From c84f6193547370d6786609404e6dbc51f181d7b0 Mon Sep 17 00:00:00 2001
From: Michael <Michael@some.where>
Date: Tue, 9 May 2017 16:00:37 -0400
Subject: Redo the permission system.

---
 Project-Unite/Controllers/ForumController.cs | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

(limited to 'Project-Unite/Controllers/ForumController.cs')

diff --git a/Project-Unite/Controllers/ForumController.cs b/Project-Unite/Controllers/ForumController.cs
index de2174c..3eb3c83 100644
--- a/Project-Unite/Controllers/ForumController.cs
+++ b/Project-Unite/Controllers/ForumController.cs
@@ -131,16 +131,16 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanEditPosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanEditOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
-                return new HttpStatusCodeResult(403);
+            if (topic.AuthorId != User.Identity.GetUserId())
+                if (!User.Identity.IsModerator())
+                    return new HttpStatusCodeResult(403);
             var model = new EditPostViewModel();
             model.Id = topic.Id;
             model.Contents = topic.Body;
             return View(model);
         }
 
+        [RequiresModerator]
         [Authorize]
         public ActionResult DeletePost(string id)
         {
@@ -150,10 +150,6 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanDeletePosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanDeleteOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
-                return new HttpStatusCodeResult(403);
             var parent = db.ForumTopics.FirstOrDefault(x => x.Id == topic.Parent);
             bool redirectToParent = false;
             string cat = "";
@@ -184,9 +180,8 @@ namespace Project_Unite.Controllers
             string acl_perm = "CanEditPosts";
             if (topic == null)
                 return new HttpStatusCodeResult(404);
-            if (topic.AuthorId == User.Identity.GetUserId())
-                acl_perm = "CanEditOwnPosts";
-            if (!ACL.Granted(User.Identity.Name, acl_perm))
+            if (topic.AuthorId != User.Identity.GetUserId())
+                if (!User.Identity.IsModerator())
                 return new HttpStatusCodeResult(403);
             var edit = new ForumPostEdit();
             edit.EditedAt = DateTime.Now;
-- 
cgit v1.2.3