diff --git a/Controllers/HomeController.cs b/Controllers/HomeController.cs index b2dfbe2..1baa0d8 100644 --- a/Controllers/HomeController.cs +++ b/Controllers/HomeController.cs @@ -1,15 +1,9 @@ using CarCareTracker.External.Interfaces; using CarCareTracker.Models; -using LiteDB; using Microsoft.AspNetCore.Mvc; using System.Diagnostics; -using static System.Net.Mime.MediaTypeNames; -using System.Drawing; -using System.Linq.Expressions; -using Microsoft.Extensions.Logging; using CarCareTracker.Helper; using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Identity; using System.Security.Claims; using CarCareTracker.Logic; diff --git a/Controllers/VehicleController.cs b/Controllers/VehicleController.cs index 62098e9..d5dc9cc 100644 --- a/Controllers/VehicleController.cs +++ b/Controllers/VehicleController.cs @@ -7,6 +7,8 @@ using CsvHelper; using System.Globalization; using Microsoft.AspNetCore.Authorization; using CarCareTracker.MapProfile; +using System.Security.Claims; +using CarCareTracker.Logic; namespace CarCareTracker.Controllers { @@ -29,6 +31,7 @@ namespace CarCareTracker.Controllers private readonly IGasHelper _gasHelper; private readonly IReminderHelper _reminderHelper; private readonly IReportHelper _reportHelper; + private readonly IUserLogic _userLogic; public VehicleController(ILogger logger, IFileHelper fileHelper, @@ -43,6 +46,7 @@ namespace CarCareTracker.Controllers ITaxRecordDataAccess taxRecordDataAccess, IReminderRecordDataAccess reminderRecordDataAccess, IUpgradeRecordDataAccess upgradeRecordDataAccess, + IUserLogic userLogic, IWebHostEnvironment webEnv, IConfiguration config) { @@ -59,13 +63,22 @@ namespace CarCareTracker.Controllers _taxRecordDataAccess = taxRecordDataAccess; _reminderRecordDataAccess = reminderRecordDataAccess; _upgradeRecordDataAccess = upgradeRecordDataAccess; + _userLogic = userLogic; _webEnv = webEnv; _config = config; _useDescending = bool.Parse(config[nameof(UserConfig.UseDescending)]); } + private int GetUserID() + { + return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier)); + } [HttpGet] public IActionResult Index(int vehicleId) { + if (!_userLogic.UserCanAccessVehicle(GetUserID(), vehicleId)) + { + return View("401"); + } var data = _dataAccess.GetVehicleById(vehicleId); return View(data); } @@ -77,6 +90,10 @@ namespace CarCareTracker.Controllers [HttpGet] public IActionResult GetEditVehiclePartialViewById(int vehicleId) { + if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleId)) + { + return View("401"); + } var data = _dataAccess.GetVehicleById(vehicleId); return PartialView("_VehicleModal", data); } @@ -85,10 +102,22 @@ namespace CarCareTracker.Controllers { try { + bool isNewAddition = vehicleInput.Id == default; + if (!isNewAddition) + { + if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleInput.Id)) + { + return View("401"); + } + } //move image from temp folder to images folder. vehicleInput.ImageLocation = _fileHelper.MoveFileFromTemp(vehicleInput.ImageLocation, "images/"); //save vehicle. var result = _dataAccess.SaveVehicle(vehicleInput); + if (isNewAddition) + { + _userLogic.AddUserAccessToVehicle(GetUserID(), vehicleInput.Id, UserAccessType.Editor); + } return Json(result); } catch (Exception ex) @@ -108,6 +137,7 @@ namespace CarCareTracker.Controllers _noteDataAccess.DeleteAllNotesByVehicleId(vehicleId) && _reminderRecordDataAccess.DeleteAllReminderRecordsByVehicleId(vehicleId) && _upgradeRecordDataAccess.DeleteAllUpgradeRecordsByVehicleId(vehicleId) && + _userLogic.DeleteAllAccessToVehicle(vehicleId) && _dataAccess.DeleteVehicle(vehicleId); return Json(result); } diff --git a/External/Implementations/UserAccessDataAcces.cs b/External/Implementations/UserAccessDataAcces.cs index 2f364cf..6b4012f 100644 --- a/External/Implementations/UserAccessDataAcces.cs +++ b/External/Implementations/UserAccessDataAcces.cs @@ -9,17 +9,6 @@ namespace CarCareTracker.External.Implementations { private static string dbName = StaticHelper.DbName; private static string tableName = "useraccessrecords"; - public UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId) - { - using (var db = new LiteDatabase(dbName)) - { - var table = db.GetCollection(tableName); - return table.FindOne(Query.And( - Query.EQ(nameof(UserAccess.VehicleId), vehicleId), - Query.EQ(nameof(UserAccess.UserId), userId) - )); - }; - } /// /// Gets a list of vehicles user have access to. /// @@ -30,7 +19,15 @@ namespace CarCareTracker.External.Implementations using (var db = new LiteDatabase(dbName)) { var table = db.GetCollection(tableName); - return table.Find(Query.EQ(nameof(UserAccess.UserId), userId)).ToList(); + return table.Find(x=>x.Id.UserId == userId).ToList(); + }; + } + public UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId) + { + using (var db = new LiteDatabase(dbName)) + { + var table = db.GetCollection(tableName); + return table.Find(x => x.Id.UserId == userId && x.Id.VehicleId == vehicleId).FirstOrDefault(); }; } public List GetUserAccessByVehicleId(int vehicleId) @@ -38,7 +35,7 @@ namespace CarCareTracker.External.Implementations using (var db = new LiteDatabase(dbName)) { var table = db.GetCollection(tableName); - return table.Find(Query.EQ(nameof(UserAccess.VehicleId), vehicleId)).ToList(); + return table.Find(x => x.Id.VehicleId == vehicleId).ToList(); }; } public bool SaveUserAccess(UserAccess userAccess) @@ -69,7 +66,7 @@ namespace CarCareTracker.External.Implementations using (var db = new LiteDatabase(dbName)) { var table = db.GetCollection(tableName); - table.DeleteMany(Query.EQ(nameof(UserAccess.VehicleId), vehicleId)); + table.DeleteMany(x=>x.Id.VehicleId == vehicleId); return true; }; } @@ -83,7 +80,7 @@ namespace CarCareTracker.External.Implementations using (var db = new LiteDatabase(dbName)) { var table = db.GetCollection(tableName); - table.DeleteMany(Query.EQ(nameof(UserAccess.UserId), userId)); + table.DeleteMany(x => x.Id.UserId == userId); return true; }; } diff --git a/External/Implementations/VehicleDataAccess.cs b/External/Implementations/VehicleDataAccess.cs index 766ac47..db8afab 100644 --- a/External/Implementations/VehicleDataAccess.cs +++ b/External/Implementations/VehicleDataAccess.cs @@ -18,14 +18,6 @@ namespace CarCareTracker.External.Implementations return true; }; } - public Vehicle GetLastInsertedVehicle() - { - using (var db = new LiteDatabase(dbName)) - { - var table = db.GetCollection(tableName); - return table.FindOne(Query.All(Query.Descending)); - }; - } public bool DeleteVehicle(int vehicleId) { using (var db = new LiteDatabase(dbName)) diff --git a/External/Interfaces/IUserAccessDataAccess.cs b/External/Interfaces/IUserAccessDataAccess.cs index c242884..c1ccbfc 100644 --- a/External/Interfaces/IUserAccessDataAccess.cs +++ b/External/Interfaces/IUserAccessDataAccess.cs @@ -4,8 +4,8 @@ namespace CarCareTracker.External.Interfaces { public interface IUserAccessDataAccess { - UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId); List GetUserAccessByUserId(int userId); + UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId); List GetUserAccessByVehicleId(int vehicleId); bool SaveUserAccess(UserAccess userAccess); bool DeleteUserAccess(int userAccessId); diff --git a/External/Interfaces/IVehicleDataAccess.cs b/External/Interfaces/IVehicleDataAccess.cs index 4a5ff42..f54118f 100644 --- a/External/Interfaces/IVehicleDataAccess.cs +++ b/External/Interfaces/IVehicleDataAccess.cs @@ -5,7 +5,6 @@ namespace CarCareTracker.External.Interfaces public interface IVehicleDataAccess { public bool SaveVehicle(Vehicle vehicle); - public Vehicle GetLastInsertedVehicle(); public bool DeleteVehicle(int vehicleId); public List GetVehicles(); public Vehicle GetVehicleById(int vehicleId); diff --git a/Logic/UserLogic.cs b/Logic/UserLogic.cs index 5e37561..b83075b 100644 --- a/Logic/UserLogic.cs +++ b/Logic/UserLogic.cs @@ -6,9 +6,12 @@ namespace CarCareTracker.Logic { public interface IUserLogic { + bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType); List FilterUserVehicles(List results, int userId); bool UserCanAccessVehicle(int userId, int vehicleId); bool UserCanEditVehicle(int userId, int vehicleId); + bool DeleteAllAccessToVehicle(int vehicleId); + bool DeleteAllAccessToUser(int userId); } public class UserLogic: IUserLogic { @@ -16,12 +19,28 @@ namespace CarCareTracker.Logic public UserLogic(IUserAccessDataAccess userAccess) { _userAccess = userAccess; } + public bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType) + { + if (userId == -1) + { + return true; + } + var userVehicle = new UserVehicle { UserId = userId, VehicleId = vehicleId }; + var userAccess = new UserAccess { Id = userVehicle, AccessType = accessType }; + var result = _userAccess.SaveUserAccess(userAccess); + return result; + } public List FilterUserVehicles(List results, int userId) { + //user is root user. + if (userId == -1) + { + return results; + } var accessibleVehicles = _userAccess.GetUserAccessByUserId(userId); if (accessibleVehicles.Any()) { - var vehicleIds = accessibleVehicles.Select(x => x.VehicleId); + var vehicleIds = accessibleVehicles.Select(x => x.Id.VehicleId); return results.Where(x => vehicleIds.Contains(x.Id)).ToList(); } else @@ -31,6 +50,10 @@ namespace CarCareTracker.Logic } public bool UserCanAccessVehicle(int userId, int vehicleId) { + if (userId == -1) + { + return true; + } var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId); if (userAccess != null) { @@ -40,6 +63,10 @@ namespace CarCareTracker.Logic } public bool UserCanEditVehicle(int userId, int vehicleId) { + if (userId == -1) + { + return true; + } var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId); if (userAccess != null && userAccess.AccessType == UserAccessType.Editor) { @@ -47,5 +74,15 @@ namespace CarCareTracker.Logic } return false; } + public bool DeleteAllAccessToVehicle(int vehicleId) + { + var result = _userAccess.DeleteAllAccessRecordsByVehicleId(vehicleId); + return result; + } + public bool DeleteAllAccessToUser(int userId) + { + var result = _userAccess.DeleteAllAccessRecordsByUserId(userId); + return result; + } } } diff --git a/Middleware/Authen.cs b/Middleware/Authen.cs index a4f82fa..975b395 100644 --- a/Middleware/Authen.cs +++ b/Middleware/Authen.cs @@ -40,6 +40,7 @@ namespace CarCareTracker.Middleware var userIdentity = new List { new(ClaimTypes.Name, "admin"), + new(ClaimTypes.NameIdentifier, "-1"), new(ClaimTypes.Role, nameof(UserData.IsRootUser)) }; appIdentity.AddClaims(userIdentity); diff --git a/Models/User/UserAccess.cs b/Models/User/UserAccess.cs index 9940e0d..960cde7 100644 --- a/Models/User/UserAccess.cs +++ b/Models/User/UserAccess.cs @@ -1,10 +1,13 @@ namespace CarCareTracker.Models { - public class UserAccess + public class UserVehicle { - public int Id { get; set; } public int UserId { get; set; } public int VehicleId { get; set; } + } + public class UserAccess + { + public UserVehicle Id { get; set; } public UserAccessType AccessType { get; set; } } } diff --git a/Views/Shared/401.cshtml b/Views/Shared/401.cshtml new file mode 100644 index 0000000..6a9e903 --- /dev/null +++ b/Views/Shared/401.cshtml @@ -0,0 +1 @@ +

Access Denied

\ No newline at end of file