// POST: api/Subreddit public Task Post([FromBody] Models.Subreddit newSub) { string name = ClaimsPrincipal.Current.Identity.Name; var ip = HttpContext.Current.GetOwinContext().Request.RemoteIpAddress; return(subBLL.AddSubreddit(newSub, name, ip)); }
// POST: api/Subreddit public Task Post([FromBody] Models.Subreddit newSub) { string name = User.Identity.Name; //var ip = HttpContext.Current.GetOwinContext().Request.RemoteIpAddress; string ip = HttpContext.Connection.RemoteIpAddress.ToString(); return(subBLL.AddSubreddit(newSub, name, ip)); }
// PUT: api/Subreddit/5 public Task <object> Put([FromRoute] string subname, [FromBody] Models.Subreddit sub) { sub.SubName = subname; if (User.HasClaim("uri:snoonotes:admin", sub.SubName.ToLower())) { return(subBLL.UpdateSubreddit(sub, User)); } else { throw new UnauthorizedAccessException("You are not a moderator of that subreddit, or you don't have full permissions!"); } }
public async Task AddSubreddit(Models.Subreddit newSub, string modname, string ip) { newSub.Active = true; newSub.Settings = new Models.SubredditSettings(); newSub.Settings.AccessMask = 64; var ucacheitem = cache.Get(modname); var icacheitem = cache.Get(ip); var ucache = ucacheitem == null ? new CacheObject(modname) : ucacheitem as CacheObject; var icache = icacheitem == null ? new CacheObject(ip) : icacheitem as CacheObject; int ureqs = ucache.Value; int ireqs = icache.Value; if (Math.Max(ureqs, ireqs) > 5) { //throw new Exception( "You are doing that too much! Limited to created 5 subreddits per 24 hours, sorry!" ); } var activeSubs = await subDAL.GetActiveSubs(); if (activeSubs.Count > 0 && activeSubs.Select(s => s.SubName.ToLower()).Contains(newSub.SubName.ToLower())) { throw new Exception("Subreddit already exists!"); } try { //loads default note types, currently same types as Toolbox newSub.Settings.NoteTypes = Models.SubredditSettings.DefaultNoteTypes(newSub.SubName); await subDAL.AddSubreddit(newSub); newSub.Settings.NoteTypes = (await ntDAL.AddMultipleNoteTypes(newSub.Settings.NoteTypes, modname)).ToList(); newSub.Settings.PermBanID = newSub.Settings.NoteTypes.FirstOrDefault(nt => nt.DisplayName == "Perma Ban").NoteTypeID; newSub.Settings.TempBanID = newSub.Settings.NoteTypes.FirstOrDefault(nt => nt.DisplayName == "Ban").NoteTypeID; await subDAL.UpdateSubredditSettings(newSub); await _roleManager.CreateAsync(new IdentityRole( newSub.SubName.ToLower())); //await _roleManager.CreateAsync( new IdentityRole( newSub.SubName.ToLower() + ":admin" ) ); ucache.Value += 1; icache.Value += 1; cache.Set(ucache.Key, ucache, ucache.ExpirationDate); cache.Set(icache.Key, icache, icache.ExpirationDate); } catch { throw; } }
public async Task AddSubreddit(Models.Subreddit newSub, string modname, string ip) { newSub.Active = true; newSub.Settings = new Models.SubredditSettings(); newSub.Settings.AccessMask = 64; var cache = MemoryCache.Default; var ucacheitem = cache.GetCacheItem(modname); var icacheitem = cache.GetCacheItem(ip); var ucache = ucacheitem == null ? new CacheObject(modname) : ucacheitem.Value as CacheObject; var icache = icacheitem == null ? new CacheObject(ip) : icacheitem.Value as CacheObject; int ureqs = ucache.Value; int ireqs = icache.Value; if (Math.Max(ureqs, ireqs) > 5) { throw new Exception("You are doing that too much! Limited to created 5 subreddits per 24 hours, sorry!"); } if ((await subDAL.GetActiveSubs()).Select(s => s.SubName.ToLower()).Contains(newSub.SubName.ToLower())) { throw new Exception("Subreddit already exists!"); } try { DAL.NoteTypesDAL ntDAL = new DAL.NoteTypesDAL(); //loads default note types, currently same types as Toolbox newSub.Settings.NoteTypes = Models.SubredditSettings.DefaultNoteTypes(newSub.SubName); await subDAL.AddSubreddit(newSub); await ntDAL.AddMultipleNoteTypes(newSub.Settings.NoteTypes, modname); ucache.Value += 1; icache.Value += 1; cache.Set(new CacheItem(ucache.Key, ucache), new CacheItemPolicy() { AbsoluteExpiration = ucache.ExpirationDate }); cache.Set(new CacheItem(icache.Key, icache), new CacheItemPolicy() { AbsoluteExpiration = icache.ExpirationDate }); } catch { throw; } }
public async Task <object> UpdateSubreddit(Models.Subreddit sub) { if (sub.Settings.AccessMask < 64 || sub.Settings.AccessMask <= 0 || sub.Settings.AccessMask >= 128) { throw new HttpResponseException(new HttpResponseMessage() { ReasonPhrase = "Invalid AccessMask", StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Access Mask was invalid") }); } else if (ClaimsPrincipal.Current.IsInRole(sub.SubName.ToLower()) && ClaimsPrincipal.Current.HasClaim("urn:snoonotes:subreddits:" + sub.SubName.ToLower() + ":admin", "true")) { DAL.NoteTypesDAL ntDAL = new DAL.NoteTypesDAL(); var noteTypes = await ntDAL.GetNoteTypesForSubs(new List <string>() { sub.SubName }); if (sub.Settings.PermBanID.HasValue && !noteTypes.Any(nt => nt.NoteTypeID == sub.Settings.PermBanID.Value)) { throw new HttpResponseException(new HttpResponseMessage() { ReasonPhrase = "Invalid Perm Ban ID", StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Perm Ban id was invalid") }); } if (sub.Settings.TempBanID.HasValue && !noteTypes.Any(nt => nt.NoteTypeID == sub.Settings.TempBanID.Value)) { throw new HttpResponseException(new HttpResponseMessage() { ReasonPhrase = "Invalid Temp Ban ID", StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Temp Ban id was invalid") }); } await subDAL.UpdateSubredditSettings(sub); bool updated = await Utilities.AuthUtils.UpdateModsForSub(sub); if (updated) { return(new { error = false, message = "Settings have been saved and moderator list has been updated!" }); } else { return(new { error = false, message = "Settings have been saved and moderator list will be refreshed within 2 hours!" }); } } else { throw new UnauthorizedAccessException("You are not a moderator of that subreddit, or you don't have full permissions!"); } }
public async Task <object> UpdateSubreddit(Models.Subreddit sub, ClaimsPrincipal user) { if (sub.Settings.AccessMask < 64 || sub.Settings.AccessMask <= 0 || sub.Settings.AccessMask >= 128) { throw new Exception("Access Mask was invalid"); } else { var noteTypes = await ntDAL.GetNoteTypesForSubs(new List <string>() { sub.SubName }); if (sub.Settings.PermBanID.HasValue && !noteTypes.Any(nt => nt.NoteTypeID == sub.Settings.PermBanID.Value)) { throw new Exception("Perm Ban id was invalid"); } if (sub.Settings.TempBanID.HasValue && !noteTypes.Any(nt => nt.NoteTypeID == sub.Settings.TempBanID.Value)) { throw new Exception("Temp Ban id was invalid"); } await subDAL.UpdateSubredditSettings(sub); return(new { error = false, message = "Settings have been saved and moderator list will be refreshed within 2 hours!" }); } }
// PUT: api/Subreddit/5 public Task <object> Put(string id, [FromBody] Models.Subreddit sub) { sub.SubName = id; return(subBLL.UpdateSubreddit(sub)); }
public override async Task <bool> UpdateModsForSubAsync(Models.Subreddit sub, ClaimsPrincipal user) { if (!user.HasClaim("uri:snoonotes:admin", sub.SubName.ToLower())) { throw new UnauthorizedAccessException("You don't have 'Full' permissions to this subreddit!"); } if (sub.SubName.ToLower() == Configuration["CabalSubreddit"].ToLower()) { return(false); } sub = (await subDAL.GetSubreddits(new string[] { sub.SubName })).First(); if (sub == null) { throw new Exception("Unrecognized subreddit"); } string subName = sub.SubName.ToLower(); //var usersWithAccess = userManager.Users.Where(u => // u.Claims.Where(c => // c.ClaimType == ClaimTypes.Role && c.ClaimValue == sub.SubName.ToLower()).Count() > 0).ToList(); var usersWithAccess = await _userManager.GetUsersInRoleAsync(subName); //var x = userManager.Users.Where(u=>u.Claims.Select(c => c.ClaimValue).Contains("videos")).ToList(); //var y = userManager.Users.Select(u => u.Claims); var ident = await _userManager.FindByNameAsync(user.Identity.Name); ClaimsIdentity curuser = user.Identity as ClaimsIdentity; RedditSharp.IWebAgent agent; if (ident.HasConfig) { agent = await agentPool.GetOrCreateWebAgentAsync(curuser.Name, (uname, uagent, rlimit) => { return(Task.FromResult(new RedditSharp.RefreshTokenPoolEntry(uname, ident.RefreshToken, rlimit, uagent))); }); } else { agent = new RedditSharp.WebAgent(); } RedditSharp.Reddit rd = new RedditSharp.Reddit(agent); RedditSharp.Things.Subreddit subinfo; try { subinfo = await rd.GetSubredditAsync(sub.SubName); } catch { return(false); } var modsWithAccess = (await subinfo.GetModeratorsAsync()).Where(m => ((int)m.Permissions & sub.Settings.AccessMask) > 0); // get list of users to remove perms from var usersToRemove = usersWithAccess.Where(u => !modsWithAccess.Select(m => m.Name.ToLower()).Contains(u.UserName.ToLower())).ToList(); foreach (var appuser in usersToRemove) { await _userManager.RemoveFromRoleAsync(appuser, subName); //if ( appuser.Claims.Where( c => c.ClaimType == "uri:snoonotes:admin" && c.ClaimValue == subName ).Count() > 0 ) { await _userManager.RemoveClaimAsync(appuser, new Claim("uri:snoonotes:admin", subName)); //} } var usersToAdd = modsWithAccess.Where(m => ((int)m.Permissions & sub.Settings.AccessMask) > 0 && !usersWithAccess.Select(u => u.UserName.ToLower()).Contains(m.Name.ToLower())); foreach (var appuser in usersToAdd) { try { var u = await _userManager.FindByNameAsync(appuser.Name); if (u != null) { //assume it won't be adding a duplicate *holds breath* if (appuser.Permissions.HasFlag(RedditSharp.ModeratorPermission.All)) { await _userManager.AddToRoleAsync(u, subName); await _userManager.AddClaimAsync(u, new Claim("uri:snoonotes:admin:", subName)); } else if (((int)appuser.Permissions & sub.Settings.AccessMask) > 0) { await _userManager.AddToRoleAsync(u, subName); } } } catch { //TODO something, mighta caught a non registered user? } } usersWithAccess = usersWithAccess.Union(await _userManager.GetUsersForClaimAsync(new Claim("uri:snoonotes:admin", subName))).ToList(); var usersToCheckUpdates = usersWithAccess.Where(u => modsWithAccess.Select(m => m.Name.ToLower()).Contains(u.UserName.ToLower())).ToList(); foreach (var appuser in usersToCheckUpdates) { var access = modsWithAccess.Where(m => m.Name.ToLower() == appuser.UserName.ToLower()).Single().Permissions; if (access == RedditSharp.ModeratorPermission.All) { if (!appuser.Claims.Any(c => c.ClaimType == "uri:snoonotes:admin" && c.ClaimValue == subName)) { await _userManager.AddClaimAsync(appuser, new Claim("uri:snoonotes:admin", subName)); } } else { //if( appuser.Claims.Any( c => c.ClaimType == "uri:snoonotes:admin" && c.ClaimValue == subName ) ) { await _userManager.RemoveClaimAsync(appuser, new Claim("uri:snoonotes:admin", subName)); //} } } return(true); }
public async static Task<bool> UpdateModsForSub( Models.Subreddit sub ) { if ( !ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + sub.SubName.ToLower() + ":admin", "true" ) ) { throw new UnauthorizedAccessException( "You don't have 'Full' permissions to this subreddit!" ); } if ( sub.SubName.ToLower() == System.Configuration.ConfigurationManager.AppSettings["CabalSubreddit"].ToLower() ) return false; sub = (await new BLL.SubredditBLL().GetSubreddits( new string[] { sub.SubName } )).First(); if ( sub == null ) { throw new Exception( "Unrecognized subreddit" ); } string subName = sub.SubName.ToLower(); var userManager = HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>(); //var usersWithAccess = userManager.Users.Where(u => // u.Claims.Where(c => // c.ClaimType == ClaimTypes.Role && c.ClaimValue == sub.SubName.ToLower()).Count() > 0).ToList(); var usersWithAccess = userManager.Users.Where( u => u.Claims.Select( c => c.ClaimValue ).Contains( subName ) ).ToList(); //var x = userManager.Users.Where(u=>u.Claims.Select(c => c.ClaimValue).Contains("videos")).ToList(); //var y = userManager.Users.Select(u => u.Claims); var ident = userManager.FindByName( ClaimsPrincipal.Current.Identity.Name ); if ( ident.TokenExpires < DateTime.UtcNow ) { GetNewToken( ident ); userManager.Update( ident ); } ClaimsIdentity curuser = ClaimsPrincipal.Current.Identity as ClaimsIdentity; SNWebAgent agent; if ( curuser.HasClaim( "urn:snoonotes:scope", "read" ) ) { agent = new SNWebAgent( ident.AccessToken ); } else { agent = new SNWebAgent(); } RedditSharp.Reddit rd = new RedditSharp.Reddit( agent ); RedditSharp.Things.Subreddit subinfo; try { subinfo = rd.GetSubreddit( sub.SubName ); } catch { return false; } var modsWithAccess = subinfo.Moderators.Where( m => ( (int) m.Permissions & sub.Settings.AccessMask ) > 0 ); // get list of users to remove perms from var usersToRemove = usersWithAccess.Where( u => !modsWithAccess.Select( m => m.Name.ToLower() ).Contains( u.UserName.ToLower() ) ).ToList(); foreach ( var user in usersToRemove ) { userManager.RemoveClaim( user.Id, new Claim( ClaimTypes.Role, subName ) ); if ( user.Claims.Where( c => c.ClaimType == "urn:snoonotes:subreddits:" + subName + ":admin" ).Count() > 0 ) { userManager.RemoveClaim( user.Id, new Claim( "urn:snoonotes:subreddits:" + subName + ":admin", "true" ) ); } } var usersToAdd = modsWithAccess.Where( m => ( (int) m.Permissions & sub.Settings.AccessMask ) > 0 && !usersWithAccess.Select( u => u.UserName.ToLower() ).Contains( m.Name.ToLower() ) ); foreach ( var user in usersToAdd ) { try { var u = userManager.FindByName( user.Name ); if ( u != null ) { //assume it won't be adding a duplicate *holds breath* if ( user.Permissions.HasFlag( RedditSharp.ModeratorPermission.All ) ) { userManager.AddClaim( u.Id, new Claim( ClaimTypes.Role, subName ) ); userManager.AddClaim( u.Id, new Claim( "urn:snoonotes:subreddits:" + subName + ":admin", "true" ) ); } else if ( ( (int) user.Permissions & sub.Settings.AccessMask ) > 0 ) { userManager.AddClaim( u.Id, new Claim( ClaimTypes.Role, subName ) ); } } } catch { //TODO something, mighta caught a non registered user? } } return true; }