Forgot to actually restrict the report page to admins only

This commit is contained in:
Slendy 2022-02-12 02:57:12 -06:00
commit 146acc4d66
5 changed files with 66 additions and 3 deletions

View file

@ -43,7 +43,7 @@ public class ReportController : ControllerBase
report.Bounds = JsonSerializer.Serialize(report.XmlBounds.Rect, typeof(Rectangle));
report.Players = JsonSerializer.Serialize(report.XmlPlayers, typeof(ReportPlayer[]));
report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
// report.VisiblePlayers = JsonSerializer.Serialize(report.XmlVisiblePlayers, typeof(VisiblePlayer[]));
report.Timestamp = TimeHelper.UnixTimeMilliseconds();
report.ReportingPlayerId = user.UserId;

View file

@ -0,0 +1,55 @@
#nullable enable
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using LBPUnion.ProjectLighthouse.Types;
using LBPUnion.ProjectLighthouse.Types.Reports;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
namespace LBPUnion.ProjectLighthouse.Controllers.Website.Admin;
[ApiController]
[Route("admin/report/{id:int}")]
public class AdminReportController : ControllerBase
{
private readonly Database database;
public AdminReportController(Database database)
{
this.database = database;
}
[HttpGet("remove")]
public async Task<IActionResult> DeleteReport([FromRoute] int id)
{
User? user = this.database.UserFromWebRequest(this.Request);
if (user == null || !user.IsAdmin) return this.StatusCode(403, "");
GriefReport? report = await this.database.Reports.FirstOrDefaultAsync(r => r.ReportId == id);
if (report == null) return this.NotFound();
List<string> hashes = new()
{
report.JpegHash,
report.GriefStateHash,
report.InitialStateHash,
};
foreach (string hash in hashes)
{
if (System.IO.File.Exists($"png{Path.DirectorySeparatorChar}{hash}"))
{
System.IO.File.Delete($"png{Path.DirectorySeparatorChar}{hash}");
}
if (System.IO.File.Exists($"r{Path.DirectorySeparatorChar}{hash}"))
{
System.IO.File.Delete($"r{Path.DirectorySeparatorChar}{hash}");
}
}
this.database.Reports.Remove(report);
await this.database.SaveChangesAsync();
return this.Redirect("~/reports/0");
}
}

View file

@ -46,6 +46,9 @@
<div><b>Level type:</b> @report.LevelType</div>
<div><b>Level owner:</b> @report.LevelOwner</div>
<div id="hover-bounds-@report.ReportId" class="hover-region"><b>Hover to see reported region</b></div>
<a class="ui red tiny button" href="/admin/report/@report.ReportId/remove" title="Delete">
<i class="trash icon" style="margin: 0"></i>
</a>
</div>
<script>
subjects[@report.ReportId] = @Html.Raw(report.Players)

View file

@ -6,6 +6,7 @@ using System.Text.Json;
using System.Threading.Tasks;
using JetBrains.Annotations;
using LBPUnion.ProjectLighthouse.Pages.Layouts;
using LBPUnion.ProjectLighthouse.Types;
using LBPUnion.ProjectLighthouse.Types.Reports;
using LBPUnion.ProjectLighthouse.Types.Settings;
using Microsoft.AspNetCore.Mvc;
@ -31,6 +32,10 @@ public class ReportsPage : BaseLayout
public async Task<IActionResult> OnGet([FromRoute] int pageNumber, [FromQuery] string? name)
{
User? user = this.Database.UserFromWebRequest(this.Request);
if (user == null) return this.Redirect("~/login");
if (!user.IsAdmin) return this.NotFound();
if (string.IsNullOrWhiteSpace(name)) name = "";
this.SearchValue = name.Replace(" ", string.Empty);

View file

@ -16,8 +16,8 @@ public class GriefReport
public long Timestamp { get; set; }
[NotMapped]
[XmlElement("visibleBadge")]
public VisiblePlayer[] XmlVisiblePlayers { get; set; }
// [XmlElement("visibleBadge")]
// public VisiblePlayer[] XmlVisiblePlayers { get; set; }
public string VisiblePlayers { get; set; }