public ActionResult MakeOrder(int id = -1) { var dish = DataManager.Dish.GetDishById(id); if (dish == null) { return RedirectToAction("index", "home"); } var userId = User.Identity.GetUserId(); var cook = DataManager.User.GetUserById(dish.Id_User); if (userId == cook.Id) { return RedirectToAction("index", "home"); } var user = DataManager.User.GetUserById(userId); var seller = DataManager.User.GetUserById(dish.Id_User); //списки ViewBag.Payments = DataManager.PaymentMethod.GetPaymentMethods(); ViewBag.Deliveries = DataManager.Delivery.GetDeliveryMethods(); ViewBag.Contacts = DataManager.Contact.GetContactMethods(); ViewBag.IngridientsBuyers = DataManager.IngridientsBuyer.GetIngridientsBuyers(); ViewBag.Cities = DataManager.Geolocation.GetAllCities(); // OrderViewModel model = new OrderViewModel { Address = user == null ? "" : user.Address, Email = user == null ? "" : user.Email, Phone = user == null ? "" : user.PhoneNumber, FirstName = user == null ? "" : user.FristName, Surname = user == null ? "" : user.Surname, City = user == null ? 0 : user.Id_City, idDish = dish.Id_Dish, CookEmail = cook.Email, CookName = cook.FristName, CookSurname = cook.Surname, CookPhone = cook.PhoneNumber, idCook = dish.Id_User, DishName = dish.Name, DishPrice = dish.Price, DishPriceWithIngridient = dish.PriceWithIngridient, DishDescription = dish.Description, ImageUrl = dish.ImageUrl, DeadLine = DateTime.Now.AddHours(2) }; return View(model); }
public ActionResult MakeOrder(OrderViewModel model) { if (!ModelState.IsValid) { ViewBag.Payments = DataManager.PaymentMethod.GetPaymentMethods(); ViewBag.Deliveries = DataManager.Delivery.GetDeliveryMethods(); ViewBag.Contacts = DataManager.Contact.GetContactMethods(); ViewBag.IngridientsBuyers = DataManager.IngridientsBuyer.GetIngridientsBuyers(); ViewBag.Cities = DataManager.Geolocation.GetAllCities(); return View(model); } var userId = User.Identity.GetUserId(); var cook = DataManager.User.GetUserById(model.idCook); var dish = DataManager.Dish.GetDishById(model.idDish); //защита от скул хакеров if(cook==null || dish == null || userId == cook.Id) { return RedirectToAction("index", "home"); } order result = new order { Address = model.Address, Comment = model.Comment, CreateTime = DateTime.Now, id_IngridientsBuyer = model.ingridientBuyer, DeadLine = model.DeadLine, Email = model.Email, FirstName = model.FirstName, Id_ContactMethod = model.contactMethod, Id_Cook = model.idCook, Id_Customer = userId, Id_Delivery = model.delivery, Id_PaymentMethod = model.paymentMethod, Id_Status = 1,// новый Phone = model.Phone, Surname = model.Surname, id_city = model.City }; List<orderproduct> resultProducts = new List<orderproduct>(); resultProducts.Add(new orderproduct { Id_Dish = dish.Id_Dish, Price = dish.Price, PriceWithIngridients = dish.PriceWithIngridient }); DataManager.Order.AddOrder(result, resultProducts); return RedirectToAction("success"); }