vgquotes/Src/VideoGameQuotes.Web/Controllers/AdminController.cs

138 lines
3.8 KiB
C#
Raw Normal View History

using System.Linq;
using System.Net;
using System.Web.Mvc;
2011-02-19 23:15:36 +00:00
using Portoa.Persistence;
using Portoa.Web.ErrorHandling;
using Portoa.Web.Results;
using Portoa.Web.Security;
using VideoGameQuotes.Api;
using VideoGameQuotes.Web.Models;
using VideoGameQuotes.Web.Security;
using VideoGameQuotes.Web.Services;
namespace VideoGameQuotes.Web.Controllers {
[VerifyUser(Group = UserGroup.Admin)]
public class AdminController : Controller {
private readonly ICurrentUserProvider<User> userProvider;
private readonly IAdministrationService adminService;
public AdminController(ICurrentUserProvider<User> userProvider, IAdministrationService adminService) {
this.userProvider = userProvider;
this.adminService = adminService;
}
public ActionResult Users(int start = 1, int end = 20) {
if (start < 1 || start > end || end < 1) {
return new StatusOverrideResult(View("BadPaging")) { StatusCode = HttpStatusCode.BadRequest };
}
var model = new PagedModelWithUser<User> {
2011-02-22 04:05:23 +00:00
CurrentPage = 1,
Records = adminService.GetPagedUsers(start, end),
TotalCount = adminService.GetAllUsers().Count(),
CurrentUser = userProvider.CurrentUser
};
return View(model);
}
2011-02-19 23:15:36 +00:00
[HttpGet]
public ActionResult Create() {
var model = new CreateAdminModel();
ResetCreateAdminModel(model);
return View(model);
}
private void ResetCreateAdminModel(CreateAdminModel model) {
model.Users = adminService.GetAllUsers();
}
[HttpPost]
public ActionResult Create(CreateAdminModel model) {
if (!ModelState.IsValid) {
ResetCreateAdminModel(model);
return View(model);
}
try {
var user = new User {
Username = model.Username,
Group = UserGroup.Admin
};
if (model.UserId > 0) {
user = adminService.GetUser(model.UserId);
if (user.Group == UserGroup.Admin) {
ModelState.AddModelError("UserId", string.Format("The user {0} is already an admin", user.Username));
} else {
user.Group = UserGroup.Admin;
}
if (user.Username == null) {
if (string.IsNullOrWhiteSpace(model.Username)) {
ModelState.AddModelError("Username", "Username must be given if the user does not have a username");
} else {
user.Username = model.Username;
}
}
} else if (string.IsNullOrWhiteSpace(model.Username)) {
ModelState.AddModelError("Username", "Username must be non-empty if creating a new user");
}
if (!ModelState.IsValid) {
ResetCreateAdminModel(model);
return View(model);
}
user.IpAddress = null; //must delete ip address or it's kind of a glaring security hole
user.ChangePassword(model.Password);
adminService.SaveUser(user);
return View("CreateAdminSuccess", model);
} catch (EntityNotFoundException) {
ModelState.AddModelError("UserId", string.Format("User not found for id {0}", model.UserId));
ResetCreateAdminModel(model);
return View(model);
}
}
public ActionResult Index() {
return View();
}
[HttpGet]
public ActionResult Password() {
return View(new ChangePasswordModel());
}
[HttpPost]
public ActionResult Password(ChangePasswordModel model) {
if (!ModelState.IsValid) {
return View(model);
}
var user = userProvider.CurrentUser;
if (user == null) {
return View("Unknown", new ErrorModel());
}
try {
user.ChangePassword(model.Password);
adminService.SaveUser(user);
return View("PasswordSuccessfullyChanged");
} catch {
ModelState.AddModelError("password", "Unable to change password");
return View(model);
}
}
[HttpGet]
public ActionResult Flags() {
var flaggedQuotes = adminService.GetFlaggedQuotes();
return View(flaggedQuotes);
}
}
}