public ActionResult Password(AccountModels.PasswordDto model) { var authorizedUser = new AuthorizeManager().GetSession(); if (ModelState.IsValid) { try { var user = _repo.Single <User>(authorizedUser.ID); if (user != null && user.Password == Encrypt.GetMd5Hash(model.OldPassword)) { user.Password = Encrypt.GetMd5Hash(model.NewPassword); // 更新用户信息 _repo.Update(user); ModelState.AddModelError("Success", "保存成功"); return(RedirectToAction("Logout", "Account")); } else { ModelState.AddModelError("Error", "用户旧密码填写不正确"); } } catch (Exception ex) { ModelState.AddModelError("Warn", ex.Message); } } return(RedirectToAction("Index", "Account")); }
public ActionResult Synchronize(AuthorizeFileVM model) { if (!ModelState.IsValid) { model.Upload = false; return View(model); } string fileName = CastleClub.BusinessLogic.Data.GlobalParameters.ExcelOutPath + "\\" + Guid.NewGuid().ToString(); byte[] content= new byte[model.File.InputStream.Length]; model.File.InputStream.Read(content, 0, model.File.ContentLength); System.IO.File.WriteAllBytes(fileName, content); bool result=AuthorizeManager.ReadReportFile(fileName, model.OnlyRefund); if (result) { SitesManager.UpdateTotalsReferrers(); } model.File = null; model.Upload = result; return View(model); }
public async Task <IActionResult> Delete(int?id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var product2 = await _context.Product2 .FirstOrDefaultAsync(m => m.Id == id); if (product2 == null) { return(NotFound()); } // 令沒有管理權限的 Seller 只能刪除自己上架的產品 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier)) { return(NotFound()); } } _context.Product2.Remove(product2); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); }
public async Task <IActionResult> Create([Bind("Email,PasswordHash")] IdentityUser identityUser) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } // 這並不是用 Entity Framework 產生的 CRUD,所以要自行檢查欄位 if (string.IsNullOrEmpty(identityUser.Email) || string.IsNullOrEmpty(identityUser.PasswordHash) || !Regex.IsMatch(identityUser.Email, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$") || identityUser.PasswordHash.Length < 6) { ViewData["CreateUserError"] = "輸入資料錯誤!"; return(View()); } var user = new IdentityUser { UserName = identityUser.Email, Email = identityUser.Email }; // _userManager 會自動幫你檢查該郵件是否已被註冊,若是...則不會進行動作 await _userManager.CreateAsync(user, identityUser.PasswordHash); _logger.LogInformation($"[{User.Identity.Name}]新增了用戶[{user.Email}]"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }
public async Task <IActionResult> Delete(int?id) { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } if (id == null) { return(NotFound()); } var authorizedMember = await _context.AuthorizedMember .FirstOrDefaultAsync(m => m.Id == id); if (authorizedMember == null) { return(NotFound()); } // 令超級管理員無法被刪除 if (authorizedMember.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } AuthorizeManager.UpdateAuthority("DeleteAll", _context, authorizedMember.Email, null, null); return(RedirectToAction(nameof(Index))); }
public async Task <IActionResult> Details(int?id, int returnPage = 0) { if (id == null) { return(NotFound()); } if (returnPage != 0) { HttpContext.Session.SetInt32("returnPage", returnPage); } var orderForm = await _context.OrderForm .FirstOrDefaultAsync(m => m.Id == id); if (orderForm == null) { return(NotFound()); } // 如果不是管理員,則只能查看自己的訂單明細 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (orderForm.SenderEmail != User.Identity.Name) { return(NotFound()); } } return(View(await _context.OrderDetail.Where(o => o.OrderId == id).ToListAsync())); }
public async Task <IActionResult> Edit(int id, [Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (id != orderDetail.Id) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(orderDetail); await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!OrderDetailExists(orderDetail.Id)) { return(NotFound()); } else { throw; } } return(RedirectToAction(nameof(Index))); } return(View(orderDetail)); }
public async Task <IActionResult> Delete(int?id) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var orderDetail = await _context.OrderDetail .FirstOrDefaultAsync(m => m.Id == id); if (orderDetail == null) { return(NotFound()); } _context.OrderDetail.Remove(orderDetail); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); }
public async Task <IActionResult> Create([Bind("Id,Name,Description,Price,PublishDate,Quantity,DefaultImageURL,SellerEmail,SellerId,SellVolume")] Product2 product2) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } string UserId = User.FindFirstValue(ClaimTypes.NameIdentifier); var ProductList = _context.Product2.Where(m => m.SellerId == UserId).ToList(); // 檢查該使用者上架的產品數量 if (ProductList != null && ProductList.Count > 5) { TempData["ReachLimit"] = "建立失敗,您的產品數量已達上限!"; return(RedirectToAction("Index")); } if (ModelState.IsValid) { product2.PublishDate = DateTime.Now; product2.SellerEmail = User.Identity.Name; product2.SellerId = UserId; product2.SellVolume = 0; _context.Add(product2); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } return(View(product2)); }
public async Task <IActionResult> Create([Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember) { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } // 檢查這個郵件是否為已註冊的會員 var user = _context.Users.FirstOrDefault(m => m.Email == authorizedMember.Email); if (user == null) { TempData["Exception"] = "此欄位必須是已註冊的會員"; return(View(authorizedMember)); } if (ModelState.IsValid) { _context.Add(authorizedMember); await _context.SaveChangesAsync(); AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember); return(RedirectToAction(nameof(Index))); } return(View(authorizedMember)); }
public async Task <IActionResult> Edit(int id, [Bind("Id,Content,UserName,CreateTime,ProductId")] Comment comment) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (id != comment.Id) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(comment); await _context.SaveChangesAsync(); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); } catch (DbUpdateConcurrencyException e) { _logger.LogError(e.ToString()); return(RedirectToAction(nameof(Index))); } } return(View(comment)); }
public ActionResult EditUser(UserDTO user) { return(HttpHandleExtensions.AjaxCallGetResult(() => { if (user.LastLogin == DateTime.MinValue) //最后登录时间字段为空时,数据为datetime默认的{0001/1/1 0:00:00},新增或修改用户时报错 { user.LastLogin = Convert.ToDateTime("1900-01-01T00:00:00.000"); } if (user.Id == Guid.Empty) { _userService.Add(user); this.JsMessage = MessagesResources.Add_Success; } else { _userService.Update(user); this.JsMessage = MessagesResources.Update_Success; } AuthorizeManager.ClearUserCache(user.Id); return Json(new AjaxResponse { Succeeded = true, RedirectUrl = Url.Action("Index") }); })); }
protected override bool UserAuthorized(System.Security.Principal.IPrincipal user) { if (user == null) { throw new ArgumentNullException(nameof(user)); } //var identity = (ClaimsPrincipal)Thread.CurrentPrincipal; var identity = user as ClaimsPrincipal; var authenticated = identity?.Identity; if (authenticated != null && authenticated.IsAuthenticated) { var userGroups = identity?.Claims.Where(c => c.Type == ClaimTypes.GroupSid) .Select(c => c.Value).ToList(); var rolesId = new List <int>(); foreach ( var groupRole in AuthorizeManager.GetUserRoles(userGroups?.Select(int.Parse).ToList()).Select(ur => ur.RolesId)) { rolesId.AddRange(groupRole); } if (Roles.Split(',').Any(b => rolesId.Any(a => a.ToString() == b))) { return(true); } return(false); } return(false); }
public async Task <IActionResult> Edit(int?id, int returnPage = 0) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (returnPage != 0) { HttpContext.Session.SetInt32("returnPage", returnPage); } if (id == null) { return(NotFound()); } var comment = await _context.Comment.FindAsync(id); if (comment == null) { return(NotFound()); } return(View(comment)); }
private void CreateThumbnail(List <DiskInfo> files) { var rootPath = HostingEnvironment.ApplicationHost.GetPhysicalPath(); var tempPath = _fileSystemManager.RelativeToAbsolutePath(AuthorizeManager.AuthorizeActionOnPath(Config.ThumbnailPath, ActionKey.WriteToDisk)); if (tempPath == null) { throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.PathNotFound, Config.ThumbnailPath)); } var thumbnailPath = tempPath.ToLower(); Parallel.ForEach(files, file => { var thumbPath = thumbnailPath + file.FullName.Substring(rootPath.Length); if (_fileSystemManager.FileExist(thumbPath) || file.FullName.ToLower().IndexOf(thumbnailPath, StringComparison.Ordinal) != -1) { return; } var thumbImg = _imageManager.CreateThumbnail(Image.FromFile(file.FullName, true), 200, 200); thumbImg.Save(thumbPath); }); }
public ActionResult EditMenu(MenuDTO menu, Guid?module, Guid?parent) { return(HttpHandleExtensions.AjaxCallGetResult(() => { menu.Permissions = new Collection <PermissionDTO>(); if (module.HasValue) { menu.Module = _moduleService.FindBy(module.Value); } if (parent.HasValue) { menu.Parent = _menuService.FindBy(parent.Value); } if (menu.Id == Guid.Empty) { _menuService.Add(menu); this.JsMessage = MessagesResources.Add_Success; } else { _menuService.Update(menu); this.JsMessage = MessagesResources.Update_Success; } base.ClearCacheMenus(); // 更新所有登陆用户缓存,以更新菜单信息 AuthorizeManager.ClearAllCache(); return Json(new AjaxResponse { Succeeded = true, RedirectUrl = Url.Action("Index") }); })); }
public ActionResult EditUserPermission(Guid userId, List <string> permissions) { return(HttpHandleExtensions.AjaxCallGetResult(() => { var pList = new List <Guid>(); foreach (var s in permissions.OpSafe()) { Guid id; if (Guid.TryParse(s, out id)) { pList.Add(id); } } _userService.UpdateUserPermission(userId, pList); AuthorizeManager.ClearUserCache(userId); this.JsMessage = MessagesResources.Update_Success; return Json(new AjaxResponse { Succeeded = true, RedirectUrl = Url.Action("EditUserPermission", new { userId }) }); })); }
protected bool DeleteFile(string path, string name, string extention) { path = AuthorizeManager.AuthorizeActionOnPath(path.Replace("//", "/"), ActionKey.DeleteFromDisk); return(_fileSystemManager.DeleteFile(path + name + extention)); }
public async Task <IActionResult> Details(int?id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var product2 = await _context.Product2 .FirstOrDefaultAsync(m => m.Id == id); if (product2 == null) { return(NotFound()); } // 令沒有管理權限的 Seller 只能查看自己上架的產品 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier)) { return(NotFound()); } } return(View(product2)); }
public async Task <IActionResult> Delete(int?id, int returnPage = 0) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (returnPage != 0) { HttpContext.Session.SetInt32("returnPage", returnPage); } var comment = await _context.Comment.FindAsync(id); _context.Comment.Remove(comment); await _context.SaveChangesAsync(); _logger.LogWarning($"[{User.Identity.Name}]刪除了一筆[{comment.UserName}]的留言"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }
public async Task <IActionResult> DeleteAll() { if (User.Identity.Name != AuthorizeManager.SuperAdmin) { return(NotFound()); } // 刪除所有特權用戶 & 賣方產品 _context.RemoveRange(_context.AuthorizedMember); _context.RemoveRange(_context.Product2); // 重新添加超級管理員 & 儲存變更 _context.AuthorizedMember.Add(new AuthorizedMember { Email = AuthorizeManager.SuperAdmin, InAdminGroup = true, InSellerGroup = true }); await _context.SaveChangesAsync(); // 刷新權限的HashTable AuthorizeManager.RefreshHashTable(_context); return(RedirectToAction(nameof(Index))); }
public void Execute(object state) { var logInfo = new LogInfo { MethodInstance = MethodBase.GetCurrentMethod(), ThreadInstance = Thread.CurrentThread }; try { _log.Info("Scheduler Start: (SyncUsersWithWeChat)", logInfo); using (IRepository repo = new Repository()) { var list = repo.All <UserWeChat>(); if (list != null && list.Count > 0) { var auth = new AuthorizeManager(); foreach (var uw in list) { auth.SyncUserWithWeChat(uw.UserName); } } } _log.Info("Scheduler End: (SyncUsersWithWeChat)", logInfo); } catch (Exception ex) { _log.Warn(ex, logInfo); } }
public async Task <bool> Delete(JObject data) { dynamic fileData = data; int id; try { id = fileData.Id; } catch (Exception) { throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.FieldMustBeNumeric, "File Id")); } var file = await _contentManagementContext.Files.SingleOrDefaultAsync(fl => fl.Id == id); if (file == null) { throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.FileNotFound)); } AuthorizeManager.SetAndCheckModifyAndAccessRole(file, null, false); _contentManagementContext.Files.Remove(file); await _contentManagementContext.SaveChangesAsync(); return(true); }
public async Task <string> Save(JObject data) { dynamic groupDto = data; int groupId = groupDto.GroupId; int entityTypeId = groupDto.EntityTypeId; string groupName = groupDto.Name; if (!AuthorizeManager.AuthorizeActionOnEntityId(groupId, (int)EntityIdentity.Group, (int)ActionKey.EditGroup)) { throw new KhodkarInvalidException(LanguageManager.ToAsErrorMessage(ExceptionKey.InvalidAccessToEditGroup, groupName)); } JArray sremovedListArray = groupDto.RemovedList; var removedList = sremovedListArray.ToObject <List <int> >(); JArray addedListArray = groupDto.AddedList; var addedList = addedListArray.ToObject <List <int> >(); foreach (var item in addedList) { if (entityTypeId == 101) { var group = new EntityGroup() { GroupId = groupId, EntityTypeId = entityTypeId, LinkId = item }; _contentManagementContext.EntityGroups.Add(group); } else { var group = new EntityGroup() { GroupId = groupId, EntityTypeId = entityTypeId, MasterDataKeyValueId = item }; _contentManagementContext.EntityGroups.Add(group); } } if (removedList.Count > 0) { if (entityTypeId == 101) { _contentManagementContext.EntityGroups.Where(eg => removedList.Contains(eg.LinkId ?? 0) && eg.GroupId == groupId).Delete(); } else { _contentManagementContext.EntityGroups.Where(eg => removedList.Contains(eg.MasterDataKeyValueId ?? 0) && eg.GroupId == groupId).Delete(); } } await _contentManagementContext.SaveChangesAsync(); return(entityTypeId == 101 ? "link":"masterData"); }
private bool OrderDetailExists(int id) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(false); } return(_context.OrderDetail.Any(e => e.Id == id)); }
public async Task Save(JObject data) { dynamic dataDto = data; string path = dataDto.Path; string name = dataDto.Name; string content = dataDto.Content; await _fileSystemManager.WriteAsync(AuthorizeManager.AuthorizeActionOnPath(path + "/" + name, ActionKey.WriteToDisk), content); }
public async Task <IActionResult> Index(int page = 1) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } return(View(await _context.OrderDetail.OrderByDescending(p => p.OrderId).ToPagedListAsync(page, 10))); }
public IActionResult Create() { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } return(View()); }
private bool CommentExists(int id) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(false); } return(_context.Comment.Any(e => e.Id == id)); }
private bool Product2Exists(int id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(false); } return(_context.Product2.Any(e => e.Id == id)); }