Index: PostgreSqlDotnetCore/Controllers/BlogController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/BlogController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/BlogController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -13,5 +13,5 @@ { - + } @@ -49,30 +49,33 @@ }*/ - public async Task Index() - { - // Проверка за автентикација - bool isAuthenticated = User.Identity.IsAuthenticated; - - if (!isAuthenticated) - { - return RedirectToAction("AccessDenied", "Error"); - } - - // Список на блог постови - var blogPosts = await db.BlogPostControllerObj.ToListAsync(); - - // Вземи тековниот корисник - var currentUser = await _userManager.GetUserAsync(User); - var customerClass = await db.CustomerObj.SingleOrDefaultAsync(x => x.email == currentUser.Email); - - // Предавање на ViewBag за проверка на автентикација и корисничкиот ID - ViewBag.isAuthenticated = isAuthenticated; - ViewBag.CurrentUserId = customerClass?.id; - - return View(blogPosts); - } - - - + public async Task Index() + { + // Проверка за автентикација + bool isAuthenticated = User.Identity.IsAuthenticated; + + if (!isAuthenticated) + { + return RedirectToAction("AccessDenied", "Error"); + } + + // Список на блог постови + var blogPosts = await db.BlogPostControllerObj.ToListAsync(); + + // Вземи тековниот корисник + var currentUser = await _userManager.GetUserAsync(User); + var customerClass = await db.CustomerObj.SingleOrDefaultAsync(x => x.email == currentUser.Email); + + // Предавање на ViewBag за проверка на автентикација и корисничкиот ID + ViewBag.isAuthenticated = isAuthenticated; + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + + ViewBag.CurrentUserId = customerClass?.id; + + return View(blogPosts); + } + + + @@ -121,4 +124,6 @@ // set if is authenticated ViewBag.isAuthenticated = customerClass; + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); } @@ -197,4 +202,7 @@ } } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(blogClass); @@ -217,5 +225,5 @@ }*/ - + public async Task EditAsync(int id, [Bind(include: "id,date_askes,title,description")] BlogPostConsultation blogClass) { @@ -239,19 +247,20 @@ // GET: Customer/Delete/5 - public async Task DeleteAsync(int? id) { - // UsersClass customerClass = await checkAuthorizationAsync(); - - ViewBag.isAuthenticated = await getCrrentUser(); - + public async Task DeleteAsync(int? id) + { + // UsersClass customerClass = await checkAuthorizationAsync(); + + ViewBag.isAuthenticated = await getCrrentUser(); + if (id == null) - { - return View(null); - //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); - } - BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id); + { + return View(null); + //return new HttpStatusCodeResult(HttpStatusCode.BadRequest); + } + BlogPostConsultation blogClass = db.BlogPostControllerObj.Find(id); if (blogClass == null) { return View(null); - //return HttpNotFound(); + //return HttpNotFound(); } // check for permission @@ -271,9 +280,12 @@ } } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(blogClass); } // POST: Customer/Delete/5 - + [HttpPost, ActionName("Delete")] Index: PostgreSqlDotnetCore/Controllers/BlogPostAnswersController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/BlogPostAnswersController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/BlogPostAnswersController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -58,11 +58,35 @@ [HttpPost] [ValidateAntiForgeryToken] - public ActionResult Create([Bind(include: "id,parent_id,reply,root_post,usersID")] BlogPostAnswers answerClass) + public async Task CreateAsync(int? id, int? parentId, [Bind(include: "reply")] BlogPostAnswers answerClass) { - if (ModelState.IsValid) + + //string id = Request.Query["BlogId"]; + if (id == null && id > 0) { + return RedirectToAction("NotExist", "Error"); + } + //string id = Request.Query["BlogId"]; + if (parentId== null && parentId > 0) + { + return RedirectToAction("NotExist", "Error"); + } + if (answerClass != null && answerClass.reply.Length > 0) + { + + var user = await _userManager.GetUserAsync(User); + if (user == null) + { + return RedirectToAction("AccessDenied", "Error"); + } + + + var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email); + answerClass.usersid = customerClass.id; + answerClass.BlogPostConsultationid = (int)id; + answerClass.parent_id = (int)parentId; db.BlogPostAnswersObj.Add(answerClass); db.SaveChanges(); - return RedirectToAction("Index"); + //return RedirectToAction("Index"); + return RedirectToAction("Details", "Blog", new { id }); } Index: PostgreSqlDotnetCore/Controllers/CityController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/CityController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/CityController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -16,19 +16,21 @@ // GET: Customer public async Task IndexAsync() - { - // check for permission - UsersClass customerClass = await checkAuthorizationAsync(); + { + // check for permission + UsersClass customerClass = await checkAuthorizationAsync(); + ViewBag.isAuthenticated = User.Identity.IsAuthenticated; - - if (customerClass == null) - { - return RedirectToAction("AccessDenied", "Error"); - } + if (customerClass == null) + { + return RedirectToAction("AccessDenied", "Error"); + } var citiess = await db.CitiesObj.ToListAsync(); + // проба на 23.08 + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); return View(citiess); } - + @@ -50,5 +52,6 @@ // GET: Customer/Details/5 - public ActionResult Details(int? id) + //public ActionResult Details(int? id) + public async Task Details(int? id) { if (id == null) @@ -57,8 +60,13 @@ } CitiesClass cityClass = db.CitiesObj.Find(id); + UsersClass customerClass = await getCrrentUser(); + ViewBag.isAuthenticated = customerClass; if (cityClass == null) { return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(cityClass); } @@ -70,7 +78,11 @@ //} - public ActionResult Create() + //public ActionResult Create() + public async Task CreateAsync() { - + UsersClass customerClass = await getCrrentUser(); + // set if is authenticated + ViewBag.isAuthenticated = customerClass; + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); return View(); } @@ -83,4 +95,5 @@ public ActionResult Create([Bind(include: "id,name")] CitiesClass cityClass) { + if (ModelState.IsValid) { @@ -94,5 +107,6 @@ // GET: Customer/Edit/5 - public ActionResult Edit(int? id) + // public ActionResult Edit(int? id) + public async Task Edit(int? id) { if (id == null) @@ -101,8 +115,13 @@ } CitiesClass cityClass = db.CitiesObj.Find(id); + //22.08 + ViewBag.isAuthenticated = await getCrrentUser(); if (cityClass == null) { return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(cityClass); } @@ -125,6 +144,11 @@ // GET: Customer/Delete/5 - public ActionResult Delete(int? id) + // public ActionResult Delete(int? id) + public async Task Delete(int? id) { + + UsersClass customerClass = await checkAuthorizationAsync(); + + ViewBag.isAuthenticated = await getCrrentUser(); if (id == null) { @@ -136,4 +160,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(cityClass); } @@ -161,5 +188,5 @@ - + } } Index: PostgreSqlDotnetCore/Controllers/CustomerController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/CustomerController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/CustomerController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -19,5 +19,11 @@ public async Task IndexAsync() { - UsersClass customerClass = await getCrrentUser(); + UsersClass customerClass = await getCrrentUser(); + + ViewBag.isAuthenticated = User.Identity.IsAuthenticated; + ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager; + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + if (customerClass == null) { @@ -41,5 +47,6 @@ return View(db.CustomerObj.ToList()); } - + + } @@ -57,4 +64,5 @@ // check for permission UsersClass customerClass = await getCrrentUser(); + ViewBag.isAuthenticated = customerClass; if (customerClass == null) { @@ -67,4 +75,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(customerClass); } @@ -73,10 +84,17 @@ public async Task CreateAsync() { + //ViewBag.CanCreate = customerClass.role_id == RoleConstants.Admin || customerClass.role_id == RoleConstants.Manager; + // check for permission - UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin); - if (customerClass == null) - { - return RedirectToAction("AccessDenied", "Error"); - } + UsersClass customerClass = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + //dodano na 23.08 + ViewBag.isAuthenticated = await getCrrentUser(); + if (customerClass == null) + { + return RedirectToAction("AccessDenied", "Error"); + } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); @@ -125,4 +143,5 @@ customerClass = db.CustomerObj.Find(id); + ViewBag.isAuthenticated = await getCrrentUser(); if (customerClass == null) { @@ -130,4 +149,7 @@ //return HttpNotFound(); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(customerClass); } @@ -159,8 +181,12 @@ } UsersClass customerClass = await getCrrentUser(); - if (customerClass == null) - { - return RedirectToAction("AccessDenied", "Error"); - } + ViewBag.isAuthenticated = await getCrrentUser(); + if (customerClass == null) + { + return RedirectToAction("AccessDenied", "Error"); + } + + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); return View(customerClass); } Index: PostgreSqlDotnetCore/Controllers/ErrorController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/ErrorController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/ErrorController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -4,4 +4,5 @@ using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; + using PostgreSqlDotnetCore.Models; using System.Threading.Tasks; @@ -17,4 +18,7 @@ // set if is authenticated ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); } @@ -24,4 +28,7 @@ // set if is authenticated ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); } Index: PostgreSqlDotnetCore/Controllers/HomeController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/HomeController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/HomeController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -59,4 +59,8 @@ // set if is authenticated ViewBag.isAuthenticated = await getCrrentUser(); + // проба на 23.08 + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + } @@ -75,4 +79,7 @@ // set if is authenticated ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); } @@ -81,4 +88,7 @@ // set if is authenticated ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(); } Index: PostgreSqlDotnetCore/Controllers/PetCaresController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/PetCaresController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/PetCaresController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -26,18 +26,18 @@ return View(); }*/ - public async Task Create() - { - - + public async Task Create() + { + + UsersClass customerClass = await getCrrentUser(); - + ViewBag.isAuthenticated = customerClass; var vetCenters = await db.VetCentersObj.ToListAsync(); - ViewBag.VetCenters = new SelectList(vetCenters, "id", "name"); - - return View(); - } - - + ViewBag.VetCenters = new SelectList(vetCenters, "id", "name"); + + return View(); + } + + @@ -53,8 +53,11 @@ return RedirectToAction("AccessDenied", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + if (customerClass.role_id == RoleConstants.Standard) { // query - var query = from st in db.PetCaresObj + var query = from st in db.PetCaresObj where st.usersid == customerClass.id select st; @@ -72,5 +75,5 @@ // query var queryVetCenters = from kk in db.VetCentersObj - select kk; + select kk; // query @@ -85,5 +88,6 @@ return View(petCareAllData); - } else + } + else { return View(db.PetCaresObj.ToList()); @@ -99,5 +103,5 @@ return RedirectToAction("NotExist", "Error"); } - UsersClass customerClass = await getCrrentUser(); + UsersClass customerClass = await getCrrentUser(); ViewBag.isAuthenticated = customerClass; Pet_CaresClass peClass = db.PetCaresObj.Find(id); @@ -106,4 +110,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(peClass); } @@ -126,35 +133,37 @@ [HttpPost] [ValidateAntiForgeryToken] - public async Task CreateAsync([Bind(include: "id,title,description,dateending, start_date, usersid, vetcentersid")] Pet_CaresClass peClass) - { - bool isAuthenticated = User.Identity.IsAuthenticated; - if (!isAuthenticated) - { - return RedirectToAction("AccessDenied", "Error"); - } + public async Task CreateAsync([Bind(include: "id,title,description,dateending, start_date, usersid, vetcentersid")] Pet_CaresClass peClass) + { + bool isAuthenticated = User.Identity.IsAuthenticated; + if (!isAuthenticated) + { + return RedirectToAction("AccessDenied", "Error"); + } ViewBag.isAuthenticated = new UsersClass(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); if (ModelState.IsValid) - { + { ViewBag.isAuthenticated = new UsersClass(); peClass.dateending = DateTime.SpecifyKind(peClass.dateending, DateTimeKind.Utc); - peClass.start_date = DateTime.SpecifyKind(peClass.start_date, DateTimeKind.Utc); - var user = await _userManager.GetUserAsync(User); - var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email); - peClass.usersid = customerClass.id; - db.PetCaresObj.Add(peClass); - db.SaveChanges(); - return RedirectToAction("Index"); - } - var vetCenters = await db.VetCentersObj.ToListAsync(); - ViewBag.VetCenters = new SelectList(vetCenters, "id", "name"); - - return View(peClass); - } - - - - - + peClass.start_date = DateTime.SpecifyKind(peClass.start_date, DateTimeKind.Utc); + var user = await _userManager.GetUserAsync(User); + var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email); + peClass.usersid = customerClass.id; + db.PetCaresObj.Add(peClass); + db.SaveChanges(); + return RedirectToAction("Index"); + } + var vetCenters = await db.VetCentersObj.ToListAsync(); + ViewBag.VetCenters = new SelectList(vetCenters, "id", "name"); + + return View(peClass); + } + + + + + @@ -229,4 +238,6 @@ } ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); if (ModelState.IsValid) @@ -260,4 +271,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(peClass); } Index: PostgreSqlDotnetCore/Controllers/PetsController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/PetsController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/PetsController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -26,8 +26,11 @@ return RedirectToAction("AccessDenied", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + if (customerClass.role_id == RoleConstants.Standard) { // kco - var query = from st in db.PetsObj + var query = from st in db.PetsObj where st.usersid == customerClass.id select st; @@ -37,5 +40,6 @@ await query.ToListAsync(); return View(userPets); - } else + } + else { return View(db.PetsObj.ToList()); @@ -74,4 +78,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(peClass); @@ -109,4 +116,6 @@ } ViewBag.isAuthenticated = new UsersClass(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); if (ModelState.IsValid) @@ -119,5 +128,5 @@ peClass.usersid = customerClass.id; // voa go pisav tuka na 18.02 - // PetsClass.dateofbirthday = DateOnly.FromDateTime(DateTime.UtcNow); + // PetsClass.dateofbirthday = DateOnly.FromDateTime(DateTime.UtcNow); db.PetsObj.Add(peClass); db.SaveChanges(); @@ -143,4 +152,7 @@ // додадено на 21.08 ViewBag.isAuthenticated = await getCrrentUser(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(peClass); } @@ -167,10 +179,12 @@ ViewBag.isAuthenticated = await getCrrentUser(); //ViewBag.isAuthenticated = new UsersClass(); - - + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + + if (ModelState.IsValid) { //peClass.dateofbirthday = DateTime.SpecifyKind(peClass.dateofbirthday, DateTimeKind.Utc); - + var user = await _userManager.GetUserAsync(User); var customerClass = db.CustomerObj.SingleOrDefault(x => x.email == user.Email); @@ -213,4 +227,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(peClass); Index: PostgreSqlDotnetCore/Controllers/ProductsController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/ProductsController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/ProductsController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -31,4 +31,7 @@ ViewBag.isAuthenticated = await getCrrentUser(); ViewBag.hasAccess = await checkAuthorizationAsync(); + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + if (!String.IsNullOrEmpty(searchString)) { @@ -59,4 +62,7 @@ return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(prodClass); } @@ -79,4 +85,7 @@ return RedirectToAction("AccessDenied", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + var model = new ProductsClass { Index: PostgreSqlDotnetCore/Controllers/VetCenterController.cs =================================================================== --- PostgreSqlDotnetCore/Controllers/VetCenterController.cs (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Controllers/VetCenterController.cs (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -23,4 +23,6 @@ return RedirectToAction("AccessDenied", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); // Fetch cities for dropdown @@ -47,4 +49,6 @@ var vetCenters = await db.VetCentersObj.ToListAsync(); ViewBag.isAuthenticated = User.Identity.IsAuthenticated; + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); // Проверете дали корисникот е администратор или менаџер @@ -66,8 +70,12 @@ VetCenter vetClass = await db.VetCentersObj.FindAsync(id); + UsersClass customerClass = await getCrrentUser(); + ViewBag.isAuthenticated = customerClass; if (vetClass == null) { return RedirectToAction("NotExist", "Error"); } + // no access for standard user + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); return View(vetClass); @@ -113,4 +121,6 @@ return RedirectToAction("AccessDenied", "Error"); } + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + // Fetch cities for dropdown @@ -154,4 +164,6 @@ return RedirectToAction("NotExist", "Error"); } + ViewBag.OnlyAdminManager = await checkAuthorizationSpecificRoleAsync(RoleConstants.Admin) ?? await checkAuthorizationSpecificRoleAsync(RoleConstants.Manager); + return View(vetClass); Index: PostgreSqlDotnetCore/Views/Blog/Details.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/Blog/Details.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/Blog/Details.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -80,4 +80,6 @@ @Html.ActionLink("Details", "Details", "BlogPostAnswers", new { id = item.id }) | @Html.ActionLink("Delete", "Delete", "BlogPostAnswers", new { id = item.id }) + + @Html.ActionLink("Create an Answer", "Create", "BlogPostAnswers", new { id = item.BlogPostConsultationid, parentId = item.id }) @@ -87,4 +89,5 @@

+ @Html.ActionLink("Create an Answer", "Create", "BlogPostAnswers", new { id = Model.id, parentId = Model.id }) @Html.ActionLink("Edit", "Edit", new { id = Model.id }) | @Html.ActionLink("Back to List", "Index") Index: PostgreSqlDotnetCore/Views/Blog/Index.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/Blog/Index.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/Blog/Index.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -29,58 +29,58 @@ -@foreach (var item in Model) { - - - @Html.DisplayFor(modelItem => item.date_askes) - - - @Html.DisplayFor(modelItem => item.title) - + @foreach (var item in Model) + { + + + @Html.DisplayFor(modelItem => item.date_askes) + + + @Html.DisplayFor(modelItem => item.title) + - - @Html.DisplayFor(modelItem => item.description) - - - @Html.DisplayFor(model => item.users_id) - + + @Html.DisplayFor(modelItem => item.description) + + + @Html.DisplayFor(model => item.users_id) + - @* - @Html.ActionLink("Edit", "Edit", new { id = item.id }) | - @Html.ActionLink("Answers", "Details", new { id = item.id }) | - @Html.ActionLink("Delete", "Delete", new { id = item.id }) + @* + @Html.ActionLink("Edit", "Edit", new { id = item.id }) | + @Html.ActionLink("Answers", "Details", new { id = item.id }) | + @Html.ActionLink("Delete", "Delete", new { id = item.id }) *@ - - @if (item.users_id == ViewBag.CurrentUserId) - { - - @Html.ActionLink("Edit", "Edit", new { id = item.id }) - @Html.ActionLink("Delete", "Delete", new { id = item.id }) - - + + @if (item.users_id == ViewBag.CurrentUserId) + { + + @Html.ActionLink("Edit", "Edit", new { id = item.id }) + @Html.ActionLink("Delete", "Delete", new { id = item.id }) + + } - @if (item.users_id == ViewBag.CurrentUserId || item.users_id != ViewBag.CurrentUserId) { - - @Html.ActionLink("Answers", "Details", new { id = item.id }) - + + @Html.ActionLink("Answers", "Details", new { id = item.id }) + } - - - - - -} + + + + + + } Index: PostgreSqlDotnetCore/Views/BlogPostAnswers/Create.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/BlogPostAnswers/Create.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/BlogPostAnswers/Create.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -17,5 +17,5 @@ @Html.ValidationSummary(true, "", new { @class = "text-danger" }) -

+ @*
@Html.LabelFor(model => model.parent_id, htmlAttributes: new { @class = "control-label col-md-2" })
@@ -24,5 +24,5 @@
- + *@
@Html.LabelFor(model => model.reply, htmlAttributes: new { @class = "control-label col-md-2" }) Index: PostgreSqlDotnetCore/Views/BlogPostAnswers/Details.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/BlogPostAnswers/Details.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/BlogPostAnswers/Details.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -31,4 +31,5 @@

@Html.ActionLink("Edit", "Edit", new { id = Model.id }) | - @Html.ActionLink("Back to List", "Index") + @* @Html.ActionLink("Back to List", "Index") *@ + Back to List

Index: PostgreSqlDotnetCore/Views/Customer/Index.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/Customer/Index.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/Customer/Index.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -17,7 +17,15 @@ { -

+ /*

@Html.ActionLink("Create New", "Create")

+ */ + + @if (ViewBag.CanCreate) + { +

+ @Html.ActionLink("Create New", "Create") +

+ } Index: PostgreSqlDotnetCore/Views/Shared/_Layout.cshtml =================================================================== --- PostgreSqlDotnetCore/Views/Shared/_Layout.cshtml (revision 72b1da27c6dadc5f1ae45e91e7c4f60289917575) +++ PostgreSqlDotnetCore/Views/Shared/_Layout.cshtml (revision 118e414d91bed6d2f18476304a58e95728403f8c) @@ -13,5 +13,5 @@ -

@(ViewBag.isAuthenticated == null ? "krij" : "prikazi")

+ @*

@(ViewBag.isAuthenticated == null ? "krij" : "prikazi")

*@