118 lines
3.2 KiB
C#
118 lines
3.2 KiB
C#
using System.Web.Mvc;
|
|
using Portoa.Persistence;
|
|
using Portoa.Web;
|
|
using Portoa.Web.ErrorHandling;
|
|
using VideoGameQuotes.Api;
|
|
using VideoGameQuotes.Web.Models;
|
|
using VideoGameQuotes.Web.Security;
|
|
using VideoGameQuotes.Web.Services;
|
|
|
|
namespace VideoGameQuotes.Web.Controllers {
|
|
[IsValidUser(Group = UserGroup.Admin)]
|
|
public class AdminController : Controller {
|
|
private readonly ICurrentUserProvider userProvider;
|
|
private readonly IAdministrationService adminService;
|
|
|
|
public AdminController(ICurrentUserProvider userProvider, IAdministrationService adminService) {
|
|
this.userProvider = userProvider;
|
|
this.adminService = adminService;
|
|
}
|
|
|
|
[HttpGet]
|
|
public ActionResult Create() {
|
|
var model = new CreateAdminModel();
|
|
ResetCreateAdminModel(model);
|
|
return View(model);
|
|
}
|
|
|
|
private void ResetCreateAdminModel(CreateAdminModel model) {
|
|
model.Users = adminService.GetAllUsers();
|
|
}
|
|
|
|
[HttpPost]
|
|
public ActionResult Create(CreateAdminModel model) {
|
|
if (!ModelState.IsValid) {
|
|
ResetCreateAdminModel(model);
|
|
return View(model);
|
|
}
|
|
|
|
try {
|
|
var user = new User {
|
|
Username = model.Username,
|
|
Group = UserGroup.Admin
|
|
};
|
|
|
|
if (model.UserId > 0) {
|
|
user = adminService.GetUser(model.UserId);
|
|
if (user.Group == UserGroup.Admin) {
|
|
ModelState.AddModelError("UserId", string.Format("The user {0} is already an admin", user.Username));
|
|
} else {
|
|
user.Group = UserGroup.Admin;
|
|
}
|
|
|
|
if (user.Username == null) {
|
|
if (string.IsNullOrWhiteSpace(model.Username)) {
|
|
ModelState.AddModelError("Username", "Username must be given if the user does not have a username");
|
|
} else {
|
|
user.Username = model.Username;
|
|
}
|
|
}
|
|
} else if (string.IsNullOrWhiteSpace(model.Username)) {
|
|
ModelState.AddModelError("Username", "Username must be non-empty if creating a new user");
|
|
}
|
|
|
|
if (!ModelState.IsValid) {
|
|
ResetCreateAdminModel(model);
|
|
return View(model);
|
|
}
|
|
|
|
user.IpAddress = null; //must delete ip address or it's kind of a glaring security hole
|
|
user.ChangePassword(model.Password);
|
|
|
|
adminService.SaveUser(user);
|
|
return View("CreateAdminSuccess", model);
|
|
} catch (EntityNotFoundException) {
|
|
ModelState.AddModelError("UserId", string.Format("User not found for id {0}", model.UserId));
|
|
ResetCreateAdminModel(model);
|
|
return View(model);
|
|
}
|
|
}
|
|
|
|
public ActionResult Index() {
|
|
return View();
|
|
}
|
|
|
|
[HttpGet]
|
|
public ActionResult Password() {
|
|
return View(new ChangePasswordModel());
|
|
}
|
|
|
|
[HttpPost]
|
|
public ActionResult Password(ChangePasswordModel model) {
|
|
if (!ModelState.IsValid) {
|
|
return View(model);
|
|
}
|
|
|
|
var user = userProvider.CurrentUser;
|
|
if (user == null) {
|
|
return View("Unknown", new ErrorModel());
|
|
}
|
|
|
|
try {
|
|
user.ChangePassword(model.Password);
|
|
adminService.SaveUser(user);
|
|
return View("PasswordSuccessfullyChanged");
|
|
} catch {
|
|
ControllerContext.AddModelError("password", "Unable to change password");
|
|
return View(model);
|
|
}
|
|
|
|
}
|
|
|
|
[HttpGet]
|
|
public ActionResult Flags() {
|
|
var flaggedQuotes = adminService.GetFlaggedQuotes();
|
|
return View(flaggedQuotes);
|
|
}
|
|
}
|
|
} |