// GET: Orders/Details/5 public async Task <ActionResult> Details(int?id) { if (!User.Identity.IsAuthenticated) { return(RedirectToAction("Login", "Account")); } if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Order order = await db.Orders.FindAsync(id); string userId = User.Identity.GetUserId(); if (order.UserId != userId && !User.IsInRole("Administrator")) { return(RedirectToAction("Warning", "Home", new { message = "ACCESS DENIED" })); } if (order == null) { return(HttpNotFound()); } var productsInOrder = db.ProductInOrders.Where(x => x.OrderID == id); OrderDetails od = new OrderDetails(); od.Order = order; List <ProductInOrderDetails> productInOrderDetails = new List <ProductInOrderDetails>(); foreach (var item in productsInOrder.ToList()) { var temp = new ProductInOrderDetails(); temp.ProductName = item.Product.ProductName; temp.Quantity = item.Quantity; temp.ProductInOrderID = item.ProductInOrderID; // Need to check if it's still available temp.Available = (temp.Quantity > item.Product.UnitsInStock) ? false : true; productInOrderDetails.Add(temp); } od.ProductInOrderDetails = productInOrderDetails; return(View(od)); }
// GET: Invoices/Details/5 public async Task <ActionResult> Details(int?id) { if (!User.Identity.IsAuthenticated) { return(RedirectToAction("Login", "Account")); } if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } var invoice = await db.Invoices.FindAsync(id); if (invoice == null) { return(HttpNotFound()); } // NEED TO MAKE IT SO IF USER HAS ACCESS TO THIS INVOICE FROM HIS VENDOR HE CAN SEE, OTHERWISE HE CANNOT string userId = User.Identity.GetUserId(); ApplicationUser user = db.Users.FirstOrDefault(x => x.Id == userId); if ((invoice.Order.ApplicationUser.VendorID != user.VendorID) && !(User.IsInRole("Administrator") || User.IsInRole("Manager"))) { return(RedirectToAction("Warning", "Home", new { message = "ACCESS DENIED - You are trying to view an invoice belonging to another Vendor" })); } // PULL ORDER DETAILS ***************************************************** Order order = invoice.Order; var productsInOrder = db.ProductInOrders.Where(x => x.OrderID == order.OrderID); OrderDetails od = new OrderDetails(); od.Order = order; List <ProductInOrderDetails> productInOrderDetails = new List <ProductInOrderDetails>(); foreach (var item in productsInOrder.ToList()) { var temp = new ProductInOrderDetails(); temp.ProductName = item.Product.ProductName; temp.Quantity = item.Quantity; temp.ProductInOrderID = item.ProductInOrderID; // Need to check if it's still available temp.Available = (temp.Quantity > item.Product.UnitsInStock) ? false : true; productInOrderDetails.Add(temp); } od.ProductInOrderDetails = productInOrderDetails; //******************************************************************************************* // Make viewmodel and return it InvoiceDetails invoiceDetails = new InvoiceDetails(); invoiceDetails.Invoice = invoice; invoiceDetails.OrderDetails = od; return(View(invoiceDetails)); }