mirror of
https://github.com/LBPUnion/ProjectLighthouse.git
synced 2025-08-02 10:08:39 +00:00
Forgot to actually restrict the report page to admins only
This commit is contained in:
parent
93a5a00a18
commit
146acc4d66
5 changed files with 66 additions and 3 deletions
|
@ -43,7 +43,7 @@ public class ReportController : ControllerBase
|
|||
|
||||
report.Bounds = JsonSerializer.Serialize(report.XmlBounds.Rect, typeof(Rectangle));
|
||||
report.Players = JsonSerializer.Serialize(report.XmlPlayers, typeof(ReportPlayer[]));
|
||||
report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
|
||||
// report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
|
||||
report.Timestamp = TimeHelper.UnixTimeMilliseconds();
|
||||
report.ReportingPlayerId = user.UserId;
|
||||
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
#nullable enable
|
||||
using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Threading.Tasks;
|
||||
using LBPUnion.ProjectLighthouse.Types;
|
||||
using LBPUnion.ProjectLighthouse.Types.Reports;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace LBPUnion.ProjectLighthouse.Controllers.Website.Admin;
|
||||
|
||||
[ApiController]
|
||||
[Route("admin/report/{id:int}")]
|
||||
public class AdminReportController : ControllerBase
|
||||
{
|
||||
private readonly Database database;
|
||||
|
||||
public AdminReportController(Database database)
|
||||
{
|
||||
this.database = database;
|
||||
}
|
||||
|
||||
[HttpGet("remove")]
|
||||
public async Task<IActionResult> DeleteReport([FromRoute] int id)
|
||||
{
|
||||
User? user = this.database.UserFromWebRequest(this.Request);
|
||||
if (user == null || !user.IsAdmin) return this.StatusCode(403, "");
|
||||
|
||||
GriefReport? report = await this.database.Reports.FirstOrDefaultAsync(r => r.ReportId == id);
|
||||
if (report == null) return this.NotFound();
|
||||
|
||||
List<string> hashes = new()
|
||||
{
|
||||
report.JpegHash,
|
||||
report.GriefStateHash,
|
||||
report.InitialStateHash,
|
||||
};
|
||||
foreach (string hash in hashes)
|
||||
{
|
||||
if (System.IO.File.Exists($"png{Path.DirectorySeparatorChar}{hash}"))
|
||||
{
|
||||
System.IO.File.Delete($"png{Path.DirectorySeparatorChar}{hash}");
|
||||
}
|
||||
if (System.IO.File.Exists($"r{Path.DirectorySeparatorChar}{hash}"))
|
||||
{
|
||||
System.IO.File.Delete($"r{Path.DirectorySeparatorChar}{hash}");
|
||||
}
|
||||
}
|
||||
this.database.Reports.Remove(report);
|
||||
|
||||
await this.database.SaveChangesAsync();
|
||||
|
||||
return this.Redirect("~/reports/0");
|
||||
}
|
||||
}
|
|
@ -46,6 +46,9 @@
|
|||
<div><b>Level type:</b> @report.LevelType</div>
|
||||
<div><b>Level owner:</b> @report.LevelOwner</div>
|
||||
<div id="hover-bounds-@report.ReportId" class="hover-region"><b>Hover to see reported region</b></div>
|
||||
<a class="ui red tiny button" href="/admin/report/@report.ReportId/remove" title="Delete">
|
||||
<i class="trash icon" style="margin: 0"></i>
|
||||
</a>
|
||||
</div>
|
||||
<script>
|
||||
subjects[@report.ReportId] = @Html.Raw(report.Players)
|
||||
|
|
|
@ -6,6 +6,7 @@ using System.Text.Json;
|
|||
using System.Threading.Tasks;
|
||||
using JetBrains.Annotations;
|
||||
using LBPUnion.ProjectLighthouse.Pages.Layouts;
|
||||
using LBPUnion.ProjectLighthouse.Types;
|
||||
using LBPUnion.ProjectLighthouse.Types.Reports;
|
||||
using LBPUnion.ProjectLighthouse.Types.Settings;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
@ -31,6 +32,10 @@ public class ReportsPage : BaseLayout
|
|||
|
||||
public async Task<IActionResult> OnGet([FromRoute] int pageNumber, [FromQuery] string? name)
|
||||
{
|
||||
User? user = this.Database.UserFromWebRequest(this.Request);
|
||||
if (user == null) return this.Redirect("~/login");
|
||||
if (!user.IsAdmin) return this.NotFound();
|
||||
|
||||
if (string.IsNullOrWhiteSpace(name)) name = "";
|
||||
|
||||
this.SearchValue = name.Replace(" ", string.Empty);
|
||||
|
|
|
@ -16,8 +16,8 @@ public class GriefReport
|
|||
public long Timestamp { get; set; }
|
||||
|
||||
[NotMapped]
|
||||
[XmlElement("visibleBadge")]
|
||||
public VisiblePlayer[] XmlVisiblePlayers { get; set; }
|
||||
// [XmlElement("visibleBadge")]
|
||||
// public VisiblePlayer[] XmlVisiblePlayers { get; set; }
|
||||
|
||||
public string VisiblePlayers { get; set; }
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue