// GET: Orders/Details/5
public async Task <ActionResult> Details(int?id)
{
if (!User.Identity.IsAuthenticated)
{
return(RedirectToAction("Login", "Account"));
}
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
Order order = await db.Orders.FindAsync(id);
string userId = User.Identity.GetUserId();
if (order.UserId != userId && !User.IsInRole("Administrator"))
{
return(RedirectToAction("Warning", "Home", new { message = "ACCESS DENIED" }));
}
if (order == null)
{
return(HttpNotFound());
}
var productsInOrder = db.ProductInOrders.Where(x => x.OrderID == id);
OrderDetails od = new OrderDetails();
od.Order = order;
List <ProductInOrderDetails> productInOrderDetails = new List <ProductInOrderDetails>();
foreach (var item in productsInOrder.ToList())
{
var temp = new ProductInOrderDetails();
temp.ProductName = item.Product.ProductName;
temp.Quantity = item.Quantity;
temp.ProductInOrderID = item.ProductInOrderID;
// Need to check if it's still available
temp.Available = (temp.Quantity > item.Product.UnitsInStock) ? false : true;
productInOrderDetails.Add(temp);
}
od.ProductInOrderDetails = productInOrderDetails;
return(View(od));
}
// GET: Invoices/Details/5
public async Task <ActionResult> Details(int?id)
{
if (!User.Identity.IsAuthenticated)
{
return(RedirectToAction("Login", "Account"));
}
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var invoice = await db.Invoices.FindAsync(id);
if (invoice == null)
{
return(HttpNotFound());
}
// NEED TO MAKE IT SO IF USER HAS ACCESS TO THIS INVOICE FROM HIS VENDOR HE CAN SEE, OTHERWISE HE CANNOT
string userId = User.Identity.GetUserId();
ApplicationUser user = db.Users.FirstOrDefault(x => x.Id == userId);
if ((invoice.Order.ApplicationUser.VendorID != user.VendorID) && !(User.IsInRole("Administrator") || User.IsInRole("Manager")))
{
return(RedirectToAction("Warning", "Home", new { message = "ACCESS DENIED - You are trying to view an invoice belonging to another Vendor" }));
}
// PULL ORDER DETAILS *****************************************************
Order order = invoice.Order;
var productsInOrder = db.ProductInOrders.Where(x => x.OrderID == order.OrderID);
OrderDetails od = new OrderDetails();
od.Order = order;
List <ProductInOrderDetails> productInOrderDetails = new List <ProductInOrderDetails>();
foreach (var item in productsInOrder.ToList())
{
var temp = new ProductInOrderDetails();
temp.ProductName = item.Product.ProductName;
temp.Quantity = item.Quantity;
temp.ProductInOrderID = item.ProductInOrderID;
// Need to check if it's still available
temp.Available = (temp.Quantity > item.Product.UnitsInStock) ? false : true;
productInOrderDetails.Add(temp);
}
od.ProductInOrderDetails = productInOrderDetails;
//*******************************************************************************************
// Make viewmodel and return it
InvoiceDetails invoiceDetails = new InvoiceDetails();
invoiceDetails.Invoice = invoice;
invoiceDetails.OrderDetails = od;
return(View(invoiceDetails));
}
