public async Task <ActionResult <CreateGroupResponse> > CreateGroup([FromQuery] CourseAuthorizationParameters courseAuthorizationParameters, CreateGroupParameters parameters)
{
var ownerId = User.GetUserId();
var group = await groupsRepo.CreateGroupAsync(courseAuthorizationParameters.CourseId, parameters.Name, ownerId).ConfigureAwait(false);
var url = Url.Action(new UrlActionContext {
Action = nameof(GroupController.Group), Controller = "Group", Values = new { groupId = group.Id }
});
return(Created(url, new CreateGroupResponse
{
Id = group.Id,
ApiUrl = url,
}));
}
public async Task <ActionResult <CommentResponse> > CreateComment([FromQuery] CourseAuthorizationParameters courseAuthorizationParameters, CreateCommentParameters parameters)
{
var courseId = courseAuthorizationParameters.CourseId;
var slideId = parameters.SlideId;
parameters.Text.TrimEnd();
if (parameters.ForInstructors)
{
var isInstructor = await courseRolesRepo.HasUserAccessToCourseAsync(UserId, courseId, CourseRoleType.Instructor).ConfigureAwait(false);
if (!isInstructor)
{
return(StatusCode((int)HttpStatusCode.Forbidden, new ErrorResponse($"You can not create comment for instructors. You should be instructor or course admin of course {courseId}.")));
}
}
if (parameters.ParentCommentId.HasValue)
{
var parentComment = await commentsRepo.FindCommentByIdAsync(parameters.ParentCommentId.Value).ConfigureAwait(false);
if (parentComment == null || !parentComment.CourseId.EqualsIgnoreCase(courseId) || parentComment.SlideId != slideId || !parentComment.IsTopLevel)
{
return(BadRequest(new ErrorResponse($"`parentCommentId` comment {parameters.ParentCommentId.Value} not found, belongs to other course, other slide or is not a top-level comment")));
}
if (parentComment.IsForInstructorsOnly != parameters.ForInstructors)
{
return(BadRequest(new ErrorResponse(
$"`parentCommentId` comment {parameters.ParentCommentId.Value} is {(parentComment.IsForInstructorsOnly ? "" : "not")} for instructors, but new one {(parameters.ForInstructors ? "is" : "is not")}"
)));
}
}
var commentsPolicy = await commentPoliciesRepo.GetCommentsPolicyAsync(courseId).ConfigureAwait(false);
if (!await CanCommentHereAsync(UserId, courseId, parameters.ParentCommentId.HasValue, commentsPolicy).ConfigureAwait(false))
{
return(StatusCode((int)HttpStatusCode.Forbidden, new ErrorResponse($"You can not create comment here by comments policy.")));
}
if (!await CanCommentNowAsync(UserId, courseId, commentsPolicy).ConfigureAwait(false))
{
return(StatusCode((int)HttpStatusCode.TooManyRequests, new ErrorResponse("You are commenting too fast. Please wait some time")));
}
if (parameters.Text.Length > CommentsPolicy.MaxCommentLength)
{
return(StatusCode((int)HttpStatusCode.RequestEntityTooLarge, new ErrorResponse($"Your comment is too large. Max allowed length is {CommentsPolicy.MaxCommentLength} chars")));
}
var parentCommentId = parameters.ParentCommentId ?? -1;
var comment = await commentsRepo.AddCommentAsync(UserId, courseId, slideId, parentCommentId, parameters.ForInstructors, parameters.Text).ConfigureAwait(false);
if (comment.IsApproved)
{
await NotifyAboutNewCommentAsync(comment).ConfigureAwait(false);
}
return(BuildCommentResponse(
comment,
false, new DefaultDictionary <int, List <Comment> >(), new DefaultDictionary <int, int>(), new HashSet <int>(), // canUserSeeNotApprovedComments not used if addReplies == false
null, null, false, addCourseIdAndSlideId: true, addParentCommentId: true, addReplies: false
));
}