawSqlQuery <StudentNewsViewModel> .query("INSERT_NEWS_ITEM @Username, @CategoryID, @Subject, @Body", usernameParam, categoryIDParam, subjectParam, bodyParam);

            if (result == null)
            {
                throw new ResourceNotFoundException()
                      {
                          ExceptionMessage = "The data was not found."
                      };
            }

            return(newsItem);
        }
예제 #3
0
        /// <summary>
        /// (Service) Edits a news item in the database
        /// </summary>
        /// <param name="newsID">The id of the news item to edit</param>
        /// <param name="newData">The news object that contains updated values</param>
        /// <returns>The updated news item's view model</returns>
        /// <remarks>The news item must be authored by the user and must not be expired and must be unapproved</remarks>
        public StudentNewsViewModel EditPosting(int newsID, StudentNews newData)
        {
            // Service method 'Get' throws its own exceptions
            var newsItem = Get(newsID);

            // Note: These checks have been duplicated from StateYourBusiness because we do not SuperAdmins
            //    to be able to delete expired news, this should be fixed eventually by removing some of
            //    the SuperAdmin permissions that are not explicitly given
            VerifyUnexpired(newsItem);
            VerifyUnapproved(newsItem);

            // categoryID is required, not nullable in StudentNews model
            if (newData.Subject == null || newData.Body == null)
            {
                throw new ResourceNotFoundException()
                      {
                          ExceptionMessage = "The new data to update the news item is missing some entries."
                      };
            }

            newsItem.categoryID = newData.categoryID;
            newsItem.Subject    = newData.Subject;
            newsItem.Body       = newData.Body;

            _unitOfWork.Save();

            return((StudentNewsViewModel)newsItem);
        }
        // Private route to authenticated users - authors of posting or admins
        public IHttpActionResult EditPosting(int newsID, [FromBody] StudentNews newData)
        {
            // StateYourBusiness verifies that user is authenticated
            var result = _newsService.EditPosting(newsID, newData);

            return(Ok(result));
        }
        public IHttpActionResult Post([FromBody] StudentNews newsItem)
        {
            // Check for bad input
            if (!ModelState.IsValid || newsItem == null)
            {
                string errors = "";
                foreach (var modelstate in ModelState.Values)
                {
                    foreach (var error in modelstate.Errors)
                    {
                        errors += "|" + error.ErrorMessage + "|" + error.Exception;
                    }
                }
                throw new BadInputException()
                      {
                          ExceptionMessage = errors
                      };
            }

            // Get authenticated username/id
            var authenticatedUser = this.ActionContext.RequestContext.Principal as ClaimsPrincipal;
            var username          = authenticatedUser.Claims.FirstOrDefault(x => x.Type == "user_name").Value;
            var id = _accountService.GetAccountByUsername(username).GordonID;

            // Call appropriate service
            var result = _newsService.SubmitNews(newsItem, username, id);

            if (result == null)
            {
                return(NotFound());
            }
            return(Created("News", result));
        }
예제 #6
0
 /// <summary>
 /// Helper method to verify that a given news item has not yet been approved
 /// </summary>
 /// <param name="newsItem">The news item to verify</param>
 /// <returns>true if unapproved, otherwise throws some kind of meaningful exception</returns>
 private bool VerifyUnapproved(StudentNews newsItem)
 {
     // Note: This check has been duplicated from StateYourBusiness because we do not SuperAdmins
     //    to be able to delete expired news, this should be fixed eventually by removing some of
     //    the SuperAdmin permissions that are not explicitly given
     if (newsItem.Accepted == null)
     {
         throw new ResourceNotFoundException()
               {
                   ExceptionMessage = "The news item acceptance status could not be verified."
               };
     }
     if (newsItem.Accepted == true)
     {
         throw new BadInputException()
               {
                   ExceptionMessage = "The news item has already been approved."
               };
     }
     return(true);
 }
예제 #7
0
        /// <summary>
        /// Helper method to validate a news item
        /// </summary>
        /// <param name="newsItem">The news item to validate</param>
        /// <returns>True if valid. Throws ResourceNotFoundException if not. Exception is caught in an Exception Filter</returns>
        private bool ValidateNewsItem(StudentNews newsItem)
        {
            // any input sanitization should go here

            return(true);
        }