public ActionResult Add(int earningID, bool earningIsAchievement, String text) { /* TODO: * if(WebSecurity.CurrentUserId < 0) { * return new HttpStatusCodeResult(401, "Custom Error Message 1"); // Unauthorized * }*/ // Need text for a comment if (String.IsNullOrWhiteSpace(text)) { return(new HttpStatusCodeResult(406, "Invalid comment text")); // Invalid text } UnitOfWork work = new UnitOfWork(); // Are comments enabled, and can we access the earning? user earningUser = null; object template = null; if (!CommentsEnabled(earningID, earningIsAchievement, work)) { return(new HttpStatusCodeResult(403, "Comments currently disabled")); // Disabled comments } if (!UserCanAccessEarning(earningID, earningIsAchievement, work, out earningUser, out template)) { return(new HttpStatusCodeResult(403, "Earning cannot be accessed")); // Invalid earning access } comment c = new comment() { date = DateTime.Now, deleted = false, last_modified_by_id = WebSecurity.CurrentUserId, last_modified_date = null, // Not being modified, just created, so this is null location_id = earningID, location_type = earningIsAchievement ? (int)JPPConstants.CommentLocation.Achievement : (int)JPPConstants.CommentLocation.Quest, text = text, user_id = WebSecurity.CurrentUserId }; // Access is validated, create comment work.EntityContext.comment.Add(c); // Get the current user's display name user u = work.EntityContext.user.Find(WebSecurity.CurrentUserId); //ID, Photo, Name, Text, PosterID, Deleted // Send a notification /*if (earningIsAchievement) * { * achievement_template a = template as achievement_template; * work.SystemRepository.AddNotification( * earningUser.id, * WebSecurity.CurrentUserId, * "[" + u.display_name + "] commented on [" + a.title + "]", * u.image, * new UrlHelper(Request.RequestContext).Action( * "IndividualAchievement", * "Achievements", * new { id = a.id } * ) + "#" + earningUser.id + "-" + earningID, * false); * } * else * { * quest_template q = template as quest_template; * work.SystemRepository.AddNotification( * earningUser.id, * WebSecurity.CurrentUserId, * "[" + u.display_name + "] commented on [" + q.title + "]", * u.image, * new UrlHelper(Request.RequestContext).Action( * "IndividualQuest", * "Quests", * new { id = q.id } * ) + "#" + earningUser.id + "-" + earningID, * false); * }*/ // Success work.SaveChanges(); EarningComment response = new EarningComment() { Deleted = false, ID = c.id, Text = c.text, PlayerID = u.id, DisplayName = u.display_name, PlayerImage = u.image, CommentDate = c.date, CurrentUserCanEdit = true, CurrentUserCanDelete = true }; return(Json(response)); }
public ActionResult Delete(int commentID) { UnitOfWork work = new UnitOfWork(); // Grab the comment and check for edit capabilities comment c = work.EntityContext.comment.Find(commentID); // Is the current user the instance owner? bool instanceOwner = false; if (c.location_type == (int)JPPConstants.CommentLocation.Achievement) { instanceOwner = (from e in work.EntityContext.achievement_instance where e.id == c.location_id && e.user_id == WebSecurity.CurrentUserId select e).Any(); } else if (c.location_type == (int)JPPConstants.CommentLocation.Quest) { instanceOwner = (from e in work.EntityContext.quest_instance where e.id == c.location_id && e.user_id == WebSecurity.CurrentUserId select e).Any(); } // Instance owner, comment owner or admin? if (!instanceOwner && c.user_id != WebSecurity.CurrentUserId && !Roles.IsUserInRole(JPPConstants.Roles.FullAdmin)) { return(new HttpStatusCodeResult(406, "Invalid credentials")); // Invalid text } LoggerModel logCommentDelete = new LoggerModel() { Action = Logger.CommentBehaviorLogType.CommentDelete.ToString(), UserID = WebSecurity.CurrentUserId, IPAddress = Request.UserHostAddress, TimeStamp = DateTime.Now, ID1 = c.id, IDType1 = Logger.LogIDType.Comment.ToString(), Value1 = c.text }; Logger.LogSingleEntry(logCommentDelete, work.EntityContext); // Mark as deleted c.deleted = true; c.last_modified_by_id = WebSecurity.CurrentUserId; c.last_modified_date = DateTime.Now; work.SaveChanges(); // Get the current user's display name user u = work.EntityContext.user.Find(WebSecurity.CurrentUserId); EarningComment response = new EarningComment() { Deleted = true, ID = c.id, Text = JPPConstants.SiteSettings.DeletedCommentText + u.display_name, PlayerID = c.last_modified_by_id, DisplayName = null, PlayerImage = null, CurrentUserCanEdit = false, CurrentUserCanDelete = false }; return(Json(response)); // Success }