public IActionResult Create(Order order) { // The added security measures on the post route is to ensure no // one adds a Product with a different User ID than what the one 'logged in' string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else understands that the user is 'logged in' and moves the user to the // Index in the Products controller else { // Checks to see if all the data fields were completed if (ModelState.IsValid) { // Updates the DateTime values for the DB Entry order.CreatedAt = DateTime.Now; order.UpdatedAt = DateTime.Now; // Updates the UserId for the "Creator" order.AccountId = (int)accountId; dbContext.Orders.Add(order); // Subtracts the Order Amount from the Product Quantity var productOrder = dbContext.Products .Where(p => p.ProductId == order.ProductId) .FirstOrDefault(); // Subtracts the Order Amount from the Product Quantity productOrder.Quantity = productOrder.Quantity - order.Amount; dbContext.SaveChanges(); return(RedirectToAction("Show", "Products", new{ id = order.ProductId })); } // If not valid, return errors else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; // ViewBag for general error (as in attempting to change the Order.Amount via Inspect Element) // Cannot return a View from another controller with a model object ViewBag.InvalidAction = "Your selection is Invalid, please select an amount from the list"; // Creates a new ProductBundle for the Show View var productBundle = new ECommerceBundle(); productBundle.Product = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .FirstOrDefault(p => p.ProductId == order.ProductId); return(View("~/Views/Products/Show.cshtml", productBundle)); } } } } }
public IActionResult Filter(string searchString) { // The added security measures on the post route is to ensure no // one adds a Product with a different User ID than what the one 'logged in' string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else understands that the user is 'logged in' and applies filter // logic before returning the Products Index View else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; // Creates a ViewBag object to designate the page is Filtered ViewBag.Filtered = true; // Creates a new ProductBundle for the Products View var productBundle = new ECommerceBundle(); productBundle.ProductList = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .Where(p => p.Name.Contains(searchString)) .OrderByDescending(a => a.CreatedAt) .ToList(); return(View("Products", productBundle)); } } } }
public IActionResult Update(UpdateProduct submission, int id) { // The added security measures on the post route is to ensure no // one adds a Product with a different User ID than what the one 'logged in' string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else understands that the user is 'logged in' and moves the user to the // Index in the Products controller else { // Checks to see if all the data fields were completed if (ModelState.IsValid) { // Create a new product object for updating Product product = dbContext.Products.FirstOrDefault(p => p.ProductId == id); // Updates the DateTime values for the DB Entry product.UpdatedAt = DateTime.Now; // If the ID's don't match, log the user out and clear session if (product.AccountId != accountId) { TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else, check fields to update else { // Checks to see if Name field is populated if (submission.Name != null) { // if not null, sets the DB Name field as the submission field product.Name = submission.Name; } // Checks to see if Image field is populated if (submission.Image != null) { // if not null, sets the DB Image field as the submission field product.Image = submission.Image; } // Checks to see if Quantity field is populated if (submission.Quantity != null) { // if not null, checks to see if Quantity reduces the Product's amount below 0 if (product.Quantity + (int)submission.Quantity >= 0) { // If greater than or equal 0, set the new Product Quantity product.Quantity = product.Quantity + (int)submission.Quantity; } // Else, throw a model error and return the View else { // ModelState Quantity Error ModelState.AddModelError("Quantity", "You cannot reduce the product's quantity below 0 units!"); // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; var productBundle = new ECommerceBundle(); // Creates a new ProductBundle for the Show View productBundle.Product = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .FirstOrDefault(p => p.ProductId == id); // Creates a reference for the Update route for Products ViewBag.ProductId = productBundle.Product.ProductId; return(View("Show", productBundle)); } } // Checks to see if Quantity field is populated if (submission.Description != null) { // if not null, sets the DB Description field as the submission field product.Description = submission.Description; } // Updates the DB and returns the Show View for the product dbContext.SaveChanges(); return(RedirectToAction("Show", new{ id = product.ProductId })); } } // If not valid, return errors else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; var productBundle = new ECommerceBundle(); // Creates a new ProductBundle for the Show View productBundle.Product = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .FirstOrDefault(p => p.ProductId == id); // Creates a reference for the Update route for Products ViewBag.ProductId = productBundle.Product.ProductId; return(View("Show", productBundle)); } } } } }
// <---------- Accounts GET routes ----------> // RESTful route for Product Dashboard public IActionResult Index() { // Retrieves data from ession to qury as an event handler. // Checks to see if the Session data is present to prevent penetration string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else undersatnds that the user is 'logged in' and moves the user to the // Index in the Products controller else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; // Creates a bundle object for displaying multiple object lists on the View var dashboardBundle = new ECommerceBundle(); // List for Accounts (Limited to most recent 3) dashboardBundle.AccountList = dbContext.Accounts .Include(a => a.CreatedProducts) .Include(a => a.Orders) .ThenInclude(o => o.Product) .OrderByDescending(a => a.CreatedAt) .Take(3) .ToList(); // List for Products (Limited to most recent 4) dashboardBundle.ProductList = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .OrderByDescending(a => a.CreatedAt) .Take(4) .ToList(); // List for Orders (Limited to most recent 3) dashboardBundle.OrderList = dbContext.Orders .Include(o => o.Account) .Include(o => o.Product) .OrderByDescending(o => o.CreatedAt) .Take(3) .ToList(); return(View(dashboardBundle)); } } } }
public IActionResult Create(Product product) { // The added security measures on the post route is to ensure no // one adds a Product with a different User ID than what the one 'logged in' string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index", "Accounts")); } // Else understands that the user is 'logged in' and moves the user to the // Index in the Products controller else { // Checks to see if all the data fields were completed if (ModelState.IsValid) { // Updates the DateTime values for the DB Entry product.CreatedAt = DateTime.Now; product.UpdatedAt = DateTime.Now; // Updates the UserId for the "Creator" product.AccountId = (int)accountId; if (product.Image == null) { product.Image = "https://via.placeholder.com/100"; } dbContext.Products.Add(product); dbContext.SaveChanges(); return(RedirectToAction("Show", new{ id = product.ProductId })); } // If not valid, return errors else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; // Creates a new ProductBundle for the Products View var productBundle = new ECommerceBundle(); productBundle.ProductList = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .OrderByDescending(a => a.CreatedAt) .ToList(); return(View("Products", productBundle)); } } } } }
public IActionResult Show(int id) { // Retrieves data from ession to qury as an event handler. // Checks to see if the Session data is present to prevent penetration string loggedIn = HttpContext.Session.GetString("LoggedIn"); int? accountId = HttpContext.Session.GetInt32("AccountId"); string email = HttpContext.Session.GetString("Email"); // if 'loggedIn' not present, proceed to default view if (loggedIn == null) { return(RedirectToAction("Index")); } // Else checks to see if the account is in the DB else { // Creates a new account object using the session email Account accountInDb = dbContext.Accounts.FirstOrDefault(a => a.Email == email); // If email is not in the DB, kill Session and returns the View if (accountInDb == null) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index")); } // Else checks to see if the session ID matches the queried Account ID for the // ID in session else { // If the ID's don't match, kills the session and returns the View if (accountInDb.AccountId != (int)accountId) { HttpContext.Session.Clear(); TempData["LogoutError"] = "And error has occured and you have been logged out! Please login to continue!"; return(RedirectToAction("Index")); } // Else undersatnds that the user is 'logged in' and queries the DB for the // Account and the associated Products/Orders related to that Account else { // Creates a ViewBag variable for NavBar display ViewBag.LoggedIn = true; // Creates a ViewBag variable for NavBar to access the Accounts/Show route ViewBag.AccountId = (int)accountId; var productBundle = new ECommerceBundle(); // Creates a new ProductBundle for the Show View productBundle.Product = dbContext.Products .Include(p => p.Creator) .Include(p => p.Customers) .ThenInclude(o => o.Account) .FirstOrDefault(p => p.ProductId == id); // Creates a reference for the Update route for Products ViewBag.ProductId = productBundle.Product.ProductId; return(View(productBundle)); } } } }