public IActionResult Details([Bind(Prefix = "id")] int id) { var groceryList = _groceryLists.ReadGroceryList(id); //Get the user's id from the DB string userId = _manager.GetUserId(HttpContext.User); //get the user from the DB ApplicationUser au = _userManager.ReadAll().FirstOrDefault(p => p.Id == userId); //Check both ownership rights and if they have permitted to view the list if (userId.Equals(groceryList.OwnerId) || groceryList.PriviligedPeople.Contains(au)) { if (groceryList == null) { return(RedirectToAction("Index", "Home")); } return(View(groceryList)); } else { return(Content("You must be a permitted user to view this list.")); } }
public IActionResult Create(int listId, CreateGroceryVM cgvm) { var list = _groceryLists.ReadGroceryList(listId); if (list == null) { return(NotFound()); } if (ModelState.IsValid) { var item = _groceryItem.CreateGroceryItem(cgvm.CreateGrocery()); list.GroceryItems.Add(item); _groceryLists.UpdateGroceryList(0, list); if (IsAjaxRequest()) { return(Json(cgvm)); } } if (IsAjaxRequest()) { return(Json(cgvm)); } return(RedirectToAction("Create", "GroceryList", new { listId = listId })); }
/// <summary> /// Calls the delete page using a GET request. /// </summary> /// <param name="id"></param> /// <returns></returns> public IActionResult Delete(int id) { var gList = _groceryLists.ReadGroceryList(id); if (gList == null) { return NotFound("Could not find Grocery List."); } string userId = _manager.GetUserId(HttpContext.User); var projectVM = new DeleteGroceryListVM { OwnerId = gList.OwnerId, GroceryItems = gList.GroceryItems, Id = id, OwnerName = gList.OwnerName, AssociativeEntities = gList.AssociativeEntities, GroceryListName = gList.GroceryListName, UserId = userId }; return View(projectVM); }