source: PostgreSqlDotnetCore/Controllers/PetCaresController.cs@ 118e414

main
Last change on this file since 118e414 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer

  • Property mode set to 100644
File size: 10.1 KB
Line 
1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using Microsoft.AspNetCore.Mvc.Rendering;
5using PostgreSqlDotnetCore.Models;
6using System;
7using System.Net;
8
9namespace PostgreSqlDotnetCore.Controllers
10{
11 public class PetCaresController : BaseController
12 {
13 public PetCaresController(UserManager<IdentityUser> userManager) : base(userManager)
14 {
15 }
16
17
18 [HttpGet]
19 /* public async Task<ActionResult> Create()
20 {
21
22 var vetCenters = await db.VetCentersObj.ToListAsync();
23
24 ViewBag.VetCenters = new SelectList(vetCenters, "id", "name");
25
26 return View();
27 }*/
28 public async Task<ActionResult> Create()
29 {
30
31
32 UsersClass customerClass = await getCrrentUser();
33
34 ViewBag.isAuthenticated = customerClass;
35 var vetCenters = await db.VetCentersObj.ToListAsync();
36 ViewBag.VetCenters = new SelectList(vetCenters, "id", "name");
37
38 return View();
39 }
40
41
42
43
44 // GET: Customer
45 public async Task<ActionResult> IndexAsync()
46 {
47 // check for permission
48 UsersClass customerClass = await getCrrentUser();
49 // set if is authenticated
50 ViewBag.isAuthenticated = customerClass;
51 if (customerClass == null)
52 {
53 return RedirectToAction("AccessDenied", "Error");
54 }
55 // no access for standard user
56 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
57
58 if (customerClass.role_id == RoleConstants.Standard)
59 {
60 // query
61 var query = from st in db.PetCaresObj
62 where st.usersid == customerClass.id
63 select st;
64
65 var userPets =
66 //db.PetCaresObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
67 await query.ToListAsync<Pet_CaresClass>();
68
69 return View(userPets);
70
71 PetCareAllData petCareAllData = new PetCareAllData();
72 petCareAllData.PetCares = userPets;
73
74
75 // query
76 var queryVetCenters = from kk in db.VetCentersObj
77 select kk;
78
79 // query
80 var queryUsers = from st in db.CustomerObj
81 select st;
82
83 var users = await queryUsers.ToListAsync<UsersClass>();
84 petCareAllData.Users = users;
85
86 //var vetCenters = await queryVetCenters.ToListAsync<VetCenter>();
87 //petCareAllData.VetCenters = vetCenters;
88
89 return View(petCareAllData);
90 }
91 else
92 {
93 return View(db.PetCaresObj.ToList());
94 }
95
96 }
97
98 // GET: Customer/Details/5
99 public async Task<ActionResult> Details(int? id)
100 {
101 if (id == null)
102 {
103 return RedirectToAction("NotExist", "Error");
104 }
105 UsersClass customerClass = await getCrrentUser();
106 ViewBag.isAuthenticated = customerClass;
107 Pet_CaresClass peClass = db.PetCaresObj.Find(id);
108 if (peClass == null)
109 {
110 return RedirectToAction("NotExist", "Error");
111 }
112 // no access for standard user
113 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
114
115 return View(peClass);
116 }
117
118 // GET: Customer/Create
119 //public ActionResult Create()
120 //{
121 // return View();
122 //}
123
124 /*public ActionResult Create()
125 {
126
127 return View();
128 }*/
129
130 // POST: Customer/Create
131 // To protect from overposting attacks, enable the specific properties you want to bind to, for
132 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
133 [HttpPost]
134 [ValidateAntiForgeryToken]
135 public async Task<ActionResult> CreateAsync([Bind(include: "id,title,description,dateending, start_date, usersid, vetcentersid")] Pet_CaresClass peClass)
136 {
137 bool isAuthenticated = User.Identity.IsAuthenticated;
138 if (!isAuthenticated)
139 {
140 return RedirectToAction("AccessDenied", "Error");
141 }
142 ViewBag.isAuthenticated = new UsersClass();
143 // no access for standard user
144 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
145
146 if (ModelState.IsValid)
147 {
148 ViewBag.isAuthenticated = new UsersClass();
149 peClass.dateending = DateTime.SpecifyKind(peClass.dateending, DateTimeKind.Utc);
150 peClass.start_date = DateTime.SpecifyKind(peClass.start_date, DateTimeKind.Utc);
151 var user = await _userManager.GetUserAsync(User);
152 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
153 peClass.usersid = customerClass.id;
154 db.PetCaresObj.Add(peClass);
155 db.SaveChanges();
156 return RedirectToAction("Index");
157 }
158 var vetCenters = await db.VetCentersObj.ToListAsync();
159 ViewBag.VetCenters = new SelectList(vetCenters, "id", "name");
160
161 return View(peClass);
162 }
163
164
165
166
167
168
169
170
171
172
173 // GET: Customer/Edit/5
174 /* public ActionResult Edit(int? id)
175 {
176 if (id == null)
177 {
178 return RedirectToAction("NotExist", "Error");
179 }
180 Pet_CaresClass peClass = db.PetCaresObj.Find(id);
181 if (peClass == null)
182 {
183 return RedirectToAction("NotExist", "Error");
184 }
185
186
187 return View(peClass);
188 }*/
189 // GET: Customer/Edit/5
190 /* public ActionResult Edit(int? id)
191 {
192 if (id == null)
193 {
194 return RedirectToAction("NotExist", "Error");
195 }
196 Pet_CaresClass peClass = db.PetCaresObj.Find(id);
197 if (peClass == null)
198 {
199 return RedirectToAction("NotExist", "Error");
200 }
201
202
203 return View(peClass);
204 }*/
205 public async Task<ActionResult> Edit(int? id)
206 {
207 if (id == null)
208 {
209 return RedirectToAction("NotExist", "Error");
210 }
211
212 Pet_CaresClass peClass = await db.PetCaresObj.FindAsync(id);
213 if (peClass == null)
214 {
215 return RedirectToAction("NotExist", "Error");
216 }
217
218 var vetCenters = await db.VetCentersObj.ToListAsync();
219 ViewBag.VetCenters = new SelectList(vetCenters, "id", "name", peClass.vetcentersid);
220 // dodadeno na 22.08
221 ViewBag.isAuthenticated = await getCrrentUser();
222 return View(peClass);
223 }
224
225
226
227 // POST: Customer/Edit/5
228 // To protect from overposting attacks, enable the specific properties you want to bind to, for
229 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
230 [HttpPost]
231 [ValidateAntiForgeryToken]
232 public async Task<ActionResult> EditAsync([Bind(include: "id,title,description,dateending, vetcentersid")] Pet_CaresClass peClass)
233 {
234 bool isAuthenticated = User.Identity.IsAuthenticated;
235 if (!isAuthenticated)
236 {
237 return RedirectToAction("AccessDenied", "Error");
238 }
239 ViewBag.isAuthenticated = await getCrrentUser();
240 // no access for standard user
241 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
242
243 if (ModelState.IsValid)
244 {
245 peClass.dateending = DateTime.SpecifyKind(peClass.dateending, DateTimeKind.Utc);
246 var user = await _userManager.GetUserAsync(User);
247 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
248 peClass.usersid = customerClass.id;
249 db.Entry(peClass).State = EntityState.Modified;
250 db.SaveChanges();
251 return RedirectToAction("Index");
252 }
253 return View(peClass);
254 }
255
256
257
258
259 // GET: Customer/Delete/5
260 public async Task<ActionResult> Delete(int? id)
261 {
262 if (id == null)
263 {
264 return RedirectToAction("NotExist", "Error");
265 }
266 UsersClass customerClass = await getCrrentUser(); // Добијте ја тековната улога на корисникот
267 ViewBag.isAuthenticated = customerClass;
268 Pet_CaresClass peClass = db.PetCaresObj.Find(id);
269 if (peClass == null)
270 {
271 return RedirectToAction("NotExist", "Error");
272 }
273 // no access for standard user
274 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
275
276 return View(peClass);
277 }
278
279 // POST: Customer/Delete/5
280 [HttpPost, ActionName("Delete")]
281 [ValidateAntiForgeryToken]
282 public ActionResult DeleteConfirmed(int id)
283 {
284 Pet_CaresClass peClass = db.PetCaresObj.Find(id);
285 db.PetCaresObj.Remove(peClass);
286 db.SaveChanges();
287 return RedirectToAction("Index");
288 }
289
290 protected override void Dispose(bool disposing)
291 {
292 if (disposing)
293 {
294 db.Dispose();
295 }
296 base.Dispose(disposing);
297 }
298 }
299}
Note: See TracBrowser for help on using the repository browser.