public async Task <IActionResult> UploadFileAsync([FromForm] DTO_FileUpload form)
{
try
{
await _filesService.AddFileAsync(form, User.Identity.Name);
return(Ok());
}
catch (Exception ex)
{
return(BadRequest(ex));
}
}
public async Task AddFileAsync(DTO_FileUpload uploadForm, string requestingUser)
{
var guid = Guid.NewGuid();
var ext = Path.GetExtension(uploadForm.File.FileName);
var file = new Plik
{
IdPliku = guid,
IdKatalogu = uploadForm.ContentFolder,
Rozszerzenie = ext,
Naglowek = uploadForm.File.ContentType,
Opis = uploadForm.Description,
Dodano = DateTime.Now
};
var folder = await _folderRepo.Get().Where(f => f.IdKatalogu == uploadForm.ContentFolder).SingleOrDefaultAsync();
var user = await _userManager.FindByNameAsync(requestingUser);
if (user.UserName.ToLower() != "superuser")
{
var requesting = await _soldierRepo.Get().AsNoTracking().Where(s => s.IdOsoby == user.IdOsoby).SingleOrDefaultAsync();
if (requesting.NrKompanii != folder.NrKompanii)
{
throw new UnauthorizedAccessException("You must be a member of requested comapny");
}
else if (folder.NrPlutonu != null && requesting.NrPlutonu != folder.NrPlutonu)
{
throw new UnauthorizedAccessException("You must be a member of requested platoon");
}
}
var uploadPath = Path.Combine(_env.WebRootPath, "files", guid.ToString() + ext);
using (var fileStream = new FileStream(uploadPath, FileMode.Create))
{
await uploadForm.File.CopyToAsync(fileStream);
}
_filesRepo.Add(file);
await _filesRepo.SaveAsync();
}
