source: PostgreSqlDotnetCore/Controllers/PetsController.cs@ 118e414

main
Last change on this file since 118e414 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer

  • Property mode set to 100644
File size: 9.3 KB
RevLine 
[2aea0fd]1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Models;
5using System;
6using System.Net;
7
8namespace PostgreSqlDotnetCore.Controllers
9{
10 public class PetsController : BaseController
11 {
12 public PetsController(UserManager<IdentityUser> userManager) : base(userManager)
13 {
14 }
15
16 // GET: Customer
17 public async Task<ActionResult> IndexAsync()
18 {
19 // check for permission
20 UsersClass customerClass = await getCrrentUser();
[6782104]21
22 // set if is authenticated
23 ViewBag.isAuthenticated = customerClass;
[2aea0fd]24 if (customerClass == null)
25 {
26 return RedirectToAction("AccessDenied", "Error");
27 }
[118e414]28 // no access for standard user
29 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
30
[2aea0fd]31 if (customerClass.role_id == RoleConstants.Standard)
32 {
33 // kco
[118e414]34 var query = from st in db.PetsObj
[2aea0fd]35 where st.usersid == customerClass.id
36 select st;
37
38 var userPets =
39 //db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
40 await query.ToListAsync<PetsClass>();
41 return View(userPets);
[118e414]42 }
43 else
[2aea0fd]44 {
45 return View(db.PetsObj.ToList());
46 }
47
48 }
49
50 // GET: Customer/Details/5
[57fc402]51 /* public ActionResult Details(int? id)
52 {
53 if (id == null)
54 {
55 return RedirectToAction("NotExist", "Error");
56 }
57 PetsClass peClass = db.PetsObj.Find(id);
58 if (peClass == null)
59 {
60 return RedirectToAction("NotExist", "Error");
61 }
62 return View(peClass);
63 }*/
64
65 public async Task<ActionResult> Details(int? id)
[2aea0fd]66 {
67 if (id == null)
68 {
69 return RedirectToAction("NotExist", "Error");
70 }
[57fc402]71
72 UsersClass customerClass = await getCrrentUser(); // Добијте ја тековната улога на корисникот
73 ViewBag.isAuthenticated = customerClass;
74
75 PetsClass peClass = await db.PetsObj.FindAsync(id);
[2aea0fd]76 if (peClass == null)
77 {
78 return RedirectToAction("NotExist", "Error");
79 }
[118e414]80 // no access for standard user
81 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
82
[57fc402]83
[2aea0fd]84 return View(peClass);
85 }
86
87 // GET: Customer/Create
88 //public ActionResult Create()
89 //{
90 // return View();
91 //}
92
[6782104]93 public async Task<ActionResult> CreateAsync()
[2aea0fd]94 {
[6782104]95
96 // check for permission
97 UsersClass customerClass = await getCrrentUser();
98 // set if is authenticated
99 ViewBag.isAuthenticated = customerClass;
[2aea0fd]100 return View();
101 }
102
103 // POST: Customer/Create
104 // To protect from overposting attacks, enable the specific properties you want to bind to, for
105 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
106 [HttpPost]
107 [ValidateAntiForgeryToken]
[8f8226c]108 public async Task<ActionResult> CreateAsync([Bind(include: "id,name,color,description,dateofbirthday, usersid,typeofpetsid")] PetsClass peClass)
[2aea0fd]109 {
110 bool isAuthenticated = User.Identity.IsAuthenticated;
111 if (!isAuthenticated)
112 {
[6782104]113 // set if is authenticated
114 ViewBag.isAuthenticated = null;
[2aea0fd]115 return RedirectToAction("AccessDenied", "Error");
116 }
[6782104]117 ViewBag.isAuthenticated = new UsersClass();
[118e414]118 // no access for standard user
119 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
[6782104]120
[2aea0fd]121 if (ModelState.IsValid)
122 {
[6782104]123 // set if is authenticated
124 ViewBag.isAuthenticated = new UsersClass();
125 // peClass.dateofbirthday = DateTime.SpecifyKind(peClass.dateofbirthday, DateTimeKind.Utc);
[2aea0fd]126 var user = await _userManager.GetUserAsync(User);
127 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
128 peClass.usersid = customerClass.id;
129 // voa go pisav tuka na 18.02
[118e414]130 // PetsClass.dateofbirthday = DateOnly.FromDateTime(DateTime.UtcNow);
[2aea0fd]131 db.PetsObj.Add(peClass);
132 db.SaveChanges();
133 return RedirectToAction("Index");
134 }
135
136 return View(peClass);
137 }
138
139 // GET: Customer/Edit/5
[57fc402]140 // public ActionResult Edit(int? id)
141 public async Task<ActionResult> Edit(int? id)
[2aea0fd]142 {
143 if (id == null)
144 {
145 return RedirectToAction("NotExist", "Error");
146 }
147 PetsClass peClass = db.PetsObj.Find(id);
148 if (peClass == null)
149 {
150 return RedirectToAction("NotExist", "Error");
151 }
[57fc402]152 // додадено на 21.08
153 ViewBag.isAuthenticated = await getCrrentUser();
[118e414]154 // no access for standard user
155 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
156
[2aea0fd]157 return View(peClass);
158 }
159
160 // POST: Customer/Edit/5
161 // To protect from overposting attacks, enable the specific properties you want to bind to, for
162 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
163 [HttpPost]
164 [ValidateAntiForgeryToken]
[8f8226c]165 public async Task<ActionResult> EditAsync([Bind(include: "id,name, color,description,dateofbirthday, usersid,typeofpetsid")] PetsClass peClass)
[2aea0fd]166 {
167 bool isAuthenticated = User.Identity.IsAuthenticated;
[57fc402]168 ViewBag.isAuthenticated = await getCrrentUser();
169
[2aea0fd]170 if (!isAuthenticated)
171 {
[6782104]172 // set if is authenticated
173 ViewBag.isAuthenticated = null;
[2aea0fd]174 return RedirectToAction("AccessDenied", "Error");
175 }
[6782104]176
177 // set if is authenticated
[57fc402]178 // додадено и избришено
179 ViewBag.isAuthenticated = await getCrrentUser();
180 //ViewBag.isAuthenticated = new UsersClass();
[118e414]181 // no access for standard user
182 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
183
184
[2aea0fd]185 if (ModelState.IsValid)
186 {
187 //peClass.dateofbirthday = DateTime.SpecifyKind(peClass.dateofbirthday, DateTimeKind.Utc);
[118e414]188
[2aea0fd]189 var user = await _userManager.GetUserAsync(User);
190 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
191 peClass.usersid = customerClass.id;
192 db.Entry(peClass).State = EntityState.Modified;
193 db.SaveChanges();
194 return RedirectToAction("Index");
195 }
196 return View(peClass);
197 }
198
199 // GET: Customer/Delete/5
[57fc402]200 /* public ActionResult Delete(int? id)
201 {
202 if (id == null)
203 {
204 return RedirectToAction("NotExist", "Error");
205 }
206 PetsClass peClass = db.PetsObj.Find(id);
207 if (peClass == null)
208 {
209 return RedirectToAction("NotExist", "Error");
210 }
211 return View(peClass);
212 }*/
213
214 public async Task<ActionResult> Delete(int? id)
[2aea0fd]215 {
216 if (id == null)
217 {
218 return RedirectToAction("NotExist", "Error");
219 }
[57fc402]220
221 UsersClass customerClass = await getCrrentUser(); // Добијте ја тековната улога на корисникот
222 ViewBag.isAuthenticated = customerClass;
223
224 PetsClass peClass = await db.PetsObj.FindAsync(id);
[2aea0fd]225 if (peClass == null)
226 {
227 return RedirectToAction("NotExist", "Error");
228 }
[118e414]229 // no access for standard user
230 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
231
[57fc402]232
[2aea0fd]233 return View(peClass);
234 }
235
236 // POST: Customer/Delete/5
237 [HttpPost, ActionName("Delete")]
238 [ValidateAntiForgeryToken]
239 public ActionResult DeleteConfirmed(int id)
240 {
241 PetsClass peClass = db.PetsObj.Find(id);
242 db.PetsObj.Remove(peClass);
243 db.SaveChanges();
244 return RedirectToAction("Index");
245 }
246
247 protected override void Dispose(bool disposing)
248 {
249 if (disposing)
250 {
251 db.Dispose();
252 }
253 base.Dispose(disposing);
254 }
255 }
256}
Note: See TracBrowser for help on using the repository browser.