// todo add security to pertinent actions public ActionResult Team(int teamId) { var team = _socialNetworkService.GetTeam(teamId); if (teamId == 1 && team == null) { CreateSampleData(); team = _socialNetworkService.GetTeam(teamId); } var model = new TeamPageModel() { TeamName = team.Name, TeamDescription = team.Description, TeamPictureUrl = team.TeamPictureUrl }; var groupPages = team.GroupPages.OrderBy(x => x.DisplayOrder); // team groups foreach (var group in groupPages) { var groupModel = new TeamPageGroupModel() { Name = group.Name, Description = group.Description, }; var groupMembers = group.Members.OrderBy(x => x.DisplayOrder); // team group members foreach (var member in groupMembers) { var memberCustomer = _customerService.GetCustomerById(member.CustomerId); var memberThumbnailUrl = _pictureService.GetPictureUrl( memberCustomer.GetAttribute <int>(SystemCustomerAttributeNames.AvatarPictureId), 150, true); groupModel.Members.Add(new TeamPageGroupMemberModel() { DisplayName = memberCustomer.GetFullName(), ProfileUrl = Url.RouteUrl("CustomerProfileUrl", new { SeName = SeoExtensions.GetSeName(memberCustomer, 0) }), ThumbnailUrl = memberThumbnailUrl }); } model.Groups.Add(groupModel); } return(View(MobSocialConstant.ViewsPath + "/mobSocial/TeamPage.cshtml", model)); }
public IHttpActionResult PutGroup(TeamPageGroupModel model) { if (!ModelState.IsValid || model == null || model.TeamPageId == 0 || model.Id == 0) { return(Response(new { Success = false, Message = "Invalid data" })); } //check if the team page exists? and if it does, is the person creating the group has the authority var teamPage = _teamPageService.GetById(model.TeamPageId); if (teamPage == null) { return(NotFound()); } //check if the page exists or not & the person deleting actually owns the resource if (teamPage.CreatedBy != _workContext.CurrentCustomer.Id && !_workContext.CurrentCustomer.IsAdmin()) { return(Response(new { Success = false, Message = "Unauthorized" })); } //retrieve the group var groupPage = _teamPageGroupService.GetById(model.Id); if (groupPage == null) { return(NotFound()); } //and map it Mapper.Map(model, groupPage); //if the current group is default group, the other one should be set as non-default if (model.IsDefault) { //first get all groups of this team var groupPages = _teamPageGroupService.GetGroupPagesByTeamId(model.TeamPageId); foreach (var gp in groupPages) { if (gp.Id != groupPage.Id) { //set default false and update the group gp.IsDefault = false; _teamPageGroupService.Update(gp); } } } //update the current group page now _teamPageGroupService.Update(groupPage); return(Response(new { Success = true, Id = groupPage.Id })); }
public IHttpActionResult PostGroup(TeamPageGroupModel model) { if (!ModelState.IsValid || model == null || model.TeamPageId == 0) { return(Response(new { Success = false, Message = "Invalid data" })); } //check if the team page exists? and if it does, is the person creating the group has the authority var teamPage = _teamPageService.Get(model.TeamPageId); if (teamPage == null) { return(NotFound()); } var currentUser = ApplicationContext.Current.CurrentUser; //check if the page exists or not & the person deleting actually owns the resource if (currentUser != null && teamPage.CreatedBy != currentUser.Id && !currentUser.IsAdministrator()) { return(Response(new { Success = false, Message = "Unauthorized" })); } //ok, so we are good to save the group var group = new GroupPage() { TeamPageId = model.TeamPageId, Name = model.Name, Description = model.Description, PayPalDonateUrl = model.PayPalDonateUrl, DisplayOrder = model.DisplayOrder, IsDefault = model.IsDefault, DateCreated = DateTime.UtcNow, DateUpdated = DateTime.UtcNow }; _teamPageGroupService.Insert(group); return(Response(new { Success = true, Id = group.Id })); }
public IHttpActionResult PutGroup(TeamPageGroupModel model) { if (!ModelState.IsValid || model == null || model.TeamPageId == 0 || model.Id == 0) { return(Response(new { Success = false, Message = "Invalid data" })); } //check if the team page exists? and if it does, is the person creating the group has the authority var teamPage = _teamPageService.Get(model.TeamPageId); if (teamPage == null) { return(NotFound()); } var currentUser = ApplicationContext.Current.CurrentUser; //check if the page exists or not & the person deleting actually owns the resource if (teamPage.CreatedBy != currentUser.Id && !currentUser.IsAdministrator()) { return(Response(new { Success = false, Message = "Unauthorized" })); } //retrieve the group var groupPage = _teamPageGroupService.Get(model.Id); if (groupPage == null) { return(NotFound()); } groupPage.Name = model.Name; groupPage.Description = model.Description; groupPage.DisplayOrder = model.DisplayOrder; groupPage.PayPalDonateUrl = model.PayPalDonateUrl; groupPage.TeamPageId = model.TeamPageId; groupPage.IsDefault = model.IsDefault; groupPage.DisplayOrder = model.DisplayOrder; groupPage.DateUpdated = DateTime.UtcNow; //if the current group is default group, the other one should be set as non-default if (model.IsDefault) { //first get all groups of this team var groupPages = _teamPageGroupService.GetGroupPagesByTeamId(model.TeamPageId); foreach (var gp in groupPages) { if (gp.Id != groupPage.Id) { //set default false and update the group gp.IsDefault = false; _teamPageGroupService.Update(gp); } } } //update the current group page now _teamPageGroupService.Update(groupPage); return(Response(new { Success = true, Id = groupPage.Id })); }