using System; using System.Collections.Generic; using System.Data; using System.Data.Entity; using System.Linq; using System.Net; using System.Web; using System.Web.Mvc; using Teknik.Areas.Blog.Models; using Teknik.Areas.Blog.ViewModels; using Teknik.Areas.Users.Models; using Teknik.Areas.Users.Utility; using Teknik.Controllers; using Teknik.Filters; using Teknik.Utilities; using Teknik.Models; namespace Teknik.Areas.Blog.Controllers { public class BlogController : DefaultController { private TeknikEntities db = new TeknikEntities(); // GET: Blogs/Details/5 [TrackPageView] [AllowAnonymous] public ActionResult Blog(string username) { BlogViewModel model = new BlogViewModel(); // The blog is the main site's blog if (string.IsNullOrEmpty(username)) { ViewBag.Title = Config.BlogConfig.Title + " - " + Config.Title; ViewBag.Description = Config.BlogConfig.Description; bool isAuth = User.IsInRole("Admin"); var foundPosts = db.BlogPosts.Where(p => ((p.System || isAuth) && p.Published)); model = new BlogViewModel(); model.BlogId = Config.BlogConfig.ServerBlogId; User user = (User.IsInRole("Admin")) ? UserHelper.GetUser(db, User.Identity.Name) : null; model.UserId = (user != null) ? user.UserId : 0; model.User = user; model.Title = Config.BlogConfig.Title; model.Description = Config.BlogConfig.Description; model.HasPosts = (foundPosts != null && foundPosts.Any()); return View(model); } else // A user specific blog { Models.Blog blog = db.Blogs.Where(p => p.User.Username == username && p.BlogId != Config.BlogConfig.ServerBlogId).FirstOrDefault(); // find the blog specified if (blog != null) { ViewBag.Title = blog.User.Username + "'s Blog - " + Config.Title; if (!string.IsNullOrEmpty(blog.User.BlogSettings.Title)) { ViewBag.Title = blog.User.BlogSettings.Title + " - " + ViewBag.Title; } ViewBag.Description = blog.User.BlogSettings.Description; bool isAuth = User.IsInRole("Admin"); var foundPosts = db.BlogPosts.Where(p => (p.BlogId == blog.BlogId && !p.System) && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); model = new BlogViewModel(); model.BlogId = blog.BlogId; model.UserId = blog.UserId; model.User = blog.User; model.Title = blog.User.BlogSettings.Title; model.Description = blog.User.BlogSettings.Description; model.HasPosts = (foundPosts != null); return View(model); } } model.Error = true; return View(model); } #region Posts [TrackPageView] [AllowAnonymous] public ActionResult Post(string username, int id) { if (string.IsNullOrEmpty(username)) { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } PostViewModel model = new PostViewModel(); // find the post specified bool isAuth = User.IsInRole("Admin"); var post = db.BlogPosts.Where(p => p.BlogPostId == id && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); if (post != null) { model = new PostViewModel(post); if (post.System) { ViewBag.Title = model.Title + " - " + Config.BlogConfig.Title + " - " + Config.Title; ViewBag.Description = Config.BlogConfig.Description; } else { ViewBag.Title = username + "'s Blog - " + Config.Title; if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title)) { ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title; } ViewBag.Title = model.Title + " - " + ViewBag.Title; ViewBag.Description = post.Blog.User.BlogSettings.Description; } return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Blog Post does not exist."; return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } public ActionResult NewPost(string username, int blogID) { if (string.IsNullOrEmpty(username)) { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } BlogViewModel model = new BlogViewModel(); // find the post specified bool isAuth = User.IsInRole("Admin"); var blog = db.Blogs.Where(p => (p.BlogId == blogID) && (p.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); if (blog != null) { model = new BlogViewModel(blog); if (blog.User.Username == Constants.SERVERUSER) { ViewBag.Title = model.Title + " - " + Config.BlogConfig.Title + " - " + Config.Title; ViewBag.Description = Config.BlogConfig.Description; } else { ViewBag.Title = username + "'s Blog - " + Config.Title; if (!string.IsNullOrEmpty(blog.User.BlogSettings.Title)) { ViewBag.Title = blog.User.BlogSettings.Title + " - " + ViewBag.Title; } ViewBag.Title = model.Title + " - " + ViewBag.Title; ViewBag.Description = blog.User.BlogSettings.Description; } return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Blog does not exist."; return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model); } public ActionResult EditPost(string username, int id) { if (string.IsNullOrEmpty(username)) { return new HttpStatusCodeResult(HttpStatusCode.BadRequest); } PostViewModel model = new PostViewModel(); // find the post specified bool isAuth = User.IsInRole("Admin"); var post = db.BlogPosts.Where(p => (p.Blog.User.Username == username && p.BlogPostId == id) && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); if (post != null) { model = new PostViewModel(post); if (post.System) { ViewBag.Title = model.Title + " - " + Config.BlogConfig.Title + " - " + Config.Title; ViewBag.Description = Config.BlogConfig.Description; } else { ViewBag.Title = username + "'s Blog - " + Config.Title; if (!string.IsNullOrEmpty(post.Blog.User.BlogSettings.Title)) { ViewBag.Title = post.Blog.User.BlogSettings.Title + " - " + ViewBag.Title; } ViewBag.Title = model.Title + " - " + ViewBag.Title; ViewBag.Description = post.Blog.User.BlogSettings.Description; } return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Blog Post does not exist."; return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } [HttpPost] [AllowAnonymous] public ActionResult GetPosts(int blogID, int startPostID, int count) { bool isAuth = User.IsInRole("Admin"); var posts = db.BlogPosts.Where(p => ((p.BlogId == blogID && !p.System) || (p.System && blogID == Config.BlogConfig.ServerBlogId)) && (p.Published || p.Blog.User.Username == User.Identity.Name || isAuth)).OrderByDescending(p => p.DatePosted).Skip(startPostID).Take(count).ToList(); List postViews = new List(); if (posts != null) { foreach (BlogPost post in posts) { postViews.Add(new PostViewModel(post)); } } return PartialView("~/Areas/Blog/Views/Blog/Posts.cshtml", postViews); } [HttpPost] public ActionResult CreatePost(int blogID, string title, string article) { BlogViewModel model = new BlogViewModel(); if (ModelState.IsValid) { bool isAuth = User.IsInRole("Admin"); var blog = db.Blogs.Where(p => (p.BlogId == blogID) && (p.User.Username == User.Identity.Name || isAuth)).FirstOrDefault(); if (blog != null) { if (User.IsInRole("Admin") || db.Blogs.Where(b => b.User.Username == User.Identity.Name).FirstOrDefault() != null) { // Validate the fields if (string.IsNullOrEmpty(title)) { model.Error = true; model.ErrorMessage = "You must write something for the title"; return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model); } if (string.IsNullOrEmpty(article)) { model.Error = true; model.ErrorMessage = "You must write something for the article"; return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model); } bool system = (blogID == Config.BlogConfig.ServerBlogId); if (system) { var user = db.Blogs.Where(b => b.User.Username == User.Identity.Name); if (user != null) { blogID = user.First().BlogId; } } BlogPost post = db.BlogPosts.Create(); post.BlogId = blogID; post.Title = title; post.Article = article; post.System = system; post.DatePosted = DateTime.Now; post.DatePublished = DateTime.Now; post.DateEdited = DateTime.Now; db.BlogPosts.Add(post); db.SaveChanges(); return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = blog.User.Username, id = post.BlogPostId })); } model.Error = true; model.ErrorMessage = "You are not authorized to create a post for this blog"; return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model); } model.Error = true; model.ErrorMessage = "Blog does not exist."; return View("~/Areas/Blog/Views/Blog/Blog.cshtml", model); } model.Error = true; model.ErrorMessage = "No post created"; return View("~/Areas/Blog/Views/Blog/NewPost.cshtml", model); } [HttpPost] public ActionResult EditPost(int postID, string title, string article) { PostViewModel model = new PostViewModel(); if (ModelState.IsValid) { BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault(); if (post != null) { model = new PostViewModel(post); if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name) { // Validate the fields if (string.IsNullOrEmpty(title)) { model.Error = true; model.ErrorMessage = "You must write something for the title"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } if (string.IsNullOrEmpty(article)) { model.Error = true; model.ErrorMessage = "You must write something for the article"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } post.Title = title; post.Article = article; post.DateEdited = DateTime.Now; db.Entry(post).State = EntityState.Modified; db.SaveChanges(); return Redirect(Url.SubRouteUrl("blog", "Blog.Post", new { username = post.Blog.User.Username, id = post.BlogPostId })); } model.Error = true; model.ErrorMessage = "You are not authorized to edit this post"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Post does not exist."; return View("~/Areas/Blog/Views/Blog/ViewPost.cshtml", model); } model.Error = true; model.ErrorMessage = "Invalid Parameters"; return View("~/Areas/Blog/Views/Blog/EditPost.cshtml", model); } [HttpPost] public ActionResult PublishPost(int postID, bool publish) { if (ModelState.IsValid) { BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault(); if (post != null) { if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name) { post.Published = publish; if (publish) post.DatePublished = DateTime.Now; db.Entry(post).State = EntityState.Modified; db.SaveChanges(); return Json(new { result = true }); } return Json(new { error = "You are not authorized to publish this post" }); } return Json(new { error = "No post found" }); } return Json(new { error = "Invalid Parameters" }); } [HttpPost] public ActionResult DeletePost(int postID) { if (ModelState.IsValid) { BlogPost post = db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault(); if (post != null) { if (User.IsInRole("Admin") || post.Blog.User.Username == User.Identity.Name) { db.BlogPosts.Remove(post); db.SaveChanges(); return Json(new { result = true }); } return Json(new { error = "You are not authorized to delete this post" }); } return Json(new { error = "No post found" }); } return Json(new { error = "Invalid Parameters" }); } #endregion #region Comments [HttpPost] [AllowAnonymous] public ActionResult GetComments(int postID, int startCommentID, int count) { var comments = db.BlogComments.Where(p => (p.BlogPostId == postID)).OrderByDescending(p => p.DatePosted).Skip(startCommentID).Take(count).ToList(); List commentViews = new List(); if (comments != null) { foreach (BlogPostComment comment in comments) { commentViews.Add(new CommentViewModel(comment)); } } return PartialView("~/Areas/Blog/Views/Blog/Comments.cshtml", commentViews); } [HttpPost] [AllowAnonymous] public ActionResult GetCommentArticle(int commentID) { BlogPostComment comment = db.BlogComments.Where(p => (p.BlogPostCommentId == commentID)).First(); if (comment != null) { return Json(new { result = comment.Article }); } return Json(new { error = "No article found" }); } [HttpPost] public ActionResult CreateComment(int postID, string article) { if (ModelState.IsValid) { if (db.BlogPosts.Where(p => p.BlogPostId == postID).FirstOrDefault() != null) { BlogPostComment comment = db.BlogComments.Create(); comment.BlogPostId = postID; comment.UserId = UserHelper.GetUser(db, User.Identity.Name).UserId; comment.Article = article; comment.DatePosted = DateTime.Now; comment.DateEdited = DateTime.Now; db.BlogComments.Add(comment); db.SaveChanges(); return Json(new { result = true }); } return Json(new { error = "The post does not exist" }); } return Json(new { error = "Invalid Parameters" }); } [HttpPost] public ActionResult EditComment(int commentID, string article) { if (ModelState.IsValid) { BlogPostComment comment = db.BlogComments.Where(c => c.BlogPostCommentId == commentID).FirstOrDefault(); if (comment != null) { if (comment.User.Username == User.Identity.Name || User.IsInRole("Admin")) { comment.Article = article; comment.DateEdited = DateTime.Now; db.Entry(comment).State = EntityState.Modified; db.SaveChanges(); return Json(new { result = true }); } return Json(new { error = "You don't have permission to edit this comment" }); } return Json(new { error = "No comment found" }); } return Json(new { error = "Invalid Parameters" }); } [HttpPost] public ActionResult DeleteComment(int commentID) { if (ModelState.IsValid) { BlogPostComment comment = db.BlogComments.Where(c => c.BlogPostCommentId == commentID).FirstOrDefault(); if (comment != null) { if (comment.User.Username == User.Identity.Name || User.IsInRole("Admin")) { db.BlogComments.Remove(comment); db.SaveChanges(); return Json(new { result = true }); } return Json(new { error = "You don't have permission to delete this comment" }); } return Json(new { error = "No comment found" }); } return Json(new { error = "Invalid Parameters" }); } #endregion } }