public async Task <IActionResult> ForumEndpoint(string EndpointId, List <string> Errors) { var endpoint = await(from f in DBContext.ForumEndpoints .Include(e => e.Comments) .Include(f => f.PinnedFiles) .Include(p => p.ParentNode) where f.Id.ToString() == EndpointId select f).FirstOrDefaultAsync(); if ((endpoint.Comments != null) && (endpoint.Comments.Count > 0)) { foreach (var c in endpoint.Comments) { var cfiles = await(from f in DBContext.ForumFiles.Include(c => c.ForumComment) where (f.TypeOfParent == 2 && f.ForumComment.Id == c.Id) select f).ToListAsync(); c.PinnedFiles = cfiles; } } var model = new ForumEndPointViewModel() { Comments = endpoint.Comments, Files = endpoint.PinnedFiles, EndpointName = endpoint.Name, Text = endpoint.Text, EndpointId = endpoint.Id.ToString(), CreatorId = endpoint.CreatorId, CreatorEmail = endpoint.CreatorEmail, CreatorName = endpoint.CreatorFio, CreationDateString = endpoint.CreationDate.ToString("d"), ParentNodeId = endpoint.ParentNode.Id.ToString(), userGrants = await checkService.getUserGrants(User), }; if (Errors != null) { ViewBag.Errors = Errors; } return(View(model)); }
public async Task <IActionResult> CreateComment(ForumEndPointViewModel model) { List <string> errors = new List <string>(); if (ModelState.IsValid) { var parent = await(from e in DBContext.ForumEndpoints where e.Id.ToString() == model.EndpointId select e).FirstOrDefaultAsync(); var creator = await(from u in DBContext.Users where u.NormalizedEmail == model.CommentCreatorEmail.ToUpper() select u).FirstOrDefaultAsync(); if ((model.CommentText.IndexOf("<script>") != -1) || (model.CommentText.IndexOf("</script>") != -1)) { errors.Add("Теги <script> запрещены!"); return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors })); //<--- } var safeText = model.CommentText.Replace("<script>", ""); //на всякий safeText = safeText.Replace("\n", "<br>"); var NewComment = new EForumComment() { CreatorId = creator.Id, CreatorEmail = creator.Email, CreatorFio = creator.FIO, CreationDate = System.DateTime.Now, ParentEndpoint = parent, Text = model.CommentText, PinnedFiles = new List <EForumFile>() }; if (model.CommentUploadedFiles != null) { string outfolder = environment.WebRootPath + "/ForumFiles/CFiles/" + model.EndpointName + "_" + System.DateTime.Now.ToString("s").Replace(":", "-") + "/"; if (!Directory.Exists(outfolder)) { Directory.CreateDirectory(outfolder); } foreach (IFormFile file in model.CommentUploadedFiles) { if (file.Length >= 10485760) { errors.Add("Нельзя загружать файлы свыше 10 Мегабайт."); return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors })); } var outpath = outfolder + file.FileName; using (var fileStream = new FileStream(outpath, FileMode.Create)) { await file.CopyToAsync(fileStream); } var efile = new EForumFile() { Name = file.FileName, Path = outpath, TypeOfParent = 2, ForumComment = NewComment }; DBContext.ForumFiles.Add(efile); NewComment.PinnedFiles.Add(efile); } } DBContext.ForumComments.Add(NewComment); await DBContext.SaveChangesAsync(); return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId })); } errors.Add("Комментарий не может быть пустым"); return(RedirectToAction("ForumEndpoint", new { EndpointId = model.EndpointId, Errors = errors })); }