public async Task <IActionResult> UploadFileAsync([FromForm] DTO_FileUpload form) { try { await _filesService.AddFileAsync(form, User.Identity.Name); return(Ok()); } catch (Exception ex) { return(BadRequest(ex)); } }
public async Task AddFileAsync(DTO_FileUpload uploadForm, string requestingUser) { var guid = Guid.NewGuid(); var ext = Path.GetExtension(uploadForm.File.FileName); var file = new Plik { IdPliku = guid, IdKatalogu = uploadForm.ContentFolder, Rozszerzenie = ext, Naglowek = uploadForm.File.ContentType, Opis = uploadForm.Description, Dodano = DateTime.Now }; var folder = await _folderRepo.Get().Where(f => f.IdKatalogu == uploadForm.ContentFolder).SingleOrDefaultAsync(); var user = await _userManager.FindByNameAsync(requestingUser); if (user.UserName.ToLower() != "superuser") { var requesting = await _soldierRepo.Get().AsNoTracking().Where(s => s.IdOsoby == user.IdOsoby).SingleOrDefaultAsync(); if (requesting.NrKompanii != folder.NrKompanii) { throw new UnauthorizedAccessException("You must be a member of requested comapny"); } else if (folder.NrPlutonu != null && requesting.NrPlutonu != folder.NrPlutonu) { throw new UnauthorizedAccessException("You must be a member of requested platoon"); } } var uploadPath = Path.Combine(_env.WebRootPath, "files", guid.ToString() + ext); using (var fileStream = new FileStream(uploadPath, FileMode.Create)) { await uploadForm.File.CopyToAsync(fileStream); } _filesRepo.Add(file); await _filesRepo.SaveAsync(); }