public async Task <Topic> createTopic(Int64 tokenId, int?parentTopicId, string title, int roleToEdit, int roleToRead)
{
var token = await quickGetToken(tokenId);
var userRole = new UserRole(token.User.RawRole);
if (parentTopicId == null) //Only administators can edit the root topic level.
{
if (!userRole.IsAdmin)
{
throw AutoApiError.Unauthorised();
}
}
else
{
var parentTopic = await(from t in _context.topics
where t.Id == parentTopicId.Value
select t).FirstOrDefaultAsync();
if (parentTopic == null)
{
throw AutoApiError.NotFound();
}
if (parentTopic.RoleToEdit > token.User.RawRole)
{
throw AutoApiError.Unauthorised();
}
}
if (title == null)
{
throw AutoApiError.InvalidParam("title.");
}
if (!UserRole.RoleIsValid(roleToEdit))
{
throw AutoApiError.InvalidRole("roleToEdit.");
}
if (!UserRole.RoleIsValid(roleToRead))
{
throw AutoApiError.InvalidParam("roleToRead.");
}
if (roleToRead > token.User.RawRole)
{
throw new AutoApiError("The topic would be unreadable by its creator.");
}
var topic = new Topic();
topic.Title = title;
topic.RoleToEdit = roleToEdit;
topic.RoleToRead = roleToRead;
topic.ParentId = parentTopicId;
topic.IsRootEntry = parentTopicId == null;
topic.OwnerId = token.UserId;
var now = DateTime.UtcNow;
topic.Modified = now;
topic.Created = now;
_context.topics.Add(topic);
await _context.SaveChangesAsync();
return(topic.CloneForExport());
}
