public ActionResult ChangePassword(ChangePassword model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var admin = AdminHelper.GetAdmin(User.Identity.Name);
if (admin == null)
{
return(RedirectToAction("Logoff"));
}
string passportSalted = Security.SHA512(model.LastPassword, admin.Salt);
if (admin.Password != passportSalted)
{
ModelState.AddModelError("", "The old password is incorrect!");
return(View(model));
}
AdminHelper.SetPassword(admin, model.Password);
AdminHelper.UpdateAdmin(admin);
return(RedirectToAction("Index", "Admin"));
}
public ActionResult DeleteAdminSured(int id)
{
var admin = AdminHelper.GetAdmin(id);
if (admin.Login == User.Identity.Name)
{
return(RedirectToAction("AdminsList"));
}
AdminHelper.DeleteAdmin(id);
return(RedirectToAction("AdminsList"));
}
public ActionResult Login(LoginModel model)
{
if (ModelState.IsValid)
{
var admin = AdminHelper.GetAdmin(model.Login);
if (admin != null)
{
var password = Security.SHA512(model.Password, admin.Salt);
var result = SignInManager.PasswordSignIn(model.Login, password, true, false);
if (result == SignInStatus.Success)
{
return(RedirectToAction("Index", "Admin"));
}
}
ModelState.AddModelError("", "Invalid login and/or password!");
}
return(View(model));
}
public ActionResult CreateNews(NewsPostCreateModel model)
{
if (ModelState.IsValid)
{
if (model.Description == "<br>")
{
ModelState.AddModelError("Description", "No description!");
return(View(model));
}
if (model.uploadFiles[0] == null)
{
ModelState.AddModelError("", "No file!");
return(View(model));
}
model.ImageId = FileModelActions.SaveFile(model.uploadFiles[0], Server);
model.AuthorId = AdminHelper.GetAdmin(User.Identity.Name).Id;
var newsPost = model.PassToNewsPost();
NewsPostHelper.CreateNewsPost(newsPost);
return(RedirectToAction("Index"));
}
return(View(model));
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
var request = filterContext.HttpContext.Request;
var url = new UrlHelper(filterContext.RequestContext);
var accessDeniedUrl = url.Action("Error404", "Home");
var user = filterContext.HttpContext.User;
if (user != null)
{
var adminUser = AdminHelper.GetAdmin(user.Identity.Name);
if (adminUser == null)
{
var logoff = url.Action("Logoff", "Account");
if (request.IsAjaxRequest())
{
filterContext.Result = new JsonResult {
Data = new { error = true, signinerror = true, message = "Access denied", url = logoff }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
}
}
;
else
{
filterContext.Result = new RedirectResult(logoff);
}
return;
}
if (!string.IsNullOrEmpty(base.Roles))
{
var isRoleError = true;
var rolesAllowed = base.Roles.Split(',');
if (rolesAllowed.Any())
{
foreach (var role in rolesAllowed)
{
if (user.IsInRole(role))
{
isRoleError = false;
}
}
}
if (!isRoleError)
{
return;
}
}
else
{
return;
}
}
if (request.IsAjaxRequest())
{
filterContext.Result = new JsonResult {
Data = new { error = true, signinerror = true, message = "Access denied", url = accessDeniedUrl }, JsonRequestBehavior = JsonRequestBehavior.AllowGet
}
}
;
else
{
filterContext.Result = new RedirectResult(accessDeniedUrl);
}
}
public ActionResult EditAdmin(int id)
{
var admin = AdminHelper.GetAdmin(id);
return(View(new AdminEditModel(admin)));
}
public ActionResult DeleteAdmin(int id)
{
var admin = AdminHelper.GetAdmin(id);
return(View(new AdminViewModel(admin)));
}