Changeset 118e414 for PostgreSqlDotnetCore/Controllers/BlogController.cs

Timestamp:

08/23/24 15:40:14 (2 months ago)

Author:

ElenaMoskova <elena.moskova99@…>

Branches:

main

Children:

e9bb9d1

Parents:

72b1da2

Message:

fix access

implement multiple access pages with different roles
optimize present three structure of BlogPost and Answer

File:

• PostgreSqlDotnetCore/Controllers/BlogController.cs (modified) (7 diffs)

PostgreSqlDotnetCore/Controllers/BlogController.cs

@@ -13 +13 @@
 
         {
-            
+
         }
 
@@ -49 +49 @@
          }*/
 
-          public async Task<ActionResult> Index()
-          {
-              // Проверка за автентикација
-              bool isAuthenticated = User.Identity.IsAuthenticated;
-
-              if (!isAuthenticated)
-              {
-                  return RedirectToAction("AccessDenied", "Error");
-              }
-
-              // Список на блог постови
-              var blogPosts = await db.BlogPostControllerObj.ToListAsync();
-
-              // Вземи тековниот корисник
-              var currentUser = await _userManager.GetUserAsync(User);
-              var customerClass = await db.CustomerObj.SingleOrDefaultAsync(x => x.email == currentUser.Email);
-
-              // Предавање на ViewBag за проверка на автентикација и корисничкиот ID
-              ViewBag.isAuthenticated = isAuthenticated;
-              ViewBag.CurrentUserId = customerClass?.id;
-
-              return View(blogPosts);
-          }
-        
-
-        
+        public async Task<ActionResult> Index()
+        {
+            // Проверка за автентикација
+            bool isAuthenticated = User.Identity.IsAuthenticated;
+
+            if (!isAuthenticated)
+            {
+                return RedirectToAction("AccessDenied", "Error");
+            }
+
+            // Список на блог постови
+            var blogPosts = await db.BlogPostControllerObj.ToListAsync();
+
+            // Вземи тековниот корисник
+            var currentUser = await _userManager.GetUserAsync(User);
+            var customerClass = await db.CustomerObj.SingleOrDefaultAsync(x => x.email == currentUser.Email);
+
+            // Предавање на ViewBag за проверка на автентикација и корисничкиот ID
+            ViewBag.isAuthenticated = isAuthenticated;
+            // no access for standard user
+            ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
+
+            ViewBag.CurrentUserId = customerClass?.id;
+
+            return View(blogPosts);
+        }
+
+
+
 
 
@@ -121 +124 @@
             // set if is authenticated
             ViewBag.isAuthenticated = customerClass;
+            ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
+
             return View();
         }
@@ -197 +202 @@
                 }
             }
+            // no access for standard user
+            ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
+
 
             return View(blogClass);
@@ -217 +225 @@
          }*/
 
-        
+
         public async Task<ActionResult> EditAsync(int id, [Bind(include: "id,date_askes,title,description")] BlogPostConsultation blogClass)
         {
@@ -239 +247 @@
 
         // GET: Customer/Delete/5
-        public async Task<ActionResult> DeleteAsync(int? id) { 
-          //  UsersClass customerClass = await checkAuthorizationAsync();
-
-        ViewBag.isAuthenticated = await getCrrentUser();
-        
+        public async Task<ActionResult> DeleteAsync(int? id)
+        {
+            //  UsersClass customerClass = await checkAuthorizationAsync();
+
+            ViewBag.isAuthenticated = await getCrrentUser();
+
             if (id == null)
-           {
-               return View(null);
-              //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
-            }
-           BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
+            {
+                return View(null);
+                //return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
+            }
+            BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id);
             if (blogClass == null)
             {
                 return View(null);
-               //return HttpNotFound();
+                //return HttpNotFound();
             }
             // check for permission
@@ -271 +280 @@
                 }
             }
+            // no access for standard user
+            ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager);
+
             return View(blogClass);
         }
 
         // POST: Customer/Delete/5
-     
+
 
         [HttpPost, ActionName("Delete")]