public async Task <ActionResult> Add(int messageId = 0)
{
var(messageGetResult, message) = await GetMessageAndThreadAsync(messageId);
if (!messageGetResult)
{
return(Json(new { success = false, responseMessage = "Upload failed." }));
}
var forum = await _cache.GetForumAsync(message.Thread.ForumID);
if (forum == null)
{
return(Json(new { success = false, responseMessage = "Upload failed." }));
}
// Check if the thread is sticky, or that the user can see normal threads started
// by others. If not, the user isn't allowed to view the thread the message is in, and therefore is denied access.
if ((message.Thread.StartedByUserID != this.HttpContext.Session.GetUserID()) &&
!this.HttpContext.Session.CanPerformForumActionRight(message.Thread.ForumID, ActionRights.ViewNormalThreadsStartedByOthers) &&
!message.Thread.IsSticky)
{
// user can't view the thread the message is in, because:
// - the thread isn't sticky
// AND
// - the thread isn't posted by the calling user and the user doesn't have the right to view normal threads started by others
return(Json(new { success = false, responseMessage = "Upload failed." }));
}
var totalNumberOfAttachmentsOfMessage = await MessageGuiHelper.GetTotalNumberOfAttachmentsOfMessageAsync(messageId);
bool userMayAddAttachment = forum.MaxNoOfAttachmentsPerMessage > 0 &&
this.HttpContext.Session.CanPerformForumActionRight(forum.ForumID, ActionRights.AddAttachment) &&
this.HttpContext.Session.GetUserID() == message.PostedByUserID &&
totalNumberOfAttachmentsOfMessage < forum.MaxNoOfAttachmentsPerMessage;
if (!userMayAddAttachment)
{
return(Json(new { success = false, responseMessage = "Upload failed." }));
}
try
{
if (this.Request.Form.Files.Count <= 0)
{
return(Json(new { success = false, responseMessage = "No file attached!" }));
}
var fileContent = this.Request.Form.Files[0];
if (fileContent == null || fileContent.Length <= 0)
{
return(Json(new { success = false, responseMessage = "The file uploaded is empty (0KB)." }));
}
var fileLengthInKB = fileContent.Length / 1024;
if (fileLengthInKB > forum.MaxAttachmentSize)
{
return(Json(new { success = false, responseMessage = $"The file uploaded is too large ({fileLengthInKB}KB). The max. file size is {forum.MaxAttachmentSize}KB" }));
}
// all is well, save the attachment!
var fileData = new byte[fileContent.Length];
await using (var reader = fileContent.OpenReadStream())
{
await reader.ReadAsync(fileData, 0, (int)fileContent.Length);
}
await MessageManager.AddAttachmentAsync(messageId, fileContent.FileName, fileData,
this.HttpContext.Session.CanPerformForumActionRight(forum.ForumID, ActionRights.GetsAttachmentsApprovedAutomatically));
ApplicationAdapter.InvalidateCachedNumberOfUnapprovedAttachments();
return(Json(new { success = true, responseMessage = string.Empty }));
}
catch (Exception)
{
Response.StatusCode = (int)HttpStatusCode.BadRequest;
return(Json(new { success = false, responseMessage = "Upload failed." }));
}
}
