Beispiel #1
0
        public static void AuthenticateUser(ForumRespository db, int UserID)
        {
            string SessionID = Guid.NewGuid().ToString();

            HttpCookie SessionCookie = new HttpCookie("MvcForum", SessionID);
            SessionCookie.HttpOnly = true;
            SessionCookie.Expires = DateTime.Now.AddYears(50);
            HttpContext.Current.Response.Cookies.Add(SessionCookie);
            var SessionStore = new Forum_Session() { UserID = UserID, SessionGUID = SessionID };
            db.AddSessionToDB(SessionStore);
            db.Save();
        }
Beispiel #2
0
        public ActionResult DeletePost(int id, int page, string confirmbutton)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Post ToDelete = db.GetPostByID(id);

                var model = new MasterViewModel();
                model.AddNavigation(ToDelete.Forum_Thread);
                model.AddNavigation("Delete Post");

                if (ToDelete == null)
                    return NotFoundView("Post");
                if (ToDelete.Forum_Thread.Forum_Posts[0] == ToDelete)
                    return RedirectToAction("ViewThread", new { id = ToDelete.ThreadID });

                if (ToDelete.Forum_Thread.Locked)
                    return AuthenticationHelper.AccessDeniedView(model);

                var Category = ToDelete.Forum_Thread.Forum_Category;

                var Deleter = GetCurrentUser(db);

                if (!db.CheckCategoryPermissions(Category, Deleter, P => (P.AllowDeleteOwnPost && ToDelete.PosterID == Deleter.UserID && ToDelete.PosterID != (int)BuildInUser.Guest) || P.AllowDeleteAllPosts))
                    return AuthenticationHelper.AccessDeniedView(model);

                if (IsHttpPost)
                {
                    if (!AntiForgeryTokenValid)
                    {
                        ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                    }
                    else
                    {
                        int ThreadID = ToDelete.ThreadID;
                        db.DeletePost(ToDelete);
                        db.Save();
                        return RedirectToAction("ViewThread", new { id = ThreadID, page = page });
                    }
                }

                return View(model);
            }
        }
Beispiel #3
0
        void HandlePermissionsLinkUpdates()
        {
            if (!IsHttpPost) return;
            if (!AntiForgeryTokenValid) return;
            var Form = HttpContext.Request.Form;
            string Button = Form["permissionslinkbutton"];
            if (String.IsNullOrWhiteSpace(Button)) return;

            int CategoryID, PermissionsID, RoleID;

            try {
                CategoryID = Convert.ToInt32(Form["Category"]);
                PermissionsID = Convert.ToInt32(Form["PermissionSet"]);
                RoleID = Convert.ToInt32(Form["UserGroup"]);
            } catch (FormatException)
            {
                ModelState.AddModelError("InvalidData", "Numbers are invalid");
                return;
            } catch (OverflowException)
            {
                ModelState.AddModelError("InvalidData", "Numbers are too big");
                return;
            }

            using (ForumRespository db = new ForumRespository())
            {
                var PermissionsLink = db.GetPermissionLinks().SingleOrDefault(L => L.CategoryID == CategoryID && L.PermissionID == PermissionsID && L.RoleID == RoleID);

                if (Button == "Add")
                {
                    if (PermissionsLink != null)
                    {
                        ModelState.AddModelError("AddLinkError", "Permission link already exists");
                        return;
                    }

                    db.AddPermissionsLink(new Forum_PermissionsLink() { CategoryID = CategoryID, PermissionID = PermissionsID, RoleID = RoleID });

                    try
                    {
                        db.Save();
                    }
                    catch
                    {
                        ModelState.AddModelError("AddLinkError", "Unable to add new permissions link");
                    }
                }
                else if (Button == "Delete")
                {
                    if (PermissionsLink == null)
                    {
                        ModelState.AddModelError("DeleteLinkError", "Permission link doesn't exists");
                        return;
                    }

                    db.DeletePermissionsLink(PermissionsLink);
                    try
                    {
                        db.Save();
                    }
                    catch
                    {
                        ModelState.AddModelError("DeleteLinkError", "Unable to delete permissions link");
                    }
                }
            }
        }
Beispiel #4
0
        public ActionResult UserGroup(int id, int page, string UsersAddButton, string UsersRemoveButton, string NewGroup, string UpdateGroup, string DeleteGroup)
        {
            var model = new AdminUserGroupModel(){page = page};
            model.AddNavigation("Admin Panel", "Overview", "Admin", null);
            model.AddNavigation("Edit User Groups");
            using (ForumRespository db = new ForumRespository())
            {
                Forum_User CurrentUser = GetCurrentUser(db);

                if (!UserIdentity.IsAdmin)
                    return AuthenticationHelper.AccessDeniedView(model); // Administrating the forum requires the user to be an Admin.

                HandlePermissionsLinkUpdates();

                Forum_Role CurrentRole;

                if (id != 0)
                    CurrentRole = db.GetRole(id);
                else
                    CurrentRole = db.GetAllRoles().First();

                if (CurrentRole == null)
                    return NotFoundView("User Group");

                model.id = CurrentRole.RoleID;
                model.CanBeDeleted = CurrentRole.CanBeDeleted;
                model.HasMembers = CurrentRole.RoleID != (int)BuildInRole.Everyone &&
                                   CurrentRole.RoleID != (int)BuildInRole.RegisteredUser;
                model.HasPermissions = CurrentRole.RoleID != (int)BuildInRole.Administrator;

                if (IsHttpPost && AntiForgeryTokenValid)
                {
                    if (!String.IsNullOrEmpty(UsersAddButton) && model.HasMembers)
                    {
                        int nID;
                        Forum_User ToAdd;
                        foreach (var ID in Request.Form.GetValues("Users"))
                        {
                            try
                            {
                                nID = Convert.ToInt32(ID);
                            }
                            catch
                            {
                                continue;
                            }
                            if (nID == (int)BuildInUser.Guest) continue;
                            ToAdd = db.GetUserByID(nID);
                            if (ToAdd == null) continue;
                            if (db.UserInRole(ToAdd, CurrentRole)) continue;
                            db.AddUserRoleLink(CurrentRole, ToAdd);
                        }
                        db.Save();
                    }
                    else if (!String.IsNullOrEmpty(UsersRemoveButton))
                    {
                        int nID;
                        var RemovedUsers = Request.Form.GetValues("Users");
                        if (RemovedUsers != null)
                        {
                            foreach (var ID in RemovedUsers)
                            {
                                try
                                {
                                    nID = Convert.ToInt32(ID);
                                }
                                catch
                                {
                                    continue;
                                }
                                if (CurrentRole.RoleID == (int)BuildInRole.Administrator && nID == CurrentUser.UserID) continue;
                                db.RemoveUserFromRole(db.GetUserByID(nID), CurrentRole);
                            }
                            db.Save();
                        }
                    }
                    else if (!String.IsNullOrEmpty(UpdateGroup) && model.HasPermissions)
                    {
                        if (model.CanBeDeleted)
                            CurrentRole.Name = Request.Form["Name"];
                        CurrentRole.AllowSearch = Request.Form["IsAllowedSearch"] != "false";
                        db.Save();
                    }
                    else if (!String.IsNullOrEmpty(NewGroup))
                    {
                        var NewRole = new Forum_Role();
                        NewRole.Name = "Unnamed";
                        NewRole.CanBeDeleted = true;
                        db.AddRole(NewRole);
                        db.Save();
                        return RedirectToAction("UserGroup", new { id = NewRole.RoleID });
                    }
                    else if (!String.IsNullOrEmpty(DeleteGroup) && model.CanBeDeleted && CurrentRole.Forum_UserRoleLinks.Count == 0)
                    {
                        db.DeleteRole(CurrentRole);
                        db.Save();
                        return RedirectToAction("UserGroup", new { id = 0 });
                    }
                }

                if (model.HasMembers)
                {
                    model.CurrentGroupUsers = db.GetUsersInRole(CurrentRole).ToClassList(U => new AdminNamedID(){ID = U.UserID, Name = U.Username});
                }

                model.UserGroups = db.GetAllRoles().ToClassList(R => new AdminNamedID() { ID = R.RoleID, Name = R.Name });
                model.Categories = db.GetAllCategories().ToClassList(C => new AdminNamedID() { ID = C.CategoryID, Name = C.Name });
                model.PermissionSets = db.GetAllPermissionSets().ToClassList(P => new AdminNamedID() { ID = P.PermissionID, Name = P.Name });
                model.Fixed = AdminPermissionLinkEditors.FixedSet.UserGroups;

                var Users = db.GetAllUsers().OrderBy(U => U.Username);
                model.LastPage = (Users.Count() - 1) / UsersPerPage + 1;

                model.AllUsers = Users.Skip((page - 1) * UsersPerPage).Take(UsersPerPage).ToClassList(U => new AdminNamedID() { ID = U.UserID, Name = U.Username });

                if (model.HasPermissions)
                {
                    model.FixedNamedID = new AdminNamedID() { ID = CurrentRole.RoleID, Name = CurrentRole.Name};
                    model.PermissionLinkList = db.GetPermissionLinks().Where(L => L.RoleID == id).OrderBy(L => L.CategoryID).ToClassList(L => new AdminPermissionLink()
                    {
                        Category = new AdminNamedID() { ID = L.CategoryID, Name = db.GetCategoryByID(L.CategoryID).Name },
                        PermissionSet = new AdminNamedID() { ID = L.PermissionID, Name = db.GetPermissionSetByID(L.PermissionID).Name },
                        UserGroup = model.FixedNamedID
                    });
                }

                model.Name = CurrentRole.Name;

                model.IsAllowedSearch = CurrentRole.AllowSearch;

                return View(model);
            }
        }
Beispiel #5
0
        public new ActionResult User(AdminUpdateUser model)
        {
            model.AddNavigation("Admin Panel", "Overview", "Admin", null);
            model.AddNavigation("Update User");
            using (ForumRespository db = new ForumRespository())
            {
                Forum_User CurrentUser = GetCurrentUser(db);

                if (!UserIdentity.IsAdmin)
                    return AuthenticationHelper.AccessDeniedView(model); // Administrating the forum requires the user to be an Admin.

                Forum_User UpdateUser = db.GetUserByID(model.id);

                if (UpdateUser == null)
                    return NotFoundView("User");

                model.OldEmail = UpdateUser.Email;
                model.OldUserName = UpdateUser.Username;

                if (IsHttpPost && ModelState.IsValid)
                {
                    if (!AntiForgeryTokenValid)
                    {
                        ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                    }
                    else
                    {
                        if (!String.IsNullOrEmpty(model.Reg_Username))
                            UpdateUser.Username = model.Reg_Username;

                        if (!String.IsNullOrEmpty(model.Reg_Email))
                            UpdateUser.Email = model.Reg_Email;

                        if (!String.IsNullOrEmpty(model.Reg_Password))
                        {
                            var NewPassword = ((ForumMembershipProvider)Membership.Provider).CalculateSaltedPasswordHash(model.Reg_Password, UpdateUser.Salt);
                            UpdateUser.PasswordHash = NewPassword;
                        }

                        db.Save();

                        return RedirectToAction("Overview");
                    }
                }

                return View(model);
            }
        }
Beispiel #6
0
        public ActionResult PermissionSet(int id, string UpdatePermissions, string DeletePermissions, string NewPermissions)
        {
            var model = new AdminPermissionSetModel();
            model.AddNavigation("Admin Panel", "Overview", "Admin", null);
            model.AddNavigation("Edit Permission Set");
            using (ForumRespository db = new ForumRespository())
            {
                Forum_User CurrentUser = GetCurrentUser(db);

                if (!UserIdentity.IsAdmin)
                    return AuthenticationHelper.AccessDeniedView(model); // Administrating the forum requires the user to be an Admin.

                HandlePermissionsLinkUpdates();

                Forum_Permission CurrentPermissionSet;

                if (id == 0)
                    CurrentPermissionSet = db.GetAllPermissionSets().First();
                else
                    CurrentPermissionSet = db.GetPermissionSetByID(id);

                if (CurrentPermissionSet == null)
                    return NotFoundView("Permission Set");

                if (IsHttpPost && AntiForgeryTokenValid)
                {
                    if (!String.IsNullOrEmpty(UpdatePermissions))
                    {
                        UpdateModel(CurrentPermissionSet, "PermissionSet");
                        db.Save();
                    } else if (!String.IsNullOrEmpty(DeletePermissions) && CurrentPermissionSet.Forum_PermissionsLinks.Count == 0 && db.GetAllPermissionSets().Count() > 1)
                    {
                        db.DeletePermission(CurrentPermissionSet);
                        db.Save();
                        return RedirectToAction("PermissionSet", new { id = 0 });
                    }
                    else if (!String.IsNullOrEmpty(NewPermissions))
                    {
                        var NewPermissionSet = new Forum_Permission();
                        NewPermissionSet.Name = "Unnamed";
                        db.AddPermission(NewPermissionSet);
                        db.Save();
                        return RedirectToAction("PermissionSet", new { id = NewPermissionSet.PermissionID });
                    }
                }

                model.PermissionSet = CurrentPermissionSet;

                model.UserGroups = db.GetAllRoles().Where(R => R.RoleID != (int)BuildInRole.Administrator).ToClassList(R => new AdminNamedID() { ID = R.RoleID, Name = R.Name });
                model.Categories = db.GetAllCategories().ToClassList(C => new AdminNamedID() { ID = C.CategoryID, Name = C.Name });
                model.PermissionSets = db.GetAllPermissionSets().ToClassList(P => new AdminNamedID() { ID = P.PermissionID, Name = P.Name });
                model.Fixed = AdminPermissionLinkEditors.FixedSet.PermissionSets;

                model.FixedNamedID = new AdminNamedID() { ID = CurrentPermissionSet.PermissionID, Name = CurrentPermissionSet.Name };
                model.PermissionLinkList = db.GetPermissionLinks().Where(L => L.PermissionID == CurrentPermissionSet.PermissionID).OrderBy(L => L.CategoryID).ToClassList(L => new AdminPermissionLink()
                {
                    Category = new AdminNamedID() { ID = L.CategoryID, Name = db.GetCategoryByID(L.CategoryID).Name },
                    UserGroup = new AdminNamedID() { ID = L.RoleID, Name = db.GetRole(L.RoleID).Name },
                    PermissionSet = model.FixedNamedID
                });

                return View(model);
            }
        }
Beispiel #7
0
        public ActionResult Category(int id, string NewCategory, string UpdateCategory, string MoveCategory)
        {
            var model = new AdminCategoryModel();
            model.AddNavigation("Admin Panel", "Overview", "Admin", null);
            model.AddNavigation("Edit Category");
            using (ForumRespository db = new ForumRespository())
            {
                Forum_User CurrentUser = GetCurrentUser(db);

                if (!UserIdentity.IsAdmin)
                    return AuthenticationHelper.AccessDeniedView(model); // Administrating the forum requires the user to be an Admin.

                HandlePermissionsLinkUpdates();

                Forum_Category Root = db.GetCategoryByID((int)BuildInCategory.Root);

                Forum_Category CurrentCategory = id != 0 ? db.GetCategoryByID(id) : Root;

                if (CurrentCategory == null)
                    return NotFoundView("Category");

                bool IsRoot = Root == CurrentCategory;

                if (IsHttpPost && AntiForgeryTokenValid)
                {
                    if (!String.IsNullOrEmpty(NewCategory))
                    {
                        Forum_Category NewForumCategory = new Forum_Category();
                        NewForumCategory.ParentID = CurrentCategory.CategoryID;
                        NewForumCategory.Name = "Untitled Category";
                        NewForumCategory.InheritPermissions = true;
                        NewForumCategory.AllowPosts = false;
                        db.AddCategory(NewForumCategory);
                        db.Save();
                        return RedirectToAction("Category", new { id = NewForumCategory.CategoryID });
                    }
                    if (!String.IsNullOrEmpty(UpdateCategory) && CurrentCategory != Root)
                    {
                        var Form = Request.Form;
                        string NewName = Form["CurrentCategory.Name"];
                        bool InheritPermissions = !String.IsNullOrEmpty(Form["Inherit Permissions"]);
                        bool AllowPosts = !String.IsNullOrEmpty(Form["Allow Posts"]);
                        CurrentCategory.AllowPosts = AllowPosts;
                        CurrentCategory.InheritPermissions = InheritPermissions;
                        try
                        {
                            CurrentCategory.Priority = Convert.ToInt32(Form["CurrentCategory.Priority"]);
                        } catch { }
                        if (!String.IsNullOrWhiteSpace(NewName))
                            CurrentCategory.Name = NewName.Trim();

                        db.Save();
                    }
                    if (!String.IsNullOrEmpty(MoveCategory) && CurrentCategory != Root)
                    {
                        var Form = Request.Form;
                        int DestinationID = 0;
                        try
                        {
                            DestinationID = Convert.ToInt32(Form["MoveToDestination"]);
                        }
                        catch
                        {}

                        var Parent = db.GetCategoryByID(DestinationID);
                        if (Parent != null)
                        {
                            while (Parent != null)
                            {
                                if (Parent == CurrentCategory)
                                    break;
                                Parent = Parent.Category1;
                            }
                            if (Parent == null)
                            {
                                CurrentCategory.ParentID = DestinationID;
                                db.Save();
                            }
                        }
                    }
                }

                foreach (var Category in db.GetAllCategories())
                {
                    var Parent = Category;
                    while (Parent != null)
                    {
                        if (Parent == CurrentCategory) break;
                        Parent = Parent.Category1;
                    }
                    if (Parent != null) continue;
                    if (Category == CurrentCategory.Category1) continue;

                    model.MoveCategoryToOptions.Add(new AdminNamedID() { Name = Category.Name, ID = Category.CategoryID });
                }

                model.Root = RecursivelyFillCategoryTree(db, Root, model, CurrentCategory.CategoryID);

                model.UserGroups = db.GetAllRoles().Where(R => R.RoleID != (int)BuildInRole.Administrator).ToClassList(R => new AdminNamedID() { ID = R.RoleID, Name = R.Name });
                model.PermissionSets = db.GetAllPermissionSets().ToClassList(P => new AdminNamedID() { ID = P.PermissionID, Name = P.Name });
                model.Fixed = AdminPermissionLinkEditors.FixedSet.Categories;

                model.FixedNamedID = new AdminNamedID() { ID = model.CurrentCategory.id, Name = model.CurrentCategory.Name };
                model.PermissionLinkList = db.GetPermissionLinks(CurrentCategory).OrderBy(L => L.CategoryID).ToClassList(L => new AdminPermissionLink()
                {
                    Category = new AdminNamedID() { ID = L.CategoryID, Name = db.GetCategoryByID(L.CategoryID).Name },
                    UserGroup = new AdminNamedID() { ID = L.RoleID, Name = db.GetRole(L.RoleID).Name },
                    PermissionSet = new AdminNamedID() { ID = L.PermissionID, Name = db.GetPermissionSetByID(L.PermissionID).Name },
                });

                return View(model);
            }
        }
Beispiel #8
0
        public ActionResult DeleteCategory(int id, int? MovePostsDestination, string MovePostOption, int? MoveChildrenDestination)
        {
            var model = new AdminDeleteCategoryViewModel();
            model.AddNavigation("Admin Panel", "Overview", "Admin", null);
            model.AddNavigation("Delete Category");
            using (ForumRespository db = new ForumRespository())
            {
                Forum_User CurrentUser = GetCurrentUser(db);

                if (!UserIdentity.IsAdmin)
                    return AuthenticationHelper.AccessDeniedView(model); // Administrating the forum requires the user to be an Admin.

                Forum_Category CurrentCategory = db.GetCategoryByID(id);

                if (CurrentCategory == null)
                    return NotFoundView("Category");

                if (CurrentCategory.CategoryID == (int)BuildInCategory.Root)
                    return RedirectToAction("Overview");

                if (IsHttpPost && AntiForgeryTokenValid)
                {
                    db.DeleteCategory(CurrentCategory);

                    if (CurrentCategory.AllowPosts)
                    {
                        bool DeletePosts = String.Equals(MovePostOption, "Delete", StringComparison.Ordinal);
                        if (!DeletePosts && MovePostsDestination == null)
                            return RedirectToAction("Overview");

                        if (!DeletePosts)
                        {
                            foreach (var Thread in CurrentCategory.Forum_Threads)
                            {
                                Thread.CategoryID = (int)MovePostsDestination;
                            }
                        }
                        else
                        {
                            db.DeleteThreads(CurrentCategory.Forum_Threads);
                        }
                    }

                    if (CurrentCategory.Forum_Categories.Count > 0)
                    {
                        var NewParent = db.GetCategoryByID((int)MoveChildrenDestination);

                        if (NewParent == null)
                            return RedirectToAction("Overview");

                        foreach (var Child in CurrentCategory.Forum_Categories)
                        {
                            Child.ParentID = NewParent.CategoryID;
                        }
                    }

                    db.Save();
                    return RedirectToAction("Category");
                }

                model.ThreadCount = CurrentCategory.Forum_Threads.Count;
                model.HasChildCategories = CurrentCategory.Forum_Categories.Count > 0;
                model.CategoryName = CurrentCategory.Name;

                foreach (var Category in db.GetAllCategories())
                {
                    if (Category.CategoryID != (int)BuildInCategory.Root & Category.CategoryID != CurrentCategory.CategoryID)
                        model.MovePostsToOptions.Add(new AdminNamedID() { Name = Category.Name, ID = Category.CategoryID });
                    var Parent = Category;
                    while (Parent != null)
                    {
                        if (Parent == CurrentCategory) break;
                        Parent = Parent.Category1;
                    }
                    if (Parent != null) continue;

                    model.MoveChildrenToOptions.Add(new AdminNamedID() { Name = Category.Name, ID = Category.CategoryID });
                }

                return View(model);
            }
        }
Beispiel #9
0
        public ActionResult Edit(WritePostViewModel model, string button)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Post Post = db.GetPostByID(model.id);
                if (Post == null) return NotFoundView("Post");

                var Editor = GetCurrentUser(db);

                if (!db.CheckCategoryPermissions(Post.Forum_Thread.Forum_Category, Editor, P => (P.AllowEditOwnPost && Post.PosterID == Editor.UserID && Post.PosterID != (int)BuildInUser.Guest) || P.AllowEditAllPosts))
                    return AuthenticationHelper.AccessDeniedView(model);

                if (Post.Forum_Thread.Locked)
                    return AuthenticationHelper.AccessDeniedView(model);

                if (IsHttpPost)
                {
                    if (String.Equals(button, "preview", StringComparison.InvariantCultureIgnoreCase))
                    {
                        model.ShowPost = true;
                        model.PostHtml = PostParser.Parse(model.PostText);
                        ModelState.Clear();
                    }
                    else
                    {
                        if (!AntiForgeryTokenValid)
                        {
                            ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                        }
                        else if (ModelState.IsValid)
                        {
                            Post.TimeStamp = DateTime.Now;
                            Post.PostText = model.PostText;
                            Post.Forum_Thread.LastPostTime = Post.TimeStamp;
                            if (Post == Post.Forum_Thread.Forum_Posts[0] && !String.IsNullOrEmpty(Post.Forum_Thread.Title))
                            {
                                Post.Forum_Thread.Title = model.ThreadTitle;
                            }
                            // Save to database
                            db.Save();

                            int PostIndex = Post.Forum_Thread.Forum_Posts.IndexOf(Post);
                            int EditedPostPage = PostIndex / POSTS_PER_PAGE + 1;
                            int EditedPostNumber = PostIndex % POSTS_PER_PAGE + 1;

                            return RedirectToAction("ViewThread", new { id = Post.ThreadID, page = EditedPostPage }).AddFragment(String.Format("Post_{0}", EditedPostNumber));
                        }
                    }
                }
                else
                {
                    model.PostText = Post.PostText;
                    ModelState.Clear();
                }
                if (Post == Post.Forum_Thread.Forum_Posts[0])
                    model.EditTitle = true;

                model.ThreadID = Post.ThreadID;
                model.Title = "Edit Post";
                model.ThreadTitle = Post.Forum_Thread.Title;
                model.AddNavigation(Post.Forum_Thread);
                model.AddNavigation("Edit Post");
                return View("WritePost", model);
            }
        }
Beispiel #10
0
        public ActionResult ViewThread(ThreadViewModel model)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Thread Thread = db.GetThreadByID(model.Id);

                if (Thread == null)
                {
                    return NotFoundView("Thread");
                }

                if (model.Page < 1) return RedirectToAction("ViewThread", new { id = model.Id, page = 1}); // page less than 0 for existing thread equals redirect to valid page.

                model.AddNavigation(Thread);

                Forum_User ThreadViewUser = GetCurrentUser(db);

                if (!db.CheckCategoryPermissions(Thread.Forum_Category, ThreadViewUser, P => P.AllowView))
                    return AuthenticationHelper.AccessDeniedView(model);

                model.AllowEditThread = db.CheckCategoryPermissions(Thread.Forum_Category, ThreadViewUser, P => (P.AllowDeleteOwnThread && Thread.Forum_Posts[0].PosterID == ThreadViewUser.UserID && Thread.Forum_Posts[0].PosterID != (int)BuildInUser.Guest) || P.AllowDeleteAllThread || P.AllowMoveThread || P.AllowLockThread);
                model.Locked = Thread.Locked;
                model.ThreadTitle = Thread.Title;

                int UserID = 0;
                Forum_User U = GetCurrentUser(db);
                if (U != null)
                {
                    UserID = U.UserID;
                    db.SetLastPost(Thread, U, Math.Min(model.Page * POSTS_PER_PAGE, Thread.Posts));
                    db.Save();
                }

                model.LastPage = (Thread.Posts - 1) / POSTS_PER_PAGE + 1;
                if (model.Page > model.LastPage) return RedirectToAction("ViewThread", new { id = model.Id, page = model.LastPage }); // page greater than what exists equals redirect to last page.
                IEnumerable<Forum_Post> Posts = Thread.Forum_Posts.Skip((model.Page - 1)* POSTS_PER_PAGE).Take(POSTS_PER_PAGE);

                int PostNumber = 0;

                foreach (Forum_Post Post in Posts)
                {
                    PostViewModel PostModel = new PostViewModel();
                    PostModel.Locked = model.Locked;
                    PostModel.PostNumber = ++PostNumber;
                    PostModel.ThreadID = model.Id;
                    PostModel.PostText = PostParser.Parse(Post.PostText);
                    PostModel.PostTime = Post.TimeStamp;
                    PostModel.Poster = new UserViewModel();
                    PostModel.PostID = Post.PostID;
                    PostModel.Poster.Name = Post.Forum_User.Username;
                    PostModel.Poster.UserID = Post.PosterID;
                    PostModel.AllowDelete = (PostNumber > 1 || model.Page > 1) && db.CheckCategoryPermissions(Thread.Forum_Category, ThreadViewUser,
                        P => (P.AllowDeleteOwnPost && Post.PosterID == ThreadViewUser.UserID && Post.PosterID != (int)BuildInUser.Guest) || P.AllowDeleteAllPosts);
                    PostModel.AllowEdit = db.CheckCategoryPermissions(Thread.Forum_Category, ThreadViewUser, P => (P.AllowEditOwnPost && Post.PosterID == ThreadViewUser.UserID && Post.PosterID != (int)BuildInUser.Guest) || P.AllowEditAllPosts);
                    model.PostList.Add(PostModel);
                }
                return View(model);
            }
        }
Beispiel #11
0
        public ActionResult Reply(WritePostViewModel model, string button, int QuoteId = 0)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Thread RepliedToThread = db.GetThreadByID(model.id);
                if (RepliedToThread == null) return NotFoundView("Thread");

                model.AddNavigation(RepliedToThread);
                model.AddNavigation("Reply to thread");

                Forum_User Replier = GetCurrentUser(db);

                if (!db.CheckCategoryPermissions(RepliedToThread.Forum_Category, Replier, P => P.AllowReply))
                    return AuthenticationHelper.AccessDeniedView(model);

                if (RepliedToThread.Locked)
                    return AuthenticationHelper.AccessDeniedView(model);

                if (IsHttpPost)
                {
                    if (String.Equals(button, "preview", StringComparison.InvariantCultureIgnoreCase))
                    {
                        model.ShowPost = true;
                        model.PostHtml = PostParser.Parse(model.PostText);
                        ModelState.Clear();
                    } else if (!AntiForgeryTokenValid)
                    {
                        ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                    }
                    else if (ModelState.IsValid)
                    {
                        Forum_Post ReplyPost = new Forum_Post();
                        ReplyPost.TimeStamp = DateTime.Now;
                        ReplyPost.PosterID = Replier.UserID;
                        ReplyPost.PostText = model.PostText;
                        RepliedToThread.Forum_Posts.Add(ReplyPost);
                        RepliedToThread.LastPostTime = ReplyPost.TimeStamp;
                        RepliedToThread.Posts = RepliedToThread.Forum_Posts.Count;
                        // Save to database
                        db.Save();

                        int PostIndex = RepliedToThread.Forum_Posts.IndexOf(ReplyPost);
                        int NewPostPage = PostIndex / POSTS_PER_PAGE + 1;
                        int NewPostNumber = PostIndex % POSTS_PER_PAGE + 1;

                        return RedirectToAction("ViewThread", new { id = RepliedToThread.ThreadID, page = NewPostPage }).AddFragment(String.Format("Post_{0}", NewPostNumber));
                    }
                }
                else
                {
                    ModelState.Clear();
                    Forum_Post QuotedPost = db.GetPostByID(QuoteId);
                    if (QuotedPost != null)
                    {
                        model.PostText = String.Format("[quote={0}]{1}[/quote]", QuotedPost.Forum_User.Username, QuotedPost.PostText);
                    }
                }

                model.ThreadID = model.id;
                model.Title = "Reply to Thread";
                return View("WritePost", model);
            }
        }
Beispiel #12
0
        public ActionResult NewThread(WritePostViewModel model, string button)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Category Category = db.GetCategoryByID(model.id);
                if (Category == null) return NotFoundView("Category");

                model.AddNavigation(Category);
                model.AddNavigation("New thread");

                Forum_User Poster = GetCurrentUser(db);

                if (!db.CheckCategoryPermissions(Category, Poster, P => P.AllowNewThread))
                    return AuthenticationHelper.AccessDeniedView(model);

                if (String.Equals(button, "preview", StringComparison.InvariantCultureIgnoreCase))
                {
                    model.ShowPost = true;
                    model.PostHtml = PostParser.Parse(model.PostText);
                    ModelState.Clear();
                }
                else
                if (IsHttpPost)
                {
                    if (!AntiForgeryTokenValid)
                    {
                        ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                    }
                    if (String.IsNullOrEmpty(model.ThreadTitle))
                    {
                        ModelState.AddModelError("ThreadTitle", "A thread title is required.");
                    }
                    if (ModelState.IsValid)
                    {
                        Forum_Thread NewThread = new Forum_Thread();
                        NewThread.Title = model.ThreadTitle;

                        NewThread.PosterID = Poster.UserID;

                        Forum_Post InitialPost = new Forum_Post();
                        InitialPost.TimeStamp = DateTime.Now;
                        InitialPost.PosterID = NewThread.PosterID;
                        InitialPost.PostText = model.PostText;
                        NewThread.Forum_Posts.Add(InitialPost);
                        NewThread.Posts = 1;
                        NewThread.LastPostTime = InitialPost.TimeStamp;
                        NewThread.CategoryID = model.id;
                        // Save and add thread to database
                        db.AddThread(NewThread);
                        db.SetLastPost(NewThread, Poster, 1);
                        db.Save();
                        return RedirectToAction("ViewCategory", new { id = model.id });
                    }
                }
                else
                {
                    ModelState.Clear();
                }
                model.EditTitle = true;
                model.Title = "Post new Thread";
                return View("WritePost", model);
            }
        }
Beispiel #13
0
        public ActionResult EditThread(int id, int? MoveTo, string Lock, string Delete)
        {
            using (ForumRespository db = new ForumRespository())
            {
                Forum_Thread EditedThread = db.GetThreadByID(id);
                if (EditedThread == null)
                    return NotFoundView("Post");

                var model = new EditThreadViewModel();
                var Category = EditedThread.Forum_Category;

                model.AddNavigation(EditedThread);
                model.AddNavigation("Edit Thread");

                var Editor = GetCurrentUser(db);

                model.AllowDelete = db.CheckCategoryPermissions(Category, Editor, P => (P.AllowDeleteOwnThread && EditedThread.Forum_Posts[0].PosterID == Editor.UserID && EditedThread.PosterID != (int)BuildInUser.Guest) || P.AllowDeleteAllThread);
                model.AllowMove = db.CheckCategoryPermissions(Category, Editor, P => P.AllowMoveThread);
                model.AllowLock = db.CheckCategoryPermissions(Category, Editor, P => P.AllowLockThread);

                if (!model.AllowDelete && !model.AllowLock && !model.AllowMove)
                    return AuthenticationHelper.AccessDeniedView(model);

                model.id = id;
                model.ThreadName = EditedThread.Title;
                model.CategoryID = Category.CategoryID;
                model.CategoryName = Category.Name;

                model.IsLocked = EditedThread.Locked;

                foreach (var MoveToCategory in db.GetAllCategories())
                {
                    if (MoveToCategory == Category) continue; // Cannot move the where the thread is already
                    if (!MoveToCategory.AllowPosts) continue; // Cannot move to a category that does not allow posts
                    if (!db.CheckCategoryPermissions(MoveToCategory, Editor, P => P.AllowNewThread)) continue; // Cannot move to a category where you are not allowed to create new threads.
                    model.ValidMoveDestinations.Add(new AdminNamedID() { ID = MoveToCategory.CategoryID, Name = MoveToCategory.Name});
                }

                if (IsHttpPost)
                {
                    if (!AntiForgeryTokenValid)
                    {
                        ModelState.AddModelError("AntiForgery", "The antiforgery token was invalid.");
                    }
                    else
                    {
                        if (model.AllowDelete && !String.IsNullOrEmpty(Delete))
                        {
                            db.DeleteThread(EditedThread);
                            db.Save();
                            return RedirectToAction("ViewCategory", new { id = model.CategoryID });
                        }
                        if (model.AllowMove)
                        {
                            var Destination = db.GetCategoryByID((int)MoveTo);
                            if (Destination != null && model.ValidMoveDestinations.Exists(D => D.ID == Destination.CategoryID))
                            {
                                EditedThread.Forum_Category = Destination;
                            }
                        }
                        if (model.AllowLock)
                            EditedThread.Locked = !String.IsNullOrEmpty(Lock);
                        db.Save();
                        return RedirectToAction("ViewThread", new { id = model.id });
                    }
                }
                return View(model);
            }
        }
Beispiel #14
0
 public static void LogOff()
 {
     if (!Identity.IsAuthenticated) return;
     using (ForumRespository db = new ForumRespository())
     {
         db.RemoveUserSession(Identity.SessionID);
         db.Save();
     }
 }