public ActionResult RecallModeratorInvitation(int?invitationId) { if (invitationId == null) { return(HybridError(ErrorViewModel.GetErrorViewModel(ErrorType.NotFound))); //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } var moderatorInvitation = _db.ModeratorInvitation.Find(invitationId); if (moderatorInvitation == null) { return(HybridError(ErrorViewModel.GetErrorViewModel(ErrorType.NotFound))); //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } if (!ModeratorPermission.HasPermission(User, moderatorInvitation.Subverse, Domain.Models.ModeratorAction.InviteMods)) { return(RedirectToAction("SubverseModerators")); } //make sure mods can't remove invites var currentModLevel = ModeratorPermission.Level(User, moderatorInvitation.Subverse); if (moderatorInvitation.Power <= (int)currentModLevel && currentModLevel != Domain.Models.ModeratorLevel.Owner) { return(RedirectToAction("SubverseModerators")); } ViewBag.SubverseName = moderatorInvitation.Subverse; SetNavigationViewModel(moderatorInvitation.Subverse); return(View("~/Views/Subverses/Admin/RecallModeratorInvitation.cshtml", moderatorInvitation)); }
public async Task <ActionResult> RecallModeratorInvitation(int invitationId) { // get invitation to remove var invitationToBeRemoved = await _db.ModeratorInvitation.FindAsync(invitationId); if (invitationToBeRemoved == null) { return(HybridError(ErrorViewModel.GetErrorViewModel(ErrorType.NotFound))); //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } // check if subverse exists var subverse = DataCache.Subverse.Retrieve(invitationToBeRemoved.Subverse); if (subverse == null) { return(HybridError(ErrorViewModel.GetErrorViewModel(ErrorType.SubverseNotFound))); //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } // check if caller has clearance to remove a moderator invitation //if (!UserHelper.IsUserSubverseAdmin(User.Identity.Name, subverse.Name) || invitationToBeRemoved.Recipient == User.Identity.Name) return RedirectToAction("Index", "Home"); if (!ModeratorPermission.HasPermission(User, subverse.Name, Domain.Models.ModeratorAction.InviteMods)) { return(RedirectToAction("Index", "Home")); } //make sure mods can't remove invites var currentModLevel = ModeratorPermission.Level(User, subverse.Name); if (invitationToBeRemoved.Power <= (int)currentModLevel && currentModLevel != Domain.Models.ModeratorLevel.Owner) { return(RedirectToAction("SubverseModerators")); } // execute invitation removal _db.ModeratorInvitation.Remove(invitationToBeRemoved); await _db.SaveChangesAsync(); return(RedirectToAction("SubverseModerators")); }
public async Task <ActionResult> AddModerator([Bind("ID,Subverse,UserName,Power")] SubverseModerator subverseAdmin) { if (!ModelState.IsValid) { return(View(subverseAdmin)); } // check if caller can add mods, if not, deny posting if (!ModeratorPermission.HasPermission(User, subverseAdmin.Subverse, Domain.Models.ModeratorAction.InviteMods)) { return(RedirectToAction("Index", "Home")); } subverseAdmin.UserName = subverseAdmin.UserName.TrimSafe(); Subverse subverseModel = null; //lots of premature retuns so wrap the common code var sendFailureResult = new Func <string, ActionResult>(errorMessage => { ViewBag.SubverseModel = subverseModel; ViewBag.SubverseName = subverseAdmin.Subverse; ViewBag.SelectedSubverse = string.Empty; ModelState.AddModelError(string.Empty, errorMessage); SetNavigationViewModel(subverseAdmin.Subverse); return(View("~/Views/Subverses/Admin/AddModerator.cshtml", new SubverseModeratorViewModel { UserName = subverseAdmin.UserName, Power = subverseAdmin.Power } )); }); // prevent invites to the current moderator if (User.Identity.Name.IsEqual(subverseAdmin.UserName)) { return(sendFailureResult("Can not add yourself as a moderator")); } string originalRecipientUserName = UserHelper.OriginalUsername(subverseAdmin.UserName); // prevent invites to the current moderator if (String.IsNullOrEmpty(originalRecipientUserName)) { return(sendFailureResult("User can not be found")); } // get model for selected subverse subverseModel = DataCache.Subverse.Retrieve(subverseAdmin.Subverse); if (subverseModel == null) { return(ErrorView(ErrorViewModel.GetErrorViewModel(ErrorType.SubverseNotFound))); } if ((subverseAdmin.Power < 1 || subverseAdmin.Power > 4) && subverseAdmin.Power != 99) { return(sendFailureResult("Only powers levels 1 - 4 and 99 are supported currently")); } //check current mod level and invite level and ensure they are a lower level var currentModLevel = ModeratorPermission.Level(User, subverseModel.Name); if (subverseAdmin.Power <= (int)currentModLevel && currentModLevel != Domain.Models.ModeratorLevel.Owner) { return(sendFailureResult("Sorry, but you can only add moderators that are a lower level than yourself")); } int maximumOwnedSubs = VoatSettings.Instance.MaximumOwnedSubs; // check if the user being added is not already a moderator of 10 subverses var currentlyModerating = _db.SubverseModerator.Where(a => a.UserName == originalRecipientUserName).ToList(); SubverseModeratorViewModel tmpModel; if (currentlyModerating.Count <= maximumOwnedSubs) { // check that user is not already moderating given subverse var isAlreadyModerator = _db.SubverseModerator.FirstOrDefault(a => a.UserName == originalRecipientUserName && a.Subverse == subverseAdmin.Subverse); if (isAlreadyModerator == null) { // check if this user is already invited var userModeratorInvitations = _db.ModeratorInvitation.Where(i => i.Recipient.ToLower() == originalRecipientUserName.ToLower() && i.Subverse.ToLower() == subverseModel.Name.ToLower()); if (userModeratorInvitations.Any()) { return(sendFailureResult("Sorry, the user is already invited to moderate this subverse")); } // send a new moderator invitation ModeratorInvitation modInv = new ModeratorInvitation { CreatedBy = User.Identity.Name, CreationDate = Repository.CurrentDate, Recipient = originalRecipientUserName, Subverse = subverseAdmin.Subverse, Power = subverseAdmin.Power }; _db.ModeratorInvitation.Add(modInv); _db.SaveChanges(); int invitationId = modInv.ID; var invitationBody = new StringBuilder(); //v/{subverse}/about/moderatorinvitations/accept/{invitationId} string acceptInviteUrl = VoatUrlFormatter.BuildUrlPath(this.HttpContext, new PathOptions(true, true), $"/v/{subverseModel.Name}/about/moderatorinvitations/accept/{invitationId}"); invitationBody.Append("Hello,"); invitationBody.Append(Environment.NewLine); invitationBody.Append($"@{User.Identity.Name} invited you to moderate v/" + subverseAdmin.Subverse + "."); invitationBody.Append(Environment.NewLine); invitationBody.Append(Environment.NewLine); invitationBody.Append($"Please visit the following link if you want to accept this invitation: {acceptInviteUrl}"); invitationBody.Append(Environment.NewLine); invitationBody.Append(Environment.NewLine); invitationBody.Append("Thank you."); var cmd = new SendMessageCommand(new Domain.Models.SendMessage() { Sender = $"v/{subverseAdmin.Subverse}", Recipient = originalRecipientUserName, Subject = $"v/{subverseAdmin.Subverse} moderator invitation", Message = invitationBody.ToString() }, true).SetUserContext(User); await cmd.Execute(); return(RedirectToAction("SubverseModerators")); } else { return(sendFailureResult("Sorry, the user is already moderating this subverse")); } } else { return(sendFailureResult("Sorry, the user is already moderating a maximum of " + maximumOwnedSubs + " subverses")); } }