public IActionResult Account() { // Retrieves data from session to query as an event handler // checks to see if the session data is present to prevent // penetration. string LoggedIn = HttpContext.Session.GetString("LoggedIn"); int? userId = HttpContext.Session.GetInt32("UserId"); string email = HttpContext.Session.GetString("Email"); // If logged in not present, proceed to default if (LoggedIn == null) { return(View("Index")); } else { // Checks to see if the user is in the DB var userTransactionBundle = new UserTransactionBundle(); userTransactionBundle.user = dbContext.Users.FirstOrDefault(user => user.Email == email); if (userTransactionBundle.user == null) { // if user is not in DB, kill session, redirect to index HttpContext.Session.Clear(); return(RedirectToAction("Index")); } else { // Checks to see if session user ID matches the actuall user ID if (userTransactionBundle.user.UserId != (int)userId) { // if ID's do not match, kills session, redirects to Index HttpContext.Session.Clear(); return(RedirectToAction("Index")); } else { // populates the user's transactions userTransactionBundle.transactions = dbContext.Transactions .Where(transaction => transaction.UserId == (int)userId) .OrderByDescending(transaction => transaction.CreatedAt) .ToList(); return(View("Account", userTransactionBundle)); } } } }
public IActionResult CreateTransaction(UserTransactionBundle userTransactionBundle) { // Sets the User for the userTransactionBundle string email = HttpContext.Session.GetString("Email"); int? userId = HttpContext.Session.GetInt32("UserId"); userTransactionBundle.user = dbContext.Users.FirstOrDefault(user => user.Email == email); // populates the user's transaction userTransactionBundle.transactions = dbContext.Transactions .Where(transaction => transaction.UserId == (int)userId) .OrderByDescending(transaction => transaction.CreatedAt) .ToList(); // Checks validator if (ModelState.IsValid) { // Checks to see if transaction results in negative balance if (userTransactionBundle.Balance + userTransactionBundle.transaction.Amount > 0) { userTransactionBundle.transaction.CreatedAt = DateTime.Now; dbContext.Add(userTransactionBundle.transaction); dbContext.SaveChanges(); return(RedirectToAction("Account")); } else { // because the model is bundled, reference the sub-model/property for the annotation to fire ModelState.AddModelError("transaction.Amount", "Transaction will result in a Negative Balance and is not allowed!"); return(View("Account", userTransactionBundle)); } } else { return(View("Account", userTransactionBundle)); } }