Context Navigation

CustomerController.cs@ 99d0ecc

main

Last change on this file since 99d0ecc was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer

Property mode set to 100644

File size: 8.1 KB

Rev	Line
[2aea0fd]	1	using PostgreSqlDotnetCore.Data;
	2	using Microsoft.AspNetCore.Mvc;
	3	using System.Net;
	4	using PostgreSqlDotnetCore.Models;
	5	using Microsoft.EntityFrameworkCore;
	6	using System.Security.Cryptography;
	7	using Microsoft.AspNetCore.Cryptography.KeyDerivation;
	8	using Microsoft.AspNetCore.Identity;
	9
	10	namespace PostgreSqlDotnetCore.Controllers
	11	{
	12	public class CustomerController : BaseController
	13	{
	14	public CustomerController(UserManager<IdentityUser> userManager) : base(userManager)
	15	{
	16	}
	17
	18	// GET: Customer
	19	public async Task<ActionResult> IndexAsync()
	20	{
[118e414]	21	UsersClass customerClass = await getCrrentUser();
	22
	23	ViewBag.isAuthenticated = User.Identity.IsAuthenticated;
	24	ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin \|\| customerClass.role_id == RoleConstants.Manager;
	25	// no access for standard user
	26	ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
	27
[2aea0fd]	28	if (customerClass == null)
	29	{
	30	return RedirectToAction("AccessDenied", "Error");
	31	}
	32	if (customerClass.role_id == RoleConstants.Standard)
	33	{
[784b3ad]	34	// searching from DB
[2aea0fd]	35
	36	var query = from st in db.CustomerObj
	37	where st.id == customerClass.id
	38	select st;
	39
	40	var userPets =
	41	//db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
	42	await query.ToListAsync<UsersClass>();
	43	return View(userPets);
	44	}
	45	else
	46	{
	47	return View(db.CustomerObj.ToList());
	48	}
[118e414]	49
	50
[2aea0fd]	51	}
	52
	53	// GET: Customer/Details/5
	54	public async Task<ActionResult> DetailsAsync(int? id)
	55	{
	56
	57	if (id == null)
	58	{
	59
	60	return RedirectToAction("NotExist", "Error");
	61	//return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
	62	}
	63
	64	// check for permission
	65	UsersClass customerClass = await getCrrentUser();
[118e414]	66	ViewBag.isAuthenticated = customerClass;
[2aea0fd]	67	if (customerClass == null)
	68	{
	69	return RedirectToAction("AccessDenied", "Error");
	70	}
	71
	72	customerClass = db.CustomerObj.Find(id);
	73	if (customerClass == null)
	74	{
	75	return RedirectToAction("NotExist", "Error");
	76	}
[118e414]	77	// no access for standard user
	78	ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
	79
[2aea0fd]	80	return View(customerClass);
	81	}
	82
	83	// GET: Customer/Create
	84	public async Task<ActionResult> CreateAsync()
	85	{
[118e414]	86	//ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin \|\| customerClass.role_id == RoleConstants.Manager;
	87
[2aea0fd]	88	// check for permission
[118e414]	89	UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
	90	//dodano na 23.08
	91	ViewBag.isAuthenticated = await getCrrentUser();
[2aea0fd]	92	if (customerClass == null)
	93	{
	94	return RedirectToAction("AccessDenied", "Error");
	95	}
[118e414]	96	// no access for standard user
	97	ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
	98
[2aea0fd]	99
	100	return View();
	101	}
	102
	103	// POST: Customer/Create
	104	// To protect from overposting attacks, enable the specific properties you want to bind to, for
	105	// more details see https://go.microsoft.com/fwlink/?LinkId=317598.
	106	[HttpPost]
	107	[ValidateAntiForgeryToken]
	108	public ActionResult Create([Bind(include: "id,name,lastname,email,password,number,role_id,jobs_id")] UsersClass customerClass)
	109	{
	110	if (ModelState.IsValid)
	111	{
	112	byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes
	113	// derive a 256-bit subkey (use HMACSHA256 with 100,000 iterations)
	114	string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
	115	password: customerClass.password!,
	116	salt: salt,
	117	prf: KeyDerivationPrf.HMACSHA256,
	118	iterationCount: 100000,
	119	numBytesRequested: 256 / 8));
	120	customerClass.password = hashed; // Hash passwords
	121	db.CustomerObj.Add(customerClass);
	122	db.SaveChanges();
	123	return RedirectToAction("Index");
	124	}
	125
	126	return View(customerClass);
	127	}
	128
	129	// GET: Customer/Edit/5
	130	public async Task<ActionResult> EditAsync(int? id)
	131	{
	132	if (id == null)
	133	{
	134	return RedirectToAction("NotExist", "Error");
	135	//return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
	136	}
	137	// check for permission
	138	UsersClass customerClass = await getCrrentUser();
	139	if (customerClass == null)
	140	{
	141	return RedirectToAction("AccessDenied", "Error");
	142	}
	143
	144	customerClass = db.CustomerObj.Find(id);
[118e414]	145	ViewBag.isAuthenticated = await getCrrentUser();
[2aea0fd]	146	if (customerClass == null)
	147	{
	148	return View(null);
	149	//return HttpNotFound();
	150	}
[118e414]	151	// no access for standard user
	152	ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
	153
[2aea0fd]	154	return View(customerClass);
	155	}
	156
	157	// POST: Customer/Edit/5
	158	// To protect from overposting attacks, enable the specific properties you want to bind to, for
	159	// more details see https://go.microsoft.com/fwlink/?LinkId=317598.
	160	[HttpPost]
	161	[ValidateAntiForgeryToken]
	162	public async Task<ActionResult> EditAsync([Bind(include: "id,name,lastname,email,number,role_id,jobs_id")] UsersClass users)
	163	{
	164	if (ModelState.IsValid)
	165	{
	166	db.Entry(users).State = EntityState.Modified;
	167	await db.SaveChangesAsync();
	168	return RedirectToAction("Index");
	169	}
	170
	171	return View(users);
	172	}
	173
	174	// GET: Customer/Delete/5
	175	public async Task<ActionResult> DeleteAsync(int? id)
	176	{
	177	if (id == null)
	178	{
	179	return RedirectToAction("NotExist", "Error");
	180	//return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
	181	}
	182	UsersClass customerClass = await getCrrentUser();
[118e414]	183	ViewBag.isAuthenticated = await getCrrentUser();
[2aea0fd]	184	if (customerClass == null)
	185	{
	186	return RedirectToAction("AccessDenied", "Error");
	187	}
[118e414]	188
	189	// no access for standard user
	190	ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
[2aea0fd]	191	return View(customerClass);
	192	}
	193
	194	// POST: Customer/Delete/5
	195	[HttpPost, ActionName("Delete")]
	196	[ValidateAntiForgeryToken]
	197	public ActionResult DeleteConfirmed(int id)
	198	{
	199	UsersClass customerClass = db.CustomerObj.Find(id);
	200	db.CustomerObj.Remove(customerClass);
	201	db.SaveChanges();
	202	return RedirectToAction("Index");
	203	}
	204
	205	protected override void Dispose(bool disposing)
	206	{
	207	if (disposing)
	208	{
	209	db.Dispose();
	210	}
	211	base.Dispose(disposing);
	212	}
	213
	214
	215	}
	216	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: PostgreSqlDotnetCore/Controllers/CustomerController.cs@ 99d0ecc

Download in other formats: