public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var User = context.HttpContext.User;
string PageName = context.RouteData.Values["controller"].ToString();
var userId = Convert.ToInt32(userManager.GetUserId(User));
bool isAllow = false;
//----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
// Check if SecurityStamp for this User in Db equal SecurityStamp in his Claims or not
// Case 1 : they equal in value => That Mean User Claims Are Valid and i can validate permission via claims
// Case 2 : they not equal => That Mean User Claims Are not Valid (Maybe his role are changed or other importatn value) so i have to make Current User SingOut and Login Again
//----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
string claim_SecurityStamp = User.FindFirst("AspNet.Identity.SecurityStamp").Value;
string db_SecurityStamp = await db.Users.Where(u => u.Id == userId).Select(u => u.SecurityStamp).FirstOrDefaultAsync();
if (claim_SecurityStamp != db_SecurityStamp)
{
await signInManager.SignOutAsync();
context.Result = new RedirectToActionResult("Login", "Account", new { });
return;
}
else // Check if Current User have Permission for Specific action in page via Claims based Authorization
{
isAllow = UserPagePermission.PageActionPermission(User, PageName, this.actionID);
}
if (!isAllow)
{
context.HttpContext.Response.StatusCode = 401; //Unauthorized
return;
}
// execute any code before the action executes
var result = await next();
// execute any code after the action executes
}
public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
{
// Set Default Value just in case ActionId == null
int _actionID = this.actionId ?? Models.Action.Read;
// before drawing page link i have to check if logged in user have permission for this page or not
// Check if Logged In User have permission To Read Specific Page for example => ControllerName: Customer , ActionId:1 (Action.Read)
bool isAllow = UserPagePermission.PageActionPermission(User, controller, _actionID);
if (isAllow)
{
var href = @"/" + controller + @"/" + action;
// Draw <a> Tag as Chiled for <li> tag
if (liTag.HasValue && liTag == true)
{
output.TagName = "li"; // Replaces <pagelink> with <li> tag
var content = await output.GetChildContentAsync();
var htmlContent = content.GetContent();
output.PreContent.SetHtmlContent($@"<a href='{href}'>");
output.Content.SetHtmlContent(htmlContent);
output.PostContent.SetHtmlContent("</a>");
}
else
{ // Draw <a> Tag
output.TagName = "a"; // Replaces <pagelink> with <a> tag
output.Attributes.SetAttribute("href", href);
}
}
else
{ // dont draw any html
output.SuppressOutput();
}
}
public async Task <IActionResult> get(string limit, string offset, string sort, string order, string search)
{
//----------------------------------------------------------
// Modefy This Select Query (Dont Use AsEnumerable)
//----------------------------------------------------------
int limits = 10;
int offsets = 0;
if (limit != "")
{
limits = int.Parse(limit);
}
if (offset != "")
{
offsets = int.Parse(offset);
}
int UserBranchId = Convert.ToInt32(User.FindFirst(ClaimName.BranchId).Value);
int UserLangID = Lang.geUsertLangID(Request);
// all data
var data = db.Sells.Where(g => g.Location.BranchId == UserBranchId)
.Select(e => new
{
e.sellId,
e.sellDate,
e.Customer.customerName,
e.Customer.pic,
e.Location.locationname,
e.totalPrice,
e.totalQty,
e.discount,
e.tax,
e.Sell_State.cssClass,
e.Sell_State.icon,
e.Sell_State.Sell_State_Lang.Where(a => a.LanguageId == UserLangID).FirstOrDefault().stateName,
})
.AsNoTracking();
//search
if (!string.IsNullOrEmpty(search))
{
if (search.Contains("#"))
{
string ID = search.Remove(0, 1);
int IDD = 0;
bool isINT = int.TryParse(ID, out IDD);
if (isINT)
{
data = data.Where(f => f.sellId == IDD);
}
}
else
{
data = data.Where(f => f.customerName.ToLower().Contains(search.ToLower()) || f.locationname.ToLower().Contains(search.ToLower()));
}
}
// Total Rows Count Before Skip and Take
var total = data.Count();
// sort and paging
if (sort != null)
{
if (sort == "sellId" && order == "asc")
{
data = data.OrderBy(f => f.sellId).Skip(offsets).Take(limits);
}
else if (sort == "sellId" && order == "desc")
{
data = data.OrderByDescending(f => f.sellId).Skip(offsets).Take(limits);
}
else if (sort == "customerName" && order == "asc")
{
data = data.OrderBy(f => f.customerName).Skip(offsets).Take(limits);
}
else if (sort == "customerName" && order == "desc")
{
data = data.OrderByDescending(f => f.customerName).Skip(offsets).Take(limits);
}
else if (sort == "sellDate" && order == "asc")
{
data = data.OrderBy(f => f.sellDate).Skip(offsets).Take(limits);
}
else if (sort == "sellDate" && order == "desc")
{
data = data.OrderByDescending(f => f.sellDate).Skip(offsets).Take(limits);
}
else if (sort == "locationname" && order == "asc")
{
data = data.OrderBy(f => f.locationname).Skip(offsets).Take(limits);
}
else if (sort == "locationname" && order == "desc")
{
data = data.OrderByDescending(f => f.locationname).Skip(offsets).Take(limits);
}
else if (sort == "discount" && order == "asc")
{
data = data.OrderBy(f => f.discount).Skip(offsets).Take(limits);
}
else if (sort == "discount" && order == "desc")
{
data = data.OrderByDescending(f => f.discount).Skip(offsets).Take(limits);
}
else if (sort == "tax" && order == "asc")
{
data = data.OrderBy(f => f.tax).Skip(offsets).Take(limits);
}
else if (sort == "tax" && order == "desc")
{
data = data.OrderByDescending(f => f.tax).Skip(offsets).Take(limits);
}
else if (sort == "stateName" && order == "asc")
{
data = data.OrderBy(f => f.stateName).Skip(offsets).Take(limits);
}
else if (sort == "stateName" && order == "desc")
{
data = data.OrderByDescending(f => f.stateName).Skip(offsets).Take(limits);
}
else if (sort == "totalPrice" && order == "asc")
{
data = data.OrderBy(f => f.totalPrice).Skip(offsets).Take(limits);
}
else if (sort == "totalPrice" && order == "desc")
{
data = data.OrderByDescending(f => f.totalPrice).Skip(offsets).Take(limits);
}
else if (sort == "buyCount" && order == "asc")
{
data = data.OrderBy(f => f.totalQty).Skip(offsets).Take(limits);
}
else if (sort == "buyCount" && order == "desc")
{
data = data.OrderByDescending(f => f.totalQty).Skip(offsets).Take(limits);
}
}
else
{
//dfualt sorting and paging
data = data.OrderByDescending(f => f.sellId).Skip(offsets).Take(limits);
}
var rows = await data.ToListAsync();
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
// Generate Permissions Object for Current Pge This Object Contains {CanCreate,CanUpdate,CanDelete} For Logged In User and For This Controller Page
// Note : I follow a Convention that is the PageName Equal Controller Name
//-------------------------------------------------------------------------------------------------------------------------------------------------------------
string pageName = ControllerContext.ActionDescriptor.ControllerName.ToLower();
var userPagePermission = UserPagePermission.GetPagePermissions(User, ControllerContext.ActionDescriptor.ControllerName.ToLower());
//--------------------------------------------------------------------------------------------------------------------------------------------------
// Return : total= rows total count / rows = matched Records after pagination / userPagePermission object {CanCreate,CanUpdate,CanDelete}
//--------------------------------------------------------------------------------------------------------------------------------------------------
return(Json(new { total = total, rows = rows, userPagePermission = userPagePermission }));
}