diff --git a/source/Conference/Conference.Web/Controllers/ConferenceController.cs b/source/Conference/Conference.Web/Controllers/ConferenceController.cs index be1ca81d..56fca569 100644 --- a/source/Conference/Conference.Web/Controllers/ConferenceController.cs +++ b/source/Conference/Conference.Web/Controllers/ConferenceController.cs @@ -42,10 +42,21 @@ protected override void OnActionExecuting(ActionExecutingContext filterContext) { this.ViewBag.Slug = slug; this.Conference = this.Service.FindConference(slug); + if (this.Conference != null) { - this.ViewBag.OwnerName = this.Conference.OwnerName; - this.ViewBag.WasEverPublished = this.Conference.WasEverPublished; + // check access + var accessCode = (string)this.ControllerContext.RequestContext.RouteData.Values["accessCode"]; + + if (accessCode == null || !string.Equals(accessCode, this.Conference.AccessCode, StringComparison.Ordinal)) + { + filterContext.Result = new HttpUnauthorizedResult("Invalid access code."); + } + else + { + this.ViewBag.OwnerName = this.Conference.OwnerName; + this.ViewBag.WasEverPublished = this.Conference.WasEverPublished; + } } } @@ -73,7 +84,7 @@ public ActionResult Locate(string email, string accessCode) } // TODO: not very secure ;). - return RedirectToAction("Index", new { slug = conference.Slug }); + return RedirectToAction("Index", new { slug = conference.Slug, accessCode }); } public ActionResult Index() @@ -106,7 +117,7 @@ public ActionResult Create(ConferenceInfo conference) return View(conference); } - return RedirectToAction("Index", new { slug = conference.Slug }); + return RedirectToAction("Index", new { slug = conference.Slug, accessCode = conference.AccessCode }); } return View(conference); @@ -131,7 +142,7 @@ public ActionResult Edit(ConferenceInfo conference) if (ModelState.IsValid) { this.Service.UpdateConference(conference); - return RedirectToAction("Index", new { slug = conference.Slug }); + return RedirectToAction("Index", new { slug = conference.Slug, accessCode = conference.AccessCode }); } return View(conference); @@ -147,7 +158,7 @@ public ActionResult Publish() this.Service.Publish(this.Conference.Id); - return RedirectToAction("Index", new { slug = this.Conference.Slug }); + return RedirectToAction("Index", new { slug = this.Conference.Slug, accessCode = this.Conference.AccessCode }); } [HttpPost] @@ -160,7 +171,7 @@ public ActionResult Unpublish() this.Service.Unpublish(this.Conference.Id); - return RedirectToAction("Index", new { slug = this.Conference.Slug }); + return RedirectToAction("Index", new { slug = this.Conference.Slug, accessCode = this.Conference.AccessCode }); } #endregion diff --git a/source/Conference/Conference.Web/Global.asax.cs b/source/Conference/Conference.Web/Global.asax.cs index f187d10b..a149335e 100644 --- a/source/Conference/Conference.Web/Global.asax.cs +++ b/source/Conference/Conference.Web/Global.asax.cs @@ -55,7 +55,7 @@ public static void RegisterRoutes(RouteCollection routes) routes.MapRoute( name: "Conference", - url: "{slug}/{action}", + url: "{slug}/{accessCode}/{action}", defaults: new { controller = "Conference", action = "Index" } );