public async Task <IActionResult> Delete(int?id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var product2 = await _context.Product2
.FirstOrDefaultAsync(m => m.Id == id);
if (product2 == null)
{
return(NotFound());
}
// 令沒有管理權限的 Seller 只能刪除自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
_context.Product2.Remove(product2);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> Create([Bind("Id,Name,Description,Price,PublishDate,Quantity,DefaultImageURL,SellerEmail,SellerId,SellVolume")] Product2 product2)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
string UserId = User.FindFirstValue(ClaimTypes.NameIdentifier);
var ProductList = _context.Product2.Where(m => m.SellerId == UserId).ToList();
// 檢查該使用者上架的產品數量
if (ProductList != null && ProductList.Count > 5)
{
TempData["ReachLimit"] = "建立失敗,您的產品數量已達上限!";
return(RedirectToAction("Index"));
}
if (ModelState.IsValid)
{
product2.PublishDate = DateTime.Now;
product2.SellerEmail = User.Identity.Name;
product2.SellerId = UserId;
product2.SellVolume = 0;
_context.Add(product2);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
return(View(product2));
}
public async Task <IActionResult> Details(int?id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var product2 = await _context.Product2
.FirstOrDefaultAsync(m => m.Id == id);
if (product2 == null)
{
return(NotFound());
}
// 令沒有管理權限的 Seller 只能查看自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
return(View(product2));
}
public IActionResult Create()
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
return(View());
}
private bool Product2Exists(int id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(false);
}
return(_context.Product2.Any(e => e.Id == id));
}
public async Task <IActionResult> OnPostChangeEmailAsync()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
if (!ModelState.IsValid)
{
await LoadAsync(user);
return(Page());
}
var email = await _userManager.GetEmailAsync(user);
if (Input.NewEmail != email)
{
var GetUserByEmail = _context.Users.FirstOrDefault(u => u.Email == Input.NewEmail);
// 若此信箱沒有被註冊過,則允許修改信箱
if (GetUserByEmail == null)
{
// 檢查是否為特權用戶
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, Input.NewEmail);
}
// 變更郵件
user.UserName = Input.NewEmail;
user.Email = Input.NewEmail;
await _userManager.UpdateAsync(user);
// 令使用者登出
_logger.LogInformation($"[{email}]的郵件已經變更為[{Input.NewEmail}]");
TempData["LoginFail"] = $"郵件變更成功,請重新登入!";
await _signInManager.SignOutAsync();
HttpContext.Session.SetString("UserModifyEmail", "1");
}
else
{
StatusMessage = "變更失敗,此郵件已被註冊!";
}
return(RedirectToPage());
}
StatusMessage = "您的郵件和之前的一樣!";
return(RedirectToPage());
}
public async Task <IActionResult> Edit(int id, [Bind("Id,Name,Description,Price,Quantity,DefaultImageURL")] Product2 product2)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id != product2.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
Product2 product = _context.Product2.FirstOrDefault(m => m.Id == id);
// 令沒有管理權限的 Seller 只能編輯自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
// 重寫編輯代碼(因為只需要更新部分欄位)
product.Name = product2.Name;
product.Description = product2.Description;
product.Price = product2.Price;
product.Quantity = product2.Quantity;
product.DefaultImageURL = product2.DefaultImageURL;
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
catch (DbUpdateConcurrencyException e)
{
_logger.LogError(e.ToString());
return(RedirectToAction(nameof(Index)));
}
}
return(View(product2));
}
public ActionResult Delete(string id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var user = _context.Users.FirstOrDefault(u => u.Id == id);
// 令超級管理員不能被刪除
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
// 查看該使用者是否為賣方,如果是...則刪除其產品
if (AuthorizeManager.InSellerGroup(user.Email))
{
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
_context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId));
}
// 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null);
}
// 刪除該使用者
_context.Users.Remove(user);
_context.SaveChanges();
_logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Edit(int?id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var product2 = await _context.Product2.FindAsync(id);
if (product2 == null)
{
return(NotFound());
}
return(View(product2));
}
public async Task <IActionResult> Edit(IdentityUser identityUser)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id);
// 令超級管理員不能被編輯
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
else
{
// 如果是特權用戶,則變更此特權用戶的郵件
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email);
}
user.Email = identityUser.Email;
user.UserName = identityUser.Email;
}
// 若沒先 RemovePassword 則 LOG 會出現內建的 Warning
await _userManager.RemovePasswordAsync(user);
await _userManager.AddPasswordAsync(user, identityUser.PasswordHash);
_logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}