public async Task <ActionResult> Edit([Bind(Include = "Id,Login,Roles")] UserVM userVM) { if (!Session.UserHasRole("Admin")) { return(new HttpStatusCodeResult(HttpStatusCode.Forbidden)); } if (userVM == null || !ModelState.IsValid) { ModelState.AddModelError(String.Empty, "Unexpected token error"); return(View(userVM)); } User dbUser = await db.Users.FirstAsync(u => u.Id == userVM.Id); dbUser.Roles.Clear(); await Task.Run(() => { userVM .Roles .Where(r => r.IsSelected) .Select(async r => await db.UserRoles.FindAsync(r.Id)) .Select(task => task.Result) .ToList() .ForEach(role => dbUser.Roles.Add(role)); }); await db.SaveChangesAsync(); return(RedirectToAction("Index")); }
public async Task <ActionResult> Create([Bind(Include = "Id,Name")] Genre genre) { if (!Session.UserHasRole("Admin")) { return(new HttpStatusCodeResult(HttpStatusCode.Forbidden)); } if (ModelState.IsValid) { db.Genres.Add(genre); await db.SaveChangesAsync(); return(RedirectToAction("Index")); } return(View(genre)); }
public async Task <ActionResult> RegisterConfirm(RegisterVM registerModel) { // if some the hacking actions with form. Or someone disable JS? if (!ModelState.IsValid) { ModelState.AddModelError(String.Empty, "Invalid token"); return(View(registerModel)); } // check for already registred if (await dbContext.Users.Where(u => registerModel.Login == u.Login).CountAsync() > 0) { ModelState.AddModelError(String.Empty, "Login is already taken(and pass maybe too?)"); return(View(registerModel)); } string salt = CryptoService.GetRandomBytes(AppConstants.PASSOWORD_SALT_LENGTH).ToHexString(); byte[] password = Encoding.Unicode.GetBytes(salt + registerModel.Password); string hash = CryptoService.ComputeMD5Hash(password).ToHexString(); User newUser = new User() { Login = registerModel.Login, Password = hash, Salt = salt }; newUser.Roles.Add(await dbContext.UserRoles.Where(role => role.Name == "Authenticated").FirstAsync()); dbContext.Users.Add(newUser); await dbContext.SaveChangesAsync(); return(RedirectToAction("Login")); }
public async Task <ActionResult> CreateConfirm([Bind(Include = "Name,File,Genres")] SongVM songVM) { if (!Session.UserHasRole("Authorized")) { return(new HttpStatusCodeResult(HttpStatusCode.Forbidden)); } if (!ModelState.IsValid) { ModelState.AddModelError(String.Empty, "Some field are not filled"); songVM.Genres = (await db.Genres.ToListAsync()).Select(g => g.ToViewModel()); return(View(songVM)); } if (await db.Songs .Where(s => s.Name == songVM.Name) .FirstOrDefaultAsync() != null) { ModelState.AddModelError(String.Empty, "This song is exist"); return(View(songVM)); } string filename; string mappedSongsFolderPath = Server.MapPath(AppConstants.SONGS_FOLDER_VIRTUAL_PATH); string savePath; // check if random filename exist do { filename = $"{Guid.NewGuid()}.mp3"; savePath = Path.Combine(mappedSongsFolderPath, filename); } while (System.IO.File.Exists(savePath)); using (FileStream f = System.IO.File.Create(savePath, 4096, FileOptions.Asynchronous)) { await songVM.File.InputStream.CopyToAsync(f); } Song newSong = new Song() { Name = songVM.Name, FileName = filename, Genres = await Task.Run(() => { // Transform selected genres to Domain model return(songVM .Genres .Where(genre => genre.IsSelected) .Select(async selectedGenre => await db.Genres.FindAsync(selectedGenre.Id)) .Select(t => t.Result) .ToList()); }) }; db.Songs.Add(newSong); await db.SaveChangesAsync(); return(Redirect("~/")); }