public async Task <ActionResult> UpdateReply(TopicPageModel model)
{
var site = await _contextService.CurrentSiteAsync();
var user = await _contextService.CurrentUserAsync();
var command = new UpdateReply
{
Id = model.Post.Id.Value,
ForumId = model.Forum.Id,
TopicId = model.Topic.Id,
Content = model.Post.Content,
Status = PostStatusType.Published,
SiteId = site.Id,
UserId = user.Id
};
var replyUserId = await _dbContext.Posts
.Where(x =>
x.Id == command.Id &&
x.TopicId == command.TopicId &&
x.Topic.ForumId == command.ForumId &&
x.Topic.Forum.Category.SiteId == command.SiteId &&
x.Status != PostStatusType.Deleted)
.Select(x => x.CreatedBy)
.FirstOrDefaultAsync();
var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, model.Forum.Id);
var canEdit = _securityService.HasPermission(PermissionType.Edit, permissions);
var canModerate = _securityService.HasPermission(PermissionType.Moderate, permissions);
var authorized = (canEdit && replyUserId == user.Id || canModerate) && !user.IsSuspended;
if (!authorized)
{
_logger.LogWarning("Unauthorized access to update reply.", new
{
SiteId = site.Id,
ForumId = model.Forum?.Id,
TopicId = model.Topic?.Id,
ReplyId = model.Post?.Id,
User = User.Identity.Name
});
return(Unauthorized());
}
await _replyService.UpdateAsync(command);
return(Ok());
}
protected override async Task OnInitializedAsync()
{
try
{
Model = await ApiService.GetFromJsonAsync <TopicPageModel>($"api/public/topics/{ForumSlug}/{TopicSlug}?page=1");
TotalPages = Model.Replies.TotalPages;
DisplayPage = true;
}
catch (Exception)
{
Model = new TopicPageModel();
DisplayPage = false;
}
}
public async Task <ActionResult> CreateReply(TopicPageModel model)
{
var site = await _contextService.CurrentSiteAsync();
var user = await _contextService.CurrentUserAsync();
var permissions = await _permissionModelBuilder.BuildPermissionModelsByForumId(site.Id, model.Forum.Id);
var canReply = _securityService.HasPermission(PermissionType.Reply, permissions) && !user.IsSuspended;
if (!canReply)
{
_logger.LogWarning("Unauthorized access to create reply.", new
{
SiteId = site.Id,
ForumId = model.Forum?.Id,
TopicId = model.Topic?.Id,
User = User.Identity.Name
});
return(Unauthorized());
}
var command = new CreateReply
{
ForumId = model.Forum.Id,
TopicId = model.Topic.Id,
Content = model.Post.Content,
Status = PostStatusType.Published,
SiteId = site.Id,
UserId = user.Id
};
await _replyService.CreateAsync(command);
return(Ok());
}
public async Task <TopicPageModel> BuildTopicPageModelAsync(Guid siteId, string forumSlug, string topicSlug, QueryOptions options)
{
var topic = await _dbContext.Posts
.Include(x => x.Forum).ThenInclude(x => x.Category)
.Include(x => x.CreatedByUser)
.FirstOrDefaultAsync(x =>
x.TopicId == null &&
x.Forum.Category.SiteId == siteId &&
x.Forum.Slug == forumSlug &&
x.Slug == topicSlug &&
x.Status == StatusType.Published);
if (topic == null)
{
return(null);
}
var result = new TopicPageModel
{
Forum = new TopicPageModel.ForumModel
{
Id = topic.Forum.Id,
Name = topic.Forum.Name,
Slug = topic.Forum.Slug
},
Topic = new TopicPageModel.TopicModel
{
Id = topic.Id,
Title = topic.Title,
Slug = topic.Slug,
Content = Markdown.ToHtml(topic.Content),
UserId = topic.CreatedByUser.Id,
UserDisplayName = topic.CreatedByUser.DisplayName,
TimeStamp = topic.CreatedOn,
IdentityUserId = topic.CreatedByUser.IdentityUserId,
GravatarHash = _gravatarService.HashEmailForGravatar(topic.CreatedByUser.Email),
Pinned = topic.Pinned,
Locked = topic.Locked,
HasAnswer = topic.HasAnswer
},
Replies = await BuildTopicPageModelRepliesAsync(topic.Id, options)
};
if (topic.HasAnswer)
{
var answer = await _dbContext.Posts
.Include(x => x.CreatedByUser)
.Where(x =>
x.TopicId == topic.Id &&
x.Status == StatusType.Published &&
x.IsAnswer)
.FirstOrDefaultAsync();
if (answer != null)
{
result.Answer = new TopicPageModel.ReplyModel
{
Id = answer.Id,
Content = Markdown.ToHtml(answer.Content),
OriginalContent = answer.Content,
IdentityUserId = answer.CreatedByUser.IdentityUserId,
UserId = answer.CreatedByUser.Id,
UserDisplayName = answer.CreatedByUser.DisplayName,
TimeStamp = answer.CreatedOn,
GravatarHash = _gravatarService.HashEmailForGravatar(answer.CreatedByUser.Email),
IsAnswer = answer.IsAnswer
};
}
}
return(result);
}
