The next generation of the Teknik Services. Written in ASP.NET. https://www.teknik.io/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

BlogController.cs 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Data;
  4. using System.Linq;
  5. using System.Net;
  6. using System.Web;
  7. using Teknik.Areas.Blog.Models;
  8. using Teknik.Areas.Blog.ViewModels;
  9. using Teknik.Areas.Users.Models;
  10. using Teknik.Areas.Users.Utility;
  11. using Teknik.Controllers;
  12. using Teknik.Filters;
  13. using Teknik.Utilities;
  14. using Teknik.Models;
  15. using Teknik.Attributes;
  16. using Microsoft.Extensions.Logging;
  17. using Teknik.Configuration;
  18. using Teknik.Data;
  19. using Microsoft.AspNetCore.Authorization;
  20. using Microsoft.AspNetCore.Mvc;
  21. using Microsoft.EntityFrameworkCore;
  22. using Teknik.Logging;
  23. namespace Teknik.Areas.Blog.Controllers
  24. {
  25. [TeknikAuthorize]
  26. [Area("Blog")]
  27. public class BlogController : DefaultController
  28. {
  29. public BlogController(ILogger<Logger> logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { }
  30. [AllowAnonymous]
  31. public IActionResult Blog(string username)
  32. {
  33. BlogViewModel model = new BlogViewModel();
  34. // The blog is the main site's blog
  35. if (string.IsNullOrEmpty(username))
  36. {
  37. ViewBag.Title = _config.BlogConfig.Title + " - " + _config.Title;
  38. ViewBag.Description = _config.BlogConfig.Description;
  39. bool isAuth = User.IsInRole("Admin");
  40. model = new BlogViewModel();
  41. model.BlogId = _config.BlogConfig.ServerBlogId;
  42. User user = (User.IsInRole("Admin")) ? UserHelper.GetUser(_dbContext, User.Identity.Name) : null;
  43. model.UserId = (user != null) ? user.UserId : 0;
  44. model.User = user;
  45. model.Title = _config.BlogConfig.Title;
  46. model.Description = _config.BlogConfig.Description;
  47. var posts = _dbContext.BlogPosts
  48. .Include(p => p.Blog)
  49. .Include(p => p.Blog.User)
  50. .Include(p => p.Comments)
  51. .Include(p => p.Tags)
  52. .Where(p => (p.System || isAuth) && p.Published).OrderByDescending(p => p.DatePosted)
  53. .OrderByDescending(p => p.DatePosted)
  54. .Take(_config.BlogConfig.PostsToLoad).ToList();
  55. List<PostViewModel> postViews = new List<PostViewModel>();
  56. if (posts != null)
  57. {
  58. foreach (BlogPost post in posts)
  59. {
  60. postViews.Add(new PostViewModel(post));
  61. }
  62. }
  63. model.Posts = postViews;
  64. return View(model);
  65. }
  66. else // A user specific blog
  67. {
  68. Models.Blog blog = _dbContext.Blogs
  69. .Include(b => b.User)
  70. .Include(b => b.User.BlogSettings)
  71. .Where(p => p.User.Username == username && p.BlogId != _config.BlogConfig.ServerBlogId)
  72. .FirstOrDefault();
  73. // find the blog specified
  74. if (blog != null)
  75. {
  76. ViewBag.Title = blog.User.Username + "'s Blog - " + _config.Title;
  77. if (!string.IsNullOrEmpty(blog.User.BlogSettings.Title))
  78. {
  79. ViewBag.Title = blog.User.BlogSettings.Title + " - " + ViewBag.Title;
  80. }
  81. ViewBag.Description = blog.User.BlogSettings.Description;
  82. bool isAuth = User.IsInRole("Admin");
  83. model = new BlogViewModel();
  84. model.BlogId = blog.BlogId;
  85. model.UserId = blog.UserId;
  86. model.User = blog.User;
  87. model.Title = blog.User.BlogSettings.Title;
  88. model.Description = blog.User.BlogSettings.Description;
  89. var posts = _dbContext.BlogPosts
  90. .Include(p => p.Blog)
  91. .Include(p => p.Blog.User)
  92. .Include(p => p.Comments)
  93. .Include(p => p.Tags)
  94. .Where(p => (p.BlogId == blog.BlogId && !p.System) && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth))
  95. .OrderByDescending(p => p.DatePosted)
  96. .Take(_config.BlogConfig.PostsToLoad).ToList();
  97. List<PostViewModel> postViews = new List<PostViewModel>();
  98. if (posts != null)
  99. {
  100. foreach (BlogPost post in posts)
  101. {
  102. postViews.Add(new PostViewModel(post));
  103. }
  104. }
  105. model.Posts = postViews;
  106. return View(model);
  107. }
  108. }
  109. model.Error = true;
  110. return View(model);
  111. }
  112. #region Posts
  113. [AllowAnonymous]
  114. public IActionResult Post(string username, int id)
  115. {
  116. if (string.IsNullOrEmpty(username))
  117. {
  118. return new StatusCodeResult((int)HttpStatusCode.BadRequest);
  119. }
  120. PostViewModel model = new PostViewModel();
  121. // find the post specified
  122. bool isAuth = User.IsInRole("Admin");
  123. var post = _dbContext.BlogPosts
  124. .Include(p => p.Blog)
  125. .Include(p => p.Blog.User)
  126. .Include(p => p.Comments)
  127. .Include(p => p.Tags)
  128. .Where(p => p.BlogPostId == id && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth))
  129. .FirstOrDefault();
  130. if (post != null)
  131. {
  132. model = new PostViewModel(post);
  133. if (post.System)
  134. {
  135. ViewBag.Title = model.Title + " - " + _config.BlogConfig.Title + " - " + _config.Title;
  136. ViewBag.Description = _config.BlogConfig.Description;
  137. }
  138. else
  139. {
  140. ViewBag.Title = username + "'s Blog - " + _config.Title;
  141. if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title))
  142. {
  143. ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title;
  144. }
  145. ViewBag.Title = model.Title + " - " + ViewBag.Title;
  146. ViewBag.Description = post.Blog.User.BlogSettings.Description;
  147. }
  148. return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
  149. }
  150. model.Error = true;
  151. model.ErrorMessage = "Blog Post does not exist.";
  152. return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
  153. }
  154. public IActionResult NewPost(string username, int blogID)
  155. {
  156. if (string.IsNullOrEmpty(username))
  157. {
  158. return new StatusCodeResult((int)HttpStatusCode.BadRequest);
  159. }
  160. BlogViewModel model = new BlogViewModel();
  161. // find the post specified
  162. bool isAuth = User.IsInRole("Admin");
  163. var blog = _dbContext.Blogs
  164. .Include(b => b.User)
  165. .Include(b => b.User.BlogSettings)
  166. .Where(p => (p.BlogId == blogID) && (p.User.Username == User.Identity.Name || isAuth))
  167. .FirstOrDefault();
  168. if (blog != null)
  169. {
  170. model = new BlogViewModel(blog);
  171. if (blog.User.Username == Constants.SERVERUSER)
  172. {
  173. ViewBag.Title = "Create Post - " + _config.BlogConfig.Title + " - " + _config.Title;
  174. ViewBag.Description = _config.BlogConfig.Description;
  175. }
  176. else
  177. {
  178. ViewBag.Title = username + "'s Blog - " + _config.Title;
  179. if (!string.IsNullOrEmpty(blog.User.BlogSettings.Title))
  180. {
  181. ViewBag.Title = blog.User.BlogSettings.Title + " - " + ViewBag.Title;
  182. }
  183. ViewBag.Title = "Create Post - " + ViewBag.Title;
  184. ViewBag.Description = blog.User.BlogSettings.Description;
  185. }
  186. return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
  187. }
  188. model.Error = true;
  189. model.ErrorMessage = "Blog does not exist.";
  190. return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model);
  191. }
  192. public IActionResult EditPost(string username, int id)
  193. {
  194. if (string.IsNullOrEmpty(username))
  195. {
  196. return new StatusCodeResult((int)HttpStatusCode.BadRequest);
  197. }
  198. PostViewModel model = new PostViewModel();
  199. // find the post specified
  200. bool isAuth = User.IsInRole("Admin");
  201. var post = _dbContext.BlogPosts
  202. .Include(p => p.Blog)
  203. .Include(p => p.Blog.User)
  204. .Include(p => p.Comments)
  205. .Include(p => p.Tags)
  206. .Where(p => (p.Blog.User.Username == username && p.BlogPostId == id) &&
  207. (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth))
  208. .FirstOrDefault();
  209. if (post != null)
  210. {
  211. model = new PostViewModel(post);
  212. if (post.System)
  213. {
  214. ViewBag.Title = "Edit Post - " + model.Title + " - " + _config.BlogConfig.Title + " - " + _config.Title;
  215. ViewBag.Description = _config.BlogConfig.Description;
  216. }
  217. else
  218. {
  219. ViewBag.Title = username + "'s Blog - " + _config.Title;
  220. if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title))
  221. {
  222. ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title;
  223. }
  224. ViewBag.Title = "Edit Post - " + model.Title + " - " + ViewBag.Title;
  225. ViewBag.Description = post.Blog.User.BlogSettings.Description;
  226. }
  227. return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
  228. }
  229. model.Error = true;
  230. model.ErrorMessage = "Blog Post does not exist.";
  231. return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
  232. }
  233. [HttpPost]
  234. [AllowAnonymous]
  235. public IActionResult GetPosts(int blogID, int startPostID, int count)
  236. {
  237. bool isAuth = User.IsInRole("Admin");
  238. var posts = _dbContext.BlogPosts
  239. .Include(p => p.Blog)
  240. .Include(p => p.Blog.User)
  241. .Include(p => p.Comments)
  242. .Include(p => p.Tags)
  243. .Where(p => ((p.BlogId == blogID && !p.System) || (p.System && blogID == _config.BlogConfig.ServerBlogId)) &&
  244. (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth))
  245. .OrderByDescending(p => p.DatePosted)
  246. .Skip(startPostID)
  247. .Take(count)
  248. .ToList();
  249. List<PostViewModel> postViews = new List<PostViewModel>();
  250. if (posts != null)
  251. {
  252. foreach (BlogPost post in posts)
  253. {
  254. postViews.Add(new PostViewModel(post));
  255. }
  256. }
  257. return PartialView("~/Areas/Blog/Views/Blog/Posts.cshtml", postViews);
  258. }
  259. [HttpPost]
  260. public IActionResult CreatePost(CreatePostViewModel data)
  261. {
  262. BlogViewModel model = new BlogViewModel();
  263. if (ModelState.IsValid)
  264. {
  265. bool isAuth = User.IsInRole("Admin");
  266. var blog = _dbContext.Blogs.Where(p => (p.BlogId == data.BlogId) && (p.User.Username == User.Identity.Name || isAuth)).FirstOrDefault();
  267. if (blog != null)
  268. {
  269. if (User.IsInRole("Admin") || _dbContext.Blogs.Where(b => b.User.Username == User.Identity.Name).FirstOrDefault() != null)
  270. {
  271. // Validate the fields
  272. if (string.IsNullOrEmpty(data.Title))
  273. {
  274. model.Error = true;
  275. model.ErrorMessage = "You must write something for the title";
  276. return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
  277. }
  278. if (string.IsNullOrEmpty(data.Article))
  279. {
  280. model.Error = true;
  281. model.ErrorMessage = "You must write something for the article";
  282. return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
  283. }
  284. bool system = (data.BlogId == _config.BlogConfig.ServerBlogId);
  285. if (system)
  286. {
  287. var user = _dbContext.Blogs.Where(b => b.User.Username == User.Identity.Name);
  288. if (user != null)
  289. {
  290. data.BlogId = user.First().BlogId;
  291. }
  292. }
  293. BlogPost post = new BlogPost();
  294. post.BlogId = data.BlogId;
  295. post.Title = data.Title;
  296. post.Article = data.Article;
  297. post.System = system;
  298. post.DatePosted = DateTime.Now;
  299. post.DatePublished = DateTime.Now;
  300. post.DateEdited = DateTime.Now;
  301. _dbContext.BlogPosts.Add(post);
  302. _dbContext.SaveChanges();
  303. return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = blog.User.Username, id = post.BlogPostId }));
  304. }
  305. model.Error = true;
  306. model.ErrorMessage = "You are not authorized to create a post for this blog";
  307. return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model);
  308. }
  309. model.Error = true;
  310. model.ErrorMessage = "Blog does not exist.";
  311. return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model);
  312. }
  313. model.Error = true;
  314. model.ErrorMessage = "No post created";
  315. return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model);
  316. }
  317. [HttpPost]
  318. public IActionResult EditPost(EditPostViewModel data)
  319. {
  320. PostViewModel model = new PostViewModel();
  321. if (ModelState.IsValid)
  322. {
  323. BlogPost post = _dbContext.BlogPosts.Where(p => p.BlogPostId == data.PostId).FirstOrDefault();
  324. if (post != null)
  325. {
  326. model = new PostViewModel(post);
  327. if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name)
  328. {
  329. // Validate the fields
  330. if (string.IsNullOrEmpty(data.Title))
  331. {
  332. model.Error = true;
  333. model.ErrorMessage = "You must write something for the title";
  334. return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
  335. }
  336. if (string.IsNullOrEmpty(data.Article))
  337. {
  338. model.Error = true;
  339. model.ErrorMessage = "You must write something for the article";
  340. return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
  341. }
  342. post.Title = data.Title;
  343. post.Article = data.Article;
  344. post.DateEdited = DateTime.Now;
  345. _dbContext.Entry(post).State = EntityState.Modified;
  346. _dbContext.SaveChanges();
  347. return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = post.Blog.User.Username, id = post.BlogPostId }));
  348. }
  349. model.Error = true;
  350. model.ErrorMessage = "You are not authorized to edit this post";
  351. return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
  352. }
  353. model.Error = true;
  354. model.ErrorMessage = "Post does not exist.";
  355. return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model);
  356. }
  357. model.Error = true;
  358. model.ErrorMessage = "Invalid Parameters";
  359. return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model);
  360. }
  361. [HttpPost]
  362. public IActionResult PublishPost(int postID, bool publish)
  363. {
  364. if (ModelState.IsValid)
  365. {
  366. BlogPost post = _dbContext.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault();
  367. if (post != null)
  368. {
  369. if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name)
  370. {
  371. post.Published = publish;
  372. if (publish)
  373. post.DatePublished = DateTime.Now;
  374. _dbContext.Entry(post).State = EntityState.Modified;
  375. _dbContext.SaveChanges();
  376. return Json(new { result = true });
  377. }
  378. return Json(new { error = "You are not authorized to publish this post" });
  379. }
  380. return Json(new { error = "No post found" });
  381. }
  382. return Json(new { error = "Invalid Parameters" });
  383. }
  384. [HttpPost]
  385. public IActionResult DeletePost(int postID)
  386. {
  387. if (ModelState.IsValid)
  388. {
  389. BlogPost post = _dbContext.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault();
  390. if (post != null)
  391. {
  392. if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name)
  393. {
  394. _dbContext.BlogPosts.Remove(post);
  395. _dbContext.SaveChanges();
  396. return Json(new { result = true });
  397. }
  398. return Json(new { error = "You are not authorized to delete this post" });
  399. }
  400. return Json(new { error = "No post found" });
  401. }
  402. return Json(new { error = "Invalid Parameters" });
  403. }
  404. #endregion
  405. #region Comments
  406. [HttpPost]
  407. [AllowAnonymous]
  408. public IActionResult GetComments(int postID, int startCommentID, int count)
  409. {
  410. var comments = _dbContext.BlogPostComments.Where(p => (p.BlogPostId == postID)).OrderByDescending(p => p.DatePosted).Skip(startCommentID).Take(count).ToList();
  411. List<CommentViewModel> commentViews = new List<CommentViewModel>();
  412. if (comments != null)
  413. {
  414. foreach (BlogPostComment comment in comments)
  415. {
  416. commentViews.Add(new CommentViewModel(comment));
  417. }
  418. }
  419. return PartialView("~/Areas/Blog/Views/Blog/Comments.cshtml", commentViews);
  420. }
  421. [HttpPost]
  422. [AllowAnonymous]
  423. public IActionResult GetCommentArticle(int commentID)
  424. {
  425. BlogPostComment comment = _dbContext.BlogPostComments.Where(p => (p.BlogPostCommentId == commentID)).First();
  426. if (comment != null)
  427. {
  428. return Json(new { result = comment.Article });
  429. }
  430. return Json(new { error = "No article found" });
  431. }
  432. [HttpPost]
  433. public IActionResult CreateComment(int postID, string article)
  434. {
  435. if (ModelState.IsValid)
  436. {
  437. if (_dbContext.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault() != null)
  438. {
  439. BlogPostComment comment = new BlogPostComment();
  440. comment.BlogPostId = postID;
  441. comment.UserId = UserHelper.GetUser(_dbContext, User.Identity.Name).UserId;
  442. comment.Article = article;
  443. comment.DatePosted = DateTime.Now;
  444. comment.DateEdited = DateTime.Now;
  445. _dbContext.BlogPostComments.Add(comment);
  446. _dbContext.SaveChanges();
  447. return Json(new { result = true });
  448. }
  449. return Json(new { error = "The post does not exist" });
  450. }
  451. return Json(new { error = "Invalid Parameters" });
  452. }
  453. [HttpPost]
  454. public IActionResult EditComment(int commentID, string article)
  455. {
  456. if (ModelState.IsValid)
  457. {
  458. BlogPostComment comment = _dbContext.BlogPostComments.Where(c => c.BlogPostCommentId == commentID).FirstOrDefault();
  459. if (comment != null)
  460. {
  461. if (comment.User.Username == User.Identity.Name || User.IsInRole("Admin"))
  462. {
  463. comment.Article = article;
  464. comment.DateEdited = DateTime.Now;
  465. _dbContext.Entry(comment).State = EntityState.Modified;
  466. _dbContext.SaveChanges();
  467. return Json(new { result = true });
  468. }
  469. return Json(new { error = "You don't have permission to edit this comment" });
  470. }
  471. return Json(new { error = "No comment found" });
  472. }
  473. return Json(new { error = "Invalid Parameters" });
  474. }
  475. [HttpPost]
  476. public IActionResult DeleteComment(int commentID)
  477. {
  478. if (ModelState.IsValid)
  479. {
  480. BlogPostComment comment = _dbContext.BlogPostComments.Where(c => c.BlogPostCommentId == commentID).FirstOrDefault();
  481. if (comment != null)
  482. {
  483. if (comment.User.Username == User.Identity.Name || User.IsInRole("Admin"))
  484. {
  485. _dbContext.BlogPostComments.Remove(comment);
  486. _dbContext.SaveChanges();
  487. return Json(new { result = true });
  488. }
  489. return Json(new { error = "You don't have permission to delete this comment" });
  490. }
  491. return Json(new { error = "No comment found" });
  492. }
  493. return Json(new { error = "Invalid Parameters" });
  494. }
  495. #endregion
  496. }
  497. }