using System.Linq; using System.Net; using System.Web.Mvc; using Portoa.Persistence; using Portoa.Web; using Portoa.Web.ErrorHandling; using Portoa.Web.Results; using VideoGameQuotes.Api; using VideoGameQuotes.Web.Models; using VideoGameQuotes.Web.Security; using VideoGameQuotes.Web.Services; namespace VideoGameQuotes.Web.Controllers { [VerifyUser(Group = UserGroup.Admin)] public class AdminController : Controller { private readonly ICurrentUserProvider userProvider; private readonly IAdministrationService adminService; public AdminController(ICurrentUserProvider userProvider, IAdministrationService adminService) { this.userProvider = userProvider; this.adminService = adminService; } public ActionResult Users(int start = 1, int end = 20) { if (start < 1 || start > end || end < 1) { return new StatusOverrideResult(View("BadPaging")) { StatusCode = HttpStatusCode.BadRequest }; } var model = new PagedModelWithUser { CurrentPage = 1, Records = adminService.GetPagedUsers(start, end), TotalCount = adminService.GetAllUsers().Count(), CurrentUser = userProvider.CurrentUser }; return View(model); } [HttpGet] public ActionResult Create() { var model = new CreateAdminModel(); ResetCreateAdminModel(model); return View(model); } private void ResetCreateAdminModel(CreateAdminModel model) { model.Users = adminService.GetAllUsers(); } [HttpPost] public ActionResult Create(CreateAdminModel model) { if (!ModelState.IsValid) { ResetCreateAdminModel(model); return View(model); } try { var user = new User { Username = model.Username, Group = UserGroup.Admin }; if (model.UserId > 0) { user = adminService.GetUser(model.UserId); if (user.Group == UserGroup.Admin) { ModelState.AddModelError("UserId", string.Format("The user {0} is already an admin", user.Username)); } else { user.Group = UserGroup.Admin; } if (user.Username == null) { if (string.IsNullOrWhiteSpace(model.Username)) { ModelState.AddModelError("Username", "Username must be given if the user does not have a username"); } else { user.Username = model.Username; } } } else if (string.IsNullOrWhiteSpace(model.Username)) { ModelState.AddModelError("Username", "Username must be non-empty if creating a new user"); } if (!ModelState.IsValid) { ResetCreateAdminModel(model); return View(model); } user.IpAddress = null; //must delete ip address or it's kind of a glaring security hole user.ChangePassword(model.Password); adminService.SaveUser(user); return View("CreateAdminSuccess", model); } catch (EntityNotFoundException) { ModelState.AddModelError("UserId", string.Format("User not found for id {0}", model.UserId)); ResetCreateAdminModel(model); return View(model); } } public ActionResult Index() { return View(); } [HttpGet] public ActionResult Password() { return View(new ChangePasswordModel()); } [HttpPost] public ActionResult Password(ChangePasswordModel model) { if (!ModelState.IsValid) { return View(model); } var user = userProvider.CurrentUser; if (user == null) { return View("Unknown", new ErrorModel()); } try { user.ChangePassword(model.Password); adminService.SaveUser(user); return View("PasswordSuccessfullyChanged"); } catch { ControllerContext.AddModelError("password", "Unable to change password"); return View(model); } } [HttpGet] public ActionResult Flags() { var flaggedQuotes = adminService.GetFlaggedQuotes(); return View(flaggedQuotes); } } }