public async Task <IActionResult> Delete(int?id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var product2 = await _context.Product2 .FirstOrDefaultAsync(m => m.Id == id); if (product2 == null) { return(NotFound()); } // 令沒有管理權限的 Seller 只能刪除自己上架的產品 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier)) { return(NotFound()); } } _context.Product2.Remove(product2); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); }
public async Task <IActionResult> Create([Bind("Id,Name,Description,Price,PublishDate,Quantity,DefaultImageURL,SellerEmail,SellerId,SellVolume")] Product2 product2) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } string UserId = User.FindFirstValue(ClaimTypes.NameIdentifier); var ProductList = _context.Product2.Where(m => m.SellerId == UserId).ToList(); // 檢查該使用者上架的產品數量 if (ProductList != null && ProductList.Count > 5) { TempData["ReachLimit"] = "建立失敗,您的產品數量已達上限!"; return(RedirectToAction("Index")); } if (ModelState.IsValid) { product2.PublishDate = DateTime.Now; product2.SellerEmail = User.Identity.Name; product2.SellerId = UserId; product2.SellVolume = 0; _context.Add(product2); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } return(View(product2)); }
public async Task <IActionResult> Details(int?id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var product2 = await _context.Product2 .FirstOrDefaultAsync(m => m.Id == id); if (product2 == null) { return(NotFound()); } // 令沒有管理權限的 Seller 只能查看自己上架的產品 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier)) { return(NotFound()); } } return(View(product2)); }
public IActionResult Create() { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } return(View()); }
private bool Product2Exists(int id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(false); } return(_context.Product2.Any(e => e.Id == id)); }
public async Task <IActionResult> OnPostChangeEmailAsync() { var user = await _userManager.GetUserAsync(User); if (user == null) { return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'.")); } if (!ModelState.IsValid) { await LoadAsync(user); return(Page()); } var email = await _userManager.GetEmailAsync(user); if (Input.NewEmail != email) { var GetUserByEmail = _context.Users.FirstOrDefault(u => u.Email == Input.NewEmail); // 若此信箱沒有被註冊過,則允許修改信箱 if (GetUserByEmail == null) { // 檢查是否為特權用戶 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, Input.NewEmail); } // 變更郵件 user.UserName = Input.NewEmail; user.Email = Input.NewEmail; await _userManager.UpdateAsync(user); // 令使用者登出 _logger.LogInformation($"[{email}]的郵件已經變更為[{Input.NewEmail}]"); TempData["LoginFail"] = $"郵件變更成功,請重新登入!"; await _signInManager.SignOutAsync(); HttpContext.Session.SetString("UserModifyEmail", "1"); } else { StatusMessage = "變更失敗,此郵件已被註冊!"; } return(RedirectToPage()); } StatusMessage = "您的郵件和之前的一樣!"; return(RedirectToPage()); }
public async Task <IActionResult> Edit(int id, [Bind("Id,Name,Description,Price,Quantity,DefaultImageURL")] Product2 product2) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id != product2.Id) { return(NotFound()); } if (ModelState.IsValid) { try { Product2 product = _context.Product2.FirstOrDefault(m => m.Id == id); // 令沒有管理權限的 Seller 只能編輯自己上架的產品 if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { if (product.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier)) { return(NotFound()); } } // 重寫編輯代碼(因為只需要更新部分欄位) product.Name = product2.Name; product.Description = product2.Description; product.Price = product2.Price; product.Quantity = product2.Quantity; product.DefaultImageURL = product2.DefaultImageURL; await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } catch (DbUpdateConcurrencyException e) { _logger.LogError(e.ToString()); return(RedirectToAction(nameof(Index))); } } return(View(product2)); }
public ActionResult Delete(string id, int returnPage = 0) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } if (returnPage != 0) { HttpContext.Session.SetInt32("returnPage", returnPage); } var user = _context.Users.FirstOrDefault(u => u.Id == id); // 令超級管理員不能被刪除 if (user.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } // 查看該使用者是否為賣方,如果是...則刪除其產品 if (AuthorizeManager.InSellerGroup(user.Email)) { var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); _context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId)); } // 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null); } // 刪除該使用者 _context.Users.Remove(user); _context.SaveChanges(); _logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }
public async Task <IActionResult> Edit(int?id) { if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name)) { return(NotFound()); } if (id == null) { return(NotFound()); } var product2 = await _context.Product2.FindAsync(id); if (product2 == null) { return(NotFound()); } return(View(product2)); }
public async Task <IActionResult> Edit(IdentityUser identityUser) { if (!AuthorizeManager.InAdminGroup(User.Identity.Name)) { return(NotFound()); } var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id); // 令超級管理員不能被編輯 if (user.Email == AuthorizeManager.SuperAdmin) { return(NotFound()); } else { // 如果是特權用戶,則變更此特權用戶的郵件 if (AuthorizeManager.InAuthorizedMember(user.Email)) { AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email); } user.Email = identityUser.Email; user.UserName = identityUser.Email; } // 若沒先 RemovePassword 則 LOG 會出現內建的 Warning await _userManager.RemovePasswordAsync(user); await _userManager.AddPasswordAsync(user, identityUser.PasswordHash); _logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料"); // 返回之前的分頁 int?TryGetPage = HttpContext.Session.GetInt32("returnPage"); int page = TryGetPage != null ? (int)TryGetPage : 1; return(RedirectToAction("Index", new { page })); }