public async Task <IActionResult> Create([Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember) { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } // 檢查這個郵件是否為已註冊的會員 var user = _context.Users.FirstOrDefault(m => m.Email == authorizedMember.Email); if (user == null) { TempData["Exception"] = "此欄位必須是已註冊的會員"; return(View(authorizedMember)); } if (ModelState.IsValid) { _context.Add(authorizedMember); await _context.SaveChangesAsync(); AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember); return(RedirectToAction(nameof(Index))); } return(View(authorizedMember)); }
public async Task <IActionResult> Delete(int?id) { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } if (id == null) { return(NotFound()); } var authorizedMember = await _context.AuthorizedMember .FirstOrDefaultAsync(m => m.Id == id); if (authorizedMember == null) { return(NotFound()); } // 令超級管理員無法被刪除 if (authorizedMember.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } AuthorizeManager.UpdateAuthority("DeleteAll", _context, authorizedMember.Email, null, null); return(RedirectToAction(nameof(Index))); }
public async Task <IActionResult> OnPostChangeEmailAsync() { var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } if (!ModelState.IsValid) { await LoadAsync(user); return(Page()); } var email = await _userManager.GetEmailAsync(user); if (Input.NewEmail != email) { var GetUserByEmail = _context.Users.FirstOrDefault(u => u.Email == Input.NewEmail); // 若此信箱沒有被註冊過,則允許修改信箱 if (GetUserByEmail == null) { // 檢查是否為特權用戶 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, Input.NewEmail); } // 變更郵件 user.UserName = Input.NewEmail; user.Email = Input.NewEmail; await _userManager.UpdateAsync(user); // 令使用者登出 _logger.LogInformation($"[{email}]的郵件已經變更為[{Input.NewEmail}]"); TempData["LoginFail"] = $"郵件變更成功,請重新登入!"; await _signInManager.SignOutAsync(); HttpContext.Session.SetString("UserModifyEmail", "1"); } else { StatusMessage = "變更失敗,此郵件已被註冊!"; } return(RedirectToPage()); } StatusMessage = "您的郵件和之前的一樣!"; return(RedirectToPage()); }
public ActionResult Delete(string id, int returnPage = 0) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (returnPage != 0) { HttpContext.Session.SetInt32("returnPage", returnPage); } var user = _context.Users.FirstOrDefault(u => u.Id == id); // 令超級管理員不能被刪除 if (user.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } // 查看該使用者是否為賣方,如果是...則刪除其產品 if (AuthorizeManager.InSellerGroup(user.Email)) { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); _context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId)); } // 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null); } // 刪除該使用者 _context.Users.Remove(user); _context.SaveChanges(); _logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }
public async Task <IActionResult> Edit(IdentityUser identityUser) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id); // 令超級管理員不能被編輯 if (user.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } else { // 如果是特權用戶,則變更此特權用戶的郵件 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email); } user.Email = identityUser.Email; user.UserName = identityUser.Email; } // 若沒先 RemovePassword 則 LOG 會出現內建的 Warning await _userManager.RemovePasswordAsync(user); await _userManager.AddPasswordAsync(user, identityUser.PasswordHash); _logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }
public async Task <IActionResult> Edit(int id, [Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember) { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } // 令超級管理員無法被編輯 if (authorizedMember.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } if (id != authorizedMember.Id) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(authorizedMember); await _context.SaveChangesAsync(); AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember); return(RedirectToAction(nameof(Index))); } catch (DbUpdateConcurrencyException e) { _logger.LogError(e.ToString()); return(RedirectToAction(nameof(Index))); } } return(View(authorizedMember)); }