cphipps/lubelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added action filter attribute

Browse Source
This commit is contained in:
DESKTOP-GENO133\IvanPlex
2024-01-13 20:13:12 -07:00
parent c972f9c8a2
commit 4388df71f3
8 changed files with 95 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Controllers/Error.cs Normal file
View File

@@ -0,0 +1,12 @@
using Microsoft.AspNetCore.Mvc;
namespace CarCareTracker.Controllers
{
public class ErrorController : Controller
{
public IActionResult Unauthorized()
{
return View("401");
}
}
}

37
Controllers/VehicleController.cs
View File

@@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Authorization;
using CarCareTracker.MapProfile; using CarCareTracker.MapProfile;
using System.Security.Claims; using System.Security.Claims;
using CarCareTracker.Logic; using CarCareTracker.Logic;
using CarCareTracker.Filter;
namespace CarCareTracker.Controllers namespace CarCareTracker.Controllers
{ {
@@ -72,13 +73,10 @@ namespace CarCareTracker.Controllers
{ {
return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)); return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier));
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult Index(int vehicleId) public IActionResult Index(int vehicleId)
{ {
if (!_userLogic.UserCanAccessVehicle(GetUserID(), vehicleId))
{
return View("401");
}
var data = _dataAccess.GetVehicleById(vehicleId); var data = _dataAccess.GetVehicleById(vehicleId);
return View(data); return View(data);
} }
@@ -87,13 +85,10 @@ namespace CarCareTracker.Controllers
{ {
return PartialView("_VehicleModal", new Vehicle()); return PartialView("_VehicleModal", new Vehicle());
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetEditVehiclePartialViewById(int vehicleId) public IActionResult GetEditVehiclePartialViewById(int vehicleId)
{ {
if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleId))
{
return View("401");
}
var data = _dataAccess.GetVehicleById(vehicleId); var data = _dataAccess.GetVehicleById(vehicleId);
return PartialView("_VehicleModal", data); return PartialView("_VehicleModal", data);
} }
@@ -116,7 +111,7 @@ namespace CarCareTracker.Controllers
var result = _dataAccess.SaveVehicle(vehicleInput); var result = _dataAccess.SaveVehicle(vehicleInput);
if (isNewAddition) if (isNewAddition)
{ {
_userLogic.AddUserAccessToVehicle(GetUserID(), vehicleInput.Id, UserAccessType.Editor); _userLogic.AddUserAccessToVehicle(GetUserID(), vehicleInput.Id);
} }
return Json(result); return Json(result);
} }
@@ -126,6 +121,7 @@ namespace CarCareTracker.Controllers
return Json(false); return Json(false);
} }
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpPost] [HttpPost]
public IActionResult DeleteVehicle(int vehicleId) public IActionResult DeleteVehicle(int vehicleId)
{ {
@@ -147,6 +143,7 @@ namespace CarCareTracker.Controllers
{ {
return PartialView("_BulkDataImporter", mode); return PartialView("_BulkDataImporter", mode);
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode) public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode)
{ {
@@ -250,6 +247,7 @@ namespace CarCareTracker.Controllers
} }
return Json(false); return Json(false);
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpPost] [HttpPost]
public IActionResult ImportToVehicleIdFromCsv(int vehicleId, ImportMode mode, string fileName) public IActionResult ImportToVehicleIdFromCsv(int vehicleId, ImportMode mode, string fileName)
{ {
@@ -383,6 +381,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Gas Records" #region "Gas Records"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetGasRecordsByVehicleId(int vehicleId) public IActionResult GetGasRecordsByVehicleId(int vehicleId)
{ {
@@ -449,6 +448,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Service Records" #region "Service Records"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetServiceRecordsByVehicleId(int vehicleId) public IActionResult GetServiceRecordsByVehicleId(int vehicleId)
{ {
@@ -502,6 +502,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Collision Records" #region "Collision Records"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetCollisionRecordsByVehicleId(int vehicleId) public IActionResult GetCollisionRecordsByVehicleId(int vehicleId)
{ {
@@ -555,6 +556,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Tax Records" #region "Tax Records"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetTaxRecordsByVehicleId(int vehicleId) public IActionResult GetTaxRecordsByVehicleId(int vehicleId)
{ {
@@ -607,6 +609,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Reports" #region "Reports"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetReportPartialView(int vehicleId) public IActionResult GetReportPartialView(int vehicleId)
{ {
@@ -677,6 +680,14 @@ namespace CarCareTracker.Controllers
viewModel.Collaborators = collaborators; viewModel.Collaborators = collaborators;
return PartialView("_Report", viewModel); return PartialView("_Report", viewModel);
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet]
public IActionResult GetCollaboratorsForVehicle(int vehicleId)
{
var result = _userLogic.GetCollaboratorsForVehicle(vehicleId);
return PartialView("_Collaborators", result);
}
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetCostMakeUpForVehicle(int vehicleId, int year = 0) public IActionResult GetCostMakeUpForVehicle(int vehicleId, int year = 0)
{ {
@@ -703,6 +714,7 @@ namespace CarCareTracker.Controllers
}; };
return PartialView("_CostMakeUpReport", viewModel); return PartialView("_CostMakeUpReport", viewModel);
} }
[TypeFilter(typeof(CollaboratorFilter))]
public IActionResult GetReminderMakeUpByVehicle(int vehicleId, int daysToAdd) public IActionResult GetReminderMakeUpByVehicle(int vehicleId, int daysToAdd)
{ {
var reminders = GetRemindersAndUrgency(vehicleId, DateTime.Now.AddDays(daysToAdd)); var reminders = GetRemindersAndUrgency(vehicleId, DateTime.Now.AddDays(daysToAdd));
@@ -715,6 +727,7 @@ namespace CarCareTracker.Controllers
}; };
return PartialView("_ReminderMakeUpReport", viewModel); return PartialView("_ReminderMakeUpReport", viewModel);
} }
[TypeFilter(typeof(CollaboratorFilter))]
public IActionResult GetVehicleHistory(int vehicleId) public IActionResult GetVehicleHistory(int vehicleId)
{ {
var vehicleHistory = new VehicleHistoryViewModel(); var vehicleHistory = new VehicleHistoryViewModel();
@@ -778,6 +791,7 @@ namespace CarCareTracker.Controllers
vehicleHistory.VehicleHistory = reportData.OrderBy(x=>x.Date).ThenBy(x=>x.Odometer).ToList(); vehicleHistory.VehicleHistory = reportData.OrderBy(x=>x.Date).ThenBy(x=>x.Odometer).ToList();
return PartialView("_VehicleHistory", vehicleHistory); return PartialView("_VehicleHistory", vehicleHistory);
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpPost] [HttpPost]
public IActionResult GetCostByMonthByVehicle(int vehicleId, List<ImportMode> selectedMetrics, int year = 0) public IActionResult GetCostByMonthByVehicle(int vehicleId, List<ImportMode> selectedMetrics, int year = 0)
{ {
@@ -816,6 +830,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Reminders" #region "Reminders"
[TypeFilter(typeof(CollaboratorFilter))]
private int GetMaxMileage(int vehicleId) private int GetMaxMileage(int vehicleId)
{ {
var numbersArray = new List<int>(); var numbersArray = new List<int>();
@@ -848,6 +863,7 @@ namespace CarCareTracker.Controllers
List<ReminderRecordViewModel> results = _reminderHelper.GetReminderRecordViewModels(reminders, currentMileage, dateCompare); List<ReminderRecordViewModel> results = _reminderHelper.GetReminderRecordViewModels(reminders, currentMileage, dateCompare);
return results; return results;
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetVehicleHaveUrgentOrPastDueReminders(int vehicleId) public IActionResult GetVehicleHaveUrgentOrPastDueReminders(int vehicleId)
{ {
@@ -858,6 +874,7 @@ namespace CarCareTracker.Controllers
} }
return Json(false); return Json(false);
} }
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetReminderRecordsByVehicleId(int vehicleId) public IActionResult GetReminderRecordsByVehicleId(int vehicleId)
{ {
@@ -908,6 +925,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Upgrade Records" #region "Upgrade Records"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetUpgradeRecordsByVehicleId(int vehicleId) public IActionResult GetUpgradeRecordsByVehicleId(int vehicleId)
{ {
@@ -961,6 +979,7 @@ namespace CarCareTracker.Controllers
} }
#endregion #endregion
#region "Notes" #region "Notes"
[TypeFilter(typeof(CollaboratorFilter))]
[HttpGet] [HttpGet]
public IActionResult GetNotesByVehicleId(int vehicleId) public IActionResult GetNotesByVehicleId(int vehicleId)
{ {

8
Enum/UserAccessType.cs
View File

@@ -1,8 +0,0 @@
namespace CarCareTracker.Models
{
public enum UserAccessType
{
Viewer = 0,
Editor = 1
}
}

28
Filter/CollaboratorFilter.cs Normal file
View File

@@ -0,0 +1,28 @@
using CarCareTracker.Logic;
using CarCareTracker.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using System.Security.Claims;
namespace CarCareTracker.Filter
{
public class CollaboratorFilter: ActionFilterAttribute
{
private readonly IUserLogic _userLogic;
public CollaboratorFilter(IUserLogic userLogic) {
_userLogic = userLogic;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser)))
{
var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString());
var userId = int.Parse(filterContext.HttpContext.User.FindFirstValue(ClaimTypes.NameIdentifier));
if (!_userLogic.UserCanEditVehicle(userId, vehicleId))
{
filterContext.Result = new RedirectResult("/Error/Unauthorized");
}
}
}
}
}

27
Logic/UserLogic.cs
View File

@@ -1,4 +1,5 @@
using CarCareTracker.External.Interfaces; using CarCareTracker.External.Interfaces;
using CarCareTracker.Helper;
using CarCareTracker.Models; using CarCareTracker.Models;
using Microsoft.AspNetCore.Mvc.Formatters; using Microsoft.AspNetCore.Mvc.Formatters;
@@ -7,7 +8,8 @@ namespace CarCareTracker.Logic
public interface IUserLogic public interface IUserLogic
{ {
List<UserCollaborator> GetCollaboratorsForVehicle(int vehicleId); List<UserCollaborator> GetCollaboratorsForVehicle(int vehicleId);
bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType); bool AddUserAccessToVehicle(int userId, int vehicleId);
OperationResponse AddCollaboratorToVehicle(int vehicleId, string username);
List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId); List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId);
bool UserCanAccessVehicle(int userId, int vehicleId); bool UserCanAccessVehicle(int userId, int vehicleId);
bool UserCanEditVehicle(int userId, int vehicleId); bool UserCanEditVehicle(int userId, int vehicleId);
@@ -33,21 +35,36 @@ namespace CarCareTracker.Logic
var userCollaborator = new UserCollaborator var userCollaborator = new UserCollaborator
{ {
UserName = _userData.GetUserRecordById(userAccess.Id.UserId).UserName, UserName = _userData.GetUserRecordById(userAccess.Id.UserId).UserName,
AccessType = userAccess.AccessType,
UserVehicle = userAccess.Id UserVehicle = userAccess.Id
}; };
convertedResult.Add(userCollaborator); convertedResult.Add(userCollaborator);
} }
return convertedResult; return convertedResult;
} }
public bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType) public OperationResponse AddCollaboratorToVehicle(int vehicleId, string username)
{
//try to find existing user.
var existingUser = _userData.GetUserRecordByUserName(username);
if (existingUser.Id != default)
{
//user exists.
var result = AddUserAccessToVehicle(existingUser.Id, vehicleId);
if (result)
{
return new OperationResponse { Success = true, Message = "Collaborator Added" };
}
return new OperationResponse { Success = false, Message = StaticHelper.GenericErrorMessage };
}
return new OperationResponse { Success = false, Message = $"Unable to find user {username} in the system" };
}
public bool AddUserAccessToVehicle(int userId, int vehicleId)
{ {
if (userId == -1) if (userId == -1)
{ {
return true; return true;
} }
var userVehicle = new UserVehicle { UserId = userId, VehicleId = vehicleId }; var userVehicle = new UserVehicle { UserId = userId, VehicleId = vehicleId };
var userAccess = new UserAccess { Id = userVehicle, AccessType = accessType }; var userAccess = new UserAccess { Id = userVehicle };
var result = _userAccess.SaveUserAccess(userAccess); var result = _userAccess.SaveUserAccess(userAccess);
return result; return result;
} }
@@ -89,7 +106,7 @@ namespace CarCareTracker.Logic
return true; return true;
} }
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId); var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
if (userAccess != null && userAccess.AccessType == UserAccessType.Editor) if (userAccess != null)
{ {
return true; return true;
} }

1
Models/User/UserAccess.cs
View File

@@ -8,6 +8,5 @@
public class UserAccess public class UserAccess
{ {
public UserVehicle Id { get; set; } public UserVehicle Id { get; set; }
public UserAccessType AccessType { get; set; }
} }
} }

1
Models/User/UserCollaborator.cs
View File

@@ -3,7 +3,6 @@
public class UserCollaborator public class UserCollaborator
{ {
public string UserName { get; set; } public string UserName { get; set; }
public UserAccessType AccessType { get; set; }
public UserVehicle UserVehicle { get; set; } public UserVehicle UserVehicle { get; set; }
} }
} }

5
Views/Vehicle/_Collaborators.cshtml
View File

@@ -1,4 +1,9 @@
@model List<UserCollaborator> @model List<UserCollaborator>
<div class="row">
<div class="col-12">
<span class="lead">Collaborators</span>
</div>
</div>
<ul> <ul>
@foreach (UserCollaborator user in Model) @foreach (UserCollaborator user in Model)
{ {