public virtual async Task <IActionResult> NewsItemCreate() { if (!await _permissionService.AuthorizeAsync(StandardPermissionProvider.ManageNews)) { return(AccessDeniedView()); } //prepare model var model = await _newsModelFactory.PrepareNewsItemModelAsync(new NewsItemModel(), null); return(View(model)); }
public virtual async Task <IActionResult> NewsItem(int newsItemId) { if (!_newsSettings.Enabled) { return(RedirectToRoute("Homepage")); } var newsItem = await _newsService.GetNewsByIdAsync(newsItemId); if (newsItem == null) { return(InvokeHttp404()); } var notAvailable = //published? !newsItem.Published || //availability dates !_newsService.IsNewsAvailable(newsItem) || //Store mapping !await _storeMappingService.AuthorizeAsync(newsItem); //Check whether the current user has a "Manage news" permission (usually a store owner) //We should allows him (her) to use "Preview" functionality var hasAdminAccess = await _permissionService.AuthorizeAsync(StandardPermissionProvider.AccessAdminPanel) && await _permissionService.AuthorizeAsync(StandardPermissionProvider.ManageNews); if (notAvailable && !hasAdminAccess) { return(InvokeHttp404()); } var model = new NewsItemModel(); model = await _newsModelFactory.PrepareNewsItemModelAsync(model, newsItem, true); //display "edit" (manage) link if (hasAdminAccess) { DisplayEditLink(Url.Action("NewsItemEdit", "News", new { id = newsItem.Id, area = AreaNames.Admin })); } return(View(model)); }