public IActionResult Create(Order order)
{
// The added security measures on the post route is to ensure no
// one adds a Product with a different User ID than what the one 'logged in'
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else understands that the user is 'logged in' and moves the user to the
// Index in the Products controller
else
{
// Checks to see if all the data fields were completed
if (ModelState.IsValid)
{
// Updates the DateTime values for the DB Entry
order.CreatedAt = DateTime.Now;
order.UpdatedAt = DateTime.Now;
// Updates the UserId for the "Creator"
order.AccountId = (int)accountId;
dbContext.Orders.Add(order);
// Subtracts the Order Amount from the Product Quantity
var productOrder = dbContext.Products
.Where(p => p.ProductId == order.ProductId)
.FirstOrDefault();
// Subtracts the Order Amount from the Product Quantity
productOrder.Quantity = productOrder.Quantity - order.Amount;
dbContext.SaveChanges();
return(RedirectToAction("Show", "Products", new{ id = order.ProductId }));
}
// If not valid, return errors
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
// ViewBag for general error (as in attempting to change the Order.Amount via Inspect Element)
// Cannot return a View from another controller with a model object
ViewBag.InvalidAction = "Your selection is Invalid, please select an amount from the list";
// Creates a new ProductBundle for the Show View
var productBundle = new ECommerceBundle();
productBundle.Product = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.FirstOrDefault(p => p.ProductId == order.ProductId);
return(View("~/Views/Products/Show.cshtml", productBundle));
}
}
}
}
}
public IActionResult Filter(string searchString)
{
// The added security measures on the post route is to ensure no
// one adds a Product with a different User ID than what the one 'logged in'
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else understands that the user is 'logged in' and applies filter
// logic before returning the Products Index View
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
// Creates a ViewBag object to designate the page is Filtered
ViewBag.Filtered = true;
// Creates a new ProductBundle for the Products View
var productBundle = new ECommerceBundle();
productBundle.ProductList = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.Where(p => p.Name.Contains(searchString))
.OrderByDescending(a => a.CreatedAt)
.ToList();
return(View("Products", productBundle));
}
}
}
}
public IActionResult Update(UpdateProduct submission, int id)
{
// The added security measures on the post route is to ensure no
// one adds a Product with a different User ID than what the one 'logged in'
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else understands that the user is 'logged in' and moves the user to the
// Index in the Products controller
else
{
// Checks to see if all the data fields were completed
if (ModelState.IsValid)
{
// Create a new product object for updating
Product product = dbContext.Products.FirstOrDefault(p => p.ProductId == id);
// Updates the DateTime values for the DB Entry
product.UpdatedAt = DateTime.Now;
// If the ID's don't match, log the user out and clear session
if (product.AccountId != accountId)
{
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else, check fields to update
else
{
// Checks to see if Name field is populated
if (submission.Name != null)
{
// if not null, sets the DB Name field as the submission field
product.Name = submission.Name;
}
// Checks to see if Image field is populated
if (submission.Image != null)
{
// if not null, sets the DB Image field as the submission field
product.Image = submission.Image;
}
// Checks to see if Quantity field is populated
if (submission.Quantity != null)
{
// if not null, checks to see if Quantity reduces the Product's amount below 0
if (product.Quantity + (int)submission.Quantity >= 0)
{
// If greater than or equal 0, set the new Product Quantity
product.Quantity = product.Quantity + (int)submission.Quantity;
}
// Else, throw a model error and return the View
else
{
// ModelState Quantity Error
ModelState.AddModelError("Quantity", "You cannot reduce the product's quantity below 0 units!");
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
var productBundle = new ECommerceBundle();
// Creates a new ProductBundle for the Show View
productBundle.Product = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.FirstOrDefault(p => p.ProductId == id);
// Creates a reference for the Update route for Products
ViewBag.ProductId = productBundle.Product.ProductId;
return(View("Show", productBundle));
}
}
// Checks to see if Quantity field is populated
if (submission.Description != null)
{
// if not null, sets the DB Description field as the submission field
product.Description = submission.Description;
}
// Updates the DB and returns the Show View for the product
dbContext.SaveChanges();
return(RedirectToAction("Show", new{ id = product.ProductId }));
}
}
// If not valid, return errors
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
var productBundle = new ECommerceBundle();
// Creates a new ProductBundle for the Show View
productBundle.Product = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.FirstOrDefault(p => p.ProductId == id);
// Creates a reference for the Update route for Products
ViewBag.ProductId = productBundle.Product.ProductId;
return(View("Show", productBundle));
}
}
}
}
}
// <---------- Accounts GET routes ---------->
// RESTful route for Product Dashboard
public IActionResult Index()
{
// Retrieves data from ession to qury as an event handler.
// Checks to see if the Session data is present to prevent penetration
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else undersatnds that the user is 'logged in' and moves the user to the
// Index in the Products controller
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
// Creates a bundle object for displaying multiple object lists on the View
var dashboardBundle = new ECommerceBundle();
// List for Accounts (Limited to most recent 3)
dashboardBundle.AccountList = dbContext.Accounts
.Include(a => a.CreatedProducts)
.Include(a => a.Orders)
.ThenInclude(o => o.Product)
.OrderByDescending(a => a.CreatedAt)
.Take(3)
.ToList();
// List for Products (Limited to most recent 4)
dashboardBundle.ProductList = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.OrderByDescending(a => a.CreatedAt)
.Take(4)
.ToList();
// List for Orders (Limited to most recent 3)
dashboardBundle.OrderList = dbContext.Orders
.Include(o => o.Account)
.Include(o => o.Product)
.OrderByDescending(o => o.CreatedAt)
.Take(3)
.ToList();
return(View(dashboardBundle));
}
}
}
}
public IActionResult Create(Product product)
{
// The added security measures on the post route is to ensure no
// one adds a Product with a different User ID than what the one 'logged in'
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index", "Accounts"));
}
// Else understands that the user is 'logged in' and moves the user to the
// Index in the Products controller
else
{
// Checks to see if all the data fields were completed
if (ModelState.IsValid)
{
// Updates the DateTime values for the DB Entry
product.CreatedAt = DateTime.Now;
product.UpdatedAt = DateTime.Now;
// Updates the UserId for the "Creator"
product.AccountId = (int)accountId;
if (product.Image == null)
{
product.Image = "https://via.placeholder.com/100";
}
dbContext.Products.Add(product);
dbContext.SaveChanges();
return(RedirectToAction("Show", new{ id = product.ProductId }));
}
// If not valid, return errors
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
// Creates a new ProductBundle for the Products View
var productBundle = new ECommerceBundle();
productBundle.ProductList = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.OrderByDescending(a => a.CreatedAt)
.ToList();
return(View("Products", productBundle));
}
}
}
}
}
public IActionResult Show(int id)
{
// Retrieves data from ession to qury as an event handler.
// Checks to see if the Session data is present to prevent penetration
string loggedIn = HttpContext.Session.GetString("LoggedIn");
int? accountId = HttpContext.Session.GetInt32("AccountId");
string email = HttpContext.Session.GetString("Email");
// if 'loggedIn' not present, proceed to default view
if (loggedIn == null)
{
return(RedirectToAction("Index"));
}
// Else checks to see if the account is in the DB
else
{
// Creates a new account object using the session email
Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email);
// If email is not in the DB, kill Session and returns the View
if (accountInDb == null)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index"));
}
// Else checks to see if the session ID matches the queried Account ID for the
// ID in session
else
{
// If the ID's don't match, kills the session and returns the View
if (accountInDb.AccountId != (int)accountId)
{
HttpContext.Session.Clear();
TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!";
return(RedirectToAction("Index"));
}
// Else undersatnds that the user is 'logged in' and queries the DB for the
// Account and the associated Products/Orders related to that Account
else
{
// Creates a ViewBag variable for NavBar display
ViewBag.LoggedIn = true;
// Creates a ViewBag variable for NavBar to access the Accounts/Show route
ViewBag.AccountId = (int)accountId;
var productBundle = new ECommerceBundle();
// Creates a new ProductBundle for the Show View
productBundle.Product = dbContext.Products
.Include(p => p.Creator)
.Include(p => p.Customers)
.ThenInclude(o => o.Account)
.FirstOrDefault(p => p.ProductId == id);
// Creates a reference for the Update route for Products
ViewBag.ProductId = productBundle.Product.ProductId;
return(View(productBundle));
}
}
}
}
