source: PostgreSqlDotnetCore/Controllers/BlogController.cs@ 57fc402

main
Last change on this file since 57fc402 was 57fc402, checked in by ElenaMoskova <elena.moskova99@…>, 5 weeks ago

Аsync, access permission, and other fixes.

Regulation of access permissions. Which fields can be accessed by different users.
  • Property mode set to 100644
File size: 8.1 KB
Line 
1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Data;
5using PostgreSqlDotnetCore.Models;
6using System.Net;
7
8namespace PostgreSqlDotnetCore.Controllers
9{
10 public class BlogController : BaseController
11 {
12 public BlogController(UserManager<IdentityUser> userManager) : base(userManager)
13
14 {
15
16 }
17
18 // GET: Customer
19 /* public async Task<ActionResult> IndexAsync()
20 {
21 // check for permission
22 bool isAuthenticated = User.Identity.IsAuthenticated;
23 if (!isAuthenticated)
24 {
25 return RedirectToAction("AccessDenied", "Error");
26 }
27 //return View(Enumerable.Empty<UsersClass>());
28 return View(db.BlogPostControllerObj.ToList());
29 }
30 */
31
32 public async Task<ActionResult> Index()
33 {
34 // Проверка за автентикација
35 bool isAuthenticated = User.Identity.IsAuthenticated;
36
37 if (!isAuthenticated)
38 {
39 return RedirectToAction("AccessDenied", "Error");
40 }
41
42 // Список на блог постови
43 var blogPosts = await db.BlogPostControllerObj.ToListAsync();
44
45 // Предавање на ViewBag за проверка на автентикација
46 ViewBag.isAuthenticated = isAuthenticated;
47
48 return View(blogPosts);
49 }
50 // GET: Customer/Details/5
51 public async Task<ActionResult> DetailsAsync(int? id)
52 {
53 if (id == null)
54 {
55 return View(null);
56 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
57 }
58 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
59 if (blogClass == null)
60 {
61 return RedirectToAction("NotExist", "Error");
62 }
63 // get answers
64
65 // query
66 var query = from st in db.BlogPostAnswersObj
67 where st.BlogPostConsultationid == blogClass.id
68 select st;
69 //elenaaa
70 var blogAnswers = query.ToList();
71 blogClass.BlogPostAnswers = blogAnswers;
72 return View(blogClass);
73 }
74
75 // GET: Customer/Create
76 //public ActionResult Create()
77 //{
78 // return View();
79 //}
80
81 /* public ActionResult Create()
82 {
83 var model = new BlogPostConsultation();
84 return View(model);
85 }*/
86
87 public async Task<ActionResult> CreateAsync()
88 {
89
90 // check for permission
91 UsersClass customerClass = await getCrrentUser();
92 // set if is authenticated
93 ViewBag.isAuthenticated = customerClass;
94 return View();
95 }
96
97 // POST: Customer/Create
98 // To protect from overposting attacks, enable the specific properties you want to bind to, for
99 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
100 [HttpPost]
101 [ValidateAntiForgeryToken]
102 public async Task<ActionResult> CreateAsync([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
103 {
104 if (ModelState.IsValid)
105 {
106 bool isAuthenticated = User.Identity.IsAuthenticated;
107 if (isAuthenticated)
108 {
109 var user = await _userManager.GetUserAsync(User);
110 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
111 if (customerClass != null)
112 {
113 // Поставете users_id на идентификаторот на корисникот
114 blogClass.users_id = customerClass.id;
115 //blogClass.date_askes = DateOnly.FromDateTime(DateTime.UtcNow);
116 blogClass.date_askes = DateOnly.FromDateTime(DateTime.Now); // Ова ќе стави локално време
117
118 db.BlogPostControllerObj.Add(blogClass);
119 await db.SaveChangesAsync();
120 return RedirectToAction("Index");
121 }
122 }
123 else
124 {
125 return RedirectToAction("AccessDenied", "Error");
126 }
127 }
128
129 return View(blogClass);
130 }
131
132
133
134
135
136
137 // GET: Customer/Edit/5
138 public async Task<ActionResult> EditAsync(int? id)
139 {
140 if (id == null)
141 {
142 return View(null);
143 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
144 }
145 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
146 if (blogClass == null)
147 {
148 return RedirectToAction("NotExist", "Error");
149 }
150
151 // check for permission
152 UsersClass customerClass = await checkAuthorizationAsync();
153 if (customerClass == null)
154 {
155
156 bool isAuthenticated = User.Identity.IsAuthenticated;
157 if (isAuthenticated)
158 {
159 var user = await _userManager.GetUserAsync(User);
160 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
161 if (blogClass.users_id != customerClass.id)
162 {
163 return RedirectToAction("AccessDenied", "Error");
164 }
165 }
166 }
167
168 return View(blogClass);
169 }
170
171 // POST: Customer/Edit/5
172 // To protect from overposting attacks, enable the specific properties you want to bind to, for
173 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
174 [HttpPost]
175 [ValidateAntiForgeryToken]
176 public ActionResult Edit([Bind(include: "id,date_askes,title,description,users_id")] BlogPostConsultation blogClass)
177 {
178 if (ModelState.IsValid)
179 {
180 db.Entry(blogClass).State = EntityState.Modified;
181 db.SaveChanges();
182 return RedirectToAction("Index");
183 }
184 return View(blogClass);
185 }
186
187 // GET: Customer/Delete/5
188 public async Task<ActionResult> DeleteAsync(int? id)
189 {
190 if (id == null)
191 {
192 return View(null);
193 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
194 }
195 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
196 if (blogClass == null)
197 {
198 return View(null);
199 //return HttpNotFound();
200 }
201 // check for permission
202 UsersClass customerClass = await checkAuthorizationAsync();
203 if (customerClass == null)
204 {
205
206 bool isAuthenticated = User.Identity.IsAuthenticated;
207 if (isAuthenticated)
208 {
209 var user = await _userManager.GetUserAsync(User);
210 customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
211 if (blogClass.users_id != customerClass.id)
212 {
213 return RedirectToAction("AccessDenied", "Error");
214 }
215 }
216 }
217 return View(blogClass);
218 }
219
220 // POST: Customer/Delete/5
221
222
223 [HttpPost, ActionName("Delete")]
224 [ValidateAntiForgeryToken]
225 public ActionResult DeleteConfirmed(int id)
226 {
227 BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
228 db.BlogPostControllerObj.Remove(blogClass);
229 db.SaveChanges();
230 return RedirectToAction("Index");
231 }
232
233 protected override void Dispose(bool disposing)
234 {
235 if (disposing)
236 {
237 db.Dispose();
238 }
239 base.Dispose(disposing);
240 }
241 }
242}
Note: See TracBrowser for help on using the repository browser.