Beispiel #1
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能刪除自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            _context.Product2.Remove(product2);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
Beispiel #2
0
        public async Task <IActionResult> Create([Bind("Id,Name,Description,Price,PublishDate,Quantity,DefaultImageURL,SellerEmail,SellerId,SellVolume")] Product2 product2)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            string UserId = User.FindFirstValue(ClaimTypes.NameIdentifier);

            var ProductList = _context.Product2.Where(m => m.SellerId == UserId).ToList();

            // 檢查該使用者上架的產品數量
            if (ProductList != null && ProductList.Count > 5)
            {
                TempData["ReachLimit"] = "建立失敗,您的產品數量已達上限!";
                return(RedirectToAction("Index"));
            }

            if (ModelState.IsValid)
            {
                product2.PublishDate = DateTime.Now;
                product2.SellerEmail = User.Identity.Name;
                product2.SellerId    = UserId;
                product2.SellVolume  = 0;

                _context.Add(product2);
                await _context.SaveChangesAsync();

                return(RedirectToAction(nameof(Index)));
            }
            return(View(product2));
        }
Beispiel #3
0
        public async Task <IActionResult> Details(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能查看自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            return(View(product2));
        }
Beispiel #4
0
        public IActionResult Create()
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            return(View());
        }
Beispiel #5
0
        private bool Product2Exists(int id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(false);
            }

            return(_context.Product2.Any(e => e.Id == id));
        }
        public async Task <IActionResult> OnPostChangeEmailAsync()
        {
            var user = await _userManager.GetUserAsync(User);

            if (user == null)
            {
                return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
            }

            if (!ModelState.IsValid)
            {
                await LoadAsync(user);

                return(Page());
            }

            var email = await _userManager.GetEmailAsync(user);

            if (Input.NewEmail != email)
            {
                var GetUserByEmail = _context.Users.FirstOrDefault(u => u.Email == Input.NewEmail);

                // 若此信箱沒有被註冊過,則允許修改信箱
                if (GetUserByEmail == null)
                {
                    // 檢查是否為特權用戶
                    if (AuthorizeManager.InAuthorizedMember(user.Email))
                    {
                        AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, Input.NewEmail);
                    }

                    // 變更郵件
                    user.UserName = Input.NewEmail;
                    user.Email    = Input.NewEmail;
                    await _userManager.UpdateAsync(user);

                    // 令使用者登出
                    _logger.LogInformation($"[{email}]的郵件已經變更為[{Input.NewEmail}]");
                    TempData["LoginFail"] = $"郵件變更成功,請重新登入!";
                    await _signInManager.SignOutAsync();

                    HttpContext.Session.SetString("UserModifyEmail", "1");
                }
                else
                {
                    StatusMessage = "變更失敗,此郵件已被註冊!";
                }

                return(RedirectToPage());
            }

            StatusMessage = "您的郵件和之前的一樣!";
            return(RedirectToPage());
        }
Beispiel #7
0
        public async Task <IActionResult> Edit(int id, [Bind("Id,Name,Description,Price,Quantity,DefaultImageURL")] Product2 product2)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != product2.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    Product2 product = _context.Product2.FirstOrDefault(m => m.Id == id);

                    // 令沒有管理權限的 Seller 只能編輯自己上架的產品
                    if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
                    {
                        if (product.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                        {
                            return(NotFound());
                        }
                    }

                    // 重寫編輯代碼(因為只需要更新部分欄位)
                    product.Name            = product2.Name;
                    product.Description     = product2.Description;
                    product.Price           = product2.Price;
                    product.Quantity        = product2.Quantity;
                    product.DefaultImageURL = product2.DefaultImageURL;
                    await _context.SaveChangesAsync();

                    return(RedirectToAction(nameof(Index)));
                }
                catch (DbUpdateConcurrencyException e)
                {
                    _logger.LogError(e.ToString());
                    return(RedirectToAction(nameof(Index)));
                }
            }
            return(View(product2));
        }
        public ActionResult Delete(string id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var user = _context.Users.FirstOrDefault(u => u.Id == id);

            // 令超級管理員不能被刪除
            if (user.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            // 查看該使用者是否為賣方,如果是...則刪除其產品
            if (AuthorizeManager.InSellerGroup(user.Email))
            {
                var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);

                _context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId));
            }

            // 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除
            if (AuthorizeManager.InAuthorizedMember(user.Email))
            {
                AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null);
            }

            // 刪除該使用者
            _context.Users.Remove(user);
            _context.SaveChanges();
            _logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
Beispiel #9
0
        public async Task <IActionResult> Edit(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2.FindAsync(id);

            if (product2 == null)
            {
                return(NotFound());
            }

            return(View(product2));
        }
        public async Task <IActionResult> Edit(IdentityUser identityUser)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id);

            // 令超級管理員不能被編輯
            if (user.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }
            else
            {
                // 如果是特權用戶,則變更此特權用戶的郵件
                if (AuthorizeManager.InAuthorizedMember(user.Email))
                {
                    AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email);
                }

                user.Email    = identityUser.Email;
                user.UserName = identityUser.Email;
            }

            // 若沒先 RemovePassword 則 LOG 會出現內建的 Warning
            await _userManager.RemovePasswordAsync(user);

            await _userManager.AddPasswordAsync(user, identityUser.PasswordHash);

            _logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }