예제 #1
0
        public ActionResult Create(ProjectCreateViewModel model)
        {
            if (!ModelState.IsValid)
                return View(model);

            var owner = new ApplicationUser() { Id = User.Identity.GetUserId() };
            Project project = new Project(model) { Owner = owner };
            var initialAuth = new ProjectAuthorization
                {
                    Project = project,
                    User = owner,
                    Permission = Permission.Administrator
                };

            db.Entry(owner).State = EntityState.Unchanged;
            db.Entry(project).State = EntityState.Added;
            db.Entry(initialAuth).State = EntityState.Added;

            db.SaveChanges();
            return RedirectToAction("Index");
        }
예제 #2
0
        public ActionResult EditPermissions(ProjectRolesViewModel model)
        {
            if (!ModelState.IsValid)
                return View(model);

            Project project = db.Projects
                .Include(p => p.Authorizations)
                .First(p => p.Id == model.Id);

            var currentUserId = User.Identity.GetUserId();

            var auths = project.Authorizations
                .Where(auth => auth.User_ID == currentUserId);
            if (!auths.Any(auth => auth.Permission == Permission.Administrator))
            {
                return new HttpStatusCodeResult(HttpStatusCode.Forbidden,
                    "You do not have sufficient permissions for that resource.");
            }

            foreach(var userRoleModel in model.UserRoles)
            {
                foreach(var permModel in userRoleModel.Permissions)
                {
                    var projAuth = new ProjectAuthorization()
                        {
                            User_ID = userRoleModel.UserId,
                            Permission = permModel.Permission,
                            Project_ID = model.Id.Value
                        };
                    if (permModel.Removed)
                    {
                        projAuth = project.Authorizations.FirstOrDefault(
                            existingAuth =>
                                    existingAuth.User_ID == projAuth.User_ID
                                &&  existingAuth.Permission == projAuth.Permission);
                        project.Authorizations.Remove(projAuth);
                    }
                    else if (permModel.Added)
                    {
                        project.Authorizations.Add(projAuth);
                    }
                }
            }

            db.SaveChanges();

            // Before redirecting to project, make sure the user didn't
            //   remove all permissions from himself.
            if (model.UserRoles.Any(userRole =>
                        userRole.UserId == currentUserId
                    &&  userRole.Permissions.Any(perm => perm.Selected)))
            {
                return RedirectToAction("Details", new { id = model.Id });
            }
            else
            {
                return RedirectToAction("Index", "Home");
            }
        }