public async Task <ActionResult> Edit([Bind(Include = "Id,Login,Roles")] UserVM userVM)
{
if (!Session.UserHasRole("Admin"))
{
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
if (userVM == null || !ModelState.IsValid)
{
ModelState.AddModelError(String.Empty, "Unexpected token error");
return(View(userVM));
}
User dbUser = await db.Users.FirstAsync(u => u.Id == userVM.Id);
dbUser.Roles.Clear();
await Task.Run(() =>
{
userVM
.Roles
.Where(r => r.IsSelected)
.Select(async r => await db.UserRoles.FindAsync(r.Id))
.Select(task => task.Result)
.ToList()
.ForEach(role => dbUser.Roles.Add(role));
});
await db.SaveChangesAsync();
return(RedirectToAction("Index"));
}
public async Task <ActionResult> Create([Bind(Include = "Id,Name")] Genre genre)
{
if (!Session.UserHasRole("Admin"))
{
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
if (ModelState.IsValid)
{
db.Genres.Add(genre);
await db.SaveChangesAsync();
return(RedirectToAction("Index"));
}
return(View(genre));
}
public async Task <ActionResult> RegisterConfirm(RegisterVM registerModel)
{
// if some the hacking actions with form. Or someone disable JS?
if (!ModelState.IsValid)
{
ModelState.AddModelError(String.Empty, "Invalid token");
return(View(registerModel));
}
// check for already registred
if (await dbContext.Users.Where(u => registerModel.Login == u.Login).CountAsync() > 0)
{
ModelState.AddModelError(String.Empty, "Login is already taken(and pass maybe too?)");
return(View(registerModel));
}
string salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString();
byte[] password = Encoding.Unicode.GetBytes(salt + registerModel.Password);
string hash = CryptoService.ComputeMD5Hash(password).ToHexString();
User newUser = new User()
{
Login = registerModel.Login,
Password = hash,
Salt = salt
};
newUser.Roles.Add(await dbContext.UserRoles.Where(role => role.Name == "Authenticated").FirstAsync());
dbContext.Users.Add(newUser);
await dbContext.SaveChangesAsync();
return(RedirectToAction("Login"));
}
public async Task <ActionResult> CreateConfirm([Bind(Include = "Name,File,Genres")] SongVM songVM)
{
if (!Session.UserHasRole("Authorized"))
{
return(new HttpStatusCodeResult(HttpStatusCode.Forbidden));
}
if (!ModelState.IsValid)
{
ModelState.AddModelError(String.Empty, "Some field are not filled");
songVM.Genres = (await db.Genres.ToListAsync()).Select(g => g.ToViewModel());
return(View(songVM));
}
if (await db.Songs
.Where(s => s.Name == songVM.Name)
.FirstOrDefaultAsync() != null)
{
ModelState.AddModelError(String.Empty, "This song is exist");
return(View(songVM));
}
string filename;
string mappedSongsFolderPath = Server.MapPath(AppConstants.SONGS_FOLDER_VIRTUAL_PATH);
string savePath;
// check if random filename exist
do
{
filename = $"{Guid.NewGuid()}.mp3";
savePath = Path.Combine(mappedSongsFolderPath, filename);
} while (System.IO.File.Exists(savePath));
using (FileStream f = System.IO.File.Create(savePath, 4096, FileOptions.Asynchronous))
{
await songVM.File.InputStream.CopyToAsync(f);
}
Song newSong = new Song()
{
Name = songVM.Name,
FileName = filename,
Genres = await Task.Run(() =>
{
// Transform selected genres to Domain model
return(songVM
.Genres
.Where(genre => genre.IsSelected)
.Select(async selectedGenre => await db.Genres.FindAsync(selectedGenre.Id))
.Select(t => t.Result)
.ToList());
})
};
db.Songs.Add(newSong);
await db.SaveChangesAsync();
return(Redirect("~/"));
}
