예제 #1
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能刪除自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            _context.Product2.Remove(product2);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
예제 #2
0
        public async Task <IActionResult> Delete(int?id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var orderDetail = await _context.OrderDetail
                              .FirstOrDefaultAsync(m => m.Id == id);

            if (orderDetail == null)
            {
                return(NotFound());
            }

            _context.OrderDetail.Remove(orderDetail);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
        public async Task <IActionResult> Details(int?id, int returnPage = 0)
        {
            if (id == null)
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var orderForm = await _context.OrderForm
                            .FirstOrDefaultAsync(m => m.Id == id);

            if (orderForm == null)
            {
                return(NotFound());
            }

            // 如果不是管理員,則只能查看自己的訂單明細
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (orderForm.SenderEmail != User.Identity.Name)
                {
                    return(NotFound());
                }
            }

            return(View(await _context.OrderDetail.Where(o => o.OrderId == id).ToListAsync()));
        }
예제 #4
0
        public async Task <IActionResult> Details(int?id)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var product2 = await _context.Product2
                           .FirstOrDefaultAsync(m => m.Id == id);

            if (product2 == null)
            {
                return(NotFound());
            }

            // 令沒有管理權限的 Seller 只能查看自己上架的產品
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                if (product2.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                {
                    return(NotFound());
                }
            }

            return(View(product2));
        }
예제 #5
0
        public async Task <IActionResult> Edit(int id, [Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != orderDetail.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(orderDetail);
                    await _context.SaveChangesAsync();
                }
                catch (DbUpdateConcurrencyException)
                {
                    if (!OrderDetailExists(orderDetail.Id))
                    {
                        return(NotFound());
                    }
                    else
                    {
                        throw;
                    }
                }
                return(RedirectToAction(nameof(Index)));
            }
            return(View(orderDetail));
        }
예제 #6
0
        public async Task <IActionResult> Create([Bind("Email,PasswordHash")] IdentityUser identityUser)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            // 這並不是用 Entity Framework 產生的 CRUD,所以要自行檢查欄位
            if (string.IsNullOrEmpty(identityUser.Email) ||
                string.IsNullOrEmpty(identityUser.PasswordHash) ||
                !Regex.IsMatch(identityUser.Email, @"^([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$") ||
                identityUser.PasswordHash.Length < 6)
            {
                ViewData["CreateUserError"] = "輸入資料錯誤!";
                return(View());
            }

            var user = new IdentityUser {
                UserName = identityUser.Email, Email = identityUser.Email
            };

            // _userManager 會自動幫你檢查該郵件是否已被註冊,若是...則不會進行動作
            await _userManager.CreateAsync(user, identityUser.PasswordHash);

            _logger.LogInformation($"[{User.Identity.Name}]新增了用戶[{user.Email}]");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
        public async Task <IActionResult> Edit(int?id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            if (id == null)
            {
                return(NotFound());
            }

            var comment = await _context.Comment.FindAsync(id);

            if (comment == null)
            {
                return(NotFound());
            }
            return(View(comment));
        }
        public async Task <IActionResult> Edit(int id, [Bind("Id,Content,UserName,CreateTime,ProductId")] Comment comment)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != comment.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    _context.Update(comment);
                    await _context.SaveChangesAsync();

                    // 返回之前的分頁
                    int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
                    int page       = TryGetPage != null ? (int)TryGetPage : 1;
                    return(RedirectToAction("Index", new { page }));
                }
                catch (DbUpdateConcurrencyException e)
                {
                    _logger.LogError(e.ToString());
                    return(RedirectToAction(nameof(Index)));
                }
            }
            return(View(comment));
        }
        public async Task <IActionResult> Delete(int?id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var comment = await _context.Comment.FindAsync(id);

            _context.Comment.Remove(comment);
            await _context.SaveChangesAsync();

            _logger.LogWarning($"[{User.Identity.Name}]刪除了一筆[{comment.UserName}]的留言");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
예제 #10
0
        public async Task <IActionResult> Index(int page = 1)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            return(View(await _context.OrderDetail.OrderByDescending(p => p.OrderId).ToPagedListAsync(page, 10)));
        }
예제 #11
0
        private bool OrderDetailExists(int id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(false);
            }

            return(_context.OrderDetail.Any(e => e.Id == id));
        }
예제 #12
0
        public IActionResult Create()
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            return(View());
        }
예제 #13
0
        private bool CommentExists(int id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(false);
            }

            return(_context.Comment.Any(e => e.Id == id));
        }
예제 #14
0
        public async Task <IActionResult> Index(int page = 1)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            // 隱藏超級管理員
            return(View(await _context.Users.Where(m => m.Email != AuthorizeManager.SuperAdmin).ToPagedListAsync(page, pageSize)));
        }
예제 #15
0
        public async Task <IActionResult> Index(int page = 1)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            // 按照留言的建立日期排序(新->舊)
            return(View(await _context.Comment.OrderByDescending(c => c.CreateTime).ToPagedListAsync(page, pageSize)));
        }
예제 #16
0
        public IActionResult ExportAll()
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            CSVManager.ExportAll(_context);

            return(RedirectToAction("Index"));
        }
예제 #17
0
        public async Task <IActionResult> DeleteAll()
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            _context.RemoveRange(_context.Product2);
            await _context.SaveChangesAsync();

            return(RedirectToAction(nameof(Index)));
        }
예제 #18
0
        public async Task <IActionResult> ResetShelf()
        {
            // 管理員群組才能將賣方的清單更新到購物頁面
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            using var transaction = _context.Database.BeginTransaction();

            // 刪除所有來自 Product2 的產品
            var ProductFrom2 = _context.Product.Where(m => m.FromProduct2 == true);

            _context.Product.RemoveRange(ProductFrom2);

            // 取得賣方建立的產品清單
            var SellList = _context.Product2.ToList();

            // 將賣方的產品加入販售
            List <Product> ProductList = new List <Product>();

            foreach (var p in SellList)
            {
                ProductList.Add(new Product
                {
                    Name            = p.Name,
                    Description     = p.Description,
                    Price           = p.Price,
                    PublishDate     = p.PublishDate,
                    Quantity        = p.Quantity,
                    DefaultImageURL = p.DefaultImageURL,
                    FromProduct2    = true,
                    SellVolume      = 0,
                    Product2Id      = p.Id
                });
            }

            _context.Product.AddRange(ProductList);
            await _context.SaveChangesAsync();

            transaction.Commit();

            // 清除所有購物分頁的快取
            int PageAmount = _context.Product.Count() / 9 + 1;

            for (int Page = 1; Page <= PageAmount; Page++)
            {
                _memoryCache.Remove($"ProductPage{Page}");
            }

            return(RedirectToRoute(new { controller = "Product", action = "ShowProducts" }));
        }
 public async Task <IActionResult> Index(int page = 1)
 {
     if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
     {
         // 返回該 UserId 所下的訂單,並按照日期排序(新->舊)
         return(View(await _context.OrderForm.Where(o => o.SenderEmail == User.Identity.Name).OrderByDescending(o => o.CreateTime).ToPagedListAsync(page, pageSize)));
     }
     else
     {
         // 如果是管理員,則返回所有人的訂單
         return(View(await _context.OrderForm.OrderByDescending(o => o.CreateTime).ToPagedListAsync(page, pageSize)));
     }
 }
예제 #20
0
        public IActionResult Create(int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            return(View());
        }
예제 #21
0
        public async Task <IActionResult> Index(int page = 1)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            // 以當前 Session 的排序類型做排序
            return((HttpContext.Session.GetString("SortType")) switch
            {
                "Date" => View(await _context.Product.OrderByDescending(p => p.PublishDate).ToPagedListAsync(page, pageSize2)),
                "Sell" => View(await _context.Product.OrderByDescending(p => p.SellVolume).ToPagedListAsync(page, pageSize2)),
                _ => View(await _context.Product.OrderByDescending(p => p.PublishDate).ToPagedListAsync(page, pageSize2)),
            });
예제 #22
0
        public async Task <IActionResult> Create([Bind("Id,OrderId,Name,Price,Quantity")] OrderDetail orderDetail)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                _context.Add(orderDetail);
                await _context.SaveChangesAsync();

                return(RedirectToAction(nameof(Index)));
            }
            return(View(orderDetail));
        }
예제 #23
0
 public async Task <IActionResult> Index()
 {
     if (AuthorizeManager.InAdminGroup(User.Identity.Name))
     {
         // 返回所有產品
         return(View(await _context.Product2.OrderBy(m => m.SellerEmail).ToListAsync()));
     }
     else if (AuthorizeManager.InSellerGroup(User.Identity.Name))
     {
         // 返回符合上架者 Id 的產品
         return(View(await _context.Product2.Where(m => m.SellerId == User.FindFirstValue(ClaimTypes.NameIdentifier)).ToListAsync()));
     }
     else
     {
         return(NotFound());
     }
 }
예제 #24
0
        public ActionResult Delete(string id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var user = _context.Users.FirstOrDefault(u => u.Id == id);

            // 令超級管理員不能被刪除
            if (user.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            // 查看該使用者是否為賣方,如果是...則刪除其產品
            if (AuthorizeManager.InSellerGroup(user.Email))
            {
                var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);

                _context.RemoveRange(_context.Product2.Where(m => m.SellerId == userId));
            }

            // 查看該使用者是否為特權用戶,如果是...則從特權資料表和 HashTable 中移除
            if (AuthorizeManager.InAuthorizedMember(user.Email))
            {
                AuthorizeManager.UpdateAuthority("DeleteAll", _context, user.Email, null, null);
            }

            // 刪除該使用者
            _context.Users.Remove(user);
            _context.SaveChanges();
            _logger.LogWarning($"[{User.Identity.Name}]刪除了用戶[{user.Email}]");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }
예제 #25
0
        public async Task <IActionResult> Edit(int id, [Bind("Id,Name,Description,Price,Quantity,DefaultImageURL")] Product2 product2)
        {
            if (!AuthorizeManager.InAuthorizedMember(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id != product2.Id)
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                try
                {
                    Product2 product = _context.Product2.FirstOrDefault(m => m.Id == id);

                    // 令沒有管理權限的 Seller 只能編輯自己上架的產品
                    if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
                    {
                        if (product.SellerId != User.FindFirstValue(ClaimTypes.NameIdentifier))
                        {
                            return(NotFound());
                        }
                    }

                    // 重寫編輯代碼(因為只需要更新部分欄位)
                    product.Name            = product2.Name;
                    product.Description     = product2.Description;
                    product.Price           = product2.Price;
                    product.Quantity        = product2.Quantity;
                    product.DefaultImageURL = product2.DefaultImageURL;
                    await _context.SaveChangesAsync();

                    return(RedirectToAction(nameof(Index)));
                }
                catch (DbUpdateConcurrencyException e)
                {
                    _logger.LogError(e.ToString());
                    return(RedirectToAction(nameof(Index)));
                }
            }
            return(View(product2));
        }
예제 #26
0
        public async Task <IActionResult> Edit(int?id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var orderDetail = await _context.OrderDetail.FindAsync(id);

            if (orderDetail == null)
            {
                return(NotFound());
            }
            return(View(orderDetail));
        }
예제 #27
0
        public async Task <IActionResult> Create([Bind("Id,Content,ProductId")] Comment comment)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (ModelState.IsValid)
            {
                comment.UserName   = User.Identity.Name;
                comment.CreateTime = DateTime.Now;
                _context.Add(comment);
                await _context.SaveChangesAsync();

                // 返回之前的分頁
                int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
                int page       = TryGetPage != null ? (int)TryGetPage : 1;
                return(RedirectToAction("Index", new { page }));
            }
            return(View(comment));
        }
예제 #28
0
        public async Task <IActionResult> Details(int?id)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (id == null)
            {
                return(NotFound());
            }

            var comment = await _context.Comment
                          .FirstOrDefaultAsync(m => m.Id == id);

            if (comment == null)
            {
                return(NotFound());
            }

            return(View(comment));
        }
예제 #29
0
        public ActionResult Edit(string id, int returnPage = 0)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            if (returnPage != 0)
            {
                HttpContext.Session.SetInt32("returnPage", returnPage);
            }

            var user = _context.Users.FirstOrDefault(u => u.Id == id);

            // 令超級管理員不能被編輯
            if (user.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }

            return(View(user));
        }
예제 #30
0
        public async Task <IActionResult> Edit(IdentityUser identityUser)
        {
            if (!AuthorizeManager.InAdminGroup(User.Identity.Name))
            {
                return(NotFound());
            }

            var user = _context.Users.FirstOrDefault(u => u.Id == identityUser.Id);

            // 令超級管理員不能被編輯
            if (user.Email == AuthorizeManager.SuperAdmin)
            {
                return(NotFound());
            }
            else
            {
                // 如果是特權用戶,則變更此特權用戶的郵件
                if (AuthorizeManager.InAuthorizedMember(user.Email))
                {
                    AuthorizeManager.UpdateAuthority("ModifyEmail", _context, user.Email, identityUser.Email);
                }

                user.Email    = identityUser.Email;
                user.UserName = identityUser.Email;
            }

            // 若沒先 RemovePassword 則 LOG 會出現內建的 Warning
            await _userManager.RemovePasswordAsync(user);

            await _userManager.AddPasswordAsync(user, identityUser.PasswordHash);

            _logger.LogInformation($"[{User.Identity.Name}]修改了[{user.Email}]的資料");

            // 返回之前的分頁
            int?TryGetPage = HttpContext.Session.GetInt32("returnPage");
            int page       = TryGetPage != null ? (int)TryGetPage : 1;

            return(RedirectToAction("Index", new { page }));
        }