public ActionResult Describe(int id) { UserModel authUser = (User.Identity.IsAuthenticated ? new UserRepository().GetByUsername( User.Identity.Name ) : null); // check if album with given id exists AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetById( id, withUser: true, withPhotos: true, withComments: true, withCategory: true, withTrustedUsers: true ); if ( album == null ) throw new Exception( "album not found" ); // check if the caller can access the album if ( !albums.IsUserAuthorizedToViewAlbum( album, authUser, false ) ) throw new Exception( "user not authorized to view this album" ); // prepare photos list List<string> photos = new List<string>(); foreach ( PhotoModel photo in album.Photos ) { photos.Add( string.Format( "{0}/api/photos/{1}", Helpers.BaseURL(), photo.Id ) ); } // prepare comments list List<Object> comments = new List<Object>(); foreach ( CommentModel comment in album.Comments ) { comments.Add( new { author = comment.User.Login, date = new { day = comment.Date.Day, month = comment.Date.Month, year = comment.Date.Year }, body = comment.Body } ); } // send back the album information return Json( new { ok = true, data = new { id = album.Id, name = album.Name, description = album.Description, category = album.Category.Name, owner = album.User.Login, is_public = album.Public, rating = album.Rating, views = album.Views, photos = photos, comments = comments } }, JsonRequestBehavior.AllowGet ); }
public ActionResult Describe(string userName) { UserModel authUser = (User.Identity.IsAuthenticated ? new UserRepository().GetByUsername( User.Identity.Name ) : null); userName = HttpUtility.UrlDecode( userName ).Trim(); if ( userName == string.Empty ) throw new Exception( "empty username" ); UserRepository users = new UserRepository(); UserModel user = users.GetByUsernameWithAlbums( userName, withTrustedUsers:true ); if ( user == null ) throw new Exception( "user not found" ); AlbumRepository albumRepository = new AlbumRepository(); List<string> albums = new List<string>(); foreach ( AlbumModel album in user.Albums ) { if ( albumRepository.IsUserAuthorizedToViewAlbum( album, authUser, false ) ) { albums.Add( string.Format( "{0}/api/albums/{1}", Helpers.BaseURL(), album.Id ) ); } } return Json( new { ok = true, data = new { id = user.Id, username = user.Login, date_of_birth = (user.DateOfBirth.HasValue ? new { day = user.DateOfBirth.Value.Day, month = user.DateOfBirth.Value.Month, year = user.DateOfBirth.Value.Year } : null), about = user.About, albums = albums } }, JsonRequestBehavior.AllowGet ); }
public ActionResult Describe(int id) { UserModel authUser = (User.Identity.IsAuthenticated ? new UserRepository().GetByUsername( User.Identity.Name ) : null); // check if photo with given id exists PhotoRepository photos = new PhotoRepository(); PhotoModel photo = photos.GetById( id, withAlbum: true ); if ( photo == null ) throw new Exception( "photo not found" ); // check if the caller can access the album containing the photo AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetById( photo.Album.Id, withUser: true, withTrustedUsers: true ); if ( !albums.IsUserAuthorizedToViewAlbum( album, authUser, false ) ) throw new Exception( "user not authorized to view this photo/album" ); // send back the photo information return Json( new { ok = true, data = new { id = photo.Id, album = string.Format( "{0}/api/albums/{1}", Helpers.BaseURL(), album.Id ), date = new { day = photo.Date.Day, month = photo.Date.Month, year = photo.Date.Year }, description = photo.Description, image = Helpers.BaseURL() + photo.Path, thumbnail = Helpers.BaseURL() + photo.Path.Substring(0, photo.Path.LastIndexOf(".jpg")) + "_mini.jpg", latitude = photo.LocationLatitude, longitude = photo.LocationLongitude } }, JsonRequestBehavior.AllowGet ); }
public ActionResult Show(int id) { AlbumRepository albums = new AlbumRepository(); AlbumModel album = albums.GetByIdForShow(id); UserRepository users = new UserRepository(); var user = users.GetByUsername(HttpContext.User.Identity.Name); // check if album has a password, if it does, authorize if (!albums.authorizeWithPassword(album, user, (string)Session["Album" + album.Id.ToString()])) return RedirectToAction("PasswordForAlbum", new { id = album.Id }); // if user is not authorized if (!albums.IsUserAuthorizedToViewAlbum(album, user, true)) return View("NotAuthorized"); if (user == null || user.Id != album.User.Id) //if not logged in or not an author { //increment views album.Views += 1; albums.Update(album); } @ViewBag.user = user; return View(album); }