source: PostgreSqlDotnetCore/Controllers/BlogController.cs@ d6040ef

main
Last change on this file since d6040ef was d6040ef, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

Аccess permission

  • Property mode set to 100644
File size: 7.3 KB
Line 
1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Data;
5using PostgreSqlDotnetCore.Models;
6using System.Net;
7
8namespace PostgreSqlDotnetCore.Controllers
9{
10 public class BlogController : BaseController
11 {
12 public BlogController(UserManager<IdentityUser> userManager) : base(userManager)
13
14 {
15
16 }
17
18 // GET: Customer
19 /* public async Task<ActionResult> IndexAsync()
20 {
21 // check for permission
22 bool isAuthenticated = User.Identity.IsAuthenticated;
23 if (!isAuthenticated)
24 {
25 return RedirectToAction("AccessDenied", "Error");
26 }
27 //return View(Enumerable.Empty<UsersClass>());
28 return View(db.BlogPostControllerObj.ToList());
29 }
30 */
31
32 public async Task<ActionResult> Index()
33 {
34 // Проверка за автентикација
35 bool isAuthenticated = User.Identity.IsAuthenticated;
36
37 if (!isAuthenticated)
38 {
39 return RedirectToAction("AccessDenied", "Error");
40 }
41
42 // Список на блог постови
43 var blogPosts = await db.BlogPostControllerObj.ToListAsync();
44
45 // Предавање на ViewBag за проверка на автентикација
46 ViewBag.isAuthenticated = isAuthenticated;
47
48 return View(blogPosts);
49 }
50 // GET: Customer/Details/5
51 public async Task<ActionResult> DetailsAsync(int? id)
52 {
53 if (id == null)
54 {
55 return View(null);
56 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
57 }
58 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
59 if (blogClass == null)
60 {
61 return RedirectToAction("NotExist", "Error");
62 }
63 // get answers
64
65 // query
66 var query = from st in db.BlogPostAnswersObj
67 where st.BlogPostConsultationid == blogClass.id
68 select st;
69 //elenaaa
70 var blogAnswers = query.ToList();
71 blogClass.BlogPostAnswers = blogAnswers;
72 return View(blogClass);
73 }
74
75 // GET: Customer/Create
76 //public ActionResult Create()
77 //{
78 // return View();
79 //}
80
81 public ActionResult Create()
82 {
83 var model = new BlogPostConsultation();
84 return View(model);
85 }
86
87 // POST: Customer/Create
88 // To protect from overposting attacks, enable the specific properties you want to bind to, for
89 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
90 [HttpPost]
91 [ValidateAntiForgeryToken]
92 public async Task<ActionResult> CreateAsync([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
93 {
94 if (ModelState.IsValid)
95 {
96 bool isAuthenticated = User.Identity.IsAuthenticated;
97 if (isAuthenticated)
98 {
99 var user = await _userManager.GetUserAsync(User);
100 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
101 blogClass.users_id = customerClass.id;
102 db.BlogPostControllerObj.Add(blogClass);
103 db.SaveChanges();
104 return RedirectToAction("Index");
105 }
106 else
107 {
108 return RedirectToAction("AccessDenied", "Error");
109 }
110 }
111
112 return View(blogClass);
113 }
114
115 // GET: Customer/Edit/5
116 public async Task<ActionResult> EditAsync(int? id)
117 {
118 if (id == null)
119 {
120 return View(null);
121 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
122 }
123 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
124 if (blogClass == null)
125 {
126 return RedirectToAction("NotExist", "Error");
127 }
128
129 // check for permission
130 UsersClass customerClass = await checkAuthorizationAsync();
131 if (customerClass == null)
132 {
133
134 bool isAuthenticated = User.Identity.IsAuthenticated;
135 if (isAuthenticated)
136 {
137 var user = await _userManager.GetUserAsync(User);
138 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
139 if (blogClass.users_id != customerClass.id)
140 {
141 return RedirectToAction("AccessDenied", "Error");
142 }
143 }
144 }
145
146 return View(blogClass);
147 }
148
149 // POST: Customer/Edit/5
150 // To protect from overposting attacks, enable the specific properties you want to bind to, for
151 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
152 [HttpPost]
153 [ValidateAntiForgeryToken]
154 public ActionResult Edit([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
155 {
156 if (ModelState.IsValid)
157 {
158 db.Entry(blogClass).State = EntityState.Modified;
159 db.SaveChanges();
160 return RedirectToAction("Index");
161 }
162 return View(blogClass);
163 }
164
165 // GET: Customer/Delete/5
166 public async Task<ActionResult> DeleteAsync(int? id)
167 {
168 if (id == null)
169 {
170 return View(null);
171 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
172 }
173 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
174 if (blogClass == null)
175 {
176 return View(null);
177 //return HttpNotFound();
178 }
179 // check for permission
180 UsersClass customerClass = await checkAuthorizationAsync();
181 if (customerClass == null)
182 {
183
184 bool isAuthenticated = User.Identity.IsAuthenticated;
185 if (isAuthenticated)
186 {
187 var user = await _userManager.GetUserAsync(User);
188 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
189 if (blogClass.users_id != customerClass.id)
190 {
191 return RedirectToAction("AccessDenied", "Error");
192 }
193 }
194 }
195 return View(blogClass);
196 }
197
198 // POST: Customer/Delete/5
199
200
201 [HttpPost, ActionName("Delete")]
202 [ValidateAntiForgeryToken]
203 public ActionResult DeleteConfirmed(int id)
204 {
205 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
206 db.BlogPostControllerObj.Remove(blogClass);
207 db.SaveChanges();
208 return RedirectToAction("Index");
209 }
210
211 protected override void Dispose(bool disposing)
212 {
213 if (disposing)
214 {
215 db.Dispose();
216 }
217 base.Dispose(disposing);
218 }
219 }
220}
Note: See TracBrowser for help on using the repository browser.