public async Task <IActionResult> EditPage([FromRoute] string path, CreatePageRequest req) { Infopage page = await Db.Infopages.SingleAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture)); if (!HttpContext.UserCan("kb.editpage.all") && !(HttpContext.UserCan("kb.editpage.own") && ((int?)page.AuthorId ?? -1) == HttpContext.User.GetUserId())) { if (HttpContext.User.IsAnonymous()) { return(Challenge()); } else { return(Forbid()); } } if (!ModelState.IsValid) { return(View(page)); } if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString())) { return(Forbid()); } if (!HttpContext.UserCan("kb.secrecy." + ((byte)req.Secrecy).ToString())) { return(Forbid()); } await Db.KBActivities.AddKBActivity(HttpContext, page.Id, new EditPageActivity() { OldName = page.Name, NewName = req.Name, OldTags = page.Tags, NewTags = req.Tags ?? "", OldContainedText = page.ContainedText, NewContainedText = req.Text, OldSecrecy = page.Secrecy, NewSecrecy = (byte)req.Secrecy }); page.Name = req.Name; page.Tags = req.Tags ?? ""; page.ContainedText = req.Text; page.Secrecy = (byte)req.Secrecy; await Db.SaveChangesAsync(); return(RedirectToAction("ViewPage", new { path = path.Replace("%2F", "/", true, CultureInfo.InvariantCulture) })); }
public async Task <IActionResult> ViewPage([FromRoute] string path) { Infopage page = await Db.Infopages .Include(x => x.Author) .SingleOrDefaultAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture)); if (page == null) { return(View("NoPage", path.Replace("%2F", "/", true, CultureInfo.InvariantCulture))); } if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString())) { return(Forbid()); } return(View(page)); }
public async Task <IActionResult> DeletePage([FromRoute] string path) { Infopage page = await Db.Infopages.SingleAsync(x => x.Path == path.Replace("%2F", "/", true, CultureInfo.InvariantCulture)); if (!HttpContext.UserCan("kb.secrecy." + page.Secrecy.ToString())) { return(Forbid()); } await Db.Database.ExecuteSqlInterpolatedAsync($"delete from infopagecomments where infopageid = {page.Id}"); await Db.Database.ExecuteSqlInterpolatedAsync($"delete from kbactivities where infopageid = {page.Id}"); Db.Infopages.Remove(page); await Db.SaveChangesAsync(); return(RedirectToAction("Main")); }