source: PostgreSqlDotnetCore/Controllers/BlogPostAnswersController.cs@ 118e414

main
Last change on this file since 118e414 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer
  • Property mode set to 100644
File size: 6.1 KB
RevLine 
[2aea0fd]1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Models;
5using System.Net;
6
7namespace PostgreSqlDotnetCore.Controllers
8{
9 public class BlogPostAnswersController: BaseController
10 {
11 public BlogPostAnswersController(UserManager<IdentityUser> userManager) : base(userManager)
12 {
13 }
14
15 // GET: Customer
16 public ActionResult Index()
17 {
18 //return View(Enumerable.Empty<UsersClass>());
19 return View(db.BlogPostAnswersObj.ToList());
20 }
21
22 // GET: Customer/Details/5
23 public ActionResult Details(int? id)
24 {
25 if (id == null)
26 {
27 return RedirectToAction("NotExist", "Error");
28 }
29 BlogPostAnswers answerClass = db.BlogPostAnswersObj.Find(id);
30 if (answerClass == null)
31 {
32 return RedirectToAction("NotExist", "Error");
33 }
34 return View(answerClass);
35 }
36
37 // GET: Customer/Create
38 //public ActionResult Create()
39 //{
40 // return View();
41 //}
42
43 public async Task<ActionResult> CreateAsync()
44 {
45
46 // check for permission
47 UsersClass customerClass = await checkAuthorizationAsync();
48 if (customerClass == null)
49 {
50 return RedirectToAction("AccessDenied", "Error");
51 }
52 return View();
53 }
54
55 // POST: Customer/Create
56 // To protect from overposting attacks, enable the specific properties you want to bind to, for
57 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
58 [HttpPost]
59 [ValidateAntiForgeryToken]
[118e414]60 public async Task<ActionResult> CreateAsync(int? id, int? parentId, [Bind(include: "reply")] BlogPostAnswers answerClass)
[2aea0fd]61 {
[118e414]62
63 //string id = Request.Query["BlogId"];
64 if (id == null && id > 0)
65 {
66 return RedirectToAction("NotExist", "Error");
67 }
68 //string id = Request.Query["BlogId"];
69 if (parentId== null && parentId > 0)
70 {
71 return RedirectToAction("NotExist", "Error");
72 }
73 if (answerClass != null && answerClass.reply.Length > 0)
[2aea0fd]74 {
[118e414]75
76 var user = await _userManager.GetUserAsync(User);
77 if (user == null)
78 {
79 return RedirectToAction("AccessDenied", "Error");
80 }
81
82
83 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
84 answerClass.usersid = customerClass.id;
85 answerClass.BlogPostConsultationid = (int)id;
86 answerClass.parent_id = (int)parentId;
[2aea0fd]87 db.BlogPostAnswersObj.Add(answerClass);
88 db.SaveChanges();
[118e414]89 //return RedirectToAction("Index");
90 return RedirectToAction("Details", "Blog", new { id });
[2aea0fd]91 }
92
93 return View(answerClass);
94 }
95
96 // GET: Customer/Edit/5
97 public async Task<ActionResult> EditAsync(int? id)
98 {
99 if (id == null)
100 {
101 return RedirectToAction("NotExist", "Error");
102 }
103 BlogPostAnswers answerClass = db.BlogPostAnswersObj.Find(id);
104 if (answerClass == null)
105 {
106 return RedirectToAction("NotExist", "Error");
107 }
108
109 bool isAuthenticated = User.Identity.IsAuthenticated;
110 if (isAuthenticated)
111 {
112 var user = await _userManager.GetUserAsync(User);
113 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
114 if (answerClass.usersid != customerClass.id)
115 {
116 return RedirectToAction("AccessDenied", "Error");
117 }
118 }
119 return View(answerClass);
120 }
121
122 // POST: Customer/Edit/5
123 // To protect from overposting attacks, enable the specific properties you want to bind to, for
124 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
125 [HttpPost]
126 [ValidateAntiForgeryToken]
127 public ActionResult Edit([Bind(include: "id,parent_id,reply,root_post,usersID")] BlogPostAnswers answerClass)
128 {
129 if (ModelState.IsValid)
130 {
131 db.Entry(answerClass).State = EntityState.Modified;
132 db.SaveChanges();
133 return RedirectToAction("Index");
134 }
135 return View(answerClass);
136 }
137
138 // GET: Customer/Delete/5
139 public async Task<ActionResult> DeleteAsync(int? id)
140 {
141 if (id == null)
142 {
143 return RedirectToAction("NotExist", "Error");
144 }
145 BlogPostAnswers answerClass = db.BlogPostAnswersObj.Find(id);
146 if (answerClass == null)
147 {
148 return RedirectToAction("NotExist", "Error");
149 }
150
151 bool isAuthenticated = User.Identity.IsAuthenticated;
152 if (isAuthenticated)
153 {
154 var user = await _userManager.GetUserAsync(User);
155 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
156 if (answerClass.usersid != customerClass.id)
157 {
158 return RedirectToAction("AccessDenied", "Error");
159 }
160 }
161 return View(answerClass);
162 }
163
164 // POST: Customer/Delete/5
165 [HttpPost, ActionName("Delete")]
166 [ValidateAntiForgeryToken]
167 public ActionResult DeleteConfirmed(int id)
168 {
169 BlogPostAnswers answerClass = db.BlogPostAnswersObj.Find(id);
170 db.BlogPostAnswersObj.Remove(answerClass);
171 db.SaveChanges();
172 return RedirectToAction("Index");
173 }
174
175 protected override void Dispose(bool disposing)
176 {
177 if (disposing)
178 {
179 db.Dispose();
180 }
181 base.Dispose(disposing);
182 }
183 }
184}
Note: See TracBrowser for help on using the repository browser.