diff --git a/RentACar/WebApp/Controllers/CarsController.cs b/RentACar/WebApp/Controllers/CarsController.cs index d12e847..2e4f86a 100644 --- a/RentACar/WebApp/Controllers/CarsController.cs +++ b/RentACar/WebApp/Controllers/CarsController.cs @@ -20,14 +20,14 @@ namespace WebApp.Controllers { _context = context; } - + [Authorize] public async Task Index() { return View(await _context.Cars.ToListAsync()); } // GET: Cars/Details/5 - + [Authorize] public async Task Details(int? id) { if (id == null) @@ -58,7 +58,7 @@ namespace WebApp.Controllers // For more details, see http://go.microsoft.com/fwlink/?LinkId=317598. [HttpPost] [ValidateAntiForgeryToken] - + [Authorize(Roles = "Admin")] public async Task Create([Bind("Id, Brand, Model, Year, CountPassengerSeats, Description, PriceForDay")] Car car) { if (ModelState.IsValid) @@ -147,6 +147,7 @@ namespace WebApp.Controllers // POST: Cars/Delete/5 [HttpPost, ActionName("Delete")] [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] public async Task DeleteConfirmed(int id) { var car = await _context.Cars.FindAsync(id); diff --git a/RentACar/WebApp/Controllers/RentsController.cs b/RentACar/WebApp/Controllers/RentsController.cs index 574d066..b73ef42 100644 --- a/RentACar/WebApp/Controllers/RentsController.cs +++ b/RentACar/WebApp/Controllers/RentsController.cs @@ -7,6 +7,7 @@ using Microsoft.AspNetCore.Mvc.Rendering; using Microsoft.EntityFrameworkCore; using Data; using Data.Entities; +using Microsoft.AspNetCore.Authorization; namespace WebApp.Controllers { @@ -20,12 +21,14 @@ namespace WebApp.Controllers } // GET: Rents + [Authorize(Roles = "Admin")] public async Task Index() { return View(await _context.Rents.ToListAsync()); } // GET: Rents/Details/5 + [Authorize] public async Task Details(int? id) { if (id == null) @@ -42,13 +45,9 @@ namespace WebApp.Controllers return View(rents); } - public IActionResult DateSelect(DateTime startDate, DateTime endDate) - { - - return RedirectToAction(nameof(Index)); - } // GET: Rents/Create + [Authorize] public IActionResult Create(int id) { return View(); @@ -59,13 +58,15 @@ namespace WebApp.Controllers // For more details, see http://go.microsoft.com/fwlink/?LinkId=317598. [HttpPost] [ValidateAntiForgeryToken] - - public async Task Create([Bind("Id,Car.Id,StartDate,EndDate,UserId")] Rents rents) + [Authorize] + public async Task Create([Bind("Id,Car.Id,StartDate,EndDate,User.Id")] Rents rents) { if (ModelState.IsValid) { var car = _context.Cars.FirstOrDefault(car => car.Id == rents.Car.Id); rents.Car = car; + var user = _context.Users.FirstOrDefault(user => user.Id == rents.User.Id); + rents.User = user; _context.Add(rents); await _context.SaveChangesAsync(); return RedirectToAction(nameof(Index)); @@ -74,6 +75,7 @@ namespace WebApp.Controllers } // GET: Rents/Edit/5 + [Authorize(Roles = "Admin")] public async Task Edit(int? id) { if (id == null) @@ -94,6 +96,7 @@ namespace WebApp.Controllers // For more details, see http://go.microsoft.com/fwlink/?LinkId=317598. [HttpPost] [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] public async Task Edit(int id, [Bind("Id,CarId,StartDate,EndDate,UserId")] Rents rents) { if (id != rents.Id) @@ -125,6 +128,7 @@ namespace WebApp.Controllers } // GET: Rents/Delete/5 + [Authorize(Roles = "Admin")] public async Task Delete(int? id) { if (id == null) @@ -145,6 +149,7 @@ namespace WebApp.Controllers // POST: Rents/Delete/5 [HttpPost, ActionName("Delete")] [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] public async Task DeleteConfirmed(int id) { var rents = await _context.Rents.FindAsync(id); diff --git a/RentACar/WebApp/Controllers/UsersController.cs b/RentACar/WebApp/Controllers/UsersController.cs new file mode 100644 index 0000000..ab11693 --- /dev/null +++ b/RentACar/WebApp/Controllers/UsersController.cs @@ -0,0 +1,195 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc.Rendering; +using Microsoft.EntityFrameworkCore; +using Data; +using Data.Entities; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Identity; + +namespace WebApp.Controllers +{ + public class UserWithRoles + { + public string UserName { get; set; } + public string FirstName { get; set; } + public string LastName { get; set; } + public string Email { get; set; } + public string PersonalNumber { get; set; } + public string PhoneNumber { get; set; } + public string Role { get; set; } + } + + public class UsersController : Controller + { + private readonly RentACarDbContext _context; + + public UsersController(RentACarDbContext context) + { + _context = context; + } + + // GET: Users + [Authorize(Roles = "Admin")] + public async Task Index() + { + ICollection users = await _context.Users.ToListAsync(); + + ICollection usersWithRole = new List(); + + //foreach (var item in users) + //{ + // var userRole = await _context.UserRoles.FirstOrDefaultAsync(userRoles => userRoles.UserId == item.Id); + // var role = await _context.Roles.FirstOrDefaultAsync(role => role.Id == userRole.RoleId); + // usersWithRole.Add( + // new UserWithRoles() + // { + // UserName = item.UserName, + // FirstName = item.FirstName, + // LastName = item.LastName, + // Email = item.Email, + // PersonalNumber = item.PersonalNumber, + // PhoneNumber = item.PhoneNumber, + // Role = role.Name + // } + // ); + //} + + return View(users); + } + + // GET: Users/Edit/5 + [Authorize(Roles = "Admin")] + public async Task Edit(string id) + { + if (id == null) + { + return NotFound(); + } + + var user = await _context.Users.FindAsync(id); + if (user == null) + { + return NotFound(); + } + return View(user); + } + + // GET: Rents/Create + [Authorize(Roles = "Admin")] + public IActionResult Create(int id) + { + return View(); + } + // POST: Rents/Create + // To protect from overposting attacks, enable the specific properties you want to bind to. + // For more details, see http://go.microsoft.com/fwlink/?LinkId=317598. + [HttpPost] + [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] + public async Task Create([Bind("FirstName,LastName,PersonalNumber,Id,UserName,NormalizedUserName,Email,NormalizedEmail,EmailConfirmed,PasswordHash,SecurityStamp,ConcurrencyStamp,PhoneNumber,PhoneNumberConfirmed,TwoFactorEnabled,LockoutEnd,LockoutEnabled,AccessFailedCount")] User user) + { + user.Id = Guid.NewGuid().ToString(); + PasswordHasher passwordHasher = new PasswordHasher(); + user.PasswordHash = passwordHasher.HashPassword(user.Id, user.PasswordHash); + if (ModelState.IsValid) + { + _context.Add(user); + await _context.SaveChangesAsync(); + return RedirectToAction(nameof(Index)); + } + return View(user); + } + // POST: Users/Edit/5 + // To protect from overposting attacks, enable the specific properties you want to bind to. + // For more details, see http://go.microsoft.com/fwlink/?LinkId=317598. + [HttpPost] + [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] + public async Task Edit(string id, [Bind("FirstName,LastName,PersonalNumber,Id,UserName,NormalizedUserName,Email,NormalizedEmail,EmailConfirmed,PasswordHash,SecurityStamp,ConcurrencyStamp,PhoneNumber,PhoneNumberConfirmed,TwoFactorEnabled,LockoutEnd,LockoutEnabled,AccessFailedCount")] User user) + { + if (id != user.Id) + { + return NotFound(); + } + + if (ModelState.IsValid) + { + try + { + _context.Update(user); + await _context.SaveChangesAsync(); + } + catch (DbUpdateConcurrencyException) + { + if (!UserExists(user.Id)) + { + return NotFound(); + } + else + { + throw; + } + } + return RedirectToAction(nameof(Index)); + } + return View(user); + } + + // GET: Users/Delete/5 + [Authorize(Roles = "Admin")] + public async Task Delete(string id) + { + if (id == null) + { + return NotFound(); + } + + var user = await _context.Users + .FirstOrDefaultAsync(m => m.Id == id); + if (user == null) + { + return NotFound(); + } + + return View(user); + } + + // POST: Users/Delete/5 + [HttpPost, ActionName("Delete")] + [ValidateAntiForgeryToken] + [Authorize(Roles = "Admin")] + public async Task DeleteConfirmed(string id) + { + var user = await _context.Users.FindAsync(id); + _context.Users.Remove(user); + await _context.SaveChangesAsync(); + return RedirectToAction(nameof(Index)); + } + // GET: Users/Details/5 + [Authorize(Roles = "Admin")] + public async Task Details(string? id) + { + if (id == null) + { + return NotFound(); + } + + var user = await _context.Users + .FirstOrDefaultAsync(m => m.Id == id); + if (user == null) + { + return NotFound(); + } + + return View(user); + } + private bool UserExists(string id) + { + return _context.Users.Any(e => e.Id == id); + } + } +} \ No newline at end of file diff --git a/RentACar/WebApp/Views/Home/Index.cshtml b/RentACar/WebApp/Views/Home/Index.cshtml index cd7e982..e55e9f4 100644 --- a/RentACar/WebApp/Views/Home/Index.cshtml +++ b/RentACar/WebApp/Views/Home/Index.cshtml @@ -11,11 +11,12 @@ { Manage cars Manage rents + Manage users } else { See all cars - Rent a car + Rent a car } } else diff --git a/RentACar/WebApp/Views/Rents/Create.cshtml b/RentACar/WebApp/Views/Rents/Create.cshtml index bf11e3a..ea7883b 100644 --- a/RentACar/WebApp/Views/Rents/Create.cshtml +++ b/RentACar/WebApp/Views/Rents/Create.cshtml @@ -27,8 +27,11 @@
- Back to List -
+ @if (this.User.IsInRole("Admin")) + { + Back to List + } + diff --git a/RentACar/WebApp/Views/Shared/_Layout.cshtml b/RentACar/WebApp/Views/Shared/_Layout.cshtml index f97f7e6..5002711 100644 --- a/RentACar/WebApp/Views/Shared/_Layout.cshtml +++ b/RentACar/WebApp/Views/Shared/_Layout.cshtml @@ -20,13 +20,22 @@
  • Home -
    • -
  • - Cars -
    • -
  • - Rents
    • + @if (this.User.Identity.Name != null) + { +
  • + Cars +
    • + @if (this.User.IsInRole("Admin")) + { +
  • + Rents +
    • +
  • + Users +
    • + } + }
diff --git a/RentACar/WebApp/Views/Users/Create.cshtml b/RentACar/WebApp/Views/Users/Create.cshtml new file mode 100644 index 0000000..237f4ae --- /dev/null +++ b/RentACar/WebApp/Views/Users/Create.cshtml @@ -0,0 +1,79 @@ +@model Data.Entities.User + +@{ + ViewData["Title"] = "Create"; +} + +

Create user

+
+
+
+
+
+
+ + + +
+
+ + + +
+
+ + + +
+ +
+ + + +
+
+ + + +
+
+ +
+
+ + + +
+
+ + + +
+
+ +
+
+ + + +
+
+ +
+
+ +
+
+
+
+ + +@section Scripts { + @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} +} diff --git a/RentACar/WebApp/Views/Users/Delete.cshtml b/RentACar/WebApp/Views/Users/Delete.cshtml index 990ae5d..0750677 100644 --- a/RentACar/WebApp/Views/Users/Delete.cshtml +++ b/RentACar/WebApp/Views/Users/Delete.cshtml @@ -4,11 +4,10 @@ ViewData["Title"] = "Delete"; } -

Delete

+

Delete user

Are you sure you want to delete this?

-

User

@@ -117,7 +116,7 @@
- | - Back to List + + Back to List
diff --git a/RentACar/WebApp/Views/Users/Edit.cshtml b/RentACar/WebApp/Views/Users/Edit.cshtml index 5646ff1..2d93b53 100644 --- a/RentACar/WebApp/Views/Users/Edit.cshtml +++ b/RentACar/WebApp/Views/Users/Edit.cshtml @@ -4,9 +4,7 @@ ViewData["Title"] = "Edit"; } -

Edit

- -

User

+

Edit user

@@ -33,21 +31,11 @@
-
- - - -
-
- - - -
-
- - - -
-
- - - -
@@ -78,11 +56,6 @@ @Html.DisplayNameFor(model => model.PhoneNumberConfirmed)
-
- -
@@ -94,21 +67,13 @@
- - - -
-
- + + Back to List
- - @section Scripts { @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} } diff --git a/RentACar/WebApp/Views/Users/Index.cshtml b/RentACar/WebApp/Views/Users/Index.cshtml index ac3e36e..d13fc95 100644 --- a/RentACar/WebApp/Views/Users/Index.cshtml +++ b/RentACar/WebApp/Views/Users/Index.cshtml @@ -1,62 +1,68 @@ @model IEnumerable @{ - ViewData["Title"] = "Index"; + ViewData["Title"] = "Users"; } -

Index

+

Users

+

+ Create user +

- +
+ - -@foreach (var item in Model) { - - - - - - - - - -} + @foreach (var item in Model) + { + + + + + + + + + + }
- @Html.DisplayNameFor(model => model.FirstName) + First name - @Html.DisplayNameFor(model => model.LastName) + Last name - @Html.DisplayNameFor(model => model.PersonalNumber) + ID number - @Html.DisplayNameFor(model => model.UserName) + Username - @Html.DisplayNameFor(model => model.Email) + E-mail - @Html.DisplayNameFor(model => model.PhoneNumber) + Phone number + + Actions
- @Html.DisplayFor(modelItem => item.FirstName) - - @Html.DisplayFor(modelItem => item.LastName) - - @Html.DisplayFor(modelItem => item.PersonalNumber) - - @Html.DisplayFor(modelItem => item.UserName) - - @Html.DisplayFor(modelItem => item.Email) - - @Html.DisplayFor(modelItem => item.PhoneNumber) - - Edit | - Details | - Delete -
+ @Html.DisplayFor(modelItem => item.FirstName) + + @Html.DisplayFor(modelItem => item.LastName) + + @Html.DisplayFor(modelItem => item.PersonalNumber) + + @Html.DisplayFor(modelItem => item.UserName) + + @Html.DisplayFor(modelItem => item.Email) + + @Html.DisplayFor(modelItem => item.PhoneNumber) + + Edit | + Details | + Delete +