Skip to content

Commit

Permalink
Merge pull request #182 from xdorro/minh
Browse files Browse the repository at this point in the history 
Update accounts authorization
  • Loading branch information
@mizhm
mizhm authored Aug 28, 2021
2 parents 8fd0ff8 + 464ae19 commit 14cf588
Show file tree
Hide file tree
Showing 4 changed files with 133 additions and 32 deletions.
90 changes: 86 additions & 4 deletions Backend/Areas/Admin/Controllers/AccountsController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ public ActionResult ChangePassword(AdminChangePasswordViewModels changePasswordV
{
var errors = new Dictionary<string, string>();
var userUpdate = users.Get(changePasswordViewModel.AccountId);
var user = (Accounts) Session["user"];
foreach (var k in ModelState.Keys)
foreach (var err in ModelState[k].Errors)
{
Expand All @@ -76,7 +77,29 @@ public ActionResult ChangePassword(AdminChangePasswordViewModels changePasswordV
message = "Error",
}, JsonRequestBehavior.AllowGet);

if (!changePasswordViewModel.Password.Equals(changePasswordViewModel.RePassword))
if (userUpdate.AccountId == 1 && user.AccountId != 1)
{
errors.Add("NewPassword", "Unauthorized");
return Json(new
{
data = errors,
statusCode = 400,
message = "Error",
}, JsonRequestBehavior.AllowGet);
}

if (userUpdate.RoleId == 1 && user.RoleId != 1)
{
errors.Add("NewPassword", "Unauthorized");
return Json(new
{
data = errors,
statusCode = 400,
message = "Error",
}, JsonRequestBehavior.AllowGet);
}

if (!changePasswordViewModel.NewPassword.Equals(changePasswordViewModel.ConfirmPassword))
{
errors.Add("ConfirmPassword", "Your confirm is not the same as your new password!");
return Json(new
Expand All @@ -86,7 +109,7 @@ public ActionResult ChangePassword(AdminChangePasswordViewModels changePasswordV
message = "Error",
}, JsonRequestBehavior.AllowGet);
}
userUpdate.Password = Utils.HashPassword(changePasswordViewModel.Password);
userUpdate.Password = Utils.HashPassword(changePasswordViewModel.NewPassword);
if (!users.Edit(userUpdate))
{
return Json(new
Expand Down Expand Up @@ -202,6 +225,7 @@ public ActionResult Edit(AccountViewModel accounts)
{

var acc1 = users.Get(accounts.AccountId);
var user = (Accounts)Session["user"];
var errors = new Dictionary<string, string>();
var check = true;
if (!ModelState.IsValid)
Expand Down Expand Up @@ -231,6 +255,29 @@ public ActionResult Edit(AccountViewModel accounts)
}
}

if (acc1.AccountId == 1 && user.AccountId != 1)
{
errors.Add("Status", "Unauthorized");
return Json(new
{
statusCode = 400,
message = "Error",
data = errors
}, JsonRequestBehavior.AllowGet);
}

if (user.RoleId != 1 && acc1.RoleId == 1)
{
check = false;
errors.Add("Status", "Unauthorized");
return Json(new
{
statusCode = 400,
message = "Error",
data = errors
}, JsonRequestBehavior.AllowGet);
}

if (users.CheckDuplicate(x => x.Email == accounts.Email && x.AccountId != acc1.AccountId))
{
check = false;
Expand All @@ -257,15 +304,20 @@ public ActionResult Edit(AccountViewModel accounts)

if (ModelState.IsValid && check)
{

var acc3 = users.Get(accounts.AccountId);
acc3.Name = accounts.Name;
acc3.Email = accounts.Email;
acc3.Phone = accounts.Phone;
acc3.Birthday = DateTime.Parse(accounts.Birthday);
acc3.Address = accounts.Address;
acc3.NumberId = accounts.NumberId;
acc3.RoleId = accounts.RoleId;
if (user.RoleId == 1 && user.AccountId == 1)
{
acc3.RoleId = accounts.RoleId;
}
acc3.Status = accounts.Status;
acc3.AttemptLogin = accounts.Status == (int)AccountStatus.Actived ? 0 : 3;
if (!users.Edit(acc3))
{
return Json(new
Expand Down Expand Up @@ -301,10 +353,31 @@ public ActionResult Edit(AccountViewModel accounts)
[HttpPost]
public ActionResult Delete(int id)
{
var current = (Accounts)Session["user"];
if (id == current.AccountId)
{
return Json(new
{
statusCode = 400,
data = "You cannot delete your own account",
message = "Error"
}, JsonRequestBehavior.AllowGet);
}

using (var _context = new ApplicationDbContext())
{
var user = _context.Accounts.FirstOrDefault(x => x.AccountId == id);
var bankaccount = _context.BankAccounts.FirstOrDefault(x => x.AccountId == id);
if (user.AccountId == 1)
{
return Json(new
{
statusCode = 400,
data = "Unauthorized",
message = "Error"
}, JsonRequestBehavior.AllowGet);
}

if (bankaccount != null)
{
user.Status = 2;
Expand All @@ -315,6 +388,15 @@ public ActionResult Delete(int id)
message = "Success"
}, JsonRequestBehavior.AllowGet);
}

{
return Json(new
{
statusCode = 400,
data = "You cannot delete your own account",
message = "Error"
}, JsonRequestBehavior.AllowGet);
}
}

if (users.Delete(id))
Expand All @@ -328,7 +410,7 @@ public ActionResult Delete(int id)

return Json(new
{
statusCode = 402,
statusCode = 400,
message = "Error"
}, JsonRequestBehavior.AllowGet);
}
Expand Down
69 changes: 44 additions & 25 deletions Backend/Areas/Admin/Views/Accounts/Index.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
@{
@using OnlineBanking.DAL
@{
var user = (Accounts)Session["user"];
ViewBag.Title = "Index";
Layout = "~/Areas/Admin/Views/Shared/_Layout.cshtml";
}
Expand Down Expand Up @@ -27,14 +29,14 @@
<div class="table-responsive">
<table class="display table-responsive-lg min-w850 dataTable no-footer" id="datatables" role="grid" aria-describedby="example4_info">
<thead>
<tr>
<th>No</th>
<th>Name</th>
<th>Email</th>
<th>RoleName </th>
<th>Status </th>
<th>Action</th>
</tr>
<tr>
<th>No</th>
<th>Name</th>
<th>Email</th>
<th>RoleName </th>
<th>Status </th>
<th>Action</th>
</tr>
</thead>
<tbody id="tbl_user"></tbody>

Expand All @@ -55,8 +57,8 @@
</div>

<div class="modal-body">
<input type="hidden" name="Id" id="Id" value=""/>
<input type="hidden" name="type" id="type" value="CREATE"/>
<input type="hidden" name="Id" id="Id" value="" />
<input type="hidden" name="type" id="type" value="CREATE" />

<div class="form-group">
<label>Name <span class="text-danger">*</span></label>
Expand All @@ -72,7 +74,7 @@
</div>
<div class="form-group">
<label>Phone <span class="text-danger">*</span></label>
<div class="error">
<div class="error">
<input type="text" class="form-control" id="Phone" name="Phone" placeholder="Phone...">
</div>
</div>
Expand Down Expand Up @@ -101,20 +103,37 @@
</div>
<div class="form-group">
<div class="row">
<div class="col-md-6">
<label>Role <span class="text-danger">*</span></label>
<div>
<select class="form-control" id="RoleId" name="RoleId">
</select>
@if (user.RoleId == 1)
{


<div class="col-md-6">
<label>Role <span class="text-danger">*</span></label>
<div>
<select class="form-control" id="RoleId" name="RoleId">
</select>
</div>
</div>
</div>
<div class="col-md-6">
<label>Status <span class="text-danger">*</span></label>
<div>
<select class="form-control" id="Status" name="Status">
</select>


<div class="col-md-6">
<label>Status <span class="text-danger">*</span></label>
<div>
<select class="form-control" id="Status" name="Status">
</select>
</div>
</div>
</div>
}
else
{
<div class="col-md-12">
<label>Status <span class="text-danger">*</span></label>
<div>
<select class="form-control" id="Status" name="Status">
</select>
</div>
</div>
}
</div>
</div>
</div>
Expand Down Expand Up @@ -370,7 +389,7 @@
} else {
validator.showErrors(res.data);
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion Backend/Controllers/HomeController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@ public ActionResult CheckLogin(string email, string password)
}, JsonRequestBehavior.AllowGet);
}

if (obj.Status == 1 && obj.RoleId != 1)
if (obj.Status == 1)
{
errors.Add("Email", "Your Account is Locked!");

Expand Down
4 changes: 2 additions & 2 deletions OnlineBanking.DAL/ViewModel/AdminChangePasswordViewModels.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ public class AdminChangePasswordViewModels
public int AccountId { get; set; }
[Required]
[MinLength(6)]
public string Password { get; set; }
public string NewPassword { get; set; }
[Required]
[MinLength(6)]
public string RePassword { get; set; }
public string ConfirmPassword { get; set; }
}
}

0 comments on commit 14cf588

Please sign in to comment.