Redo the permission system.

author: Michael <[email protected]> 2017-05-09 16:00:37 -0400
committer: Michael <[email protected]> 2017-05-09 16:00:37 -0400
commit: c84f6193547370d6786609404e6dbc51f181d7b0 (patch)
tree: b3b9cad1beadddbfe2de9f736424638275691c91 /Project-Unite/Controllers/ForumController.cs
parent: cb653f021d2567f69a63414963b0f5ef739cd641 (diff)
download: project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.gz
project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.bz2
project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.zip
1 files changed, 6 insertions, 11 deletions
diff --git a/Project-Unite/Controllers/ForumController.cs b/Project-Unite/Controllers/ForumController.cs
index de2174c..3eb3c83 100644
--- a/Project-Unite/Controllers/ForumController.cs
+++ b/Project-Unite/Controllers/ForumController.cs
@@ -131,16 +131,16 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanEditPosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanEditOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
-                return new HttpStatusCodeResult(403);
+            if (topic.AuthorId != User.Identity.GetUserId())
+                if (!User.Identity.IsModerator())
+                    return new HttpStatusCodeResult(403);
             var model = new EditPostViewModel();
             model.Id = topic.Id;
             model.Contents = topic.Body;
             return View(model);
         }
 
+        [RequiresModerator]
         [Authorize]
         public ActionResult DeletePost(string id)
         {
@@ -150,10 +150,6 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanDeletePosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanDeleteOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
-                return new HttpStatusCodeResult(403);
             var parent = db.ForumTopics.FirstOrDefault(x => x.Id == topic.Parent);
             bool redirectToParent = false;
             string cat = "";
@@ -184,9 +180,8 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanEditPosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanEditOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
+            if (topic.AuthorId != User.Identity.GetUserId())
+                if (!User.Identity.IsModerator())
                 return new HttpStatusCodeResult(403);
             var edit = new ForumPostEdit();
             edit.EditedAt = DateTime.Now;
author	Michael <[email protected]>	2017-05-09 16:00:37 -0400
committer	Michael <[email protected]>	2017-05-09 16:00:37 -0400
commit	c84f6193547370d6786609404e6dbc51f181d7b0 (patch)
tree	b3b9cad1beadddbfe2de9f736424638275691c91 /Project-Unite/Controllers/ForumController.cs
parent	cb653f021d2567f69a63414963b0f5ef739cd641 (diff)
download	project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.gz project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.bz2 project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.zip