source: PostgreSqlDotnetCore/Controllers/PetsController.cs@ 118e414

main
Last change on this file since 118e414 was 118e414, checked in by ElenaMoskova <elena.moskova99@…>, 3 months ago

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer
  • Property mode set to 100644
File size: 9.3 KB
Line 
1using Microsoft.AspNetCore.Identity;
2using Microsoft.AspNetCore.Mvc;
3using Microsoft.EntityFrameworkCore;
4using PostgreSqlDotnetCore.Models;
5using System;
6using System.Net;
7
8namespace PostgreSqlDotnetCore.Controllers
9{
10 public class PetsController : BaseController
11 {
12 public PetsController(UserManager<IdentityUser> userManager) : base(userManager)
13 {
14 }
15
16 // GET: Customer
17 public async Task<ActionResult> IndexAsync()
18 {
19 // check for permission
20 UsersClass customerClass = await getCrrentUser();
21
22 // set if is authenticated
23 ViewBag.isAuthenticated = customerClass;
24 if (customerClass == null)
25 {
26 return RedirectToAction("AccessDenied", "Error");
27 }
28 // no access for standard user
29 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
30
31 if (customerClass.role_id == RoleConstants.Standard)
32 {
33 // kco
34 var query = from st in db.PetsObj
35 where st.usersid == customerClass.id
36 select st;
37
38 var userPets =
39 //db.PetsObj.FromSql($"SELECT * FROM pets where usersid={customerClass.id}").ToListAsync();
40 await query.ToListAsync<PetsClass>();
41 return View(userPets);
42 }
43 else
44 {
45 return View(db.PetsObj.ToList());
46 }
47
48 }
49
50 // GET: Customer/Details/5
51 /* public ActionResult Details(int? id)
52 {
53 if (id == null)
54 {
55 return RedirectToAction("NotExist", "Error");
56 }
57 PetsClass peClass = db.PetsObj.Find(id);
58 if (peClass == null)
59 {
60 return RedirectToAction("NotExist", "Error");
61 }
62 return View(peClass);
63 }*/
64
65 public async Task<ActionResult> Details(int? id)
66 {
67 if (id == null)
68 {
69 return RedirectToAction("NotExist", "Error");
70 }
71
72 UsersClass customerClass = await getCrrentUser(); // Добијте ја тековната улога на корисникот
73 ViewBag.isAuthenticated = customerClass;
74
75 PetsClass peClass = await db.PetsObj.FindAsync(id);
76 if (peClass == null)
77 {
78 return RedirectToAction("NotExist", "Error");
79 }
80 // no access for standard user
81 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
82
83
84 return View(peClass);
85 }
86
87 // GET: Customer/Create
88 //public ActionResult Create()
89 //{
90 // return View();
91 //}
92
93 public async Task<ActionResult> CreateAsync()
94 {
95
96 // check for permission
97 UsersClass customerClass = await getCrrentUser();
98 // set if is authenticated
99 ViewBag.isAuthenticated = customerClass;
100 return View();
101 }
102
103 // POST: Customer/Create
104 // To protect from overposting attacks, enable the specific properties you want to bind to, for
105 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
106 [HttpPost]
107 [ValidateAntiForgeryToken]
108 public async Task<ActionResult> CreateAsync([Bind(include: "id,name,color,description,dateofbirthday, usersid,typeofpetsid")] PetsClass peClass)
109 {
110 bool isAuthenticated = User.Identity.IsAuthenticated;
111 if (!isAuthenticated)
112 {
113 // set if is authenticated
114 ViewBag.isAuthenticated = null;
115 return RedirectToAction("AccessDenied", "Error");
116 }
117 ViewBag.isAuthenticated = new UsersClass();
118 // no access for standard user
119 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
120
121 if (ModelState.IsValid)
122 {
123 // set if is authenticated
124 ViewBag.isAuthenticated = new UsersClass();
125 // peClass.dateofbirthday = DateTime.SpecifyKind(peClass.dateofbirthday, DateTimeKind.Utc);
126 var user = await _userManager.GetUserAsync(User);
127 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
128 peClass.usersid = customerClass.id;
129 // voa go pisav tuka na 18.02
130 // PetsClass.dateofbirthday = DateOnly.FromDateTime(DateTime.UtcNow);
131 db.PetsObj.Add(peClass);
132 db.SaveChanges();
133 return RedirectToAction("Index");
134 }
135
136 return View(peClass);
137 }
138
139 // GET: Customer/Edit/5
140 // public ActionResult Edit(int? id)
141 public async Task<ActionResult> Edit(int? id)
142 {
143 if (id == null)
144 {
145 return RedirectToAction("NotExist", "Error");
146 }
147 PetsClass peClass = db.PetsObj.Find(id);
148 if (peClass == null)
149 {
150 return RedirectToAction("NotExist", "Error");
151 }
152 // додадено на 21.08
153 ViewBag.isAuthenticated = await getCrrentUser();
154 // no access for standard user
155 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
156
157 return View(peClass);
158 }
159
160 // POST: Customer/Edit/5
161 // To protect from overposting attacks, enable the specific properties you want to bind to, for
162 // more details see https://go.microsoft.com/fwlink/?LinkId=317598.
163 [HttpPost]
164 [ValidateAntiForgeryToken]
165 public async Task<ActionResult> EditAsync([Bind(include: "id,name, color,description,dateofbirthday, usersid,typeofpetsid")] PetsClass peClass)
166 {
167 bool isAuthenticated = User.Identity.IsAuthenticated;
168 ViewBag.isAuthenticated = await getCrrentUser();
169
170 if (!isAuthenticated)
171 {
172 // set if is authenticated
173 ViewBag.isAuthenticated = null;
174 return RedirectToAction("AccessDenied", "Error");
175 }
176
177 // set if is authenticated
178 // додадено и избришено
179 ViewBag.isAuthenticated = await getCrrentUser();
180 //ViewBag.isAuthenticated = new UsersClass();
181 // no access for standard user
182 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
183
184
185 if (ModelState.IsValid)
186 {
187 //peClass.dateofbirthday = DateTime.SpecifyKind(peClass.dateofbirthday, DateTimeKind.Utc);
188
189 var user = await _userManager.GetUserAsync(User);
190 var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email);
191 peClass.usersid = customerClass.id;
192 db.Entry(peClass).State = EntityState.Modified;
193 db.SaveChanges();
194 return RedirectToAction("Index");
195 }
196 return View(peClass);
197 }
198
199 // GET: Customer/Delete/5
200 /* public ActionResult Delete(int? id)
201 {
202 if (id == null)
203 {
204 return RedirectToAction("NotExist", "Error");
205 }
206 PetsClass peClass = db.PetsObj.Find(id);
207 if (peClass == null)
208 {
209 return RedirectToAction("NotExist", "Error");
210 }
211 return View(peClass);
212 }*/
213
214 public async Task<ActionResult> Delete(int? id)
215 {
216 if (id == null)
217 {
218 return RedirectToAction("NotExist", "Error");
219 }
220
221 UsersClass customerClass = await getCrrentUser(); // Добијте ја тековната улога на корисникот
222 ViewBag.isAuthenticated = customerClass;
223
224 PetsClass peClass = await db.PetsObj.FindAsync(id);
225 if (peClass == null)
226 {
227 return RedirectToAction("NotExist", "Error");
228 }
229 // no access for standard user
230 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
231
232
233 return View(peClass);
234 }
235
236 // POST: Customer/Delete/5
237 [HttpPost, ActionName("Delete")]
238 [ValidateAntiForgeryToken]
239 public ActionResult DeleteConfirmed(int id)
240 {
241 PetsClass peClass = db.PetsObj.Find(id);
242 db.PetsObj.Remove(peClass);
243 db.SaveChanges();
244 return RedirectToAction("Index");
245 }
246
247 protected override void Dispose(bool disposing)
248 {
249 if (disposing)
250 {
251 db.Dispose();
252 }
253 base.Dispose(disposing);
254 }
255 }
256}
Note: See TracBrowser for help on using the repository browser.