cphipps/lubelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

reshaped user access object, added 401 page.

Browse Source
This commit is contained in:
DESKTOP-GENO133\IvanPlex
2024-01-13 17:49:48 -07:00
parent 00fd499805
commit a1b2b40abe
10 changed files with 88 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Controllers/HomeController.cs
View File

@@ -1,15 +1,9 @@
using CarCareTracker.External.Interfaces;
using CarCareTracker.Models;
using LiteDB;
using Microsoft.AspNetCore.Mvc;
using System.Diagnostics;
using static System.Net.Mime.MediaTypeNames;
using System.Drawing;
using System.Linq.Expressions;
using Microsoft.Extensions.Logging;
using CarCareTracker.Helper;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using System.Security.Claims;
using CarCareTracker.Logic;

30
Controllers/VehicleController.cs
View File

@@ -7,6 +7,8 @@ using CsvHelper;
using System.Globalization;
using Microsoft.AspNetCore.Authorization;
using CarCareTracker.MapProfile;
using System.Security.Claims;
using CarCareTracker.Logic;
namespace CarCareTracker.Controllers
{
@@ -29,6 +31,7 @@ namespace CarCareTracker.Controllers
private readonly IGasHelper _gasHelper;
private readonly IReminderHelper _reminderHelper;
private readonly IReportHelper _reportHelper;
private readonly IUserLogic _userLogic;
public VehicleController(ILogger<VehicleController> logger,
IFileHelper fileHelper,
@@ -43,6 +46,7 @@ namespace CarCareTracker.Controllers
ITaxRecordDataAccess taxRecordDataAccess,
IReminderRecordDataAccess reminderRecordDataAccess,
IUpgradeRecordDataAccess upgradeRecordDataAccess,
IUserLogic userLogic,
IWebHostEnvironment webEnv,
IConfiguration config)
{
@@ -59,13 +63,22 @@ namespace CarCareTracker.Controllers
_taxRecordDataAccess = taxRecordDataAccess;
_reminderRecordDataAccess = reminderRecordDataAccess;
_upgradeRecordDataAccess = upgradeRecordDataAccess;
_userLogic = userLogic;
_webEnv = webEnv;
_config = config;
_useDescending = bool.Parse(config[nameof(UserConfig.UseDescending)]);
}
private int GetUserID()
{
return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier));
}
[HttpGet]
public IActionResult Index(int vehicleId)
{
if (!_userLogic.UserCanAccessVehicle(GetUserID(), vehicleId))
{
return View("401");
}
var data = _dataAccess.GetVehicleById(vehicleId);
return View(data);
}
@@ -77,6 +90,10 @@ namespace CarCareTracker.Controllers
[HttpGet]
public IActionResult GetEditVehiclePartialViewById(int vehicleId)
{
if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleId))
{
return View("401");
}
var data = _dataAccess.GetVehicleById(vehicleId);
return PartialView("_VehicleModal", data);
}
@@ -85,10 +102,22 @@ namespace CarCareTracker.Controllers
{
try
{
bool isNewAddition = vehicleInput.Id == default;
if (!isNewAddition)
{
if (!_userLogic.UserCanEditVehicle(GetUserID(), vehicleInput.Id))
{
return View("401");
}
}
//move image from temp folder to images folder.
vehicleInput.ImageLocation = _fileHelper.MoveFileFromTemp(vehicleInput.ImageLocation, "images/");
//save vehicle.
var result = _dataAccess.SaveVehicle(vehicleInput);
if (isNewAddition)
{
_userLogic.AddUserAccessToVehicle(GetUserID(), vehicleInput.Id, UserAccessType.Editor);
}
return Json(result);
}
catch (Exception ex)
@@ -108,6 +137,7 @@ namespace CarCareTracker.Controllers
_noteDataAccess.DeleteAllNotesByVehicleId(vehicleId) &&
_reminderRecordDataAccess.DeleteAllReminderRecordsByVehicleId(vehicleId) &&
_upgradeRecordDataAccess.DeleteAllUpgradeRecordsByVehicleId(vehicleId) &&
_userLogic.DeleteAllAccessToVehicle(vehicleId) &&
_dataAccess.DeleteVehicle(vehicleId);
return Json(result);
}

27
External/Implementations/UserAccessDataAcces.cs vendored
View File

@@ -9,17 +9,6 @@ namespace CarCareTracker.External.Implementations
{
private static string dbName = StaticHelper.DbName;
private static string tableName = "useraccessrecords";
public UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId)
{
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
return table.FindOne(Query.And(
Query.EQ(nameof(UserAccess.VehicleId), vehicleId),
Query.EQ(nameof(UserAccess.UserId), userId)
));
};
}
/// <summary>
/// Gets a list of vehicles user have access to.
/// </summary>
@@ -30,7 +19,15 @@ namespace CarCareTracker.External.Implementations
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
return table.Find(Query.EQ(nameof(UserAccess.UserId), userId)).ToList();
return table.Find(x=>x.Id.UserId == userId).ToList();
};
}
public UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId)
{
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
return table.Find(x => x.Id.UserId == userId && x.Id.VehicleId == vehicleId).FirstOrDefault();
};
}
public List<UserAccess> GetUserAccessByVehicleId(int vehicleId)
@@ -38,7 +35,7 @@ namespace CarCareTracker.External.Implementations
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
return table.Find(Query.EQ(nameof(UserAccess.VehicleId), vehicleId)).ToList();
return table.Find(x => x.Id.VehicleId == vehicleId).ToList();
};
}
public bool SaveUserAccess(UserAccess userAccess)
@@ -69,7 +66,7 @@ namespace CarCareTracker.External.Implementations
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
table.DeleteMany(Query.EQ(nameof(UserAccess.VehicleId), vehicleId));
table.DeleteMany(x=>x.Id.VehicleId == vehicleId);
return true;
};
}
@@ -83,7 +80,7 @@ namespace CarCareTracker.External.Implementations
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<UserAccess>(tableName);
table.DeleteMany(Query.EQ(nameof(UserAccess.UserId), userId));
table.DeleteMany(x => x.Id.UserId == userId);
return true;
};
}

8
External/Implementations/VehicleDataAccess.cs vendored
View File

@@ -18,14 +18,6 @@ namespace CarCareTracker.External.Implementations
return true;
};
}
public Vehicle GetLastInsertedVehicle()
{
using (var db = new LiteDatabase(dbName))
{
var table = db.GetCollection<Vehicle>(tableName);
return table.FindOne(Query.All(Query.Descending));
};
}
public bool DeleteVehicle(int vehicleId)
{
using (var db = new LiteDatabase(dbName))

2
External/Interfaces/IUserAccessDataAccess.cs vendored
View File

@@ -4,8 +4,8 @@ namespace CarCareTracker.External.Interfaces
{
public interface IUserAccessDataAccess
{
UserAccess GetUserAccessByVehicleAndUserId(int vehicleId, int userId);
List<UserAccess> GetUserAccessByUserId(int userId);
UserAccess GetUserAccessByVehicleAndUserId(int userId, int vehicleId);
List<UserAccess> GetUserAccessByVehicleId(int vehicleId);
bool SaveUserAccess(UserAccess userAccess);
bool DeleteUserAccess(int userAccessId);

1
External/Interfaces/IVehicleDataAccess.cs vendored
View File

@@ -5,7 +5,6 @@ namespace CarCareTracker.External.Interfaces
public interface IVehicleDataAccess
{
public bool SaveVehicle(Vehicle vehicle);
public Vehicle GetLastInsertedVehicle();
public bool DeleteVehicle(int vehicleId);
public List<Vehicle> GetVehicles();
public Vehicle GetVehicleById(int vehicleId);

39
Logic/UserLogic.cs
View File

@@ -6,9 +6,12 @@ namespace CarCareTracker.Logic
{
public interface IUserLogic
{
bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType);
List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId);
bool UserCanAccessVehicle(int userId, int vehicleId);
bool UserCanEditVehicle(int userId, int vehicleId);
bool DeleteAllAccessToVehicle(int vehicleId);
bool DeleteAllAccessToUser(int userId);
}
public class UserLogic: IUserLogic
{
@@ -16,12 +19,28 @@ namespace CarCareTracker.Logic
public UserLogic(IUserAccessDataAccess userAccess) {
_userAccess = userAccess;
}
public bool AddUserAccessToVehicle(int userId, int vehicleId, UserAccessType accessType)
{
if (userId == -1)
{
return true;
}
var userVehicle = new UserVehicle { UserId = userId, VehicleId = vehicleId };
var userAccess = new UserAccess { Id = userVehicle, AccessType = accessType };
var result = _userAccess.SaveUserAccess(userAccess);
return result;
}
public List<Vehicle> FilterUserVehicles(List<Vehicle> results, int userId)
{
//user is root user.
if (userId == -1)
{
return results;
}
var accessibleVehicles = _userAccess.GetUserAccessByUserId(userId);
if (accessibleVehicles.Any())
{
var vehicleIds = accessibleVehicles.Select(x => x.VehicleId);
var vehicleIds = accessibleVehicles.Select(x => x.Id.VehicleId);
return results.Where(x => vehicleIds.Contains(x.Id)).ToList();
}
else
@@ -31,6 +50,10 @@ namespace CarCareTracker.Logic
}
public bool UserCanAccessVehicle(int userId, int vehicleId)
{
if (userId == -1)
{
return true;
}
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
if (userAccess != null)
{
@@ -40,6 +63,10 @@ namespace CarCareTracker.Logic
}
public bool UserCanEditVehicle(int userId, int vehicleId)
{
if (userId == -1)
{
return true;
}
var userAccess = _userAccess.GetUserAccessByVehicleAndUserId(userId, vehicleId);
if (userAccess != null && userAccess.AccessType == UserAccessType.Editor)
{
@@ -47,5 +74,15 @@ namespace CarCareTracker.Logic
}
return false;
}
public bool DeleteAllAccessToVehicle(int vehicleId)
{
var result = _userAccess.DeleteAllAccessRecordsByVehicleId(vehicleId);
return result;
}
public bool DeleteAllAccessToUser(int userId)
{
var result = _userAccess.DeleteAllAccessRecordsByUserId(userId);
return result;
}
}
}

1
Middleware/Authen.cs
View File

@@ -40,6 +40,7 @@ namespace CarCareTracker.Middleware
var userIdentity = new List<Claim>
{
new(ClaimTypes.Name, "admin"),
new(ClaimTypes.NameIdentifier, "-1"),
new(ClaimTypes.Role, nameof(UserData.IsRootUser))
};
appIdentity.AddClaims(userIdentity);

7
Models/User/UserAccess.cs
View File

@@ -1,10 +1,13 @@
namespace CarCareTracker.Models
{
public class UserAccess
public class UserVehicle
{
public int Id { get; set; }
public int UserId { get; set; }
public int VehicleId { get; set; }
}
public class UserAccess
{
public UserVehicle Id { get; set; }
public UserAccessType AccessType { get; set; }
}
}

1
Views/Shared/401.cshtml Normal file
View File

@@ -0,0 +1 @@
<h1>Access Denied</h1>