source: PostgreSqlDotnetCore/Controllers/CustomerController.cs@ 2639fab

main
Last change on this file since 2639fab was 784b3ad, checked in by ElenaMoskova <elena.moskova99@…>, 2 months ago

Update CustomerController.cs

ADD comment
  • Property mode set to 100644
File size: 6.4 KB
Line 
1using PostgreSqlDotnetCore.Data;
2using Microsoft.AspNetCore.Mvc;
3using System.Net;
4using PostgreSqlDotnetCore.Models;
5using Microsoft.EntityFrameworkCore;
6using System.Security.Cryptography;
7using Microsoft.AspNetCore.Cryptography.KeyDerivation;
8using Microsoft.AspNetCore.Identity;
9
10namespace PostgreSqlDotnetCore.Controllers
11{
12 public class CustomerController : BaseController
13 {
14 public CustomerController(UserManager<IdentityUser> userManager) : base(userManager)
15 {
16 }
17
18 // GET: Customer
19 public async Task<ActionResult> IndexAsync()
20 {
21 UsersClass customerClass = await getCrrentUser();
22 if (customerClass == null)
23 {
24 return RedirectToAction("AccessDenied", "Error");
25 }
26 if (customerClass.role_id == RoleConstants.Standard)
27 {
28 // searching from DB
29
30 var query = from st in db.CustomerObj
31 where st.id == customerClass.id
32 select st;
33
34 var userPets =
35 //db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
36 await query.ToListAsync<UsersClass>();
37 return View(userPets);
38 }
39 else
40 {
41 return View(db.CustomerObj.ToList());
42 }
43
44 }
45
46 // GET: Customer/Details/5
47 public async Task<ActionResult> DetailsAsync(int? id)
48 {
49
50 if (id == null)
51 {
52
53 return RedirectToAction("NotExist", "Error");
54 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
55 }
56
57 // check for permission
58 UsersClass customerClass = await getCrrentUser();
59 if (customerClass == null)
60 {
61 return RedirectToAction("AccessDenied", "Error");
62 }
63
64 customerClass = db.CustomerObj.Find(id);
65 if (customerClass == null)
66 {
67 return RedirectToAction("NotExist", "Error");
68 }
69 return View(customerClass);
70 }
71
72 // GET: Customer/Create
73 public async Task<ActionResult> CreateAsync()
74 {
75 // check for permission
76 UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin);
77 if (customerClass == null)
78 {
79 return RedirectToAction("AccessDenied", "Error");
80 }
81
82 return View();
83 }
84
85 // POST: Customer/Create
86 // To protect from overposting attacks, enable the specific properties you want to bind to, for
87 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
88 [HttpPost]
89 [ValidateAntiForgeryToken]
90 public ActionResult Create([Bind(include: "id,name,lastname,email,password,number,role_id,jobs_id")] UsersClass customerClass)
91 {
92 if (ModelState.IsValid)
93 {
94 byte[] salt = RandomNumberGenerator.GetBytes(128 / 8); // divide by 8 to convert bits to bytes
95 // derive a 256-bit subkey (use HMACSHA256 with 100,000 iterations)
96 string hashed = Convert.ToBase64String(KeyDerivation.Pbkdf2(
97 password: customerClass.password!,
98 salt: salt,
99 prf: KeyDerivationPrf.HMACSHA256,
100 iterationCount: 100000,
101 numBytesRequested: 256 / 8));
102 customerClass.password = hashed; // Hash passwords
103 db.CustomerObj.Add(customerClass);
104 db.SaveChanges();
105 return RedirectToAction("Index");
106 }
107
108 return View(customerClass);
109 }
110
111 // GET: Customer/Edit/5
112 public async Task<ActionResult> EditAsync(int? id)
113 {
114 if (id == null)
115 {
116 return RedirectToAction("NotExist", "Error");
117 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
118 }
119 // check for permission
120 UsersClass customerClass = await getCrrentUser();
121 if (customerClass == null)
122 {
123 return RedirectToAction("AccessDenied", "Error");
124 }
125
126 customerClass = db.CustomerObj.Find(id);
127 if (customerClass == null)
128 {
129 return View(null);
130 //return HttpNotFound();
131 }
132 return View(customerClass);
133 }
134
135 // POST: Customer/Edit/5
136 // To protect from overposting attacks, enable the specific properties you want to bind to, for
137 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
138 [HttpPost]
139 [ValidateAntiForgeryToken]
140 public async Task<ActionResult> EditAsync([Bind(include: "id,name,lastname,email,number,role_id,jobs_id")] UsersClass users)
141 {
142 if (ModelState.IsValid)
143 {
144 db.Entry(users).State = EntityState.Modified;
145 await db.SaveChangesAsync();
146 return RedirectToAction("Index");
147 }
148
149 return View(users);
150 }
151
152 // GET: Customer/Delete/5
153 public async Task<ActionResult> DeleteAsync(int? id)
154 {
155 if (id == null)
156 {
157 return RedirectToAction("NotExist", "Error");
158 //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
159 }
160 UsersClass customerClass = await getCrrentUser();
161 if (customerClass == null)
162 {
163 return RedirectToAction("AccessDenied", "Error");
164 }
165 return View(customerClass);
166 }
167
168 // POST: Customer/Delete/5
169 [HttpPost, ActionName("Delete")]
170 [ValidateAntiForgeryToken]
171 public ActionResult DeleteConfirmed(int id)
172 {
173 UsersClass customerClass = db.CustomerObj.Find(id);
174 db.CustomerObj.Remove(customerClass);
175 db.SaveChanges();
176 return RedirectToAction("Index");
177 }
178
179 protected override void Dispose(bool disposing)
180 {
181 if (disposing)
182 {
183 db.Dispose();
184 }
185 base.Dispose(disposing);
186 }
187
188
189 }
190}
Note: See TracBrowser for help on using the repository browser.