public ActionResult Details(Guid id, Guid?context = null) { var message = _messageDao.GetMessageById(id); // only private messages can be perma linked if (message.MessageType != MessageType.Private) { throw new NotFoundException(); } if (message.FirstMessage.HasValue) { // the user is looking at the wrong page. // the user should never get here return(Redirect(Url.MessageDetails(message))); } // this will return all the messages for this thread, including the first message that started the conversation var messages = _messageDao.GetMessagesForThread(message.Id); // let's make sure that the user is involved with at least one of these messages if (!_userContext.CurrentUser.IsAdmin) { var userModeratingSubs = _moderationDao.GetSubsModeratoredByUserWithPermissions(_userContext.CurrentUser.Id) .Where(x => x.Value.HasPermission(ModeratorPermissions.Mail)).Select(x => x.Key).ToList(); // NOTE: Should we check for the user being involved with any message in the thread, or is the first message enough? if (message.ToUser.HasValue && message.ToUser.Value == _userContext.CurrentUser.Id || message.AuthorId == _userContext.CurrentUser.Id || message.FromSub.HasValue && userModeratingSubs.Contains(message.FromSub.Value) || message.ToSub.HasValue && userModeratingSubs.Contains(message.ToSub.Value)) { // the user is involved in these discussions! } else { throw new UnauthorizedException(); } } var model = new MessageThreadViewModel(); model.IsModerator = _moderationDao.GetSubsModeratoredByUser(_userContext.CurrentUser.Id).Count > 0; model.Messages.AddRange(_messageWrapper.Wrap(messages, _userContext.CurrentUser)); if (context.HasValue) { model.ContextMessage = model.Messages.SingleOrDefault(x => x.Message.Id == context.Value); } model.FirstMessage = model.Messages.Single(x => !x.Message.FirstMessage.HasValue); return(View(model)); }