// GET: Users/Details/5
public async Task <IActionResult> Details(int?id)
{
var context = this;
var identity = context.HttpContext.User.Identity as ClaimsIdentity;
IList <Claim> claim = identity.Claims.ToList();
var thisUser = await _context.Users.FirstOrDefaultAsync(u => u.UserName == (claim[0].Value));
if (AuthHandler.CheckIfAdmin(this))
{
TempData["IsAdmin"] = true;
}
else if (thisUser.UserId != id)
{
return(StatusCode(403));
}
if (id == null)
{
return(NotFound());
}
var user = await sqlTheaterData.OnGetUser(id);
if (user == null)
{
return(NotFound());
}
return(View(user));
}
// GET: Users/Edit/5
public async Task <IActionResult> Edit(int?id)
{
var context = this;
var identity = context.HttpContext.User.Identity as ClaimsIdentity;
IList <Claim> claim = identity.Claims.ToList();
var thisUser = await _context.Users.FirstOrDefaultAsync(u => u.UserName == (claim[0].Value));
if (AuthHandler.CheckIfAdmin(this))
{
TempData["IsAdmin"] = true;
}
else if (thisUser.UserId != id)
{
return(StatusCode(403));
}
if (id == null)
{
return(NotFound());
}
var user = await _context.Users.FindAsync(id);
if (user == null)
{
return(NotFound());
}
user.Password = Encryption.DecryptString("kljsdkkdlo4454GG00155sajuklmbkdl", user.Password);
return(View(user));
}
// GET: Users/Create
public IActionResult Create()
{
if (AuthHandler.CheckIfAdmin(this))
{
return(Redirect(String.Format($"../../Users/CreateAdmin")));
}
return(View());
}
public IActionResult Create()
{
bool isAdmin = AuthHandler.CheckIfAdmin(this);
if (isAdmin)
{
return(View());
}
else
{
return(StatusCode(403));
}
}
public async Task <IActionResult> Index()
{
if (AuthHandler.CheckIfAdmin(this))
{
List <User> users = await sqlTheaterData.OnGetUsers();
return(base.View(users));
}
else
{
return(StatusCode(403));
}
}
public async Task <IActionResult> Edit(int id)
{
bool isAdmin = AuthHandler.CheckIfAdmin(this);
if (isAdmin)
{
Movie movie = await sqlTheaterData.OnGetMovie(id);
return(View(movie));
}
else
{
return(StatusCode(403));
}
}
//Method to acess your own profile page from the navbar button "my profile"
public async Task <IActionResult> MyDetails()
{
if (AuthHandler.CheckIfAdmin(this))
{
TempData["IsAdmin"] = true;
}
var context = this;
var identity = context.HttpContext.User.Identity as ClaimsIdentity;
IList <Claim> claim = identity.Claims.ToList();
var user = await _context.Users.FirstOrDefaultAsync(u => u.UserName == (claim[0].Value));
return(RedirectToAction("Details", new { id = user.UserId }));
}
public async Task <IActionResult> CreateViewing(int id)
{
bool isAdmin = AuthHandler.CheckIfAdmin(this);
if (isAdmin)
{
Movie movie = await sqlTheaterData.OnGetMovie(id);
List <Salon> salons = sqlTheaterData.GetSalons();
var model = new CreateViewingViewModel {
MovieId = id, Movie = movie, Salons = salons
};
return(View(model));
}
else
{
return(StatusCode(403));
}
}
public async Task <IActionResult> Details(int?id)
{
bool isAdmin = AuthHandler.CheckIfAdmin(this);
if (isAdmin)
{
if (id == null)
{
return(NotFound());
}
var movie = await sqlTheaterData.OnGetMovie(id);
if (movie == null)
{
return(NotFound());
}
return(View(movie));
}
else
{
return(StatusCode(403));
}
}
public async Task <IActionResult> Edit(int id, [Bind("UserId,UserName,FirstName,LastName,Password,IsAdmin,PhoneNumber")] User user)
{
var context = this;
var identity = context.HttpContext.User.Identity as ClaimsIdentity;
IList <Claim> claim = identity.Claims.ToList();
var thisUser = await _context.Users.FirstOrDefaultAsync(u => u.UserName == (claim[0].Value));
var duplicateUserName = await _context.Users.FirstOrDefaultAsync(u => u.UserName == user.UserName);
if (AuthHandler.CheckIfAdmin(this))
{
TempData["IsAdmin"] = true;
}
else if (thisUser.UserId != id)
{
return(StatusCode(403));
}
if (duplicateUserName != null && duplicateUserName.UserId != user.UserId)
{
TempData["UserNameTaken"] = "Username taken";
return(View(user));
}
if (id != user.UserId)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
user.Password = Encryption.EncryptString("kljsdkkdlo4454GG00155sajuklmbkdl", user.Password);
var oldUser = await _context.Users.FirstOrDefaultAsync(u => u.UserId == user.UserId);
oldUser.FirstName = user.FirstName;
oldUser.LastName = user.LastName;
oldUser.Password = user.Password;
oldUser.PhoneNumber = user.PhoneNumber;
oldUser.IsAdmin = user.IsAdmin;
oldUser.UserName = user.UserName;
await _context.SaveChangesAsync();
if (thisUser.UserId == user.UserId)
{
var claims = new[] { new Claim(ClaimTypes.Name, user.UserName),
new Claim(ClaimTypes.Role, user.IsAdmin ? "Admin" : "User") };
var identityClaims = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identityClaims));
}
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(user.UserId))
{
return(NotFound());
}
else
{
throw;
}
}
if (AuthHandler.CheckIfAdmin(this))
{
return(RedirectToAction(nameof(Index)));
}
else
{
return(RedirectToAction("Details", new { id = user.UserId }));
}
}
return(View(user));
}
