Esempio n. 1
0
        public ActionResult Password(AccountModels.PasswordDto model)
        {
            var authorizedUser = new AuthorizeManager().GetSession();

            if (ModelState.IsValid)
            {
                try
                {
                    var user = _repo.Single <User>(authorizedUser.ID);

                    if (user != null && user.Password == Encrypt.GetMd5Hash(model.OldPassword))
                    {
                        user.Password = Encrypt.GetMd5Hash(model.NewPassword);

                        // 更新用户信息
                        _repo.Update(user);

                        ModelState.AddModelError("Success", "保存成功");

                        return(RedirectToAction("Logout", "Account"));
                    }
                    else
                    {
                        ModelState.AddModelError("Error", "用户旧密码填写不正确");
                    }
                }
                catch (Exception ex)
                {
                    ModelState.AddModelError("Warn", ex.Message);
                }
            }

            return(RedirectToAction("Index", "Account"));
        }
Esempio n. 2
0
        public ActionResult Synchronize(AuthorizeFileVM model)
        {
            if (!ModelState.IsValid)
            {
                model.Upload = false;
                return View(model);
            }

            string fileName = CastleClub.BusinessLogic.Data.GlobalParameters.ExcelOutPath + "\\" + Guid.NewGuid().ToString();
            byte[] content= new byte[model.File.InputStream.Length];

            model.File.InputStream.Read(content, 0, model.File.ContentLength);

            System.IO.File.WriteAllBytes(fileName, content);

            bool result=AuthorizeManager.ReadReportFile(fileName, model.OnlyRefund);
            if (result)
            {
                SitesManager.UpdateTotalsReferrers();
            }

            model.File = null;
            model.Upload = result;

            return View(model);
        }
Esempio n. 3
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能刪除自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            _context.Product2.Remove(product2);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
Esempio n. 4
0
        public async Task <IActionResult> Create([Bind("Email,PasswordHash")] IdentityUser identityUser)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            // 這並不是用 Entity Framework 產生的 CRUD,所以要自行檢查欄位
            if (string.IsNullOrEmpty(identityUser.Email) ||
                string.IsNullOrEmpty(identityUser.PasswordHash) ||
                !Regex.IsMatch(identityUser.Email, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$") ||
                identityUser.PasswordHash.Length < 6)
            {
                ViewData["CreateUserError"] = "輸入資料錯誤!";
                return(View());
            }

            var user = new IdentityUser {
                UserName = identityUser.Email, Email = identityUser.Email
            };

            // _userManager 會自動幫你檢查該郵件是否已被註冊,若是...則不會進行動作
            await _userManager.CreateAsync(user, identityUser.PasswordHash);

            _logger.LogInformation($"[{User.Identity.Name}]新增了用戶[{user.Email}]");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
Esempio n. 5
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (User.Identity.Name != AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var authorizedMember = await _context.AuthorizedMember
                                   .FirstOrDefaultAsync(m => m.Id == id);

            if (authorizedMember == null)
            {
                return(NotFound());
            }

            // 令超級管理員無法被刪除
            if (authorizedMember.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            AuthorizeManager.UpdateAuthority("DeleteAll", _context, authorizedMember.Email, null, null);
            return(RedirectToAction(nameof(Index)));
        }
Esempio n. 6
0
        public async Task <IActionResult> Details(int?id, int returnPage = 0)
        {
            if (id == null)
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var orderForm = await _context.OrderForm
                            .FirstOrDefaultAsync(m => m.Id == id);

            if (orderForm == null)
            {
                return(NotFound());
            }

            // 如果不是管理員,則只能查看自己的訂單明細
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (orderForm.SenderEmail != User.Identity.Name)
                {
                    return(NotFound());
                }
            }

            return(View(await _context.OrderDetail.Where(o => o.OrderId == id).ToListAsync()));
        }
Esempio n. 7
0
        public async Task <IActionResult> Edit(int id, [Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != orderDetail.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(orderDetail);
                    await _context.SaveChangesAsync();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!OrderDetailExists(orderDetail.Id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
                return(RedirectToAction(nameof(Index)));
            }
            return(View(orderDetail));
        }
Esempio n. 8
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var orderDetail = await _context.OrderDetail
                              .FirstOrDefaultAsync(m => m.Id == id);

            if (orderDetail == null)
            {
                return(NotFound());
            }

            _context.OrderDetail.Remove(orderDetail);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
Esempio n. 9
0
        public async Task <IActionResult> Create([Bind("Id,Name,Description,Price,PublishDate,Quantity,DefaultImageURL,SellerEmail,SellerId,SellVolume")] Product2 product2)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            string UserId = User.FindFirstValue(ClaimTypes.NameIdentifier);

            var ProductList = _context.Product2.Where(m => m.SellerId == UserId).ToList();

            // 檢查該使用者上架的產品數量
            if (ProductList != null && ProductList.Count > 5)
            {
                TempData["ReachLimit"] = "建立失敗,您的產品數量已達上限!";
                return(RedirectToAction("Index"));
            }

            if (ModelState.IsValid)
            {
                product2.PublishDate = DateTime.Now;
                product2.SellerEmail = User.Identity.Name;
                product2.SellerId    = UserId;
                product2.SellVolume  = 0;

                _context.Add(product2);
                await _context.SaveChangesAsync();

                return(RedirectToAction(nameof(Index)));
            }
            return(View(product2));
        }
Esempio n. 10
0
        public async Task <IActionResult> Create([Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember)
        {
            if (User.Identity.Name != AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            // 檢查這個郵件是否為已註冊的會員
            var user = _context.Users.FirstOrDefault(m => m.Email == authorizedMember.Email);

            if (user == null)
            {
                TempData["Exception"] = "此欄位必須是已註冊的會員";
                return(View(authorizedMember));
            }

            if (ModelState.IsValid)
            {
                _context.Add(authorizedMember);
                await _context.SaveChangesAsync();

                AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember);
                return(RedirectToAction(nameof(Index)));
            }
            return(View(authorizedMember));
        }
Esempio n. 11
0
        public async Task <IActionResult> Edit(int id, [Bind("Id,Content,UserName,CreateTime,ProductId")] Comment comment)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != comment.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(comment);
                    await _context.SaveChangesAsync();

                    // 返回之前的分頁
                    int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
                    int page       = TryGetPage != null ? (int)TryGetPage : 1;
                    return(RedirectToAction("Index", new { page }));
                }
                catch (DbUpdateConcurrencyException e)
                {
                    _logger.LogError(e.ToString());
                    return(RedirectToAction(nameof(Index)));
                }
            }
            return(View(comment));
        }
Esempio n. 12
0
        public ActionResult EditUser(UserDTO user)
        {
            return(HttpHandleExtensions.AjaxCallGetResult(() =>
            {
                if (user.LastLogin == DateTime.MinValue) //最后登录时间字段为空时,数据为datetime默认的{0001/1/1 0:00:00},新增或修改用户时报错
                {
                    user.LastLogin = Convert.ToDateTime("1900-01-01T00:00:00.000");
                }

                if (user.Id == Guid.Empty)
                {
                    _userService.Add(user);
                    this.JsMessage = MessagesResources.Add_Success;
                }
                else
                {
                    _userService.Update(user);
                    this.JsMessage = MessagesResources.Update_Success;
                }
                AuthorizeManager.ClearUserCache(user.Id);

                return Json(new AjaxResponse
                {
                    Succeeded = true,
                    RedirectUrl = Url.Action("Index")
                });
            }));
        }
Esempio n. 13
0
        protected override bool UserAuthorized(System.Security.Principal.IPrincipal user)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }

            //var identity = (ClaimsPrincipal)Thread.CurrentPrincipal;
            var identity      = user as ClaimsPrincipal;
            var authenticated = identity?.Identity;

            if (authenticated != null && authenticated.IsAuthenticated)
            {
                var userGroups = identity?.Claims.Where(c => c.Type == ClaimTypes.GroupSid)
                                 .Select(c => c.Value).ToList();

                var rolesId = new List <int>();
                foreach (
                    var groupRole in
                    AuthorizeManager.GetUserRoles(userGroups?.Select(int.Parse).ToList()).Select(ur => ur.RolesId))
                {
                    rolesId.AddRange(groupRole);
                }
                if (Roles.Split(',').Any(b => rolesId.Any(a => a.ToString() == b)))
                {
                    return(true);
                }

                return(false);
            }
            return(false);
        }
Esempio n. 14
0
        public async Task <IActionResult> Edit(int?id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            if (id == null)
            {
                return(NotFound());
            }

            var comment = await _context.Comment.FindAsync(id);

            if (comment == null)
            {
                return(NotFound());
            }
            return(View(comment));
        }
Esempio n. 15
0
        private void CreateThumbnail(List <DiskInfo> files)
        {
            var rootPath = HostingEnvironment.ApplicationHost.GetPhysicalPath();

            var tempPath = _fileSystemManager.RelativeToAbsolutePath(AuthorizeManager.AuthorizeActionOnPath(Config.ThumbnailPath, ActionKey.WriteToDisk));

            if (tempPath == null)
            {
                throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.PathNotFound, Config.ThumbnailPath));
            }

            var thumbnailPath = tempPath.ToLower();

            Parallel.ForEach(files, file =>
            {
                var thumbPath = thumbnailPath +
                                file.FullName.Substring(rootPath.Length);
                if (_fileSystemManager.FileExist(thumbPath) ||
                    file.FullName.ToLower().IndexOf(thumbnailPath, StringComparison.Ordinal) != -1)
                {
                    return;
                }
                var thumbImg = _imageManager.CreateThumbnail(Image.FromFile(file.FullName, true),
                                                             200, 200);
                thumbImg.Save(thumbPath);
            });
        }
Esempio n. 16
0
        public ActionResult EditMenu(MenuDTO menu, Guid?module, Guid?parent)
        {
            return(HttpHandleExtensions.AjaxCallGetResult(() =>
            {
                menu.Permissions = new Collection <PermissionDTO>();
                if (module.HasValue)
                {
                    menu.Module = _moduleService.FindBy(module.Value);
                }
                if (parent.HasValue)
                {
                    menu.Parent = _menuService.FindBy(parent.Value);
                }

                if (menu.Id == Guid.Empty)
                {
                    _menuService.Add(menu);
                    this.JsMessage = MessagesResources.Add_Success;
                }
                else
                {
                    _menuService.Update(menu);
                    this.JsMessage = MessagesResources.Update_Success;
                }
                base.ClearCacheMenus();
                // 更新所有登陆用户缓存,以更新菜单信息
                AuthorizeManager.ClearAllCache();

                return Json(new AjaxResponse
                {
                    Succeeded = true,
                    RedirectUrl = Url.Action("Index")
                });
            }));
        }
Esempio n. 17
0
        public ActionResult EditUserPermission(Guid userId, List <string> permissions)
        {
            return(HttpHandleExtensions.AjaxCallGetResult(() =>
            {
                var pList = new List <Guid>();

                foreach (var s in permissions.OpSafe())
                {
                    Guid id;
                    if (Guid.TryParse(s, out id))
                    {
                        pList.Add(id);
                    }
                }

                _userService.UpdateUserPermission(userId, pList);
                AuthorizeManager.ClearUserCache(userId);

                this.JsMessage = MessagesResources.Update_Success;
                return Json(new AjaxResponse
                {
                    Succeeded = true,
                    RedirectUrl = Url.Action("EditUserPermission", new
                    {
                        userId
                    })
                });
            }));
        }
Esempio n. 18
0
        protected bool DeleteFile(string path, string name, string extention)
        {
            path = AuthorizeManager.AuthorizeActionOnPath(path.Replace("//", "/"), ActionKey.DeleteFromDisk);


            return(_fileSystemManager.DeleteFile(path + name + extention));
        }
Esempio n. 19
0
        public async Task <IActionResult> Details(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能查看自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            return(View(product2));
        }
Esempio n. 20
0
        public async Task <IActionResult> Delete(int?id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var comment = await _context.Comment.FindAsync(id);

            _context.Comment.Remove(comment);
            await _context.SaveChangesAsync();

            _logger.LogWarning($"[{User.Identity.Name}]刪除了一筆[{comment.UserName}]的留言");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
Esempio n. 21
0
        public async Task <IActionResult> DeleteAll()
        {
            if (User.Identity.Name != AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            // 刪除所有特權用戶 & 賣方產品
            _context.RemoveRange(_context.AuthorizedMember);
            _context.RemoveRange(_context.Product2);

            // 重新添加超級管理員 & 儲存變更
            _context.AuthorizedMember.Add(new AuthorizedMember
            {
                Email         = AuthorizeManager.SuperAdmin,
                InAdminGroup  = true,
                InSellerGroup = true
            });
            await _context.SaveChangesAsync();

            // 刷新權限的HashTable
            AuthorizeManager.RefreshHashTable(_context);

            return(RedirectToAction(nameof(Index)));
        }
Esempio n. 22
0
        public void Execute(object state)
        {
            var logInfo = new LogInfo
            {
                MethodInstance = MethodBase.GetCurrentMethod(),
                ThreadInstance = Thread.CurrentThread
            };

            try
            {
                _log.Info("Scheduler Start: (SyncUsersWithWeChat)", logInfo);

                using (IRepository repo = new Repository())
                {
                    var list = repo.All <UserWeChat>();

                    if (list != null && list.Count > 0)
                    {
                        var auth = new AuthorizeManager();

                        foreach (var uw in list)
                        {
                            auth.SyncUserWithWeChat(uw.UserName);
                        }
                    }
                }

                _log.Info("Scheduler End: (SyncUsersWithWeChat)", logInfo);
            }
            catch (Exception ex)
            {
                _log.Warn(ex, logInfo);
            }
        }
Esempio n. 23
0
        public async Task <bool> Delete(JObject data)
        {
            dynamic fileData = data;
            int     id;

            try
            {
                id = fileData.Id;
            }
            catch (Exception)
            {
                throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.FieldMustBeNumeric, "File Id"));
            }
            var file = await _contentManagementContext.Files.SingleOrDefaultAsync(fl => fl.Id == id);

            if (file == null)
            {
                throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.FileNotFound));
            }

            AuthorizeManager.SetAndCheckModifyAndAccessRole(file, null, false);


            _contentManagementContext.Files.Remove(file);

            await _contentManagementContext.SaveChangesAsync();

            return(true);
        }
Esempio n. 24
0
        public async Task <string> Save(JObject data)
        {
            dynamic groupDto     = data;
            int     groupId      = groupDto.GroupId;
            int     entityTypeId = groupDto.EntityTypeId;
            string  groupName    = groupDto.Name;

            if (!AuthorizeManager.AuthorizeActionOnEntityId(groupId, (int)EntityIdentity.Group,
                                                            (int)ActionKey.EditGroup))
            {
                throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.InvalidAccessToEditGroup, groupName));
            }

            JArray sremovedListArray = groupDto.RemovedList;
            var    removedList       = sremovedListArray.ToObject <List <int> >();
            JArray addedListArray    = groupDto.AddedList;
            var    addedList         = addedListArray.ToObject <List <int> >();

            foreach (var item in addedList)
            {
                if (entityTypeId == 101)
                {
                    var group = new EntityGroup()
                    {
                        GroupId      = groupId,
                        EntityTypeId = entityTypeId,
                        LinkId       = item
                    };
                    _contentManagementContext.EntityGroups.Add(group);
                }
                else
                {
                    var group = new EntityGroup()
                    {
                        GroupId              = groupId,
                        EntityTypeId         = entityTypeId,
                        MasterDataKeyValueId = item
                    };
                    _contentManagementContext.EntityGroups.Add(group);
                }
            }

            if (removedList.Count > 0)
            {
                if (entityTypeId == 101)
                {
                    _contentManagementContext.EntityGroups.Where(eg => removedList.Contains(eg.LinkId ?? 0) && eg.GroupId == groupId).Delete();
                }
                else
                {
                    _contentManagementContext.EntityGroups.Where(eg => removedList.Contains(eg.MasterDataKeyValueId ?? 0) && eg.GroupId == groupId).Delete();
                }
            }

            await _contentManagementContext.SaveChangesAsync();

            return(entityTypeId == 101 ? "link":"masterData");
        }
Esempio n. 25
0
        private bool OrderDetailExists(int id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(false);
            }

            return(_context.OrderDetail.Any(e => e.Id == id));
        }
Esempio n. 26
0
        public async Task Save(JObject data)
        {
            dynamic dataDto = data;

            string path    = dataDto.Path;
            string name    = dataDto.Name;
            string content = dataDto.Content;
            await _fileSystemManager.WriteAsync(AuthorizeManager.AuthorizeActionOnPath(path + "/" + name, ActionKey.WriteToDisk), content);
        }
Esempio n. 27
0
        public async Task <IActionResult> Index(int page = 1)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            return(View(await _context.OrderDetail.OrderByDescending(p => p.OrderId).ToPagedListAsync(page, 10)));
        }
Esempio n. 28
0
        public IActionResult Create()
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            return(View());
        }
Esempio n. 29
0
        private bool CommentExists(int id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(false);
            }

            return(_context.Comment.Any(e => e.Id == id));
        }
Esempio n. 30
0
        private bool Product2Exists(int id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(false);
            }

            return(_context.Product2.Any(e => e.Id == id));
        }