public async Task <IActionResult> Delete(int?id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var product2 = await _context.Product2
.FirstOrDefaultAsync(m => m.Id == id);
if (product2 == null)
{
return(NotFound());
}
// 令沒有管理權限的 Seller 只能刪除自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
_context.Product2.Remove(product2);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> Delete(int?id)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var orderDetail = await _context.OrderDetail
.FirstOrDefaultAsync(m => m.Id == id);
if (orderDetail == null)
{
return(NotFound());
}
_context.OrderDetail.Remove(orderDetail);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> Details(int?id, int returnPage = 0)
{
if (id == null)
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var orderForm = await _context.OrderForm
.FirstOrDefaultAsync(m => m.Id == id);
if (orderForm == null)
{
return(NotFound());
}
// 如果不是管理員,則只能查看自己的訂單明細
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (orderForm.SenderEmail != User.Identity.Name)
{
return(NotFound());
}
}
return(View(await _context.OrderDetail.Where(o => o.OrderId == id).ToListAsync()));
}
public async Task <IActionResult> Details(int?id)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var product2 = await _context.Product2
.FirstOrDefaultAsync(m => m.Id == id);
if (product2 == null)
{
return(NotFound());
}
// 令沒有管理權限的 Seller 只能查看自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
return(View(product2));
}
public async Task <IActionResult> Edit(int id, [Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (id != orderDetail.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(orderDetail);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!OrderDetailExists(orderDetail.Id))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
return(View(orderDetail));
}
public async Task <IActionResult> Create([Bind("Email,PasswordHash")] IdentityUser identityUser)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
// 這並不是用 Entity Framework 產生的 CRUD,所以要自行檢查欄位
if (string.IsNullOrEmpty(identityUser.Email) ||
string.IsNullOrEmpty(identityUser.PasswordHash) ||
!Regex.IsMatch(identityUser.Email, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$") ||
identityUser.PasswordHash.Length < 6)
{
ViewData["CreateUserError"] = "輸入資料錯誤!";
return(View());
}
var user = new IdentityUser {
UserName = identityUser.Email, Email = identityUser.Email
};
// _userManager 會自動幫你檢查該郵件是否已被註冊,若是...則不會進行動作
await _userManager.CreateAsync(user, identityUser.PasswordHash);
_logger.LogInformation($"[{User.Identity.Name}]新增了用戶[{user.Email}]");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Edit(int?id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
if (id == null)
{
return(NotFound());
}
var comment = await _context.Comment.FindAsync(id);
if (comment == null)
{
return(NotFound());
}
return(View(comment));
}
public async Task <IActionResult> Edit(int id, [Bind("Id,Content,UserName,CreateTime,ProductId")] Comment comment)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (id != comment.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(comment);
await _context.SaveChangesAsync();
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
catch (DbUpdateConcurrencyException e)
{
_logger.LogError(e.ToString());
return(RedirectToAction(nameof(Index)));
}
}
return(View(comment));
}
public async Task <IActionResult> Delete(int?id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var comment = await _context.Comment.FindAsync(id);
_context.Comment.Remove(comment);
await _context.SaveChangesAsync();
_logger.LogWarning($"[{User.Identity.Name}]刪除了一筆[{comment.UserName}]的留言");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Index(int page = 1)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
return(View(await _context.OrderDetail.OrderByDescending(p => p.OrderId).ToPagedListAsync(page, 10)));
}
private bool OrderDetailExists(int id)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(false);
}
return(_context.OrderDetail.Any(e => e.Id == id));
}
public IActionResult Create()
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
return(View());
}
private bool CommentExists(int id)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(false);
}
return(_context.Comment.Any(e => e.Id == id));
}
public async Task <IActionResult> Index(int page = 1)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
// 隱藏超級管理員
return(View(await _context.Users.Where(m => m.Email != AuthorizeManager.SuperAdmin).ToPagedListAsync(page, pageSize)));
}
public async Task <IActionResult> Index(int page = 1)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
// 按照留言的建立日期排序(新->舊)
return(View(await _context.Comment.OrderByDescending(c => c.CreateTime).ToPagedListAsync(page, pageSize)));
}
public IActionResult ExportAll()
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
CSVManager.ExportAll(_context);
return(RedirectToAction("Index"));
}
public async Task <IActionResult> DeleteAll()
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
_context.RemoveRange(_context.Product2);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> ResetShelf()
{
// 管理員群組才能將賣方的清單更新到購物頁面
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
using var transaction = _context.Database.BeginTransaction();
// 刪除所有來自 Product2 的產品
var ProductFrom2 = _context.Product.Where(m => m.FromProduct2 == true);
_context.Product.RemoveRange(ProductFrom2);
// 取得賣方建立的產品清單
var SellList = _context.Product2.ToList();
// 將賣方的產品加入販售
List <Product> ProductList = new List <Product>();
foreach (var p in SellList)
{
ProductList.Add(new Product
{
Name = p.Name,
Description = p.Description,
Price = p.Price,
PublishDate = p.PublishDate,
Quantity = p.Quantity,
DefaultImageURL = p.DefaultImageURL,
FromProduct2 = true,
SellVolume = 0,
Product2Id = p.Id
});
}
_context.Product.AddRange(ProductList);
await _context.SaveChangesAsync();
transaction.Commit();
// 清除所有購物分頁的快取
int PageAmount = _context.Product.Count() / 9 + 1;
for (int Page = 1; Page <= PageAmount; Page++)
{
_memoryCache.Remove($"ProductPage{Page}");
}
return(RedirectToRoute(new { controller = "Product", action = "ShowProducts" }));
}
public async Task <IActionResult> Index(int page = 1)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
// 返回該 UserId 所下的訂單,並按照日期排序(新->舊)
return(View(await _context.OrderForm.Where(o => o.SenderEmail == User.Identity.Name).OrderByDescending(o => o.CreateTime).ToPagedListAsync(page, pageSize)));
}
else
{
// 如果是管理員,則返回所有人的訂單
return(View(await _context.OrderForm.OrderByDescending(o => o.CreateTime).ToPagedListAsync(page, pageSize)));
}
}
public IActionResult Create(int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
return(View());
}
public async Task <IActionResult> Index(int page = 1)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
// 以當前 Session 的排序類型做排序
return((HttpContext.Session.GetString("SortType")) switch
{
"Date" => View(await _context.Product.OrderByDescending(p => p.PublishDate).ToPagedListAsync(page, pageSize2)),
"Sell" => View(await _context.Product.OrderByDescending(p => p.SellVolume).ToPagedListAsync(page, pageSize2)),
_ => View(await _context.Product.OrderByDescending(p => p.PublishDate).ToPagedListAsync(page, pageSize2)),
});
public async Task <IActionResult> Create([Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (ModelState.IsValid)
{
_context.Add(orderDetail);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
return(View(orderDetail));
}
public async Task <IActionResult> Index()
{
if (AuthorizeManager.InAdminGroup(User.Identity.Name))
{
// 返回所有產品
return(View(await _context.Product2.OrderBy(m => m.SellerEmail).ToListAsync()));
}
else if (AuthorizeManager.InSellerGroup(User.Identity.Name))
{
// 返回符合上架者 Id 的產品
return(View(await _context.Product2.Where(m => m.SellerId == User.FindFirstValue(ClaimTypes.NameIdentifier)).ToListAsync()));
}
else
{
return(NotFound());
}
}
public ActionResult Delete(string id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var user = _context.Users.FirstOrDefault(u => u.Id == id);
// 令超級管理員不能被刪除
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
// 查看該使用者是否為賣方,如果是...則刪除其產品
if (AuthorizeManager.InSellerGroup(user.Email))
{
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
_context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId));
}
// 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null);
}
// 刪除該使用者
_context.Users.Remove(user);
_context.SaveChanges();
_logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Edit(int id, [Bind("Id,Name,Description,Price,Quantity,DefaultImageURL")] Product2 product2)
{
if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
{
return(NotFound());
}
if (id != product2.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
Product2 product = _context.Product2.FirstOrDefault(m => m.Id == id);
// 令沒有管理權限的 Seller 只能編輯自己上架的產品
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
if (product.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
{
return(NotFound());
}
}
// 重寫編輯代碼(因為只需要更新部分欄位)
product.Name = product2.Name;
product.Description = product2.Description;
product.Price = product2.Price;
product.Quantity = product2.Quantity;
product.DefaultImageURL = product2.DefaultImageURL;
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
catch (DbUpdateConcurrencyException e)
{
_logger.LogError(e.ToString());
return(RedirectToAction(nameof(Index)));
}
}
return(View(product2));
}
public async Task <IActionResult> Edit(int?id)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var orderDetail = await _context.OrderDetail.FindAsync(id);
if (orderDetail == null)
{
return(NotFound());
}
return(View(orderDetail));
}
public async Task <IActionResult> Create([Bind("Id,Content,ProductId")] Comment comment)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (ModelState.IsValid)
{
comment.UserName = User.Identity.Name;
comment.CreateTime = DateTime.Now;
_context.Add(comment);
await _context.SaveChangesAsync();
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
return(View(comment));
}
public async Task <IActionResult> Details(int?id)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var comment = await _context.Comment
.FirstOrDefaultAsync(m => m.Id == id);
if (comment == null)
{
return(NotFound());
}
return(View(comment));
}
public ActionResult Edit(string id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var user = _context.Users.FirstOrDefault(u => u.Id == id);
// 令超級管理員不能被編輯
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
return(View(user));
}
public async Task <IActionResult> Edit(IdentityUser identityUser)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id);
// 令超級管理員不能被編輯
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
else
{
// 如果是特權用戶,則變更此特權用戶的郵件
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email);
}
user.Email = identityUser.Email;
user.UserName = identityUser.Email;
}
// 若沒先 RemovePassword 則 LOG 會出現內建的 Warning
await _userManager.RemovePasswordAsync(user);
await _userManager.AddPasswordAsync(user, identityUser.PasswordHash);
_logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
