public async Task <IActionResult> UpdateSpecificItem([FromRoute] ulong guildId, [FromRoute] int caseId, [FromRoute] int commentId, [FromBody] ModCaseCommentForPutDto newValue) { await RequirePermission(guildId, caseId, APIActionPermission.View); Identity currentIdentity = await GetIdentity(); IUser currentUser = currentIdentity.GetCurrentUser(); var repo = ModCaseCommentRepository.CreateDefault(_serviceProvider, currentIdentity); ModCaseComment comment = await repo.GetSpecificComment(commentId); if (comment.UserId != currentUser.Id && !currentIdentity.IsSiteAdmin()) { throw new UnauthorizedException(); } ModCaseComment createdComment = await repo.UpdateComment(guildId, caseId, commentId, newValue.Message); return(Ok(new CommentsView(createdComment))); }
public async Task <IActionResult> UpdateSpecificItem([FromRoute] string guildid, [FromRoute] string caseid, [FromRoute] int commentid, [FromBody] ModCaseCommentForPutDto newValue) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | Incoming request."); Identity currentIdentity = await identityManager.GetIdentity(HttpContext); User currentUser = await currentIdentity.GetCurrentDiscordUser(); if (currentUser == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } ModCase modCase = await database.SelectSpecificModCase(guildid, caseid); if (!await currentIdentity.HasModRoleOrHigherOnGuild(guildid, this.database) && !config.Value.SiteAdminDiscordUserIds.Contains(currentUser.Id)) { if (modCase == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } else { if (modCase.UserId != currentUser.Id) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } } } // ======================================================== if (await database.SelectSpecificGuildConfig(guildid) == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 400 Guild not registered."); return(BadRequest("Guild not registered.")); } if (modCase == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 404 ModCase not found."); return(NotFound()); } ModCaseComment comment = modCase.Comments.FirstOrDefault(x => x.Id == commentid); if (comment == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 404 Comment not found."); return(NotFound()); } // only commentor or site admin should be able to edit comment if (comment.UserId != currentUser.Id && !config.Value.SiteAdminDiscordUserIds.Contains(currentUser.Id)) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } comment.Message = newValue.Message.Trim(); database.UpdateModCaseComment(comment); await database.SaveChangesAsync(); logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | Sending notification."); try { await discordAnnouncer.AnnounceComment(comment, currentUser, RestAction.Edited); } catch (Exception e) { logger.LogError(e, "Failed to announce comment."); } logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 200 Resource updated."); return(Ok(new { id = comment.Id })); }