- Timestamp:
- 08/23/24 15:40:14 (5 weeks ago)
- Branches:
- main
- Children:
- e9bb9d1
- Parents:
- 72b1da2
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
PostgreSqlDotnetCore/Controllers/CustomerController.cs
r72b1da2 r118e414 19 19 public async Task<ActionResult> IndexAsync() 20 20 { 21 UsersClass customerClass = await getCrrentUser(); 21 UsersClass customerClass = await getCrrentUser(); 22 23 ViewBag.isAuthenticated = User.Identity.IsAuthenticated; 24 ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager; 25 // no access for standard user 26 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 27 22 28 if (customerClass == null) 23 29 { … … 41 47 return View(db.CustomerObj.ToList()); 42 48 } 43 49 50 44 51 } 45 52 … … 57 64 // check for permission 58 65 UsersClass customerClass = await getCrrentUser(); 66 ViewBag.isAuthenticated = customerClass; 59 67 if (customerClass == null) 60 68 { … … 67 75 return RedirectToAction("NotExist", "Error"); 68 76 } 77 // no access for standard user 78 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 79 69 80 return View(customerClass); 70 81 } … … 73 84 public async Task<ActionResult> CreateAsync() 74 85 { 86 //ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager; 87 75 88 // check for permission 76 UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin); 77 if (customerClass == null) 78 { 79 return RedirectToAction("AccessDenied", "Error"); 80 } 89 UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 90 //dodano na 23.08 91 ViewBag.isAuthenticated = await getCrrentUser(); 92 if (customerClass == null) 93 { 94 return RedirectToAction("AccessDenied", "Error"); 95 } 96 // no access for standard user 97 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 98 81 99 82 100 return View(); … … 125 143 126 144 customerClass = db.CustomerObj.Find(id); 145 ViewBag.isAuthenticated = await getCrrentUser(); 127 146 if (customerClass == null) 128 147 { … … 130 149 //return HttpNotFound(); 131 150 } 151 // no access for standard user 152 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 153 132 154 return View(customerClass); 133 155 } … … 159 181 } 160 182 UsersClass customerClass = await getCrrentUser(); 161 if (customerClass == null) 162 { 163 return RedirectToAction("AccessDenied", "Error"); 164 } 183 ViewBag.isAuthenticated = await getCrrentUser(); 184 if (customerClass == null) 185 { 186 return RedirectToAction("AccessDenied", "Error"); 187 } 188 189 // no access for standard user 190 ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); 165 191 return View(customerClass); 166 192 }
Note:
See TracChangeset
for help on using the changeset viewer.
