* BlogsController.cs: * refactoring

* implements a file posting, in a directory named with an user's post
  id

* BlogManager.cs:
* BlogsController.cs: Any user may edit any title

web/ApiControllers/BlogsController.cs

@@ -7,13 +7,17 @@ using System.Web.Http;
 using Npgsql.Web.Blog;
 using Yavsc.Model.Blogs;
 using System.IO;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using System.Diagnostics;
 
 namespace Yavsc.ApiControllers
 {
 	/// <summary>
 	/// Blogs API controller.
 	/// </summary>
-	public class BlogsController : ApiController
+	public class BlogsController : YavscApiController
 	{
 		private const string adminRoleName = "Admin";
 
@@ -46,7 +50,9 @@ namespace Yavsc.ApiControllers
 		/// <param name="title">Title.</param>
 		[Authorize]
 		public void RemoveTitle(string user, string title) {
-			BlogManager.CheckAuthCanEdit (user,title);
+			if (Membership.GetUser ().UserName != user)
+			if (!Roles.IsUserInRole("Admin"))
+				throw new AuthorizationDenied (user);
 			BlogManager.RemoveTitle (user, title);
 		}
 		/// <summary>
@@ -57,6 +63,66 @@ namespace Yavsc.ApiControllers
 			
 			throw new NotImplementedException ();
 		}
+		/// <summary>
+		/// The allowed media types.
+		/// </summary>
+		protected string[] allowedMediaTypes = { 
+			"text/plain",
+			"text/x-tex",
+			"text/html",
+			"image/png",
+			"image/gif",
+			"image/jpeg",
+			"image/x-xcf",
+			"application/pdf",
+			"application/vnd.openxmlformats-officedocument.wordprocessingml.document"
+		};
+
+		/// <summary>
+		/// Posts the file.
+		/// </summary>
+		/// <returns>The file.</returns>
+		[Authorize]
+		public async Task<HttpResponseMessage> PostFile(long postid) {
+			if (!(Request.Content.Headers.ContentType.MediaType=="multipart/form-data"))
+			{ 
+				throw new HttpRequestException ("not a multipart/form-data request");
+			}
+
+			string root = HttpContext.Current.Server.MapPath("~/bfiles/"+postid);
+			BlogEntry be = BlogManager.GetPost (postid);
+			if (be.UserName != Membership.GetUser ().UserName)
+				throw new AuthorizationDenied ("b"+postid);
+			
+			DirectoryInfo di = new DirectoryInfo (root);
+			if (!di.Exists) di.Create ();
+			
+			var provider = new MultipartFormDataStreamProvider(root);
+			try
+			{
+
+
+				// Read the form data.
+				foreach (var content in await Request.Content.ReadAsMultipartAsync(provider)) {
+					Trace.WriteLine("Server file path: " + provider.GetLocalFileName(
+						content.Headers));
+				}
+
+				// This illustrates how to get the file names.
+				foreach (string fkey in provider.BodyPartFileNames.Keys)
+				{
+					Trace.WriteLine(provider.BodyPartFileNames[fkey]);
+
+				}
+
+				return Request.CreateResponse(HttpStatusCode.OK);
+			}
+			catch (System.Exception e)
+			{
+				return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
+			}
+		}
+			
 	}
 }
 

web/ChangeLog

@@ -1,3 +1,11 @@
+2015-09-11  Paul Schneider  <paul@pschneider.fr>
+
+	* BlogsController.cs: * refactoring
+	* implements a file posting, in a directory named with an
+	user's post id
+
+	* BlogsController.cs: Any user may edit any title
+
 2015-09-11  Paul Schneider  <paul@pschneider.fr>
 
 	* Global.asax.cs: ignored routes are revisited

web/Controllers/BlogsController.cs

@@ -314,8 +314,6 @@ namespace Yavsc.Controllers
 			return GetPost (model.PostId);
 		}
 
-
-
 		/// <summary>
 		/// Remove the specified blog entry, by its author and title, 
 		/// using returnUrl as the URL to return to,
@@ -334,7 +332,10 @@ namespace Yavsc.Controllers
 			ViewData ["returnUrl"] = returnUrl;
 			ViewData ["UserName"] = user;
 			ViewData ["Title"] = title;
-			BlogManager.CheckAuthCanEdit (user, title);
+
+			if (Membership.GetUser ().UserName != user)
+			if (!Roles.IsUserInRole("Admin"))
+				throw new AuthorizationDenied (user);
 			if (!confirm)
 				return View ("RemoveTitle");
 			BlogManager.RemoveTitle (user, title);
@@ -353,6 +354,7 @@ namespace Yavsc.Controllers
 		[Authorize]
 		public ActionResult RemovePost (long id, string returnUrl, bool confirm = false)
 		{
+			// ensures the access control
 			BlogEntry e = BlogManager.GetForEditing (id);
 			if (e == null)
 				return new HttpNotFoundResult ("post id "+id.ToString());

yavscModel/Blogs/BlogManager.cs

@@ -179,32 +179,6 @@ namespace Yavsc.Model.Blogs
 			return Provider.Tag (postid, tag);
 		}
 
-		/// <summary>
-		/// Checks the auth can edit.
-		/// </summary>
-		/// <returns><c>true</c>, if can edit was authed, <c>false</c> otherwise.</returns>
-		/// <param name="user">User.</param>
-		/// <param name="title">Title.</param>
-		/// <param name="throwEx">If set to <c>true</c> throw ex.</param>
-		public static bool CheckAuthCanEdit (string user, string title, bool throwEx = true)
-		{
-			BlogEntryCollection bec = BlogManager.GetPost (user, title);
-			if (bec == null)
-				throw new FileNotFoundException ();
-			if (!Roles.IsUserInRole ("Admin"))
-			if (bec.Count > 0)
-			if (Membership.GetUser ().UserName != user) {
-				if (throwEx)
-					throw new AccessViolationException (
-						string.Format (
-							"Vous n'avez pas le droit d'editer ce blog (title:{0})",
-							title));
-				else
-					return false;
-			}
-			return true;
-		}
-
 		/// <summary>
 		/// Checks the auth can edit.
 		/// </summary>

yavscModel/ChangeLog

@@ -1,3 +1,7 @@
+2015-09-11  Paul Schneider  <paul@pschneider.fr>
+
+	* BlogManager.cs: Any user may edit any title
+
 2015-09-10  Paul Schneider  <paul@pschneider.fr>
 
 	* CircleBase.cs: