public async Task <ActionResult> UpdateReply(TopicPageModel model) { var site = await _contextService.CurrentSiteAsync(); var user = await _contextService.CurrentUserAsync(); var command = new UpdateReply { Id = model.Post.Id.Value, ForumId = model.Forum.Id, TopicId = model.Topic.Id, Content = model.Post.Content, Status = PostStatusType.Published, SiteId = site.Id, UserId = user.Id }; var replyUserId = await _dbContext.Posts .Where(x => x.Id == command.Id && x.TopicId == command.TopicId && x.Topic.ForumId == command.ForumId && x.Topic.Forum.Category.SiteId == command.SiteId && x.Status != PostStatusType.Deleted) .Select(x => x.CreatedBy) .FirstOrDefaultAsync(); var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, model.Forum.Id); var canEdit = _securityService.HasPermission(PermissionType.Edit, permissions); var canModerate = _securityService.HasPermission(PermissionType.Moderate, permissions); var authorized = (canEdit && replyUserId == user.Id || canModerate) && !user.IsSuspended; if (!authorized) { _logger.LogWarning("Unauthorized access to update reply.", new { SiteId = site.Id, ForumId = model.Forum?.Id, TopicId = model.Topic?.Id, ReplyId = model.Post?.Id, User = User.Identity.Name }); return(Unauthorized()); } await _replyService.UpdateAsync(command); return(Ok()); }
protected override async Task OnInitializedAsync() { try { Model = await ApiService.GetFromJsonAsync <TopicPageModel>($"api/public/topics/{ForumSlug}/{TopicSlug}?page=1"); TotalPages = Model.Replies.TotalPages; DisplayPage = true; } catch (Exception) { Model = new TopicPageModel(); DisplayPage = false; } }
public async Task <ActionResult> CreateReply(TopicPageModel model) { var site = await _contextService.CurrentSiteAsync(); var user = await _contextService.CurrentUserAsync(); var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, model.Forum.Id); var canReply = _securityService.HasPermission(PermissionType.Reply, permissions) && !user.IsSuspended; if (!canReply) { _logger.LogWarning("Unauthorized access to create reply.", new { SiteId = site.Id, ForumId = model.Forum?.Id, TopicId = model.Topic?.Id, User = User.Identity.Name }); return(Unauthorized()); } var command = new CreateReply { ForumId = model.Forum.Id, TopicId = model.Topic.Id, Content = model.Post.Content, Status = PostStatusType.Published, SiteId = site.Id, UserId = user.Id }; await _replyService.CreateAsync(command); return(Ok()); }
public async Task <TopicPageModel> BuildTopicPageModelAsync(Guid siteId, string forumSlug, string topicSlug, QueryOptions options) { var topic = await _dbContext.Posts .Include(x => x.Forum).ThenInclude(x => x.Category) .Include(x => x.CreatedByUser) .FirstOrDefaultAsync(x => x.TopicId == null && x.Forum.Category.SiteId == siteId && x.Forum.Slug == forumSlug && x.Slug == topicSlug && x.Status == StatusType.Published); if (topic == null) { return(null); } var result = new TopicPageModel { Forum = new TopicPageModel.ForumModel { Id = topic.Forum.Id, Name = topic.Forum.Name, Slug = topic.Forum.Slug }, Topic = new TopicPageModel.TopicModel { Id = topic.Id, Title = topic.Title, Slug = topic.Slug, Content = Markdown.ToHtml(topic.Content), UserId = topic.CreatedByUser.Id, UserDisplayName = topic.CreatedByUser.DisplayName, TimeStamp = topic.CreatedOn, IdentityUserId = topic.CreatedByUser.IdentityUserId, GravatarHash = _gravatarService.HashEmailForGravatar(topic.CreatedByUser.Email), Pinned = topic.Pinned, Locked = topic.Locked, HasAnswer = topic.HasAnswer }, Replies = await BuildTopicPageModelRepliesAsync(topic.Id, options) }; if (topic.HasAnswer) { var answer = await _dbContext.Posts .Include(x => x.CreatedByUser) .Where(x => x.TopicId == topic.Id && x.Status == StatusType.Published && x.IsAnswer) .FirstOrDefaultAsync(); if (answer != null) { result.Answer = new TopicPageModel.ReplyModel { Id = answer.Id, Content = Markdown.ToHtml(answer.Content), OriginalContent = answer.Content, IdentityUserId = answer.CreatedByUser.IdentityUserId, UserId = answer.CreatedByUser.Id, UserDisplayName = answer.CreatedByUser.DisplayName, TimeStamp = answer.CreatedOn, GravatarHash = _gravatarService.HashEmailForGravatar(answer.CreatedByUser.Email), IsAnswer = answer.IsAnswer }; } } return(result); }