jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Views/User/UserParts/_Comments.cshtml
+3 -4
View File
@@ -6,7 +6,6 @@
var canRemoveOwnComments = Authorization.Has(Claims.User.Actions.RemoveOwnComments);
}
<div id="Comments" class="@(canAddComments ? "canAddComments" : "cannotAddComments") @(canRemoveAnyComments ? "canRemoveAnyComments" : "cannotRemoveAnyComments") @(canRemoveOwnComments ? "canRemoveOwnComments" : "cannotRemoveOwnComments")" data-id="@Model.User.UserId" data-userid="@CurrentUser.UserId" data-addurl="@Url.Action(MVC.API.User.CommentAdd(Model.User.UserId))" data-removeurl="@Url.Action(MVC.API.User.CommentRemove())" data-geturl="@Url.Action(MVC.API.User.Comment())">
@Html.AntiForgeryToken()
@if (canAddComments)
{
<div class="commentInput">
@@ -48,7 +47,7 @@
}
async function onCommentAddedAsync(id) {
const formData = new FormData();
formData.append('__RequestVerificationToken', $comments.find('input[name="__RequestVerificationToken"]').val());
formData.append('__RequestVerificationToken', document.body.dataset.antiforgery);
formData.append('id', id);
const response = await fetch($comments.attr('data-geturl'), {
@@ -136,7 +135,7 @@
$commentInput.prop('disabled', true);
const formData = new FormData();
formData.append('__RequestVerificationToken', $comments.find('input[name="__RequestVerificationToken"]').val());
formData.append('__RequestVerificationToken', document.body.dataset.antiforgery);
formData.append('comment', comment);
const response = await fetch($comments.attr('data-addurl'), {
@@ -194,7 +193,7 @@
}
async function removeCommentAsync(commentId) {
const formData = new FormData();
formData.append('__RequestVerificationToken', $comments.find('input[name="__RequestVerificationToken"]').val());
formData.append('__RequestVerificationToken', document.body.dataset.antiforgery);
formData.append('id', commentId);
const response = await fetch($comments.attr('data-removeurl'), {
Disco.Web/Views/User/UserParts/_Comments.generated.cs
+67 -79
View File
@@ -139,25 +139,14 @@ WriteLiteral("\"");
WriteLiteral(">\r\n");
WriteLiteral(" ");
#line 9 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(Html.AntiForgeryToken());
#line default
#line hidden
WriteLiteral("\r\n");
#line 10 "..\..\Views\User\UserParts\_Comments.cshtml"
#line default
#line hidden
#line 10 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 9 "..\..\Views\User\UserParts\_Comments.cshtml"
if (canAddComments)
{
@@ -189,7 +178,7 @@ WriteLiteral(" class=\"fa fa-comment\"");
WriteLiteral("></i></button>\r\n </div>\r\n");
#line 16 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 15 "..\..\Views\User\UserParts\_Comments.cshtml"
}
@@ -202,13 +191,13 @@ WriteLiteral(" class=\"commentOutput\"");
WriteLiteral(">\r\n");
#line 18 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 17 "..\..\Views\User\UserParts\_Comments.cshtml"
#line default
#line hidden
#line 18 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 17 "..\..\Views\User\UserParts\_Comments.cshtml"
foreach (var c in Model.User.UserComments.OrderBy(m => m.Timestamp))
{
@@ -222,7 +211,7 @@ WriteLiteral(" class=\"comment\"");
WriteLiteral(" data-commentid=\"");
#line 20 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 19 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(c.Id);
@@ -237,7 +226,7 @@ WriteLiteral(" class=\"author\"");
WriteLiteral(">");
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 20 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(c.TechUser.ToStringFriendly());
@@ -246,7 +235,7 @@ WriteLiteral(">");
WriteLiteral("</span>");
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 20 "..\..\Views\User\UserParts\_Comments.cshtml"
if (canRemoveAnyComments || (canRemoveOwnComments && c.TechUserId.Equals(CurrentUser.UserId, StringComparison.OrdinalIgnoreCase)))
{
@@ -259,7 +248,7 @@ WriteLiteral(" class=\"remove fa fa-times-circle\"");
WriteLiteral("></span>");
#line 22 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
}
#line default
@@ -271,7 +260,7 @@ WriteLiteral(" class=\"timestamp\"");
WriteLiteral(" data-livestamp=\"");
#line 22 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(c.Timestamp.ToUnixEpoc());
@@ -279,20 +268,20 @@ WriteLiteral(" data-livestamp=\"");
#line hidden
WriteLiteral("\"");
WriteAttribute("title", Tuple.Create(" title=\"", 1701), Tuple.Create("\"", 1738)
WriteAttribute("title", Tuple.Create(" title=\"", 1671), Tuple.Create("\"", 1708)
#line 22 "..\..\Views\User\UserParts\_Comments.cshtml"
, Tuple.Create(Tuple.Create("", 1709), Tuple.Create<System.Object, System.Int32>(c.Timestamp.ToFullDateTime()
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
, Tuple.Create(Tuple.Create("", 1679), Tuple.Create<System.Object, System.Int32>(c.Timestamp.ToFullDateTime()
#line default
#line hidden
, 1709), false)
, 1679), false)
);
WriteLiteral(">");
#line 22 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 21 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(c.Timestamp.ToFullDateTime());
@@ -305,7 +294,7 @@ WriteLiteral(" class=\"comment\"");
WriteLiteral(">");
#line 23 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 22 "..\..\Views\User\UserParts\_Comments.cshtml"
Write(c.Comments.ToHtmlComment());
@@ -314,7 +303,7 @@ WriteLiteral(">");
WriteLiteral("</div>\r\n </div>\r\n");
#line 25 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 24 "..\..\Views\User\UserParts\_Comments.cshtml"
}
@@ -331,40 +320,40 @@ WriteLiteral(" </div>\r\n</div>\r\n<script>\r\n if (!document.DiscoFunctio
"l to Bottom\r\n }\r\n });\r\n\r\n function onCommentAdded(id) {" +
"\r\n onCommentAddedAsync(id);\r\n }\r\n async function onComm" +
"entAddedAsync(id) {\r\n const formData = new FormData();\r\n f" +
"ormData.append(\'__RequestVerificationToken\', $comments.find(\'input[name=\"__Reque" +
"stVerificationToken\"]\').val());\r\n formData.append(\'id\', id);\r\n\r\n " +
" const response = await fetch($comments.attr(\'data-geturl\'), {\r\n " +
" method: \'POST\',\r\n body: formData\r\n });\r\n\r\n " +
" if (!response.ok) {\r\n alert(\'Unable to load live comment \' " +
"+ id + \': \' + response.statusText);\r\n } else {\r\n const" +
" comment = await response.json();\r\n\r\n if ($comments.hasClass(\'can" +
"RemoveAnyComments\'))\r\n renderComment(comment, false, true);\r\n" +
" else if ($comments.hasClass(\'canRemoveOwnComments\'))\r\n " +
" renderComment(comment, false, (comment.AuthorId === $comments.attr(\'da" +
"ta-userid\')));\r\n else\r\n renderComment(comment," +
" false, false);\r\n }\r\n }\r\n function onCommentRemoved(id)" +
" {\r\n $commentOutput.children(\'div[data-commentid=\"\' + id + \'\"]\').slid" +
"eUp(300).delay(300).queue(function () {\r\n const $this = $(this);\r" +
"\n $this.find(\'.timestamp\').livestamp(\'destroy\');\r\n " +
" $this.remove();\r\n });\r\n }\r\n function renderComment(c, " +
"quick, canRemove) {\r\n let t = \'<div><span class=\"author\" />\';\r\n " +
" if (canRemove)\r\n t += \'<span class=\"remove fa fa-times-circ" +
"le\" />\';\r\n t += \'<span class=\"timestamp\" /><div class=\"comment\" /></d" +
"iv>\';\r\n\r\n const e = $(t);\r\n e.attr(\'data-commentid\', c.Id)" +
";\r\n e.find(\'.author\').text(c.Author);\r\n e.find(\'.timestamp" +
"\').text(c.TimestampFull).attr(\'title\', c.TimestampFull).livestamp(c.TimestampUni" +
"xEpoc);\r\n e.find(\'.comment\').html(c.HtmlComments);\r\n\r\n $co" +
"mmentOutput.append(e);\r\n\r\n if (!quick) {\r\n e.animate({" +
" backgroundColor: \'#ffff99\' }, 500, function () {\r\n e.animate" +
"({ backgroundColor: \'#fafafa\' }, 500, function () {\r\n e.c" +
"ss(\'background-color\', \'\');\r\n });\r\n });\r\n " +
" $commentOutput.animate({ scrollTop: $commentOutput[0].scrollHeight }," +
" 250)\r\n }\r\n }\r\n\r\n document.DiscoFunctions.onCommentAdde" +
"d = onCommentAdded;\r\n document.DiscoFunctions.onCommentRemoved = onCommen" +
"tRemoved;\r\n });\r\n</script>\r\n");
"ormData.append(\'__RequestVerificationToken\', document.body.dataset.antiforgery);" +
"\r\n formData.append(\'id\', id);\r\n\r\n const response = await f" +
"etch($comments.attr(\'data-geturl\'), {\r\n method: \'POST\',\r\n " +
" body: formData\r\n });\r\n\r\n if (!response.ok) {\r\n " +
" alert(\'Unable to load live comment \' + id + \': \' + response.statusTe" +
"xt);\r\n } else {\r\n const comment = await response.json(" +
");\r\n\r\n if ($comments.hasClass(\'canRemoveAnyComments\'))\r\n " +
" renderComment(comment, false, true);\r\n else if ($comme" +
"nts.hasClass(\'canRemoveOwnComments\'))\r\n renderComment(comment" +
", false, (comment.AuthorId === $comments.attr(\'data-userid\')));\r\n " +
" else\r\n renderComment(comment, false, false);\r\n }\r" +
"\n }\r\n function onCommentRemoved(id) {\r\n $commentOutput." +
"children(\'div[data-commentid=\"\' + id + \'\"]\').slideUp(300).delay(300).queue(funct" +
"ion () {\r\n const $this = $(this);\r\n $this.find(\'.t" +
"imestamp\').livestamp(\'destroy\');\r\n $this.remove();\r\n }" +
");\r\n }\r\n function renderComment(c, quick, canRemove) {\r\n " +
" let t = \'<div><span class=\"author\" />\';\r\n if (canRemove)\r\n " +
" t += \'<span class=\"remove fa fa-times-circle\" />\';\r\n t += \'<sp" +
"an class=\"timestamp\" /><div class=\"comment\" /></div>\';\r\n\r\n const e = " +
"$(t);\r\n e.attr(\'data-commentid\', c.Id);\r\n e.find(\'.author\'" +
").text(c.Author);\r\n e.find(\'.timestamp\').text(c.TimestampFull).attr(\'" +
"title\', c.TimestampFull).livestamp(c.TimestampUnixEpoc);\r\n e.find(\'.c" +
"omment\').html(c.HtmlComments);\r\n\r\n $commentOutput.append(e);\r\n\r\n " +
" if (!quick) {\r\n e.animate({ backgroundColor: \'#ffff99\' }, " +
"500, function () {\r\n e.animate({ backgroundColor: \'#fafafa\' }" +
", 500, function () {\r\n e.css(\'background-color\', \'\');\r\n " +
" });\r\n });\r\n $commentOutput.anima" +
"te({ scrollTop: $commentOutput[0].scrollHeight }, 250)\r\n }\r\n }" +
"\r\n\r\n document.DiscoFunctions.onCommentAdded = onCommentAdded;\r\n do" +
"cument.DiscoFunctions.onCommentRemoved = onCommentRemoved;\r\n });\r\n</script>\r\n" +
"");
#line 107 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 106 "..\..\Views\User\UserParts\_Comments.cshtml"
if (canAddComments)
{
@@ -385,25 +374,25 @@ WriteLiteral(" <script>\r\n $(function () {\r\n const $comm
" alert(\'Enter a comment to post\');\r\n $commentInput.focus(" +
");\r\n return;\r\n }\r\n\r\n $commentIn" +
"put.prop(\'disabled\', true);\r\n\r\n const formData = new FormData();\r" +
"\n formData.append(\'__RequestVerificationToken\', $comments.find(\'i" +
"nput[name=\"__RequestVerificationToken\"]\').val());\r\n formData.appe" +
"nd(\'comment\', comment);\r\n\r\n const response = await fetch($comment" +
"s.attr(\'data-addurl\'), {\r\n method: \'POST\',\r\n " +
" body: formData\r\n });\r\n\r\n if (response.ok) {\r\n " +
" $commentInput.val(\'\').prop(\'disabled\', false).focus();\r\n " +
" } else {\r\n alert(\'Unable to add comment: \' + respon" +
"se.statusText);\r\n $commentInput.prop(\'disabled\', false).focus" +
"();\r\n }\r\n }\r\n });\r\n </script>\r\n");
"\n formData.append(\'__RequestVerificationToken\', document.body.dat" +
"aset.antiforgery);\r\n formData.append(\'comment\', comment);\r\n\r\n " +
" const response = await fetch($comments.attr(\'data-addurl\'), {\r\n " +
" method: \'POST\',\r\n body: formData\r\n " +
" });\r\n\r\n if (response.ok) {\r\n $commentInput" +
".val(\'\').prop(\'disabled\', false).focus();\r\n } else {\r\n " +
" alert(\'Unable to add comment: \' + response.statusText);\r\n " +
" $commentInput.prop(\'disabled\', false).focus();\r\n }\r\n " +
" }\r\n });\r\n </script>\r\n");
#line 156 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 155 "..\..\Views\User\UserParts\_Comments.cshtml"
}
#line default
#line hidden
#line 157 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 156 "..\..\Views\User\UserParts\_Comments.cshtml"
if (canRemoveAnyComments || canRemoveOwnComments)
{
@@ -430,17 +419,16 @@ WriteLiteral(" <script>\r\n $(function () {\r\n const $comm
" $dialogRemove.dialog(\"close\");\r\n }\r\n }).dialo" +
"g(\'open\');\r\n }\r\n async function removeCommentAsync(comment" +
"Id) {\r\n const formData = new FormData();\r\n formDat" +
"a.append(\'__RequestVerificationToken\', $comments.find(\'input[name=\"__RequestVeri" +
"ficationToken\"]\').val());\r\n formData.append(\'id\', commentId);\r\n\r\n" +
" const response = await fetch($comments.attr(\'data-removeurl\'), {" +
"\r\n method: \'POST\',\r\n body: formData\r\n " +
" });\r\n\r\n if (!response.ok) {\r\n alert" +
"(\'Unable to remove comment: \' + response.statusText);\r\n }\r\n " +
" $dialogRemove.dialog(\"close\");\r\n }\r\n });\r\n </scri" +
"pt>\r\n");
"a.append(\'__RequestVerificationToken\', document.body.dataset.antiforgery);\r\n " +
" formData.append(\'id\', commentId);\r\n\r\n const response " +
"= await fetch($comments.attr(\'data-removeurl\'), {\r\n method: \'" +
"POST\',\r\n body: formData\r\n });\r\n\r\n " +
" if (!response.ok) {\r\n alert(\'Unable to remove comment: \' +" +
" response.statusText);\r\n }\r\n $dialogRemove.dialog(" +
"\"close\");\r\n }\r\n });\r\n </script>\r\n");
#line 212 "..\..\Views\User\UserParts\_Comments.cshtml"
#line 211 "..\..\Views\User\UserParts\_Comments.cshtml"
}
Disco.Web/Views/User/UserParts/_Resources.cshtml
+24 -26
View File
@@ -18,8 +18,7 @@
<table id="userShowResources">
<tr>
<td id="AttachmentsContainer">
<div id="Attachments" class="@(canAddAttachments ? "canAddAttachments" : "cannotAddAttachments") @(canRemoveAnyAttachments ? "canRemoveAnyAttachments" : "cannotRemoveAnyAttachments") @(canRemoveOwnAttachments ? "canRemoveOwnAttachments" : "cannotRemoveOwnAttachments")" data-userid="@CurrentUser.UserId" data-uploadurl="@(Url.Action(MVC.API.User.AttachmentUpload(Model.User.UserId, null)))" data-onlineuploadurl="@(Url.Action(MVC.API.User.AttachmentOnlineUploadSession(Model.User.UserId)))" data-qrcodeurl="@Url.Content("~/ClientSource/Scripts/Modules/qrcode.min.js")">
@Html.AntiForgeryToken()
<div id="Attachments" class="@(canAddAttachments ? "canAddAttachments" : "cannotAddAttachments") @(canRemoveAnyAttachments ? "canRemoveAnyAttachments" : "cannotRemoveAnyAttachments") @(canRemoveOwnAttachments ? "canRemoveOwnAttachments" : "cannotRemoveOwnAttachments")" data-userid="@CurrentUser.UserId" data-uploadurl="@(Url.Action(MVC.API.User.AttachmentUpload(Model.User.UserId, null)))" data-onlineuploadurl="@(Url.Action(MVC.API.User.AttachmentOnlineUploadSession(Model.User.UserId)))" data-qrcodeurl="@Url.Content("~/ClientSource/Scripts/Modules/qrcode.min.js")" data-removeurl="@Url.Action(MVC.API.User.AttachmentRemove())">
<div class="Disco-AttachmentUpload-DropTarget">
<h2>Drop Attachments Here</h2>
</div>
@@ -236,8 +235,6 @@
function removeAttachment() {
$this = $(this).closest('a');
var data = { id: $this.attr('data-attachmentid') };
if (!$dialogRemoveAttachment) {
$dialogRemoveAttachment = $('#dialogRemoveAttachment').dialog({
resizable: false,
@@ -247,35 +244,36 @@
});
}
$dialogRemoveAttachment.dialog("enable");
async function removeAttachmentAsync(id) {
const body = new FormData();
body.append('__RequestVerificationToken', document.body.dataset.antiforgery);
body.append('id', id);
try {
const response = await fetch($Attachments.attr('data-removeurl'), {
body: body,
method: 'POST'
});
if (!response.ok) {
alert('Unable to remove attachment: ' + response.statusText);
}
$dialogRemoveAttachment.dialog("close");
} catch (e) {
alert('Unable to remove attachment: ' + e);
$dialogRemoveAttachment.dialog("close");
}
}
const attachmentId = $this.attr('data-attachmentid');
$dialogRemoveAttachment.dialog('option', 'buttons', {
"Remove": function () {
$dialogRemoveAttachment.dialog("disable");
$dialogRemoveAttachment.dialog("option", "buttons", null);
$.ajax({
url: '@Url.Action(MVC.API.User.AttachmentRemove())',
dataType: 'json',
data: data,
success: function (d) {
if (d == 'OK') {
// Do nothing, await SignalR notification
} else {
alert('Unable to remove attachment: ' + d);
}
$dialogRemoveAttachment.dialog("close");
},
error: function (jqXHR, textStatus, errorThrown) {
alert('Unable to remove attachment: ' + textStatus);
$dialogRemoveAttachment.dialog("close");
}
});
removeAttachmentAsync(attachmentId);
},
Cancel: function () {
$dialogRemoveAttachment.dialog("close");
}
});
$dialogRemoveAttachment.dialog('open');
}).dialog('open');
return false;
}
Disco.Web/Views/User/UserParts/_Resources.generated.cs
+92 -110
View File
@@ -149,18 +149,18 @@ WriteLiteral(" data-qrcodeurl=\"");
#line hidden
WriteLiteral("\"");
WriteLiteral(">\r\n");
WriteLiteral(" ");
WriteLiteral(" data-removeurl=\"");
#line 22 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Html.AntiForgeryToken());
#line 21 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Url.Action(MVC.API.User.AttachmentRemove()));
#line default
#line hidden
WriteLiteral("\r\n <div");
WriteLiteral("\"");
WriteLiteral(">\r\n <div");
WriteLiteral(" class=\"Disco-AttachmentUpload-DropTarget\"");
@@ -172,13 +172,13 @@ WriteLiteral(" class=\"attachmentOutput\"");
WriteLiteral(">\r\n");
#line 27 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 26 "..\..\Views\User\UserParts\_Resources.cshtml"
#line default
#line hidden
#line 27 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 26 "..\..\Views\User\UserParts\_Resources.cshtml"
if (Model.User.UserAttachments != null)
{
foreach (var ua in Model.User.UserAttachments.OrderByDescending(a => a.Id))
@@ -189,20 +189,20 @@ WriteLiteral(">\r\n");
#line hidden
WriteLiteral(" <a");
WriteAttribute("href", Tuple.Create(" href=\"", 1868), Tuple.Create("\"", 1926)
WriteAttribute("href", Tuple.Create(" href=\"", 1884), Tuple.Create("\"", 1942)
#line 31 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 1875), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.AttachmentDownload(ua.Id))
#line 30 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 1891), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.AttachmentDownload(ua.Id))
#line default
#line hidden
, 1875), false)
, 1891), false)
);
WriteLiteral(" data-attachmentid=\"");
#line 31 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 30 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.Id);
@@ -213,7 +213,7 @@ WriteLiteral("\"");
WriteLiteral(" data-mimetype=\"");
#line 31 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 30 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.MimeType);
@@ -225,28 +225,28 @@ WriteLiteral(">\r\n <span");
WriteLiteral(" class=\"icon\"");
WriteAttribute("title", Tuple.Create(" title=\"", 2040), Tuple.Create("\"", 2060)
WriteAttribute("title", Tuple.Create(" title=\"", 2056), Tuple.Create("\"", 2076)
#line 32 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2048), Tuple.Create<System.Object, System.Int32>(ua.Filename
#line 31 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2064), Tuple.Create<System.Object, System.Int32>(ua.Filename
#line default
#line hidden
, 2048), false)
, 2064), false)
);
WriteLiteral(">\r\n <img");
WriteLiteral(" alt=\"Attachment Thumbnail\"");
WriteAttribute("src", Tuple.Create(" src=\"", 2135), Tuple.Create("\"", 2195)
WriteAttribute("src", Tuple.Create(" src=\"", 2151), Tuple.Create("\"", 2211)
#line 33 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2141), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.AttachmentThumbnail(ua.Id))
#line 32 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2157), Tuple.Create<System.Object, System.Int32>(Url.Action(MVC.API.User.AttachmentThumbnail(ua.Id))
#line default
#line hidden
, 2141), false)
, 2157), false)
);
WriteLiteral(" />\r\n </span>\r\n " +
@@ -254,40 +254,40 @@ WriteLiteral(" />\r\n </span>\r\n
WriteLiteral(" class=\"comments\"");
WriteAttribute("title", Tuple.Create(" title=\"", 2304), Tuple.Create("\"", 2324)
WriteAttribute("title", Tuple.Create(" title=\"", 2320), Tuple.Create("\"", 2340)
#line 35 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2312), Tuple.Create<System.Object, System.Int32>(ua.Comments
#line 34 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 2328), Tuple.Create<System.Object, System.Int32>(ua.Comments
#line default
#line hidden
, 2312), false)
, 2328), false)
);
WriteLiteral(">\r\n");
#line 36 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 35 "..\..\Views\User\UserParts\_Resources.cshtml"
#line default
#line hidden
#line 36 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 35 "..\..\Views\User\UserParts\_Resources.cshtml"
if (!string.IsNullOrEmpty(ua.DocumentTemplateId))
{
#line default
#line hidden
#line 37 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 36 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.DocumentTemplate.Description);
#line default
#line hidden
#line 37 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 36 "..\..\Views\User\UserParts\_Resources.cshtml"
}
else
{
@@ -295,14 +295,14 @@ WriteLiteral(">\r\n");
#line default
#line hidden
#line 39 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 38 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.Comments ?? ua.Filename);
#line default
#line hidden
#line 39 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 38 "..\..\Views\User\UserParts\_Resources.cshtml"
}
#line default
@@ -314,7 +314,7 @@ WriteLiteral(" class=\"author\"");
WriteLiteral(">");
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 39 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.TechUser.ToStringFriendly());
@@ -323,7 +323,7 @@ WriteLiteral(">");
WriteLiteral("</span>");
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 39 "..\..\Views\User\UserParts\_Resources.cshtml"
if (canRemoveAnyAttachments || (canRemoveOwnAttachments && ua.TechUserId.Equals(CurrentUser.UserId, StringComparison.OrdinalIgnoreCase)))
{
@@ -336,7 +336,7 @@ WriteLiteral(" class=\"remove fa fa-times-circle\"");
WriteLiteral("></span>");
#line 41 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
}
#line default
@@ -348,7 +348,7 @@ WriteLiteral(" class=\"timestamp\"");
WriteLiteral(" data-livestamp=\"");
#line 41 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.Timestamp.ToUnixEpoc());
@@ -356,20 +356,20 @@ WriteLiteral(" data-livestamp=\"");
#line hidden
WriteLiteral("\"");
WriteAttribute("title", Tuple.Create(" title=\"", 3033), Tuple.Create("\"", 3071)
WriteAttribute("title", Tuple.Create(" title=\"", 3049), Tuple.Create("\"", 3087)
#line 41 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 3041), Tuple.Create<System.Object, System.Int32>(ua.Timestamp.ToFullDateTime()
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
, Tuple.Create(Tuple.Create("", 3057), Tuple.Create<System.Object, System.Int32>(ua.Timestamp.ToFullDateTime()
#line default
#line hidden
, 3041), false)
, 3057), false)
);
WriteLiteral(">");
#line 41 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 40 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(ua.Timestamp.ToFullDateTime());
@@ -378,7 +378,7 @@ WriteLiteral(">");
WriteLiteral("</span>\r\n </a>\r\n");
#line 43 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 42 "..\..\Views\User\UserParts\_Resources.cshtml"
}
}
@@ -388,13 +388,13 @@ WriteLiteral("</span>\r\n </a>\r\n");
WriteLiteral(" </div>\r\n");
#line 46 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 45 "..\..\Views\User\UserParts\_Resources.cshtml"
#line default
#line hidden
#line 46 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 45 "..\..\Views\User\UserParts\_Resources.cshtml"
if (canAddAttachments)
{
@@ -432,7 +432,7 @@ WriteLiteral(" title=\"Upload with Online Services\"");
WriteLiteral("></span>\r\n </div>\r\n");
#line 52 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 51 "..\..\Views\User\UserParts\_Resources.cshtml"
}
@@ -459,7 +459,7 @@ WriteLiteral(@">
url: '");
#line 67 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 66 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Url.Action(MVC.API.User.Attachment()));
@@ -492,7 +492,7 @@ WriteLiteral("\',\r\n dataType: \'json\',\r\n
"chmentid\', a.Id).attr(\'data-mimetype\', a.MimeType).attr(\'href\', \'");
#line 97 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 96 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Url.Action(MVC.API.User.AttachmentDownload()));
@@ -524,7 +524,7 @@ WriteLiteral(@"/' + a.Id);
img.attr('src', '");
#line 120 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 119 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Url.Action(MVC.API.User.AttachmentThumbnail()));
@@ -577,13 +577,13 @@ WriteLiteral("/\' + a.Id + \'?v=\' + retryCount);\r\n
"DiscoFunctions.onAttachmentRemoved = onAttachmentRemoved;\r\n\r\n");
#line 182 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 181 "..\..\Views\User\UserParts\_Resources.cshtml"
#line default
#line hidden
#line 182 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 181 "..\..\Views\User\UserParts\_Resources.cshtml"
if (canAddAttachments)
{
@@ -630,7 +630,7 @@ WriteLiteral("\r\n //#region Add Attachments\r\n
" //#endregion\r\n ");
#line 229 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 228 "..\..\Views\User\UserParts\_Resources.cshtml"
}
@@ -639,69 +639,51 @@ WriteLiteral("\r\n //#region Add Attachments\r\n
WriteLiteral(" ");
#line 230 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 229 "..\..\Views\User\UserParts\_Resources.cshtml"
if (canRemoveAnyAttachments || canRemoveOwnAttachments)
{
#line default
#line hidden
WriteLiteral(@"
//#region Remove Attachments
$attachmentOutput.find('span.remove').click(removeAttachment);
function removeAttachment() {
$this = $(this).closest('a');
var data = { id: $this.attr('data-attachmentid') };
if (!$dialogRemoveAttachment) {
$dialogRemoveAttachment = $('#dialogRemoveAttachment').dialog({
resizable: false,
height: 140,
modal: true,
autoOpen: false
});
}
$dialogRemoveAttachment.dialog(""enable"");
$dialogRemoveAttachment.dialog('option', 'buttons', {
""Remove"": function () {
$dialogRemoveAttachment.dialog(""disable"");
$dialogRemoveAttachment.dialog(""option"", ""buttons"", null);
$.ajax({
url: '");
WriteLiteral("\r\n //#region Remove Attachments\r\n\r\n " +
" $attachmentOutput.find(\'span.remove\').click(removeAttachment);\r\n\r\n " +
" function removeAttachment() {\r\n " +
" $this = $(this).closest(\'a\');\r\n\r\n if (!$dia" +
"logRemoveAttachment) {\r\n $dialogRemoveAttachm" +
"ent = $(\'#dialogRemoveAttachment\').dialog({\r\n " +
" resizable: false,\r\n height: 140,\r\n " +
" modal: true,\r\n " +
" autoOpen: false\r\n });\r\n " +
" }\r\n\r\n async function remove" +
"AttachmentAsync(id) {\r\n const body = new Form" +
"Data();\r\n body.append(\'__RequestVerificationT" +
"oken\', document.body.dataset.antiforgery);\r\n " +
"body.append(\'id\', id);\r\n\r\n try {\r\n " +
" const response = await fetch($Attachments.attr(\'dat" +
"a-removeurl\'), {\r\n body: body,\r\n " +
" method: \'POST\'\r\n " +
" });\r\n if (!response.ok) {\r" +
"\n alert(\'Unable to remove attachment:" +
" \' + response.statusText);\r\n }\r\n " +
" $dialogRemoveAttachment.dialog(\"close\");\r\n " +
" } catch (e) {\r\n " +
" alert(\'Unable to remove attachment: \' + e);\r\n " +
" $dialogRemoveAttachment.dialog(\"close\");\r\n " +
" }\r\n }\r\n\r\n c" +
"onst attachmentId = $this.attr(\'data-attachmentid\');\r\n " +
" $dialogRemoveAttachment.dialog(\'option\', \'buttons\', {\r\n " +
" \"Remove\": function () {\r\n " +
" $dialogRemoveAttachment.dialog(\"option\", \"buttons\", null);\r\n " +
" removeAttachmentAsync(attachmentId);\r\n " +
" },\r\n Cancel: function () {\r\n " +
" $dialogRemoveAttachment.dialog(\"close\");\r" +
"\n }\r\n }).dialo" +
"g(\'open\');\r\n\r\n return false;\r\n " +
" }\r\n\r\n //#endregion\r\n " +
"");
#line 256 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Url.Action(MVC.API.User.AttachmentRemove()));
#line default
#line hidden
WriteLiteral("\',\r\n dataType: \'json\',\r\n " +
" data: data,\r\n " +
" success: function (d) {\r\n " +
"if (d == \'OK\') {\r\n // Do noth" +
"ing, await SignalR notification\r\n " +
" } else {\r\n alert(\'Unable to " +
"remove attachment: \' + d);\r\n }\r\n " +
" $dialogRemoveAttachment.dialog(\"c" +
"lose\");\r\n },\r\n " +
" error: function (jqXHR, textStatus, errorThrown) {\r\n " +
" alert(\'Unable to remove attachment: \' +" +
" textStatus);\r\n $dialogRemoveAtta" +
"chment.dialog(\"close\");\r\n }\r\n " +
" });\r\n },\r\n " +
" Cancel: function () {\r\n " +
" $dialogRemoveAttachment.dialog(\"close\");\r\n " +
" }\r\n });\r\n\r\n " +
" $dialogRemoveAttachment.dialog(\'open\');\r\n\r\n " +
" return false;\r\n }\r\n\r\n /" +
"/#endregion\r\n ");
#line 284 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 282 "..\..\Views\User\UserParts\_Resources.cshtml"
}
@@ -725,7 +707,7 @@ WriteLiteral(@"
$('#UserDetailTabItems').append('<li><a href=""#UserDetailTab-Resources"" id=""UserDetailTab-ResourcesLink"">Attachments [");
#line 300 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 298 "..\..\Views\User\UserParts\_Resources.cshtml"
Write(Model.User.UserAttachments == null ? 0 : Model.User.UserAttachments.Count);
@@ -734,7 +716,7 @@ WriteLiteral(@"
WriteLiteral("]</a></li>\');\r\n </script>\r\n</div>\r\n");
#line 303 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 301 "..\..\Views\User\UserParts\_Resources.cshtml"
if (canRemoveAnyAttachments || canRemoveOwnAttachments)
{
@@ -756,7 +738,7 @@ WriteLiteral(" class=\"fa fa-exclamation-triangle fa-lg\"");
WriteLiteral("></i>&nbsp;Are you sure?\r\n </p>\r\n </div>\r\n");
#line 310 "..\..\Views\User\UserParts\_Resources.cshtml"
#line 308 "..\..\Views\User\UserParts\_Resources.cshtml"
}
#line default