public ActionResult Add(int earningID, bool earningIsAchievement, String text) { /* TODO: if(WebSecurity.CurrentUserId < 0) { return new HttpStatusCodeResult(401, "Custom Error Message 1"); // Unauthorized }*/ // Need text for a comment if (String.IsNullOrWhiteSpace(text)) { return new HttpStatusCodeResult(406, "Invalid comment text"); // Invalid text } UnitOfWork work = new UnitOfWork(); // Are comments enabled, and can we access the earning? user earningUser = null; object template = null; if (!CommentsEnabled(earningID, earningIsAchievement, work)) { return new HttpStatusCodeResult(403, "Comments currently disabled"); // Disabled comments } if (!UserCanAccessEarning(earningID, earningIsAchievement, work, out earningUser, out template)) { return new HttpStatusCodeResult(403, "Earning cannot be accessed"); // Invalid earning access } comment c = new comment() { date = DateTime.Now, deleted = false, last_modified_by_id = WebSecurity.CurrentUserId, last_modified_date = null, // Not being modified, just created, so this is null location_id = earningID, location_type = earningIsAchievement ? (int)JPPConstants.CommentLocation.Achievement : (int)JPPConstants.CommentLocation.Quest, text = text, user_id = WebSecurity.CurrentUserId }; // Access is validated, create comment work.EntityContext.comment.Add(c); // Get the current user's display name user u = work.EntityContext.user.Find(WebSecurity.CurrentUserId); //ID, Photo, Name, Text, PosterID, Deleted // Send a notification /*if (earningIsAchievement) { achievement_template a = template as achievement_template; work.SystemRepository.AddNotification( earningUser.id, WebSecurity.CurrentUserId, "[" + u.display_name + "] commented on [" + a.title + "]", u.image, new UrlHelper(Request.RequestContext).Action( "IndividualAchievement", "Achievements", new { id = a.id } ) + "#" + earningUser.id + "-" + earningID, false); } else { quest_template q = template as quest_template; work.SystemRepository.AddNotification( earningUser.id, WebSecurity.CurrentUserId, "[" + u.display_name + "] commented on [" + q.title + "]", u.image, new UrlHelper(Request.RequestContext).Action( "IndividualQuest", "Quests", new { id = q.id } ) + "#" + earningUser.id + "-" + earningID, false); }*/ // Success work.SaveChanges(); EarningComment response = new EarningComment() { Deleted = false, ID = c.id, Text = c.text, PlayerID = u.id, DisplayName = u.display_name, PlayerImage = u.image, CommentDate = c.date, CurrentUserCanEdit = true, CurrentUserCanDelete = true }; return Json(response); }
public ActionResult Delete(int commentID) { UnitOfWork work = new UnitOfWork(); // Grab the comment and check for edit capabilities comment c = work.EntityContext.comment.Find(commentID); // Is the current user the instance owner? bool instanceOwner = false; if (c.location_type == (int)JPPConstants.CommentLocation.Achievement) { instanceOwner = (from e in work.EntityContext.achievement_instance where e.id == c.location_id && e.user_id == WebSecurity.CurrentUserId select e).Any(); } else if(c.location_type == (int)JPPConstants.CommentLocation.Quest) { instanceOwner = (from e in work.EntityContext.quest_instance where e.id == c.location_id && e.user_id == WebSecurity.CurrentUserId select e).Any(); } // Instance owner, comment owner or admin? if (!instanceOwner && c.user_id != WebSecurity.CurrentUserId && !Roles.IsUserInRole(JPPConstants.Roles.FullAdmin)) return new HttpStatusCodeResult(406, "Invalid credentials"); // Invalid text LoggerModel logCommentDelete = new LoggerModel() { Action = Logger.CommentBehaviorLogType.CommentDelete.ToString(), UserID = WebSecurity.CurrentUserId, IPAddress = Request.UserHostAddress, TimeStamp = DateTime.Now, ID1 = c.id, IDType1 = Logger.LogIDType.Comment.ToString(), Value1 = c.text }; Logger.LogSingleEntry(logCommentDelete, work.EntityContext); // Mark as deleted c.deleted = true; c.last_modified_by_id = WebSecurity.CurrentUserId; c.last_modified_date = DateTime.Now; work.SaveChanges(); // Get the current user's display name user u = work.EntityContext.user.Find(WebSecurity.CurrentUserId); EarningComment response = new EarningComment() { Deleted = true, ID = c.id, Text = JPPConstants.SiteSettings.DeletedCommentText + u.display_name, PlayerID = c.last_modified_by_id, DisplayName = null, PlayerImage = null, CurrentUserCanEdit = false, CurrentUserCanDelete = false }; return Json(response); // Success }