/// <summary>
/// Helper method to verify that a given news item has not expired
/// (see documentation for expiration definition)
/// </summary>
/// <param name="newsItem">The news item to verify</param>
/// <returns>true if unexpired, otherwise throws some kind of meaningful exception</returns>
private bool VerifyUnexpired(StudentNews newsItem)
{
// DateTime of date entered is nullable, so we need to check that here before comparing
// If the entered date is null we shouldn't allow deletion to be safe
// Note: This check has been duplicated from StateYourBusiness because we do not SuperAdmins
// to be able to delete expired news, this should be fixed eventually by removing some of
// the SuperAdmin permissions that are not explicitly given
if (newsItem.Entered == null)
{
throw new ResourceNotFoundException()
{
ExceptionMessage = "The news item date could not be verified."
};
}
var todaysDate = DateTime.Now;
var newsDate = (DateTime)newsItem.Entered;
var dateDiff = (todaysDate - newsDate).Days;
if (dateDiff >= 14)
{
throw new Exceptions.CustomExceptions.UnauthorizedAccessException()
{
ExceptionMessage = "Unauthorized to delete expired news items."
};
}
return(true);
}
/// <summary>
/// Adds a news item record to storage.
/// </summary>
/// <param name="newsItem">The news item to be added</param>
/// <param name="username">username</param>
/// <param name="id">id</param>
/// <returns>The newly added Membership object</returns>
public StudentNews SubmitNews(StudentNews newsItem, string username, string id)
{
// Not currently used
ValidateNewsItem(newsItem);
VerifyAccount(id);
// SQL Parameters
var usernameParam = new SqlParameter("@Username", username);
var categoryIDParam = new SqlParameter("@CategoryID", newsItem.categoryID);
var subjectParam = new SqlParameter("@Subject", newsItem.Subject);
var bodyParam = new SqlParameter("@Body", newsItem.Body);
// Run stored procedure
var result = RawSqlQuery <StudentNewsViewModel> .query("INSERT_NEWS_ITEM @Username, @CategoryID, @Subject, @Body", usernameParam, categoryIDParam, subjectParam, bodyParam);
if (result == null)
{
throw new ResourceNotFoundException()
{
ExceptionMessage = "The data was not found."
};
}
return(newsItem);
}
/// <summary>
/// (Service) Edits a news item in the database
/// </summary>
/// <param name="newsID">The id of the news item to edit</param>
/// <param name="newData">The news object that contains updated values</param>
/// <returns>The updated news item's view model</returns>
/// <remarks>The news item must be authored by the user and must not be expired and must be unapproved</remarks>
public StudentNewsViewModel EditPosting(int newsID, StudentNews newData)
{
// Service method 'Get' throws its own exceptions
var newsItem = Get(newsID);
// Note: These checks have been duplicated from StateYourBusiness because we do not SuperAdmins
// to be able to delete expired news, this should be fixed eventually by removing some of
// the SuperAdmin permissions that are not explicitly given
VerifyUnexpired(newsItem);
VerifyUnapproved(newsItem);
// categoryID is required, not nullable in StudentNews model
if (newData.Subject == null || newData.Body == null)
{
throw new ResourceNotFoundException()
{
ExceptionMessage = "The new data to update the news item is missing some entries."
};
}
newsItem.categoryID = newData.categoryID;
newsItem.Subject = newData.Subject;
newsItem.Body = newData.Body;
_unitOfWork.Save();
return((StudentNewsViewModel)newsItem);
}
// Private route to authenticated users - authors of posting or admins
public IHttpActionResult EditPosting(int newsID, [FromBody] StudentNews newData)
{
// StateYourBusiness verifies that user is authenticated
var result = _newsService.EditPosting(newsID, newData);
return(Ok(result));
}
public IHttpActionResult Post([FromBody] StudentNews newsItem)
{
// Check for bad input
if (!ModelState.IsValid || newsItem == null)
{
string errors = "";
foreach (var modelstate in ModelState.Values)
{
foreach (var error in modelstate.Errors)
{
errors += "|" + error.ErrorMessage + "|" + error.Exception;
}
}
throw new BadInputException()
{
ExceptionMessage = errors
};
}
// Get authenticated username/id
var authenticatedUser = this.ActionContext.RequestContext.Principal as ClaimsPrincipal;
var username = authenticatedUser.Claims.FirstOrDefault(x => x.Type == "user_name").Value;
var id = _accountService.GetAccountByUsername(username).GordonID;
// Call appropriate service
var result = _newsService.SubmitNews(newsItem, username, id);
if (result == null)
{
return(NotFound());
}
return(Created("News", result));
}
/// <summary>
/// Helper method to verify that a given news item has not yet been approved
/// </summary>
/// <param name="newsItem">The news item to verify</param>
/// <returns>true if unapproved, otherwise throws some kind of meaningful exception</returns>
private bool VerifyUnapproved(StudentNews newsItem)
{
// Note: This check has been duplicated from StateYourBusiness because we do not SuperAdmins
// to be able to delete expired news, this should be fixed eventually by removing some of
// the SuperAdmin permissions that are not explicitly given
if (newsItem.Accepted == null)
{
throw new ResourceNotFoundException()
{
ExceptionMessage = "The news item acceptance status could not be verified."
};
}
if (newsItem.Accepted == true)
{
throw new BadInputException()
{
ExceptionMessage = "The news item has already been approved."
};
}
return(true);
}
/// <summary>
/// Helper method to validate a news item
/// </summary>
/// <param name="newsItem">The news item to validate</param>
/// <returns>True if valid. Throws ResourceNotFoundException if not. Exception is caught in an Exception Filter</returns>
private bool ValidateNewsItem(StudentNews newsItem)
{
// any input sanitization should go here
return(true);
}