vgquotes/Src/VideoGameQuotes.Web/Controllers/AdminController.cs

using System.Linq;
using System.Net;
using System.Web.Mvc;
using Portoa.Persistence;
using Portoa.Web;
using Portoa.Web.ErrorHandling;
using Portoa.Web.Results;
using VideoGameQuotes.Api;
using VideoGameQuotes.Web.Models;
using VideoGameQuotes.Web.Security;
using VideoGameQuotes.Web.Services;

namespace VideoGameQuotes.Web.Controllers {
	[VerifyUser(Group = UserGroup.Admin)]
	public class AdminController : Controller {
		private readonly ICurrentUserProvider<User> userProvider;
		private readonly IAdministrationService adminService;

		public AdminController(ICurrentUserProvider<User> userProvider, IAdministrationService adminService) {
			this.userProvider = userProvider;
			this.adminService = adminService;
		}

		public ActionResult Users(int start = 1, int end = 20) {
			if (start < 1 || start > end || end < 1) {
				return new StatusOverrideResult(View("BadPaging")) { StatusCode = HttpStatusCode.BadRequest };
			}

			var model = new PagedModelWithUser<User> {
				Start = start,
				End = end,
				Records = adminService.GetPagedUsers(start, end),
				TotalCount = adminService.GetAllUsers().Count(),
				CurrentUser = userProvider.CurrentUser
			};

			return View(model);
		}

		[HttpGet]
		public ActionResult Create() {
			var model = new CreateAdminModel();
			ResetCreateAdminModel(model);
			return View(model);
		}

		private void ResetCreateAdminModel(CreateAdminModel model) {
			model.Users = adminService.GetAllUsers();
		}

		[HttpPost]
		public ActionResult Create(CreateAdminModel model) {
			if (!ModelState.IsValid) {
				ResetCreateAdminModel(model);
				return View(model);
			}

			try {
				var user = new User {
					Username = model.Username,
					Group = UserGroup.Admin
				};

				if (model.UserId > 0) {
					user = adminService.GetUser(model.UserId);
					if (user.Group == UserGroup.Admin) {
						ModelState.AddModelError("UserId", string.Format("The user {0} is already an admin", user.Username));
					} else {
						user.Group = UserGroup.Admin;
					}

					if (user.Username == null) {
						if (string.IsNullOrWhiteSpace(model.Username)) {
							ModelState.AddModelError("Username", "Username must be given if the user does not have a username");
						} else {
							user.Username = model.Username;
						}
					}
				} else if (string.IsNullOrWhiteSpace(model.Username)) {
					ModelState.AddModelError("Username", "Username must be non-empty if creating a new user");
				}

				if (!ModelState.IsValid) {
					ResetCreateAdminModel(model);
					return View(model);
				}

				user.IpAddress = null; //must delete ip address or it's kind of a glaring security hole
				user.ChangePassword(model.Password);

				adminService.SaveUser(user);
				return View("CreateAdminSuccess", model);
			} catch (EntityNotFoundException) {
				ModelState.AddModelError("UserId", string.Format("User not found for id {0}", model.UserId));
				ResetCreateAdminModel(model);
				return View(model);
			}
		}

		public ActionResult Index() {
			return View();
		}

		[HttpGet]
		public ActionResult Password() {
			return View(new ChangePasswordModel());
		}

		[HttpPost]
		public ActionResult Password(ChangePasswordModel model) {
			if (!ModelState.IsValid) {
				return View(model);
			}

			var user = userProvider.CurrentUser;
			if (user == null) {
				return View("Unknown", new ErrorModel());
			}

			try {
				user.ChangePassword(model.Password);
				adminService.SaveUser(user);
				return View("PasswordSuccessfullyChanged");
			} catch {
				ControllerContext.AddModelError("password", "Unable to change password");
				return View(model);
			}

		}

		[HttpGet]
		public ActionResult Flags() {
			var flaggedQuotes = adminService.GetFlaggedQuotes();
			return View(flaggedQuotes);
		}
	}
}