Пример #1
0
        protected async Task <bool> CheckPermission(Course course, Customer customer)
        {
            //Check whether the current user is a guest
            if (customer.IsGuest() && !_courseSettings.AllowGuestsToAccessCourse)
            {
                return(false);
            }

            //Check whether the current user has a "Manage course" permission
            //It allows him to preview a category before publishing
            if (!course.Published && !await _permissionService.Authorize(StandardPermissionProvider.ManageCourses, customer))
            {
                return(false);
            }

            //Check whether the current user purchased the course
            if (!await _courseViewModelService.CheckOrder(course, customer) && !await _permissionService.Authorize(StandardPermissionProvider.ManageCourses, customer))
            {
                return(false);
            }

            //ACL (access control list)
            if (!_aclService.Authorize(course, customer))
            {
                return(false);
            }

            //Store mapping
            if (!_storeMappingService.Authorize(course))
            {
                return(false);
            }

            return(true);
        }
Пример #2
0
        public virtual async Task <IActionResult> Details(string courseId)
        {
            var customer = _workContext.CurrentCustomer;

            //Check whether the current user is a guest
            if (customer.IsGuest() && !_courseSettings.AllowGuestsToAccessCourse)
            {
                return(InvokeHttp404());
            }

            var course = await _courseViewModelService.GetCourseById(courseId);

            if (course == null)
            {
                return(InvokeHttp404());
            }

            //Check whether the current user has a "Manage course" permission
            //It allows him to preview a category before publishing
            if (!course.Published && !await _permissionService.Authorize(StandardPermissionProvider.ManageCourses, customer))
            {
                return(InvokeHttp404());
            }

            //Check whether the current user purchased the course
            if (!await _courseViewModelService.CheckOrder(course, customer) && !await _permissionService.Authorize(StandardPermissionProvider.ManageCourses, customer))
            {
                return(InvokeHttp404());
            }

            //ACL (access control list)
            if (!_aclService.Authorize(course, customer))
            {
                return(InvokeHttp404());
            }

            //Store mapping
            if (!_storeMappingService.Authorize(course))
            {
                return(InvokeHttp404());
            }

            //'Continue shopping' URL
            await _genericAttributeService.SaveAttribute(customer, SystemCustomerAttributeNames.LastContinueShoppingPage, _webHelper.GetThisPageUrl(false), _storeContext.CurrentStore.Id);

            //display "edit" (manage) link
            if (await _permissionService.Authorize(StandardPermissionProvider.AccessAdminPanel, customer) && await _permissionService.Authorize(StandardPermissionProvider.ManageCourses, customer))
            {
                DisplayEditLink(Url.Action("Edit", "Course", new { id = course.Id, area = "Admin" }));
            }

            //activity log
            await _customerActivityService.InsertActivity("PublicStore.ViewCourse", course.Id, _localizationService.GetResource("ActivityLog.PublicStore.ViewCourse"), course.Name);

            await _customerActionEventService.Viewed(customer, this.HttpContext.Request.Path.ToString(), this.Request.Headers[HeaderNames.Referer].ToString() != null?Request.Headers["Referer"].ToString() : "");

            //model
            var model = await _courseViewModelService.PrepareCourseModel(course);

            return(View(model));
        }