source: PostgreSqlDotnetCore/Controllers/CustomerController.cs@ 2aea0fd

main
Last change on this file since 2aea0fd was 2aea0fd, checked in by ElenaMoskova <elena.moskova99@…>, 4 months ago

init commit Elena
  • Property mode set to 100644
File size: 6.3 KB
Line 
1using PostgreSqlDotnetCore.Data;
2using Microsoft.AspNetCore.Mvc;
3using System.Net;
4using PostgreSqlDotnetCore.Models;
5using Microsoft.EntityFrameworkCore;
6using System.Security.Cryptography;
7using Microsoft.AspNetCore.Cryptography.KeyDerivation;
8using Microsoft.AspNetCore.Identity;
9
10namespace PostgreSqlDotnetCore.Controllers
11{
12 public class CustomerController : BaseController
13 {
14 public CustomerController(UserManager<IdentityUser> userManager) : base(userManager)
15 {
16 }
17
18 // GET: Customer
19 public async Task<ActionResult> IndexAsync()
20 {
21 UsersClass customerClass = await getCrrentUser();
22 if (customerClass == null)
23 {
24 return RedirectToAction("AccessDenied", "Error");
25 }
26 if (customerClass.role_id == RoleConstants.Standard)
27 {
28
29 var query = from st in db.CustomerObj
30 where st.id == customerClass.id
31 select st;
32
33 var userPets =
34 //db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
35 await query.ToListAsync<UsersClass>();
36 return View(userPets);
37 }
38 else
39 {
40 return View(db.CustomerObj.ToList());
41 }
42
43 }
44
45 // GET: Customer/Details/5
46 public async Task<ActionResult> DetailsAsync(int? id)
47 {
48
49 if (id == null)
50 {
51
52 return RedirectToAction("NotExist", "Error");
53 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
54 }
55
56 // check for permission
57 UsersClass customerClass = await getCrrentUser();
58 if (customerClass == null)
59 {
60 return RedirectToAction("AccessDenied", "Error");
61 }
62
63 customerClass = db.CustomerObj.Find(id);
64 if (customerClass == null)
65 {
66 return RedirectToAction("NotExist", "Error");
67 }
68 return View(customerClass);
69 }
70
71 // GET: Customer/Create
72 public async Task<ActionResult> CreateAsync()
73 {
74 // check for permission
75 UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin);
76 if (customerClass == null)
77 {
78 return RedirectToAction("AccessDenied", "Error");
79 }
80
81 return View();
82 }
83
84 // POST: Customer/Create
85 // To protect from overposting attacks, enable the specific properties you want to bind to, for
86 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
87 [HttpPost]
88 [ValidateAntiForgeryToken]
89 public ActionResult Create([Bind(include: "id,name,lastname,email,password,number,role_id,jobs_id")] UsersClass customerClass)
90 {
91 if (ModelState.IsValid)
92 {
93 byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes
94 // derive a 256-bit subkey (use HMACSHA256 with 100,000 iterations)
95 string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
96 password: customerClass.password!,
97 salt: salt,
98 prf: KeyDerivationPrf.HMACSHA256,
99 iterationCount: 100000,
100 numBytesRequested: 256 / 8));
101 customerClass.password = hashed; // Hash passwords
102 db.CustomerObj.Add(customerClass);
103 db.SaveChanges();
104 return RedirectToAction("Index");
105 }
106
107 return View(customerClass);
108 }
109
110 // GET: Customer/Edit/5
111 public async Task<ActionResult> EditAsync(int? id)
112 {
113 if (id == null)
114 {
115 return RedirectToAction("NotExist", "Error");
116 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
117 }
118 // check for permission
119 UsersClass customerClass = await getCrrentUser();
120 if (customerClass == null)
121 {
122 return RedirectToAction("AccessDenied", "Error");
123 }
124
125 customerClass = db.CustomerObj.Find(id);
126 if (customerClass == null)
127 {
128 return View(null);
129 //return HttpNotFound();
130 }
131 return View(customerClass);
132 }
133
134 // POST: Customer/Edit/5
135 // To protect from overposting attacks, enable the specific properties you want to bind to, for
136 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
137 [HttpPost]
138 [ValidateAntiForgeryToken]
139 public async Task<ActionResult> EditAsync([Bind(include: "id,name,lastname,email,number,role_id,jobs_id")] UsersClass users)
140 {
141 if (ModelState.IsValid)
142 {
143 db.Entry(users).State = EntityState.Modified;
144 await db.SaveChangesAsync();
145 return RedirectToAction("Index");
146 }
147
148 return View(users);
149 }
150
151 // GET: Customer/Delete/5
152 public async Task<ActionResult> DeleteAsync(int? id)
153 {
154 if (id == null)
155 {
156 return RedirectToAction("NotExist", "Error");
157 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
158 }
159 UsersClass customerClass = await getCrrentUser();
160 if (customerClass == null)
161 {
162 return RedirectToAction("AccessDenied", "Error");
163 }
164 return View(customerClass);
165 }
166
167 // POST: Customer/Delete/5
168 [HttpPost, ActionName("Delete")]
169 [ValidateAntiForgeryToken]
170 public ActionResult DeleteConfirmed(int id)
171 {
172 UsersClass customerClass = db.CustomerObj.Find(id);
173 db.CustomerObj.Remove(customerClass);
174 db.SaveChanges();
175 return RedirectToAction("Index");
176 }
177
178 protected override void Dispose(bool disposing)
179 {
180 if (disposing)
181 {
182 db.Dispose();
183 }
184 base.Dispose(disposing);
185 }
186
187
188 }
189}
Note: See TracBrowser for help on using the repository browser.