// todo add security to pertinent actions
public ActionResult Team(int teamId)
{
var team = _socialNetworkService.GetTeam(teamId);
if (teamId == 1 && team == null)
{
CreateSampleData();
team = _socialNetworkService.GetTeam(teamId);
}
var model = new TeamPageModel()
{
TeamName = team.Name,
TeamDescription = team.Description,
TeamPictureUrl = team.TeamPictureUrl
};
var groupPages = team.GroupPages.OrderBy(x => x.DisplayOrder);
// team groups
foreach (var group in groupPages)
{
var groupModel = new TeamPageGroupModel()
{
Name = group.Name,
Description = group.Description,
};
var groupMembers = group.Members.OrderBy(x => x.DisplayOrder);
// team group members
foreach (var member in groupMembers)
{
var memberCustomer = _customerService.GetCustomerById(member.CustomerId);
var memberThumbnailUrl = _pictureService.GetPictureUrl(
memberCustomer.GetAttribute <int>(SystemCustomerAttributeNames.AvatarPictureId),
150,
true);
groupModel.Members.Add(new TeamPageGroupMemberModel()
{
DisplayName = memberCustomer.GetFullName(),
ProfileUrl = Url.RouteUrl("CustomerProfileUrl", new { SeName = SeoExtensions.GetSeName(memberCustomer, 0) }),
ThumbnailUrl = memberThumbnailUrl
});
}
model.Groups.Add(groupModel);
}
return(View(MobSocialConstant.ViewsPath + "/mobSocial/TeamPage.cshtml", model));
}
public IHttpActionResult PutGroup(TeamPageGroupModel model)
{
if (!ModelState.IsValid || model == null || model.TeamPageId == 0 || model.Id == 0)
{
return(Response(new { Success = false, Message = "Invalid data" }));
}
//check if the team page exists? and if it does, is the person creating the group has the authority
var teamPage = _teamPageService.GetById(model.TeamPageId);
if (teamPage == null)
{
return(NotFound());
}
//check if the page exists or not & the person deleting actually owns the resource
if (teamPage.CreatedBy != _workContext.CurrentCustomer.Id && !_workContext.CurrentCustomer.IsAdmin())
{
return(Response(new {
Success = false,
Message = "Unauthorized"
}));
}
//retrieve the group
var groupPage = _teamPageGroupService.GetById(model.Id);
if (groupPage == null)
{
return(NotFound());
}
//and map it
Mapper.Map(model, groupPage);
//if the current group is default group, the other one should be set as non-default
if (model.IsDefault)
{
//first get all groups of this team
var groupPages = _teamPageGroupService.GetGroupPagesByTeamId(model.TeamPageId);
foreach (var gp in groupPages)
{
if (gp.Id != groupPage.Id)
{
//set default false and update the group
gp.IsDefault = false;
_teamPageGroupService.Update(gp);
}
}
}
//update the current group page now
_teamPageGroupService.Update(groupPage);
return(Response(new {
Success = true,
Id = groupPage.Id
}));
}
public IHttpActionResult PostGroup(TeamPageGroupModel model)
{
if (!ModelState.IsValid || model == null || model.TeamPageId == 0)
{
return(Response(new { Success = false, Message = "Invalid data" }));
}
//check if the team page exists? and if it does, is the person creating the group has the authority
var teamPage = _teamPageService.Get(model.TeamPageId);
if (teamPage == null)
{
return(NotFound());
}
var currentUser = ApplicationContext.Current.CurrentUser;
//check if the page exists or not & the person deleting actually owns the resource
if (currentUser != null && teamPage.CreatedBy != currentUser.Id && !currentUser.IsAdministrator())
{
return(Response(new {
Success = false,
Message = "Unauthorized"
}));
}
//ok, so we are good to save the group
var group = new GroupPage()
{
TeamPageId = model.TeamPageId,
Name = model.Name,
Description = model.Description,
PayPalDonateUrl = model.PayPalDonateUrl,
DisplayOrder = model.DisplayOrder,
IsDefault = model.IsDefault,
DateCreated = DateTime.UtcNow,
DateUpdated = DateTime.UtcNow
};
_teamPageGroupService.Insert(group);
return(Response(new {
Success = true,
Id = group.Id
}));
}
public IHttpActionResult PutGroup(TeamPageGroupModel model)
{
if (!ModelState.IsValid || model == null || model.TeamPageId == 0 || model.Id == 0)
{
return(Response(new { Success = false, Message = "Invalid data" }));
}
//check if the team page exists? and if it does, is the person creating the group has the authority
var teamPage = _teamPageService.Get(model.TeamPageId);
if (teamPage == null)
{
return(NotFound());
}
var currentUser = ApplicationContext.Current.CurrentUser;
//check if the page exists or not & the person deleting actually owns the resource
if (teamPage.CreatedBy != currentUser.Id && !currentUser.IsAdministrator())
{
return(Response(new {
Success = false,
Message = "Unauthorized"
}));
}
//retrieve the group
var groupPage = _teamPageGroupService.Get(model.Id);
if (groupPage == null)
{
return(NotFound());
}
groupPage.Name = model.Name;
groupPage.Description = model.Description;
groupPage.DisplayOrder = model.DisplayOrder;
groupPage.PayPalDonateUrl = model.PayPalDonateUrl;
groupPage.TeamPageId = model.TeamPageId;
groupPage.IsDefault = model.IsDefault;
groupPage.DisplayOrder = model.DisplayOrder;
groupPage.DateUpdated = DateTime.UtcNow;
//if the current group is default group, the other one should be set as non-default
if (model.IsDefault)
{
//first get all groups of this team
var groupPages = _teamPageGroupService.GetGroupPagesByTeamId(model.TeamPageId);
foreach (var gp in groupPages)
{
if (gp.Id != groupPage.Id)
{
//set default false and update the group
gp.IsDefault = false;
_teamPageGroupService.Update(gp);
}
}
}
//update the current group page now
_teamPageGroupService.Update(groupPage);
return(Response(new {
Success = true,
Id = groupPage.Id
}));
}
