public async Task <IActionResult> Create([Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember)
{
if (User.Identity.Name != AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
// 檢查這個郵件是否為已註冊的會員
var user = _context.Users.FirstOrDefault(m => m.Email == authorizedMember.Email);
if (user == null)
{
TempData["Exception"] = "此欄位必須是已註冊的會員";
return(View(authorizedMember));
}
if (ModelState.IsValid)
{
_context.Add(authorizedMember);
await _context.SaveChangesAsync();
AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember);
return(RedirectToAction(nameof(Index)));
}
return(View(authorizedMember));
}
public async Task <IActionResult> Delete(int?id)
{
if (User.Identity.Name != AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
if (id == null)
{
return(NotFound());
}
var authorizedMember = await _context.AuthorizedMember
.FirstOrDefaultAsync(m => m.Id == id);
if (authorizedMember == null)
{
return(NotFound());
}
// 令超級管理員無法被刪除
if (authorizedMember.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
AuthorizeManager.UpdateAuthority("DeleteAll", _context, authorizedMember.Email, null, null);
return(RedirectToAction(nameof(Index)));
}
public async Task <IActionResult> OnPostChangeEmailAsync()
{
var user = await _userManager.GetUserAsync(User);
if (user == null)
{
return(NotFound($"Unable to load user with ID '{_userManager.GetUserId(User)}'."));
}
if (!ModelState.IsValid)
{
await LoadAsync(user);
return(Page());
}
var email = await _userManager.GetEmailAsync(user);
if (Input.NewEmail != email)
{
var GetUserByEmail = _context.Users.FirstOrDefault(u => u.Email == Input.NewEmail);
// 若此信箱沒有被註冊過,則允許修改信箱
if (GetUserByEmail == null)
{
// 檢查是否為特權用戶
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, Input.NewEmail);
}
// 變更郵件
user.UserName = Input.NewEmail;
user.Email = Input.NewEmail;
await _userManager.UpdateAsync(user);
// 令使用者登出
_logger.LogInformation($"[{email}]的郵件已經變更為[{Input.NewEmail}]");
TempData["LoginFail"] = $"郵件變更成功,請重新登入!";
await _signInManager.SignOutAsync();
HttpContext.Session.SetString("UserModifyEmail", "1");
}
else
{
StatusMessage = "變更失敗,此郵件已被註冊!";
}
return(RedirectToPage());
}
StatusMessage = "您的郵件和之前的一樣!";
return(RedirectToPage());
}
public ActionResult Delete(string id, int returnPage = 0)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
if (returnPage != 0)
{
HttpContext.Session.SetInt32("returnPage", returnPage);
}
var user = _context.Users.FirstOrDefault(u => u.Id == id);
// 令超級管理員不能被刪除
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
// 查看該使用者是否為賣方,如果是...則刪除其產品
if (AuthorizeManager.InSellerGroup(user.Email))
{
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
_context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId));
}
// 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null);
}
// 刪除該使用者
_context.Users.Remove(user);
_context.SaveChanges();
_logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Edit(IdentityUser identityUser)
{
if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
{
return(NotFound());
}
var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id);
// 令超級管理員不能被編輯
if (user.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
else
{
// 如果是特權用戶,則變更此特權用戶的郵件
if (AuthorizeManager.InAuthorizedMember(user.Email))
{
AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email);
}
user.Email = identityUser.Email;
user.UserName = identityUser.Email;
}
// 若沒先 RemovePassword 則 LOG 會出現內建的 Warning
await _userManager.RemovePasswordAsync(user);
await _userManager.AddPasswordAsync(user, identityUser.PasswordHash);
_logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料");
// 返回之前的分頁
int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
int page = TryGetPage != null ? (int)TryGetPage : 1;
return(RedirectToAction("Index", new { page }));
}
public async Task <IActionResult> Edit(int id, [Bind("Id,Email,InAdminGroup,InSellerGroup")] AuthorizedMember authorizedMember)
{
if (User.Identity.Name != AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
// 令超級管理員無法被編輯
if (authorizedMember.Email == AuthorizeManager.SuperAdmin)
{
return(NotFound());
}
if (id != authorizedMember.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(authorizedMember);
await _context.SaveChangesAsync();
AuthorizeManager.UpdateAuthority("UpdateHashTableByAuthorizedMember", _context, null, null, authorizedMember);
return(RedirectToAction(nameof(Index)));
}
catch (DbUpdateConcurrencyException e)
{
_logger.LogError(e.ToString());
return(RedirectToAction(nameof(Index)));
}
}
return(View(authorizedMember));
}
