public async Task <IActionResult> ForumEndpoint(string EndpointId, List <string> Errors)
{
var endpoint = await(from f in DBContext.ForumEndpoints
.Include(e => e.Comments)
.Include(f => f.PinnedFiles)
.Include(p => p.ParentNode)
where f.Id.ToString() == EndpointId
select f).FirstOrDefaultAsync();
if ((endpoint.Comments != null) && (endpoint.Comments.Count > 0))
{
foreach (var c in endpoint.Comments)
{
var cfiles = await(from f in DBContext.ForumFiles.Include(c => c.ForumComment)
where (f.TypeOfParent == 2 && f.ForumComment.Id == c.Id)
select f).ToListAsync();
c.PinnedFiles = cfiles;
}
}
var model = new ForumEndPointViewModel()
{
Comments = endpoint.Comments,
Files = endpoint.PinnedFiles,
EndpointName = endpoint.Name,
Text = endpoint.Text,
EndpointId = endpoint.Id.ToString(),
CreatorId = endpoint.CreatorId,
CreatorEmail = endpoint.CreatorEmail,
CreatorName = endpoint.CreatorFio,
CreationDateString = endpoint.CreationDate.ToString("d"),
ParentNodeId = endpoint.ParentNode.Id.ToString(),
userGrants = await checkService.getUserGrants(User),
};
if (Errors != null)
{
ViewBag.Errors = Errors;
}
return(View(model));
}
public async Task <IActionResult> CreateComment(ForumEndPointViewModel model)
{
List <string> errors = new List <string>();
if (ModelState.IsValid)
{
var parent = await(from e in DBContext.ForumEndpoints
where e.Id.ToString() == model.EndpointId
select e).FirstOrDefaultAsync();
var creator = await(from u in DBContext.Users
where u.NormalizedEmail == model.CommentCreatorEmail.ToUpper()
select u).FirstOrDefaultAsync();
if ((model.CommentText.IndexOf("<script>") != -1) || (model.CommentText.IndexOf("</script>") != -1))
{
errors.Add("Теги <script> запрещены!");
return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors })); //<---
}
var safeText = model.CommentText.Replace("<script>", ""); //на всякий
safeText = safeText.Replace("\n", "<br>");
var NewComment = new EForumComment()
{
CreatorId = creator.Id,
CreatorEmail = creator.Email,
CreatorFio = creator.FIO,
CreationDate = System.DateTime.Now,
ParentEndpoint = parent,
Text = model.CommentText,
PinnedFiles = new List <EForumFile>()
};
if (model.CommentUploadedFiles != null)
{
string outfolder = environment.WebRootPath + "/ForumFiles/CFiles/" + model.EndpointName + "_"
+ System.DateTime.Now.ToString("s").Replace(":", "-") + "/";
if (!Directory.Exists(outfolder))
{
Directory.CreateDirectory(outfolder);
}
foreach (IFormFile file in model.CommentUploadedFiles)
{
if (file.Length >= 10485760)
{
errors.Add("Нельзя загружать файлы свыше 10 Мегабайт.");
return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors }));
}
var outpath = outfolder + file.FileName;
using (var fileStream = new FileStream(outpath, FileMode.Create))
{
await file.CopyToAsync(fileStream);
}
var efile = new EForumFile()
{
Name = file.FileName,
Path = outpath,
TypeOfParent = 2,
ForumComment = NewComment
};
DBContext.ForumFiles.Add(efile);
NewComment.PinnedFiles.Add(efile);
}
}
DBContext.ForumComments.Add(NewComment);
await DBContext.SaveChangesAsync();
return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId }));
}
errors.Add("Комментарий не может быть пустым");
return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors }));
}
