public override void OnActionExecuting(ActionExecutingContext filterContext)
{
object reviewIdObj;
if (!filterContext.ActionParameters.TryGetValue("id", out reviewIdObj))
return;
var reviewId = ActionFilterExtensions.GetIdAsInt(reviewIdObj);
var db = new DatabaseContext();
if (reviewId == 0 || db.ReviewConfigurations.Count(r => r.ReviewId == reviewId) < 1) {
filterContext.Result = new HttpNotFoundResult("No review with the given id can be found.");
}
else {
base.OnActionExecuting(filterContext);
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var reviewId = this.GetIdValue(filterContext);
var db = new DatabaseContext();
Expression<Func<ReviewConfiguration, bool>> userHasAlreadyProvidedFeedback =
r =>
r.ReviewId == reviewId &&
r.Feedback.Any(fb => fb.Reviewer.EmailAddress == filterContext.HttpContext.User.Identity.Name);
var review = db.ReviewConfigurations.Where(userHasAlreadyProvidedFeedback).SingleOrDefault();
if (review != null) {
filterContext.Controller.TempData["Message"] =
string.Format("You have already completed the review '{0}'. Thank you!", review.Name);
filterContext.Result =
new RedirectToRouteResult(new RouteValueDictionary(new { action = "Index", controller = "Review" }));
}
base.OnActionExecuting(filterContext);
}
public ActionResult CompleteRegistration(RegisterModel model)
{
if (ModelState.IsValid) {
try {
WebSecurity.ChangePassword(model.EmailAddress, PasswordPlaceholder, model.Password);
var db = new DatabaseContext();
var user = db.UserProfiles.Find(WebSecurity.GetUserId(model.EmailAddress));
user.UserName = model.UserName;
db.SaveChanges();
WebSecurity.Login(model.EmailAddress, model.Password);
return RedirectToAction("Index", "Review");
}
catch (MembershipCreateUserException e) {
ModelState.AddModelError("", ErrorCodeToString(e.StatusCode));
}
}
// If we got this far, something failed, redisplay form
return View(model);
}
public SimpleMembershipInitializer()
{
Database.SetInitializer<DatabaseContext>(null);
try {
using (var context = new DatabaseContext()) {
if (!context.Database.Exists()) {
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter) context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("DefaultConnection", "UserProfile", "UserId", "EmailAddress",
autoCreateTables: true);
}
catch (Exception ex) {
throw new InvalidOperationException(
"The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588",
ex);
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
Func<string, bool> containsCurrentActionName =
name => name.Equals(filterContext.ActionDescriptor.ActionName, StringComparison.OrdinalIgnoreCase);
if (!_actionNamesToIgnore.Any(containsCurrentActionName)) {
var reviewId = this.GetIdValue(filterContext);
var db = new DatabaseContext();
if (db.ReviewConfigurations.Count(r => r.ReviewId == reviewId) == 1) {
var loggedInUserEmailAddress = filterContext.HttpContext.User.Identity.Name;
if (db.ReviewConfigurations.Where(r => r.ReviewId == reviewId)
.Count(r => r.Peers.Any(p => p.EmailAddress == loggedInUserEmailAddress)) < 1) {
// for something more fancy, see: http://stackoverflow.com/a/13905859/177710
filterContext.Result = new HttpStatusCodeResult(
HttpStatusCode.Forbidden, "You don't have permission to access this page.");
}
}
else {
base.OnActionExecuting(filterContext);
}
}
}
public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
{
string provider;
string providerUserId;
if (User.Identity.IsAuthenticated ||
!OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId)) {
return RedirectToAction("Manage");
}
if (ModelState.IsValid) {
// Insert a new user into the database
using (var db = new DatabaseContext()) {
// Check if user already exists
var user = db.UserProfiles.FirstOrDefault(u => u.EmailAddress.ToLower() == model.EmailAddress.ToLower());
if (user != null) {
// Update UserName
user.UserName = model.UserName;
}
else {
// Insert new user into the profile table
db.UserProfiles.Add(new UserProfile {UserName = model.UserName, EmailAddress = model.EmailAddress});
}
db.SaveChanges();
OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.EmailAddress);
OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);
return RedirectToLocal(returnUrl);
}
}
ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
return View(model);
}
