// GET: Post
public ActionResult Index(int id)
{
Models.BlogPost post = new Models.BlogPost();
string sql = "SELECT * FROM [Post] WHERE [Id] = '" + id + "'";
string sql = "SELECT * FROM [Post] WHERE [Id] = '" + id + "' AND [DeletedOn] IS NULL";
string query2 = "SELECT * FROM [Comment] WHERE [PostId] = " + id + "";
SqlDataReader reader = createConnection(sql);
if (reader.HasRows)
{
while (reader.Read())
{
post.Id = reader.GetInt32(0);
post.Title = reader.GetString(2);
post.Description = reader.GetString(3);
post.Content = reader.GetString(4);
}
}
SqlDataReader commentReader = createConnection(query2);
List <Models.Comment> comments = new List <Models.Comment>();
if (commentReader.HasRows)
{
while (commentReader.Read())
{
Models.Comment comment = new Models.Comment();
comment.Text = commentReader.GetString(3);
comments.Add(comment);
}
}
post.Comments = comments;
return(View("Index", post));
}
private bool HasDelegateClaim(string claimType, Models.BlogPost blogPost)
{
var userContext = _userContextAccessor.GetContext();
// check for claimType with value equal this blogPost's Id
return(userContext.SecurityClaims.Any(x => x.Type == claimType && x.Value == blogPost.Id));
}
public void AddNewBlogpost(BlogPostInput blogPostInput)
{
var BlogPost = new Models.BlogPost
{
Title = blogPostInput.Title,
Url = blogPostInput.Url
};
applicationContext.Add(BlogPost);
applicationContext.SaveChanges();
}
public Models.BlogPost GetBlogPost()
{
var post = new Models.BlogPost
{
Id = 123,
Title = "TRUSTPILOT & CNUG ROCKS!",
Content = "ASP.NET 5 is the most awesome thing ever!"
};
return(post);
}
/// <summary>
/// Converts between the data model of a post and the view model
/// </summary>
/// <param name="blogPostDataModel"></param>
/// <returns></returns>
public Models.BlogPost BlogPostViewModel(Data.Models.BlogPost blogPostDataModel)
{
var blogPost = new Models.BlogPost()
{
Id = blogPostDataModel.BlogPostID,
PublishedOn = blogPostDataModel.PublishedOn,
Title = blogPostDataModel.Title,
Body = blogPostDataModel.Body,
CommentCount = blogPostDataModel.CommentCount
};
return(blogPost);
}
public static string GetBlogPostRouteUrl(this LinkGenerator linkGenerator, Models.BlogPost blog)
{
if (string.IsNullOrWhiteSpace(blog?.Title))
{
throw new ArgumentNullException(nameof(blog));
}
return(linkGenerator.GetPathByPage("/Index", null, values: new
{
area = "blog",
title = blog.Title.ToLowerInvariant(),
}));
}
private bool HasAuthorClaim(string claimType, Models.BlogPost blogPost)
{
var userContext = _userContextAccessor.GetContext();
if (userContext.UserId == blogPost.UserId)
{
// not checking value because is irrevant since we're checking the blogPost.author directly.
return(userContext.SecurityClaims.Any(x => x.Type == claimType));
}
return(false);
}
public ActionResult Index()
{
List <Models.BlogPost> posts = new List <Models.BlogPost>();
SqlDataReader reader = createConnection("SELECT * FROM [Post] WHERE [DeletedOn] IS NULL");
if (reader.HasRows)
{
while (reader.Read())
{
Models.BlogPost post = new Models.BlogPost();
post.Id = reader.GetInt32(0);
post.Title = reader.GetString(2);
post.Description = reader.GetString(3);
post.Content = reader.GetString(4);
posts.Add(post);
}
}
return(View(posts));
}
public bool AuthorizeForRead(Models.BlogPost blogPost)
{
var userContext = _userContextAccessor.GetContext();
// The user can create blogs and this is their blog
if (HasAuthorClaim(BlogClaimTypes.PersonalBlogAuthor, blogPost))
{
return(true);
}
// The user is a site admin and this is their blog
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, blogPost))
{
return(true);
}
// The user has been granted read access to this blog by the author
if (HasDelegateClaim(BlogClaimTypes.BlogPostRead, blogPost))
{
return(true);
}
// Client Level Blog Content Admin can view all blogs
if (HasAdminClaim(BlogClaimTypes.UserBlogsBrowse))
{
return(true);
}
// Client Level User Content Admin can view all content
if (HasAdminClaim(ClientClaimTypes.UserContentBrowse))
{
return(true);
}
// Client Level Primary Admin can view everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
return(false);
}
public bool AuthorizeForEdit(Models.BlogPost blogPost)
{
var userContext = _userContextAccessor.GetContext();
// Can author blogs and this is their blog
if (HasAuthorClaim(BlogClaimTypes.PersonalBlogAuthor, blogPost))
{
return(true);
}
// Is a site admin and this is their blog
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, blogPost))
{
return(true);
}
// Has been granted access to edit this blog by the author
if (HasDelegateClaim(BlogClaimTypes.BlogPostEdit, blogPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can manage all content
if (HasAdminClaim(ClientClaimTypes.UserContentManage))
{
return(true);
}
// Client Level Blog Admin can manage all blogs
if (HasAdminClaim(BlogClaimTypes.UserBlogsManage))
{
return(true);
}
return(false);
}
public string posts()
{
List <Models.BlogPost> posts = new List <Models.BlogPost>();
SqlCommand command = createConnection("SELECT * FROM [Post] WHERE [DeletedOn] IS NULL");
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
Models.BlogPost post = new Models.BlogPost();
post.Id = reader.GetInt32(0);
post.Title = reader.GetString(2);
post.Description = reader.GetString(3);
post.Content = reader.GetString(4);
posts.Add(post);
}
}
string json = JsonConvert.SerializeObject(posts);
return(json);
}
public string posts(string postid)
{
Models.BlogPost post = new Models.BlogPost();
string sql = "SELECT * FROM [Post] WHERE [Id] = '" + postid + "' AND [DeletedOn] IS NULL";
string query2 = "SELECT * FROM [Comment] WHERE [PostId] = " + postid + "";
SqlCommand command = createConnection(sql);
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
post.Id = reader.GetInt32(0);
post.Title = reader.GetString(2);
post.Description = reader.GetString(3);
post.Content = reader.GetString(4);
}
}
SqlCommand commandComment = createConnection(query2);
SqlDataReader commentReader = commandComment.ExecuteReader();
List <Models.Comment> comments = new List <Models.Comment>();
if (commentReader.HasRows)
{
while (commentReader.Read())
{
Models.Comment comment = new Models.Comment();
comment.Text = commentReader.GetString(3);
comments.Add(comment);
}
}
post.Comments = comments;
string json = JsonConvert.SerializeObject(post);
return(json);
}
public bool AuthorizeForPublish(Models.BlogPost blogPost)
{
var userContext = _userContextAccessor.GetContext();
// Can author blogs and this is their blog
if (HasAuthorClaim(BlogClaimTypes.PersonalBlogPublish, blogPost))
{
return(true);
}
// Is a site admin and this is their blog
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, blogPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can publish all content
if (HasAdminClaim(ClientClaimTypes.UserContentPublish))
{
return(true);
}
// Client Level Blog Admin can publish all blogs
if (HasAdminClaim(BlogClaimTypes.UserBlogsPublish))
{
return(true);
}
// no delegate claims to check since "publish" is not allowed to be delegated
return(false);
}
public async Task <IActionResult> CreateBlogPost(BlogPostViewModel userPostValues)
{
BlogPost blog_post = new Models.BlogPost();
blog_post = userPostValues.Post;
String userPost = userPostValues.Post.Content;
List <BadWord> badWords = _Context.BadWords.ToList();
foreach (var word in badWords)
{
userPost = userPost.Replace(word.Word, "*****");
}
blog_post.Content = userPost;
blog_post.UserId = Int32.Parse(Request.Form["UserId"]);
_Context.BlogPosts.Add(userPostValues.Post);
_Context.SaveChanges();
var storageAccount = CloudStorageAccount.Parse("DefaultEndpointsProtocol=https;AccountName=cst8359;AccountKey=ecMPpNU6vimZKMDTJG4seALrY7Kq7UJYjgl0/yLanXn857C8xtUJ2sF4ciB6wy9gg+e/YeYbRTaly2DVOxWhXQ==");
var blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("justinsphotostorage");
await container.CreateIfNotExistsAsync();
// set the permissions of the container to 'blob' to make them public
var permissions = new BlobContainerPermissions();
permissions.PublicAccess = BlobContainerPublicAccessType.Blob;
await container.SetPermissionsAsync(permissions);
// for each file that may have been sent to the server from the client
if (userPostValues.Files != null)
{
foreach (var file in userPostValues.Files)
{
try
{
// create the blob to hold the data
var blockBlob = container.GetBlockBlobReference(file.FileName);
if (await blockBlob.ExistsAsync())
{
await blockBlob.DeleteAsync();
}
using (var memoryStream = new MemoryStream())
{
// copy the file data into memory
await file.CopyToAsync(memoryStream);
// navigate back to the beginning of the memory stream
memoryStream.Position = 0;
// send the file to the cloud
await blockBlob.UploadFromStreamAsync(memoryStream);
}
// add the photo to the database if it uploaded successfully
var photo = new Photo();
photo.Url = blockBlob.Uri.AbsoluteUri;
photo.FileName = file.FileName;
photo.BlogPostId = blog_post.BlogPostId;
_Context.Photos.Add(photo);
_Context.SaveChanges();
}
catch
{
}
}
}
_Context.SaveChanges();
return(RedirectToAction("Index"));
}
public void OnGet(Guid id)
{
Data = _api.Posts.GetById <Models.BlogPost>(id);
ViewData["CurrentPage"] = Data.BlogId;
}
