public async Task PinAsync(PinTopic command)
{
var topic = await _dbContext.Posts
.FirstOrDefaultAsync(x =>
x.Id == command.Id &&
x.TopicId == null &&
x.ForumId == command.ForumId &&
x.Forum.Category.SiteId == command.SiteId &&
x.Status != StatusType.Deleted);
if (topic == null)
{
throw new DataException($"Topic with Id {command.Id} not found.");
}
topic.Pin(command.Pinned);
_dbContext.Events.Add(new Event(command.SiteId,
command.UserId,
EventType.Pinned,
typeof(Post),
command.Id));
await _dbContext.SaveChangesAsync();
_cacheManager.Remove(CacheKeys.Forum(topic.ForumId));
}
public async Task <ActionResult> PinTopic(Guid forumId, Guid topicId, [FromBody] bool pinned)
{
var site = await _contextService.CurrentSiteAsync();
var user = await _contextService.CurrentUserAsync();
var command = new PinTopic
{
Id = topicId,
ForumId = forumId,
Pinned = pinned,
SiteId = site.Id,
UserId = user.Id
};
var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, forumId);
var canModerate = _securityService.HasPermission(PermissionType.Moderate, permissions) && !user.IsSuspended;
if (!canModerate)
{
_logger.LogWarning("Unauthorized access to pin topic", new
{
SiteId = site.Id,
ForumId = forumId,
TopicId = topicId,
User = User.Identity.Name
});
return(Unauthorized());
}
await _topicService.PinAsync(command);
return(Ok());
}