source: PostgreSqlDotnetCore/Controllers/CustomerController.cs@ a850333

main
Last change on this file since a850333 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer

  • Property mode set to 100644
File size: 8.1 KB
Line 
1using PostgreSqlDotnetCore.Data;
2using Microsoft.AspNetCore.Mvc;
3using System.Net;
4using PostgreSqlDotnetCore.Models;
5using Microsoft.EntityFrameworkCore;
6using System.Security.Cryptography;
7using Microsoft.AspNetCore.Cryptography.KeyDerivation;
8using Microsoft.AspNetCore.Identity;
9
10namespace PostgreSqlDotnetCore.Controllers
11{
12 public class CustomerController : BaseController
13 {
14 public CustomerController(UserManager<IdentityUser> userManager) : base(userManager)
15 {
16 }
17
18 // GET: Customer
19 public async Task<ActionResult> IndexAsync()
20 {
21 UsersClass customerClass = await getCrrentUser();
22
23 ViewBag.isAuthenticated = User.Identity.IsAuthenticated;
24 ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager;
25 // no access for standard user
26 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
27
28 if (customerClass == null)
29 {
30 return RedirectToAction("AccessDenied", "Error");
31 }
32 if (customerClass.role_id == RoleConstants.Standard)
33 {
34 // searching from DB
35
36 var query = from st in db.CustomerObj
37 where st.id == customerClass.id
38 select st;
39
40 var userPets =
41 //db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
42 await query.ToListAsync<UsersClass>();
43 return View(userPets);
44 }
45 else
46 {
47 return View(db.CustomerObj.ToList());
48 }
49
50
51 }
52
53 // GET: Customer/Details/5
54 public async Task<ActionResult> DetailsAsync(int? id)
55 {
56
57 if (id == null)
58 {
59
60 return RedirectToAction("NotExist", "Error");
61 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
62 }
63
64 // check for permission
65 UsersClass customerClass = await getCrrentUser();
66 ViewBag.isAuthenticated = customerClass;
67 if (customerClass == null)
68 {
69 return RedirectToAction("AccessDenied", "Error");
70 }
71
72 customerClass = db.CustomerObj.Find(id);
73 if (customerClass == null)
74 {
75 return RedirectToAction("NotExist", "Error");
76 }
77 // no access for standard user
78 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
79
80 return View(customerClass);
81 }
82
83 // GET: Customer/Create
84 public async Task<ActionResult> CreateAsync()
85 {
86 //ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager;
87
88 // check for permission
89 UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
90 //dodano na 23.08
91 ViewBag.isAuthenticated = await getCrrentUser();
92 if (customerClass == null)
93 {
94 return RedirectToAction("AccessDenied", "Error");
95 }
96 // no access for standard user
97 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
98
99
100 return View();
101 }
102
103 // POST: Customer/Create
104 // To protect from overposting attacks, enable the specific properties you want to bind to, for
105 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
106 [HttpPost]
107 [ValidateAntiForgeryToken]
108 public ActionResult Create([Bind(include: "id,name,lastname,email,password,number,role_id,jobs_id")] UsersClass customerClass)
109 {
110 if (ModelState.IsValid)
111 {
112 byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes
113 // derive a 256-bit subkey (use HMACSHA256 with 100,000 iterations)
114 string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
115 password: customerClass.password!,
116 salt: salt,
117 prf: KeyDerivationPrf.HMACSHA256,
118 iterationCount: 100000,
119 numBytesRequested: 256 / 8));
120 customerClass.password = hashed; // Hash passwords
121 db.CustomerObj.Add(customerClass);
122 db.SaveChanges();
123 return RedirectToAction("Index");
124 }
125
126 return View(customerClass);
127 }
128
129 // GET: Customer/Edit/5
130 public async Task<ActionResult> EditAsync(int? id)
131 {
132 if (id == null)
133 {
134 return RedirectToAction("NotExist", "Error");
135 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
136 }
137 // check for permission
138 UsersClass customerClass = await getCrrentUser();
139 if (customerClass == null)
140 {
141 return RedirectToAction("AccessDenied", "Error");
142 }
143
144 customerClass = db.CustomerObj.Find(id);
145 ViewBag.isAuthenticated = await getCrrentUser();
146 if (customerClass == null)
147 {
148 return View(null);
149 //return HttpNotFound();
150 }
151 // no access for standard user
152 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
153
154 return View(customerClass);
155 }
156
157 // POST: Customer/Edit/5
158 // To protect from overposting attacks, enable the specific properties you want to bind to, for
159 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
160 [HttpPost]
161 [ValidateAntiForgeryToken]
162 public async Task<ActionResult> EditAsync([Bind(include: "id,name,lastname,email,number,role_id,jobs_id")] UsersClass users)
163 {
164 if (ModelState.IsValid)
165 {
166 db.Entry(users).State = EntityState.Modified;
167 await db.SaveChangesAsync();
168 return RedirectToAction("Index");
169 }
170
171 return View(users);
172 }
173
174 // GET: Customer/Delete/5
175 public async Task<ActionResult> DeleteAsync(int? id)
176 {
177 if (id == null)
178 {
179 return RedirectToAction("NotExist", "Error");
180 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
181 }
182 UsersClass customerClass = await getCrrentUser();
183 ViewBag.isAuthenticated = await getCrrentUser();
184 if (customerClass == null)
185 {
186 return RedirectToAction("AccessDenied", "Error");
187 }
188
189 // no access for standard user
190 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
191 return View(customerClass);
192 }
193
194 // POST: Customer/Delete/5
195 [HttpPost, ActionName("Delete")]
196 [ValidateAntiForgeryToken]
197 public ActionResult DeleteConfirmed(int id)
198 {
199 UsersClass customerClass = db.CustomerObj.Find(id);
200 db.CustomerObj.Remove(customerClass);
201 db.SaveChanges();
202 return RedirectToAction("Index");
203 }
204
205 protected override void Dispose(bool disposing)
206 {
207 if (disposing)
208 {
209 db.Dispose();
210 }
211 base.Dispose(disposing);
212 }
213
214
215 }
216}
Note: See TracBrowser for help on using the repository browser.