public async Task <IActionResult> EditPage([FromRoute] string path, CreatePageRequest req)
{
Infopage page = await Db.Infopages.SingleAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture));
if (!HttpContext.UserCan("kb.editpage.all") &&
!(HttpContext.UserCan("kb.editpage.own") && ((int?)page.AuthorId ?? -1) == HttpContext.User.GetUserId()))
{
if (HttpContext.User.IsAnonymous())
{
return(Challenge());
}
else
{
return(Forbid());
}
}
if (!ModelState.IsValid)
{
return(View(page));
}
if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString()))
{
return(Forbid());
}
if (!HttpContext.UserCan("kb.secrecy." + ((byte)req.Secrecy).ToString()))
{
return(Forbid());
}
await Db.KBActivities.AddKBActivity(HttpContext, page.Id, new EditPageActivity()
{
OldName = page.Name,
NewName = req.Name,
OldTags = page.Tags,
NewTags = req.Tags ?? "",
OldContainedText = page.ContainedText,
NewContainedText = req.Text,
OldSecrecy = page.Secrecy,
NewSecrecy = (byte)req.Secrecy
});
page.Name = req.Name;
page.Tags = req.Tags ?? "";
page.ContainedText = req.Text;
page.Secrecy = (byte)req.Secrecy;
await Db.SaveChangesAsync();
return(RedirectToAction("ViewPage", new { path = path.Replace("%2F", "/", true, CultureInfo.InvariantCulture) }));
}
public async Task <IActionResult> ViewPage([FromRoute] string path)
{
Infopage page = await Db.Infopages
.Include(x => x.Author)
.SingleOrDefaultAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture));
if (page == null)
{
return(View("NoPage", path.Replace("%2F", "/", true, CultureInfo.InvariantCulture)));
}
if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString()))
{
return(Forbid());
}
return(View(page));
}
public async Task <IActionResult> DeletePage([FromRoute] string path)
{
Infopage page = await Db.Infopages.SingleAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture));
if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString()))
{
return(Forbid());
}
await Db.Database.ExecuteSqlInterpolatedAsync($"delete from infopagecomments where infopageid = {page.Id}");
await Db.Database.ExecuteSqlInterpolatedAsync($"delete from kbactivities where infopageid = {page.Id}");
Db.Infopages.Remove(page);
await Db.SaveChangesAsync();
return(RedirectToAction("Main"));
}
