reshaped user access object, added 401 page.
This commit is contained in:
DESKTOP-GENO133\IvanPlex
@@ -1,15 +1,9 @@
|
|||||||
using CarCareTracker.External.Interfaces;
|
using CarCareTracker.External.Interfaces;
|
||||||
using CarCareTracker.Models;
|
using CarCareTracker.Models;
|
||||||
using LiteDB;
|
|
||||||
using Microsoft.AspNetCore.Mvc;
|
using Microsoft.AspNetCore.Mvc;
|
||||||
using System.Diagnostics;
|
using System.Diagnostics;
|
||||||
using static System.Net.Mime.MediaTypeNames;
|
|
||||||
using System.Drawing;
|
|
||||||
using System.Linq.Expressions;
|
|
||||||
using Microsoft.Extensions.Logging;
|
|
||||||
using CarCareTracker.Helper;
|
using CarCareTracker.Helper;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Identity;
|
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using CarCareTracker.Logic;
|
using CarCareTracker.Logic;
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,8 @@ using CsvHelper;
|
|||||||
using System.Globalization;
|
using System.Globalization;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using CarCareTracker.MapProfile;
|
using CarCareTracker.MapProfile;
|
||||||
|
using System.Security.Claims;
|
||||||
|
using CarCareTracker.Logic;
|
||||||
|
|
||||||
namespace CarCareTracker.Controllers
|
namespace CarCareTracker.Controllers
|
||||||
{
|
{
|
||||||
@@ -29,6 +31,7 @@ namespace CarCareTracker.Controllers
|
|||||||
private readonly IGasHelper _gasHelper;
|
private readonly IGasHelper _gasHelper;
|
||||||
private readonly IReminderHelper _reminderHelper;
|
private readonly IReminderHelper _reminderHelper;
|
||||||
private readonly IReportHelper _reportHelper;
|
private readonly IReportHelper _reportHelper;
|
||||||
|
private readonly IUserLogic _userLogic;
|
||||||
|
|
||||||
public VehicleController(ILogger<VehicleController> logger,
|
public VehicleController(ILogger<VehicleController> logger,
|
||||||
IFileHelper fileHelper,
|
IFileHelper fileHelper,
|
||||||
@@ -43,6 +46,7 @@ namespace CarCareTracker.Controllers
|
|||||||
ITaxRecordDataAccess taxRecordDataAccess,
|
ITaxRecordDataAccess taxRecordDataAccess,
|
||||||
IReminderRecordDataAccess reminderRecordDataAccess,
|
IReminderRecordDataAccess reminderRecordDataAccess,
|
||||||
IUpgradeRecordDataAccess upgradeRecordDataAccess,
|
IUpgradeRecordDataAccess upgradeRecordDataAccess,
|
||||||
|
IUserLogic userLogic,
|
||||||
IWebHostEnvironment webEnv,
|
IWebHostEnvironment webEnv,
|
||||||
IConfiguration config)
|
IConfiguration config)
|
||||||
{
|
{
|
||||||
@@ -59,13 +63,22 @@ namespace CarCareTracker.Controllers
|
|||||||
_taxRecordDataAccess = taxRecordDataAccess;
|
_taxRecordDataAccess = taxRecordDataAccess;
|
||||||
_reminderRecordDataAccess = reminderRecordDataAccess;
|
_reminderRecordDataAccess = reminderRecordDataAccess;
|
||||||
_upgradeRecordDataAccess = upgradeRecordDataAccess;
|
_upgradeRecordDataAccess = upgradeRecordDataAccess;
|
||||||
|
_userLogic = userLogic;
|
||||||
_webEnv = webEnv;
|
_webEnv = webEnv;
|
||||||
_config = config;
|
_config = config;
|
||||||
_useDescending = bool.Parse(config[nameof(UserConfig.UseDescending)]);
|
_useDescending = bool.Parse(config[nameof(UserConfig.UseDescending)]);
|
||||||
}
|
}
|
||||||
|
private int GetUserID()
|
||||||
|
{
|
||||||
|
return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier));
|
||||||
|
}
|
||||||
[HttpGet]
|
[HttpGet]
|
||||||
public IActionResult Index(int vehicleId)
|
public IActionResult Index(int vehicleId)
|
||||||
{
|
{
|
||||||
|
if (!_userLogic.UserCanAccessVehicle(GetUserID(), vehicleId))
|
||||||
|
{
|
||||||
|
return View("401");
|
||||||
|
}
|
||||||
var data = _dataAccess.GetVehicleById(vehicleId);
|
var data = _dataAccess.GetVehicleById(vehicleId);
|
||||||
return View(data);
|
return View(data);
|
||||||
}
|
}
|
||||||
@@ -77,6 +90,10 @@ namespace CarCareTracker.Controllers
|
|||||||
[HttpGet]
|
[HttpGet]
|
||||||
public IActionResult GetEditVehiclePartialViewById(int vehicleId)
|
public IActionResult GetEditVehiclePartialViewById(int vehicleId)
|
||||||
{
|
{
|
||||||
|
if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleId))
|
||||||
|
{
|
||||||
|
return View("401");
|
||||||
|
}
|
||||||
var data = _dataAccess.GetVehicleById(vehicleId);
|
var data = _dataAccess.GetVehicleById(vehicleId);
|
||||||
return PartialView("_VehicleModal", data);
|
return PartialView("_VehicleModal", data);
|
||||||
}
|
}
|
||||||
@@ -85,10 +102,22 @@ namespace CarCareTracker.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
|
bool isNewAddition = vehicleInput.Id == default;
|
||||||
|
if (!isNewAddition)
|
||||||
|
{
|
||||||
|
if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleInput.Id))
|
||||||
|
{
|
||||||
|
return View("401");
|
||||||
|
}
|
||||||
|
}
|
||||||
//move image from temp folder to images folder.
|
//move image from temp folder to images folder.
|
||||||
vehicleInput.ImageLocation = _fileHelper.MoveFileFromTemp(vehicleInput.ImageLocation, "images/");
|
vehicleInput.ImageLocation = _fileHelper.MoveFileFromTemp(vehicleInput.ImageLocation, "images/");
|
||||||
//save vehicle.
|
//save vehicle.
|
||||||
var result = _dataAccess.SaveVehicle(vehicleInput);
|
var result = _dataAccess.SaveVehicle(vehicleInput);
|
||||||
|
if (isNewAddition)
|
||||||
|
{
|
||||||
|
_userLogic.AddUserAccessToVehicle(GetUserID(), vehicleInput.Id, UserAccessType.Editor);
|
||||||
|
}
|
||||||
return Json(result);
|
return Json(result);
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
@@ -108,6 +137,7 @@ namespace CarCareTracker.Controllers
|
|||||||
_noteDataAccess.DeleteAllNotesByVehicleId(vehicleId) &&
|
_noteDataAccess.DeleteAllNotesByVehicleId(vehicleId) &&
|
||||||
_reminderRecordDataAccess.DeleteAllReminderRecordsByVehicleId(vehicleId) &&
|
_reminderRecordDataAccess.DeleteAllReminderRecordsByVehicleId(vehicleId) &&
|
||||||
_upgradeRecordDataAccess.DeleteAllUpgradeRecordsByVehicleId(vehicleId) &&
|
_upgradeRecordDataAccess.DeleteAllUpgradeRecordsByVehicleId(vehicleId) &&
|
||||||
|
_userLogic.DeleteAllAccessToVehicle(vehicleId) &&
|
||||||
_dataAccess.DeleteVehicle(vehicleId);
|
_dataAccess.DeleteVehicle(vehicleId);
|
||||||
return Json(result);
|
return Json(result);
|
||||||
}
|
}
|
||||||
|
|||||||
27
External/Implementations/UserAccessDataAcces.cs
vendored
27
External/Implementations/UserAccessDataAcces.cs
vendored
@@ -9,17 +9,6 @@ namespace CarCareTracker.External.Implementations
|
|||||||
{
|
{
|
||||||
private static string dbName = StaticHelper.DbName;
|
private static string dbName = StaticHelper.DbName;
|
||||||
private static string tableName = "useraccessrecords";
|
private static string tableName = "useraccessrecords";
|
||||||
public UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId)
|
|
||||||
{
|
|
||||||
using (var db = new LiteDatabase(dbName))
|
|
||||||
{
|
|
||||||
var table = db.GetCollection<UserAccess>(tableName);
|
|
||||||
return table.FindOne(Query.And(
|
|
||||||
Query.EQ(nameof(UserAccess.VehicleId), vehicleId),
|
|
||||||
Query.EQ(nameof(UserAccess.UserId), userId)
|
|
||||||
));
|
|
||||||
};
|
|
||||||
}
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Gets a list of vehicles user have access to.
|
/// Gets a list of vehicles user have access to.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
@@ -30,7 +19,15 @@ namespace CarCareTracker.External.Implementations
|
|||||||
using (var db = new LiteDatabase(dbName))
|
using (var db = new LiteDatabase(dbName))
|
||||||
{
|
{
|
||||||
var table = db.GetCollection<UserAccess>(tableName);
|
var table = db.GetCollection<UserAccess>(tableName);
|
||||||
return table.Find(Query.EQ(nameof(UserAccess.UserId), userId)).ToList();
|
return table.Find(x=>x.Id.UserId == userId).ToList();
|
||||||
|
};
|
||||||
|
}
|
||||||
|
public UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId)
|
||||||
|
{
|
||||||
|
using (var db = new LiteDatabase(dbName))
|
||||||
|
{
|
||||||
|
var table = db.GetCollection<UserAccess>(tableName);
|
||||||
|
return table.Find(x => x.Id.UserId == userId && x.Id.VehicleId == vehicleId).FirstOrDefault();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
public List<UserAccess> GetUserAccessByVehicleId(int vehicleId)
|
public List<UserAccess> GetUserAccessByVehicleId(int vehicleId)
|
||||||
@@ -38,7 +35,7 @@ namespace CarCareTracker.External.Implementations
|
|||||||
using (var db = new LiteDatabase(dbName))
|
using (var db = new LiteDatabase(dbName))
|
||||||
{
|
{
|
||||||
var table = db.GetCollection<UserAccess>(tableName);
|
var table = db.GetCollection<UserAccess>(tableName);
|
||||||
return table.Find(Query.EQ(nameof(UserAccess.VehicleId), vehicleId)).ToList();
|
return table.Find(x => x.Id.VehicleId == vehicleId).ToList();
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
public bool SaveUserAccess(UserAccess userAccess)
|
public bool SaveUserAccess(UserAccess userAccess)
|
||||||
@@ -69,7 +66,7 @@ namespace CarCareTracker.External.Implementations
|
|||||||
using (var db = new LiteDatabase(dbName))
|
using (var db = new LiteDatabase(dbName))
|
||||||
{
|
{
|
||||||
var table = db.GetCollection<UserAccess>(tableName);
|
var table = db.GetCollection<UserAccess>(tableName);
|
||||||
table.DeleteMany(Query.EQ(nameof(UserAccess.VehicleId), vehicleId));
|
table.DeleteMany(x=>x.Id.VehicleId == vehicleId);
|
||||||
return true;
|
return true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -83,7 +80,7 @@ namespace CarCareTracker.External.Implementations
|
|||||||
using (var db = new LiteDatabase(dbName))
|
using (var db = new LiteDatabase(dbName))
|
||||||
{
|
{
|
||||||
var table = db.GetCollection<UserAccess>(tableName);
|
var table = db.GetCollection<UserAccess>(tableName);
|
||||||
table.DeleteMany(Query.EQ(nameof(UserAccess.UserId), userId));
|
table.DeleteMany(x => x.Id.UserId == userId);
|
||||||
return true;
|
return true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -18,14 +18,6 @@ namespace CarCareTracker.External.Implementations
|
|||||||
return true;
|
return true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
public Vehicle GetLastInsertedVehicle()
|
|
||||||
{
|
|
||||||
using (var db = new LiteDatabase(dbName))
|
|
||||||
{
|
|
||||||
var table = db.GetCollection<Vehicle>(tableName);
|
|
||||||
return table.FindOne(Query.All(Query.Descending));
|
|
||||||
};
|
|
||||||
}
|
|
||||||
public bool DeleteVehicle(int vehicleId)
|
public bool DeleteVehicle(int vehicleId)
|
||||||
{
|
{
|
||||||
using (var db = new LiteDatabase(dbName))
|
using (var db = new LiteDatabase(dbName))
|
||||||
|
|||||||
2
External/Interfaces/IUserAccessDataAccess.cs
vendored
2
External/Interfaces/IUserAccessDataAccess.cs
vendored
@@ -4,8 +4,8 @@ namespace CarCareTracker.External.Interfaces
|
|||||||
{
|
{
|
||||||
public interface IUserAccessDataAccess
|
public interface IUserAccessDataAccess
|
||||||
{
|
{
|
||||||
UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId);
|
|
||||||
List<UserAccess> GetUserAccessByUserId(int userId);
|
List<UserAccess> GetUserAccessByUserId(int userId);
|
||||||
|
UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId);
|
||||||
List<UserAccess> GetUserAccessByVehicleId(int vehicleId);
|
List<UserAccess> GetUserAccessByVehicleId(int vehicleId);
|
||||||
bool SaveUserAccess(UserAccess userAccess);
|
bool SaveUserAccess(UserAccess userAccess);
|
||||||
bool DeleteUserAccess(int userAccessId);
|
bool DeleteUserAccess(int userAccessId);
|
||||||
|
|||||||
1
External/Interfaces/IVehicleDataAccess.cs
vendored
1
External/Interfaces/IVehicleDataAccess.cs
vendored
@@ -5,7 +5,6 @@ namespace CarCareTracker.External.Interfaces
|
|||||||
public interface IVehicleDataAccess
|
public interface IVehicleDataAccess
|
||||||
{
|
{
|
||||||
public bool SaveVehicle(Vehicle vehicle);
|
public bool SaveVehicle(Vehicle vehicle);
|
||||||
public Vehicle GetLastInsertedVehicle();
|
|
||||||
public bool DeleteVehicle(int vehicleId);
|
public bool DeleteVehicle(int vehicleId);
|
||||||
public List<Vehicle> GetVehicles();
|
public List<Vehicle> GetVehicles();
|
||||||
public Vehicle GetVehicleById(int vehicleId);
|
public Vehicle GetVehicleById(int vehicleId);
|
||||||
|
|||||||
@@ -6,9 +6,12 @@ namespace CarCareTracker.Logic
|
|||||||
{
|
{
|
||||||
public interface IUserLogic
|
public interface IUserLogic
|
||||||
{
|
{
|
||||||
|
bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType);
|
||||||
List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId);
|
List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId);
|
||||||
bool UserCanAccessVehicle(int userId, int vehicleId);
|
bool UserCanAccessVehicle(int userId, int vehicleId);
|
||||||
bool UserCanEditVehicle(int userId, int vehicleId);
|
bool UserCanEditVehicle(int userId, int vehicleId);
|
||||||
|
bool DeleteAllAccessToVehicle(int vehicleId);
|
||||||
|
bool DeleteAllAccessToUser(int userId);
|
||||||
}
|
}
|
||||||
public class UserLogic: IUserLogic
|
public class UserLogic: IUserLogic
|
||||||
{
|
{
|
||||||
@@ -16,12 +19,28 @@ namespace CarCareTracker.Logic
|
|||||||
public UserLogic(IUserAccessDataAccess userAccess) {
|
public UserLogic(IUserAccessDataAccess userAccess) {
|
||||||
_userAccess = userAccess;
|
_userAccess = userAccess;
|
||||||
}
|
}
|
||||||
|
public bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType)
|
||||||
|
{
|
||||||
|
if (userId == -1)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
var userVehicle = new UserVehicle { UserId = userId, VehicleId = vehicleId };
|
||||||
|
var userAccess = new UserAccess { Id = userVehicle, AccessType = accessType };
|
||||||
|
var result = _userAccess.SaveUserAccess(userAccess);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
public List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId)
|
public List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId)
|
||||||
{
|
{
|
||||||
|
//user is root user.
|
||||||
|
if (userId == -1)
|
||||||
|
{
|
||||||
|
return results;
|
||||||
|
}
|
||||||
var accessibleVehicles = _userAccess.GetUserAccessByUserId(userId);
|
var accessibleVehicles = _userAccess.GetUserAccessByUserId(userId);
|
||||||
if (accessibleVehicles.Any())
|
if (accessibleVehicles.Any())
|
||||||
{
|
{
|
||||||
var vehicleIds = accessibleVehicles.Select(x => x.VehicleId);
|
var vehicleIds = accessibleVehicles.Select(x => x.Id.VehicleId);
|
||||||
return results.Where(x => vehicleIds.Contains(x.Id)).ToList();
|
return results.Where(x => vehicleIds.Contains(x.Id)).ToList();
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@@ -31,6 +50,10 @@ namespace CarCareTracker.Logic
|
|||||||
}
|
}
|
||||||
public bool UserCanAccessVehicle(int userId, int vehicleId)
|
public bool UserCanAccessVehicle(int userId, int vehicleId)
|
||||||
{
|
{
|
||||||
|
if (userId == -1)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
|
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
|
||||||
if (userAccess != null)
|
if (userAccess != null)
|
||||||
{
|
{
|
||||||
@@ -40,6 +63,10 @@ namespace CarCareTracker.Logic
|
|||||||
}
|
}
|
||||||
public bool UserCanEditVehicle(int userId, int vehicleId)
|
public bool UserCanEditVehicle(int userId, int vehicleId)
|
||||||
{
|
{
|
||||||
|
if (userId == -1)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
|
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
|
||||||
if (userAccess != null && userAccess.AccessType == UserAccessType.Editor)
|
if (userAccess != null && userAccess.AccessType == UserAccessType.Editor)
|
||||||
{
|
{
|
||||||
@@ -47,5 +74,15 @@ namespace CarCareTracker.Logic
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
public bool DeleteAllAccessToVehicle(int vehicleId)
|
||||||
|
{
|
||||||
|
var result = _userAccess.DeleteAllAccessRecordsByVehicleId(vehicleId);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
public bool DeleteAllAccessToUser(int userId)
|
||||||
|
{
|
||||||
|
var result = _userAccess.DeleteAllAccessRecordsByUserId(userId);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -40,6 +40,7 @@ namespace CarCareTracker.Middleware
|
|||||||
var userIdentity = new List<Claim>
|
var userIdentity = new List<Claim>
|
||||||
{
|
{
|
||||||
new(ClaimTypes.Name, "admin"),
|
new(ClaimTypes.Name, "admin"),
|
||||||
|
new(ClaimTypes.NameIdentifier, "-1"),
|
||||||
new(ClaimTypes.Role, nameof(UserData.IsRootUser))
|
new(ClaimTypes.Role, nameof(UserData.IsRootUser))
|
||||||
};
|
};
|
||||||
appIdentity.AddClaims(userIdentity);
|
appIdentity.AddClaims(userIdentity);
|
||||||
|
|||||||
@@ -1,10 +1,13 @@
|
|||||||
namespace CarCareTracker.Models
|
namespace CarCareTracker.Models
|
||||||
{
|
{
|
||||||
public class UserAccess
|
public class UserVehicle
|
||||||
{
|
{
|
||||||
public int Id { get; set; }
|
|
||||||
public int UserId { get; set; }
|
public int UserId { get; set; }
|
||||||
public int VehicleId { get; set; }
|
public int VehicleId { get; set; }
|
||||||
|
}
|
||||||
|
public class UserAccess
|
||||||
|
{
|
||||||
|
public UserVehicle Id { get; set; }
|
||||||
public UserAccessType AccessType { get; set; }
|
public UserAccessType AccessType { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
1
Views/Shared/401.cshtml
Normal file
1
Views/Shared/401.cshtml
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<h1>Access Denied</h1>
|
||||||
Reference in New Issue
Block a user