public async Task LockAsync(LockTopic command)
{
var topic = await _dbContext.Posts
.FirstOrDefaultAsync(x =>
x.Id == command.Id &&
x.TopicId == null &&
x.ForumId == command.ForumId &&
x.Forum.Category.SiteId == command.SiteId &&
x.Status != StatusType.Deleted);
if (topic == null)
{
throw new DataException($"Topic with Id {command.Id} not found.");
}
topic.Lock(command.Locked);
_dbContext.Events.Add(new Event(command.SiteId,
command.UserId,
EventType.Locked,
typeof(Post),
command.Id));
await _dbContext.SaveChangesAsync();
}
public async Task <ActionResult> LockTopic(Guid forumId, Guid topicId, [FromBody] bool locked)
{
var site = await _contextService.CurrentSiteAsync();
var user = await _contextService.CurrentUserAsync();
var command = new LockTopic
{
Id = topicId,
ForumId = forumId,
Locked = locked,
SiteId = site.Id,
UserId = user.Id
};
var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, forumId);
var canModerate = _securityService.HasPermission(PermissionType.Moderate, permissions) && !user.IsSuspended;
if (!canModerate)
{
_logger.LogWarning("Unauthorized access to lock topic", new
{
SiteId = site.Id,
ForumId = forumId,
TopicId = topicId,
User = User.Identity.Name
});
return(Unauthorized());
}
await _topicService.LockAsync(command);
return(Ok());
}
