//添加新的评论 public string Add(long id, string comment,string user) { string result = null; Ticket ticket = db.Tickets.Find(id); if (ticket == null) result = "Ticket not found."; else { TicketComment tcomment = new TicketComment(); DateTime now = DateTime.Now; tcomment.CommentEvent = string.Format("added comment"); tcomment.IsHtml = false; tcomment.CommentedBy = user; tcomment.CommentedDate = now; tcomment.Comment = System.Web.HttpUtility.HtmlEncode(comment).Trim(); //对数据进行编码,防止脚本注入式攻击 tcomment.TicketId = ticket.TicketId; db.TicketComments.Add(tcomment); db.SaveChanges(); } return result; }
public ActionResult AttachmentUpload() { bool isSavedSuccessfully = true; int count = 0; string msg = ""; int ticketId = string.IsNullOrEmpty(Request.Params["ticketID"]) ? 0 : int.Parse(Request.Params["ticketID"]); try { //string directoryPath = Server.MapPath("~/Content/photos"); //if (!Directory.Exists(directoryPath)) // Directory.CreateDirectory(directoryPath); DateTime now = DateTime.Now; foreach (string f in Request.Files) { //获取单独上传的文件 HttpPostedFileBase file = Request.Files[f]; if (file != null && file.ContentLength > 0) { TicketComment comment = new TicketComment(); comment.CommentedBy = User.Identity.Name; comment.CommentedDate = now; comment.CommentEvent = "has added an attachment"; //comment.CommentEvent = Resources.LocalizedText.HasAddedAnAttachment; comment.IsHtml = false; comment.Comment = string.Format("New file: {0}", file.FileName); //comment.Comment = string.Format(Resources.LocalizedText.NewFile + ": {0}", FileUploader.FileName); comment.TicketId = ticketId; db.TicketComments.Add(comment); //将文件转化成随机流MemoryStream上传到数据库. 数据库端字段设置为varbinary(MAX) byte[] data; using (Stream inputStream = file.InputStream) { MemoryStream memStream = inputStream as MemoryStream; if (memStream == null) { memStream = new MemoryStream(); inputStream.CopyTo(memStream); } data = memStream.ToArray(); } TicketAttachment attachment = new TicketAttachment(); attachment.TicketId = ticketId; attachment.FileName = file.FileName; attachment.FileSize = file.ContentLength; attachment.FileType = file.ContentType; attachment.FileContents = data; attachment.UploadedBy = User.Identity.Name; attachment.UploadedDate = now; db.TicketAttachments.Add(attachment); count++; } } db.SaveChanges(); } catch (Exception ex) { msg = ex.Message; isSavedSuccessfully = false; } return Json(new { Result = isSavedSuccessfully, Count = count, Message = msg }); }
private static void SaveRenamedTicketTypes(string[] newSettings, string oldTypeName, string newTypeName, bool commitChanges) { DateTime now = DateTime.Now; string user = HttpContext.Current.User.Identity.Name; string evt = string.Format("renamed the ticket type from {0} to {1} globally.", oldTypeName, newTypeName); var tickets = db.Tickets.Where(t => t.Type == oldTypeName); foreach (Ticket ticket in tickets) { ticket.Type = newTypeName; TicketComment comment = new TicketComment(); comment.CommentedBy = user; comment.CommentedDate = now; comment.IsHtml = false; comment.CommentedBy = user; comment.CommentEvent = evt; comment.TicketId = ticket.TicketId; db.TicketComments.Add(comment); } if (commitChanges) { db.SaveChanges(); } }
public string UpdateField(long id, string field, string ovalue, string value, string comment) { string result = null; Ticket ticket = db.Tickets.Find(id); if (ticket == null) result = "Ticket not found."; else { if (ovalue.Equals(value) == false) { DateTime now = DateTime.Now; string user = User.Identity.Name; Type type = ticket.GetType(); PropertyInfo prop = type.GetProperty(field); if (ticket.IsHtml) prop.SetValue(ticket, value); else prop.SetValue(ticket, Server.HtmlEncode(value)); ticket.LastUpdateDate = now; ticket.LastUpdateBy = user; TicketComment tcomment = new TicketComment(); if (string.IsNullOrEmpty(ovalue)) tcomment.CommentEvent = string.Format("set the {0} to '{1}'", field.ToLower(), Server.HtmlEncode(value).Trim()); else tcomment.CommentEvent = string.Format("changed the {0} from '{1}' to '{2}'", field.ToLower(), Server.HtmlEncode(ovalue).Trim(), Server.HtmlEncode(value).Trim()); //comment.CommentEvent = Resources.LocalizedText.EditedTheDetailsForTheTicket; tcomment.IsHtml = false; tcomment.CommentedBy = user; tcomment.CommentedDate = now; if (string.IsNullOrEmpty(comment)) tcomment.CommentEvent = tcomment.CommentEvent + " without comment"; //comment.CommentEvent = comment.CommentEvent + " " + Resources.LocalizedText.WithoutComment; else tcomment.Comment = Server.HtmlEncode(comment).Trim(); tcomment.TicketId = ticket.TicketId; db.TicketComments.Add(tcomment); db.SaveChanges(); } } return result; }