public ActionResult AddUser(RepoEditModel model) { int repoId = model.Repo; if(model.NewUser==null) { ModelState.AddModelError("", "Enter username!!"); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); } string connStr = @"Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-WebApplication2-20160108044733.mdf;Initial Catalog=aspnet-WebApplication2-20160108044733;Integrated Security=True"; SqlConnection conn = new SqlConnection(connStr); try { //пробуем подключится conn.Open(); } catch (SqlException se) { ModelState.AddModelError("", "can't open connection" + se); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); } var manager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext())); var currentUser = manager.FindByName(model.NewUser); string query = "INSERT INTO Connection (Users,Repos)" + "VALUES (@Users, @Repos);"; SqlCommand cmd = new SqlCommand(query, conn); SqlParameter param = new SqlParameter(); param.ParameterName = "@Users"; param.Value = currentUser.Id; param.SqlDbType = SqlDbType.NVarChar; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@Repos"; param.Value = repoId; param.SqlDbType = SqlDbType.Int; cmd.Parameters.Add(param); try { cmd.ExecuteNonQuery(); } catch (Exception ex) { ModelState.AddModelError("", "Can't update. " + ex); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); } conn.Close(); conn.Dispose(); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); }
public ActionResult Upload(HttpPostedFileBase file,RepoEditModel model ) { if (Request.Files.Count > 0) { string repoId = model.Repo.ToString(); string userId = model.User.ToString(); string connStr = @"Data Source=(LocalDb)\v11.0;AttachDbFilename=|DataDirectory|\aspnet-WebApplication2-20160108044733.mdf;Initial Catalog=aspnet-WebApplication2-20160108044733;Integrated Security=True"; SqlConnection conn = new SqlConnection(connStr); try { conn.Open(); } catch (SqlException se) { ModelState.AddModelError("", "can't open connection" + se); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); } string query = "SELECT * FROM Repositories WHERE Id = '"+repoId+"';"; SqlCommand cmd = new SqlCommand(query, conn); SqlDataReader dr = cmd.ExecuteReader(); string owner=null; bool flag = false; if (dr.Read()) { owner=dr.GetValue(2).ToString(); if (owner == userId) { flag = true; }else{ query = "SELECT * FROM Connection WHERE Repos = '"+repoId+"';"; cmd = new SqlCommand(query, conn); dr.Close(); dr = cmd.ExecuteReader(CommandBehavior.CloseConnection); while(dr.Read()){ if(dr.GetValue(0).ToString() == userId) { flag=true; break; } } if(!flag) { ModelState.AddModelError("", "You don't have pervission!"); return RedirectToAction("Edit?repoId="+model.Repo.ToString(), model); } } } var newFile = Request.Files[0]; if (newFile != null && newFile.ContentLength > 0) { var fileName = Path.GetFileName(newFile.FileName); query = "INSERT INTO Files (Name,Path,Repo,LastChange,LastChangeBy,Type) VALUES " + "(@Name, @Path,@Repo,@time,@currentUser,@Type)"; cmd = new SqlCommand(query, conn); SqlParameter param = new SqlParameter(); param.ParameterName = "@Name"; param.Value = fileName.Trim(); param.SqlDbType = SqlDbType.NVarChar; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@Path"; param.Value = "~/Repos/" + owner + "/" + repoId + "/" + fileName; param.SqlDbType = SqlDbType.NVarChar; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@Repo"; param.Value = repoId; param.SqlDbType = SqlDbType.Int; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@time"; param.Value = System.DateTime.Now; param.SqlDbType = SqlDbType.DateTime; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@currentUser"; param.Value = userId; param.SqlDbType = SqlDbType.NVarChar; cmd.Parameters.Add(param); param = new SqlParameter(); param.ParameterName = "@type"; param.Value = file.ContentType; param.SqlDbType = SqlDbType.NVarChar; dr.Close(); cmd.Parameters.Add(param); try { cmd.ExecuteNonQuery(); } catch (Exception ex) { ModelState.AddModelError("", "Can't update. " + ex); return RedirectToAction("Edit", routeValues: new { id = repoId, model = model }); } conn.Close(); conn.Dispose(); ViewData["Message"] = "Success"; var path = Path.Combine(Server.MapPath("~/Repos/"+owner+"/"+repoId+"/"), fileName); file.SaveAs(path); } } return RedirectToAction("Edit",routeValues: new { id = model.Repo.ToString(), model=model }); }
// // GET: /Repository/Edit/5 public ActionResult Edit(int id, RepoEditModel model) { ViewBag.repoId = id; return View(model); }