Disallow moderators/administrators from issuing cases against each other (#781)

* Disallow moderators/administrators from issuing cases against each other

* Resolve suggestions from reviewers

* Only request user from db if id is valid

ProjectLighthouse.Localization/Error.resx

@@ -30,9 +30,6 @@
     <data name="password_doesnt_match" xml:space="preserve">
         <value>Passwords do not match!</value>
     </data>
-    <data name="token_invalid" xml:space="preserve">
-        <value>Invalid Token</value>
-    </data>
     <data name="captcha_failed" xml:space="preserve">
         <value>You must complete the captcha correctly.</value>
     </data>
@@ -42,7 +39,7 @@
     <data name="email_invalid" xml:space="preserve">
         <value>Email address field is required.</value>
     </data>
-    <data name="user_banned" xml:space="preserve">
+    <data name="action_no_permission" xml:space="preserve">
-        <value>You have been banned. Please contact an administrator for more information.\nReason: {0}</value>
+        <value>You don't have permissions to perform this action.</value>
     </data>
 </root>

ProjectLighthouse.Localization/StringLists/ErrorStrings.cs

@@ -9,8 +9,7 @@ public static class ErrorStrings
     public static readonly TranslatableString EmailInvalid = create("email_invalid");
     public static readonly TranslatableString EmailTaken = create("email_taken");
     public static readonly TranslatableString CaptchaFailed = create("captcha_failed");
-    public static readonly TranslatableString TokenInvalid = create("token_invalid");
+    public static readonly TranslatableString ActionNoPermission = create("action_no_permission");
-    public static readonly TranslatableString UserIsBanned = create("user_banned");
     
     private static TranslatableString create(string key) => new(TranslationAreas.Error, key);
 }

ProjectLighthouse.Servers.Website/Pages/Moderation/NewCasePage.cshtml

@@ -1,4 +1,5 @@
 @page "/moderation/newCase"
+@using LBPUnion.ProjectLighthouse.Localization.StringLists
 @model LBPUnion.ProjectLighthouse.Servers.Website.Pages.Moderation.NewCasePage
 
 @{
@@ -9,6 +10,16 @@
 <form method="post">
     @Html.AntiForgeryToken()
     
+    @if (!string.IsNullOrWhiteSpace(Model.Error))
+    {
+        <div class="ui negative message">
+            <div class="header">
+                @Model.Translate(GeneralStrings.Error)
+            </div>
+            <p style="white-space: pre-line">@Model.Error</p>
+        </div>
+    }
+    
     <input type="hidden" name="type" value="@((int)Model.Type)"/>
     <input type="hidden" name="affectedId" value="@Model.AffectedId"/>
 

ProjectLighthouse.Servers.Website/Pages/Moderation/NewCasePage.cshtml.cs

@@ -1,9 +1,11 @@
 using LBPUnion.ProjectLighthouse.Database;
+using LBPUnion.ProjectLighthouse.Localization.StringLists;
 using LBPUnion.ProjectLighthouse.Servers.Website.Pages.Layouts;
 using LBPUnion.ProjectLighthouse.Types.Entities.Moderation;
 using LBPUnion.ProjectLighthouse.Types.Entities.Profile;
 using LBPUnion.ProjectLighthouse.Types.Moderation.Cases;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
 
 namespace LBPUnion.ProjectLighthouse.Servers.Website.Pages.Moderation;
 
@@ -15,6 +17,8 @@ public class NewCasePage : BaseLayout
     public CaseType Type { get; set; }
     public int AffectedId { get; set; }
 
+    public string? Error { get; private set; }
+
     public IActionResult OnGet([FromQuery] CaseType? type, [FromQuery] int? affectedId)
     {
         UserEntity? user = this.Database.UserFromWebRequest(this.Request);
@@ -42,7 +46,16 @@ public class NewCasePage : BaseLayout
         
         // if id is invalid then return bad request
         if (!await type.Value.IsIdValid((int)affectedId, this.Database)) return this.BadRequest();
-        
+
+        UserEntity? affectedUserEntity =
+            await this.Database.Users.FirstOrDefaultAsync(u => u.UserId == affectedId.Value);
+
+        if (affectedUserEntity?.IsModerator ?? false)
+        {
+            this.Error = this.Translate(ErrorStrings.ActionNoPermission);
+            return this.Page();
+        }
+
         ModerationCaseEntity @case = new()
         {
             Type = type.Value,