source: PostgreSqlDotnetCore/Controllers/BlogController.cs@ 118e414

main
Last change on this file since 118e414 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 5 weeks ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer
  • Property mode set to 100644
File size: 10.9 KB
Line 
1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Data;
5using PostgreSqlDotnetCore.Models;
6using System.Net;
7
8namespace PostgreSqlDotnetCore.Controllers
9{
10 public class BlogController : BaseController
11 {
12 public BlogController(UserManager<IdentityUser> userManager) : base(userManager)
13
14 {
15
16 }
17
18 // GET: Customer
19 /* public async Task<ActionResult> IndexAsync()
20 {
21 // check for permission
22 bool isAuthenticated = User.Identity.IsAuthenticated;
23 if (!isAuthenticated)
24 {
25 return RedirectToAction("AccessDenied", "Error");
26 }
27 //return View(Enumerable.Empty<UsersClass>());
28 return View(db.BlogPostControllerObj.ToList());
29 }
30 */
31
32 /* public async Task<ActionResult> Index()
33 {
34 // Проверка за автентикација
35 bool isAuthenticated = User.Identity.IsAuthenticated;
36
37 if (!isAuthenticated)
38 {
39 return RedirectToAction("AccessDenied", "Error");
40 }
41
42 // Список на блог постови
43 var blogPosts = await db.BlogPostControllerObj.ToListAsync();
44
45 // Предавање на ViewBag за проверка на автентикација
46 ViewBag.isAuthenticated = isAuthenticated;
47
48 return View(blogPosts);
49 }*/
50
51 public async Task<ActionResult> Index()
52 {
53 // Проверка за автентикација
54 bool isAuthenticated = User.Identity.IsAuthenticated;
55
56 if (!isAuthenticated)
57 {
58 return RedirectToAction("AccessDenied", "Error");
59 }
60
61 // Список на блог постови
62 var blogPosts = await db.BlogPostControllerObj.ToListAsync();
63
64 // Вземи тековниот корисник
65 var currentUser = await _userManager.GetUserAsync(User);
66 var customerClass = await db.CustomerObj.SingleOrDefaultAsync(x => x.email == currentUser.Email);
67
68 // Предавање на ViewBag за проверка на автентикација и корисничкиот ID
69 ViewBag.isAuthenticated = isAuthenticated;
70 // no access for standard user
71 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
72
73 ViewBag.CurrentUserId = customerClass?.id;
74
75 return View(blogPosts);
76 }
77
78
79
80
81
82 // GET: Customer/Details/5
83 public async Task<ActionResult> DetailsAsync(int? id)
84 {
85 if (id == null)
86 {
87 return View(null);
88 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
89 }
90 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
91 if (blogClass == null)
92 {
93 return RedirectToAction("NotExist", "Error");
94 }
95 // get answers
96
97 // query
98 var query = from st in db.BlogPostAnswersObj
99 where st.BlogPostConsultationid == blogClass.id
100 select st;
101 //elenaaa
102 var blogAnswers = query.ToList();
103 blogClass.BlogPostAnswers = blogAnswers;
104 return View(blogClass);
105 }
106
107 // GET: Customer/Create
108 //public ActionResult Create()
109 //{
110 // return View();
111 //}
112
113 /* public ActionResult Create()
114 {
115 var model = new BlogPostConsultation();
116 return View(model);
117 }*/
118
119 public async Task<ActionResult> CreateAsync()
120 {
121
122 // check for permission
123 UsersClass customerClass = await getCrrentUser();
124 // set if is authenticated
125 ViewBag.isAuthenticated = customerClass;
126 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
127
128 return View();
129 }
130
131 // POST: Customer/Create
132 // To protect from overposting attacks, enable the specific properties you want to bind to, for
133 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
134 [HttpPost]
135 [ValidateAntiForgeryToken]
136 public async Task<ActionResult> CreateAsync([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
137 {
138 if (ModelState.IsValid)
139 {
140 bool isAuthenticated = User.Identity.IsAuthenticated;
141 if (isAuthenticated)
142 {
143 var user = await _userManager.GetUserAsync(User);
144 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
145 if (customerClass != null)
146 {
147 // Поставете users_id на идентификаторот на корисникот
148 blogClass.users_id = customerClass.id;
149 //blogClass.date_askes = DateOnly.FromDateTime(DateTime.UtcNow);
150 blogClass.date_askes = DateOnly.FromDateTime(DateTime.Now); // Ова ќе стави локално време
151
152 db.BlogPostControllerObj.Add(blogClass);
153 await db.SaveChangesAsync();
154 return RedirectToAction("Index");
155 }
156 }
157 else
158 {
159 return RedirectToAction("AccessDenied", "Error");
160 }
161 }
162
163 return View(blogClass);
164 }
165
166
167
168
169
170
171
172 // GET: Customer/Edit/5
173 public async Task<ActionResult> EditAsync(int? id)
174 {
175 if (id == null)
176 {
177 return View(null);
178 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
179 }
180 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
181 if (blogClass == null)
182 {
183 return RedirectToAction("NotExist", "Error");
184 }
185
186 // check for permission
187 UsersClass customerClass = await checkAuthorizationAsync();
188 //dodadeno na 23.08
189 ViewBag.isAuthenticated = await getCrrentUser();
190 if (customerClass == null)
191 {
192
193 bool isAuthenticated = User.Identity.IsAuthenticated;
194 if (isAuthenticated)
195 {
196 var user = await _userManager.GetUserAsync(User);
197 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
198 if (blogClass.users_id != customerClass.id)
199 {
200 return RedirectToAction("AccessDenied", "Error");
201 }
202 }
203 }
204 // no access for standard user
205 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
206
207
208 return View(blogClass);
209 }
210
211 // POST: Customer/Edit/5
212 // To protect from overposting attacks, enable the specific properties you want to bind to, for
213 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
214 [HttpPost]
215 [ValidateAntiForgeryToken]
216 /* public ActionResult Edit([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
217 {
218 if (ModelState.IsValid)
219 {
220 db.Entry(blogClass).State = EntityState.Modified;
221 db.SaveChanges();
222 return RedirectToAction("Index");
223 }
224 return View(blogClass);
225 }*/
226
227
228 public async Task<ActionResult> EditAsync(int id, [Bind(include: "id,date_askes,title,description")] BlogPostConsultation blogClass)
229 {
230 if (ModelState.IsValid)
231 {
232 var existingBlogClass = await db.BlogPostControllerObj.FindAsync(id);
233 if (existingBlogClass != null)
234 {
235 // Запамтете ја старата вредност на users_id
236 blogClass.users_id = existingBlogClass.users_id;
237
238 db.Entry(existingBlogClass).CurrentValues.SetValues(blogClass);
239 await db.SaveChangesAsync();
240 return RedirectToAction("Index");
241 }
242 }
243 return View(blogClass);
244 }
245
246
247
248 // GET: Customer/Delete/5
249 public async Task<ActionResult> DeleteAsync(int? id)
250 {
251 // UsersClass customerClass = await checkAuthorizationAsync();
252
253 ViewBag.isAuthenticated = await getCrrentUser();
254
255 if (id == null)
256 {
257 return View(null);
258 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
259 }
260 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
261 if (blogClass == null)
262 {
263 return View(null);
264 //return HttpNotFound();
265 }
266 // check for permission
267 UsersClass customerClass = await checkAuthorizationAsync();
268 if (customerClass == null)
269 {
270
271 bool isAuthenticated = User.Identity.IsAuthenticated;
272 if (isAuthenticated)
273 {
274 var user = await _userManager.GetUserAsync(User);
275 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
276 if (blogClass.users_id != customerClass.id)
277 {
278 return RedirectToAction("AccessDenied", "Error");
279 }
280 }
281 }
282 // no access for standard user
283 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
284
285 return View(blogClass);
286 }
287
288 // POST: Customer/Delete/5
289
290
291 [HttpPost, ActionName("Delete")]
292 [ValidateAntiForgeryToken]
293 public ActionResult DeleteConfirmed(int id)
294 {
295 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
296 db.BlogPostControllerObj.Remove(blogClass);
297 db.SaveChanges();
298 return RedirectToAction("Index");
299 }
300
301 protected override void Dispose(bool disposing)
302 {
303 if (disposing)
304 {
305 db.Dispose();
306 }
307 base.Dispose(disposing);
308 }
309 }
310}
Note: See TracBrowser for help on using the repository browser.