summaryrefslogtreecommitdiff
path: root/Project-Unite/Controllers
diff options
context:
space:
mode:
authorMichael <[email protected]>2017-05-09 16:00:37 -0400
committerMichael <[email protected]>2017-05-09 16:00:37 -0400
commitc84f6193547370d6786609404e6dbc51f181d7b0 (patch)
treeb3b9cad1beadddbfe2de9f736424638275691c91 /Project-Unite/Controllers
parentcb653f021d2567f69a63414963b0f5ef739cd641 (diff)
downloadproject-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.gz
project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.tar.bz2
project-unite-c84f6193547370d6786609404e6dbc51f181d7b0.zip
Redo the permission system.
Diffstat (limited to 'Project-Unite/Controllers')
-rw-r--r--Project-Unite/Controllers/AdminController.cs3
-rw-r--r--Project-Unite/Controllers/BlogController.cs4
-rw-r--r--Project-Unite/Controllers/DeveloperController.cs29
-rw-r--r--Project-Unite/Controllers/ForumController.cs17
-rw-r--r--Project-Unite/Controllers/ModeratorController.cs74
5 files changed, 12 insertions, 115 deletions
diff --git a/Project-Unite/Controllers/AdminController.cs b/Project-Unite/Controllers/AdminController.cs
index a0f75c3..cbef219 100644
--- a/Project-Unite/Controllers/AdminController.cs
+++ b/Project-Unite/Controllers/AdminController.cs
@@ -21,10 +21,9 @@ namespace Project_Unite.Controllers
private ApplicationDbContext db = new ApplicationDbContext();
[Authorize]
+ [RequiresAdmin]
public ActionResult Index()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessAdminCP"))
- return new HttpStatusCodeResult(403);
return View();
}
}
diff --git a/Project-Unite/Controllers/BlogController.cs b/Project-Unite/Controllers/BlogController.cs
index bc01229..5d964e2 100644
--- a/Project-Unite/Controllers/BlogController.cs
+++ b/Project-Unite/Controllers/BlogController.cs
@@ -130,12 +130,10 @@ namespace Project_Unite.Controllers
return View(blog);
}
+ [RequiresDeveloper]
[Authorize]
public ActionResult PostBlog()
{
- if (!ACL.Granted(User.Identity.Name, "CanBlog"))
- return new HttpStatusCodeResult(403);
-
var model = new PostBlogViewModel();
return View(model);
}
diff --git a/Project-Unite/Controllers/DeveloperController.cs b/Project-Unite/Controllers/DeveloperController.cs
index da0022e..cbe1436 100644
--- a/Project-Unite/Controllers/DeveloperController.cs
+++ b/Project-Unite/Controllers/DeveloperController.cs
@@ -9,23 +9,19 @@ using Project_Unite.Models;
namespace Project_Unite.Controllers
{
+ [RequiresDeveloper]
[Authorize]
public class DeveloperController : Controller
{
// GET: Developer
public ActionResult Index()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
ViewBag.Developer = true;
return View();
}
public ActionResult ToggleObsolete(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var release = db.Downloads.FirstOrDefault(x => x.Id == id);
release.Obsolete = !release.Obsolete;
@@ -35,9 +31,6 @@ namespace Project_Unite.Controllers
public ActionResult MakeUnstable(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var release = db.Downloads.FirstOrDefault(x => x.Id == id);
release.IsStable = false;
@@ -48,9 +41,6 @@ namespace Project_Unite.Controllers
public ActionResult MakeStable(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var release = db.Downloads.FirstOrDefault(x => x.Id == id);
release.IsStable = true;
@@ -61,18 +51,12 @@ namespace Project_Unite.Controllers
public ActionResult Releases()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
var db = new ApplicationDbContext();
return View(db.Downloads);
}
public ActionResult AddRelease()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanReleaseBuild"))
- return new HttpStatusCodeResult(403);
ViewBag.Developer = true;
var build = new PostDownloadViewModel();
@@ -85,10 +69,6 @@ namespace Project_Unite.Controllers
[ValidateAntiForgeryToken]
public ActionResult AddRelease(PostDownloadViewModel model)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanReleaseBuild"))
- return new HttpStatusCodeResult(403);
if (!ModelState.IsValid)
return View(model);
@@ -174,8 +154,6 @@ namespace Project_Unite.Controllers
[Authorize]
public ActionResult Wiki()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
ViewBag.Developer = true;
var db = new ApplicationDbContext();
var cats = db.WikiCategories;
@@ -184,9 +162,6 @@ namespace Project_Unite.Controllers
public ActionResult AddWikiCategory()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
-
ViewBag.Developer = true;
var mdl = new AddWikiCategoryViewModel();
@@ -198,8 +173,6 @@ namespace Project_Unite.Controllers
[ValidateAntiForgeryToken]
public ActionResult AddWikiCategory(AddWikiCategoryViewModel model)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessDevCP"))
- return new HttpStatusCodeResult(403);
ViewBag.Developer = true;
if (!ModelState.IsValid)
return View(model);
diff --git a/Project-Unite/Controllers/ForumController.cs b/Project-Unite/Controllers/ForumController.cs
index de2174c..3eb3c83 100644
--- a/Project-Unite/Controllers/ForumController.cs
+++ b/Project-Unite/Controllers/ForumController.cs
@@ -131,16 +131,16 @@ namespace Project_Unite.Controllers
string acl_perm = "CanEditPosts";
if (topic == null)
return new HttpStatusCodeResult(404);
- if (topic.AuthorId == User.Identity.GetUserId())
- acl_perm = "CanEditOwnPosts";
- if (!ACL.Granted(User.Identity.Name, acl_perm))
- return new HttpStatusCodeResult(403);
+ if (topic.AuthorId != User.Identity.GetUserId())
+ if (!User.Identity.IsModerator())
+ return new HttpStatusCodeResult(403);
var model = new EditPostViewModel();
model.Id = topic.Id;
model.Contents = topic.Body;
return View(model);
}
+ [RequiresModerator]
[Authorize]
public ActionResult DeletePost(string id)
{
@@ -150,10 +150,6 @@ namespace Project_Unite.Controllers
string acl_perm = "CanDeletePosts";
if (topic == null)
return new HttpStatusCodeResult(404);
- if (topic.AuthorId == User.Identity.GetUserId())
- acl_perm = "CanDeleteOwnPosts";
- if (!ACL.Granted(User.Identity.Name, acl_perm))
- return new HttpStatusCodeResult(403);
var parent = db.ForumTopics.FirstOrDefault(x => x.Id == topic.Parent);
bool redirectToParent = false;
string cat = "";
@@ -184,9 +180,8 @@ namespace Project_Unite.Controllers
string acl_perm = "CanEditPosts";
if (topic == null)
return new HttpStatusCodeResult(404);
- if (topic.AuthorId == User.Identity.GetUserId())
- acl_perm = "CanEditOwnPosts";
- if (!ACL.Granted(User.Identity.Name, acl_perm))
+ if (topic.AuthorId != User.Identity.GetUserId())
+ if (!User.Identity.IsModerator())
return new HttpStatusCodeResult(403);
var edit = new ForumPostEdit();
edit.EditedAt = DateTime.Now;
diff --git a/Project-Unite/Controllers/ModeratorController.cs b/Project-Unite/Controllers/ModeratorController.cs
index 7872112..99ef8b7 100644
--- a/Project-Unite/Controllers/ModeratorController.cs
+++ b/Project-Unite/Controllers/ModeratorController.cs
@@ -9,47 +9,33 @@ using Project_Unite.Models;
namespace Project_Unite.Controllers
{
+ [RequiresModerator]
[Authorize]
public class ModeratorController : Controller
{
// GET: Moderator
public ActionResult Index()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
ViewBag.Moderator = true;
return View();
}
public ActionResult UserDetails(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.DisplayName == id);
- if (usr == null || !ACL.Granted(User.Identity.Name, "CanViewUserInfo"))
- return new HttpStatusCodeResult(403);
+ if (usr == null)
+ return new HttpStatusCodeResult(404);
return View(usr);
}
public ActionResult Users()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanViewUserInfo"))
- return new HttpStatusCodeResult(403);
-
return View(new ApplicationDbContext().Users);
}
public ActionResult Unban(string id, string returnUrl = "")
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanIssueBan"))
- return new HttpStatusCodeResult(403);
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.Id == id);
@@ -73,10 +59,6 @@ namespace Project_Unite.Controllers
public ActionResult Ban(string id, string returnUrl = "")
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanIssueBan"))
- return new HttpStatusCodeResult(403);
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.Id == id);
@@ -102,10 +84,6 @@ namespace Project_Unite.Controllers
public ActionResult Unmute(string id, string returnUrl = "")
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanIssueMute"))
- return new HttpStatusCodeResult(403);
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.Id == id);
@@ -130,13 +108,6 @@ namespace Project_Unite.Controllers
[ValidateAntiForgeryToken]
public ActionResult ChangeUserName(string id, ApplicationUser model, string returnUrl = "")
{
- string acl_r = "CanEditUsernames";
- if (id == User.Identity.GetUserId())
- acl_r = "CanEditUsername";
-
- if (!ACL.Granted(User.Identity.Name, acl_r))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.Id == id);
if (usr == null)
@@ -155,20 +126,12 @@ namespace Project_Unite.Controllers
public ActionResult Lock(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var forum = db.ForumTopics.FirstOrDefault(x => x.Discriminator == id);
if (forum == null)
return new HttpStatusCodeResult(404);
string perm = "CanLockTopics";
var uid = User.Identity.GetUserId();
- if (forum.AuthorId == uid)
- perm = "CanLockOwnTopics";
-
- if (!ACL.Granted(User.Identity.Name, perm))
- return new HttpStatusCodeResult(403);
if (forum.IsLocked == true) //Save the DB queries...
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
@@ -183,20 +146,12 @@ namespace Project_Unite.Controllers
public ActionResult Unlock(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var forum = db.ForumTopics.FirstOrDefault(x => x.Discriminator == id);
if (forum == null)
return new HttpStatusCodeResult(404);
string perm = "CanUnlockTopics";
var uid = User.Identity.GetUserId();
- if (forum.AuthorId == uid)
- perm = "CanUnlockOwnTopics";
-
- if (!ACL.Granted(User.Identity.Name, perm))
- return new HttpStatusCodeResult(403);
if (forum.IsLocked == false) //Save the DB queries...
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
@@ -212,20 +167,12 @@ namespace Project_Unite.Controllers
public ActionResult List(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var forum = db.ForumTopics.FirstOrDefault(x => x.Discriminator == id);
if (forum == null)
return new HttpStatusCodeResult(404);
string perm = "CanUnlistTopics";
var uid = User.Identity.GetUserId();
- if (forum.AuthorId == uid)
- perm = "CanUnlistOwnTopics";
-
- if (!ACL.Granted(User.Identity.Name, perm))
- return new HttpStatusCodeResult(403);
if (forum.IsUnlisted == false) //Save the DB queries...
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
@@ -240,20 +187,12 @@ namespace Project_Unite.Controllers
public ActionResult Unlist(string id)
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
var forum = db.ForumTopics.FirstOrDefault(x => x.Discriminator == id);
if (forum == null)
return new HttpStatusCodeResult(404);
string perm = "CanUnlistTopics";
var uid = User.Identity.GetUserId();
- if (forum.AuthorId == uid)
- perm = "CanUnlistOwnTopics";
-
- if (!ACL.Granted(User.Identity.Name, perm))
- return new HttpStatusCodeResult(403);
if (forum.IsUnlisted == true) //Save the DB queries...
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
@@ -280,9 +219,6 @@ namespace Project_Unite.Controllers
public ActionResult Logs()
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
-
var db = new ApplicationDbContext();
return View(db.AuditLogs.Where(x => x.Level != AuditLogLevel.Admin));
@@ -290,10 +226,6 @@ namespace Project_Unite.Controllers
public ActionResult Mute(string id, string returnUrl = "")
{
- if (!ACL.Granted(User.Identity.Name, "CanAccessModCP"))
- return new HttpStatusCodeResult(403);
- if (!ACL.Granted(User.Identity.Name, "CanIssueMute"))
- return new HttpStatusCodeResult(403);
var db = new ApplicationDbContext();
var usr = db.Users.FirstOrDefault(x => x.Id == id);
generated by cgit v1.2.3 (git 2.46.0) at 2026-06-04 11:31:41 +0000