Merge pull request #172 from xdorro/minh

update transaction authorization
anhnmt · Aug 27, 2021 · 1819fea · 1819fea
2 parents 8ac79e8 + d0f049a
commit 1819fea
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 5 deletions.
diff --git a/Backend/Controllers/ChequeBooksController.cs b/Backend/Controllers/ChequeBooksController.cs
@@ -86,6 +86,18 @@ public ActionResult PostData()
         public ActionResult PutData(int id)
         {
             var x = chequebooks.Get(id);
+            var user = (Accounts)Session["user"];
+            var account = accounts.Get(user.AccountId);
+
+            if (!chequebooks.CheckDuplicate(y => y.ChequeBookId == id && y.AccountId == account.AccountId))
+            {
+                return Json(new
+                {
+                    statusCode = 404,
+                    message = "Not found",
+                }, JsonRequestBehavior.AllowGet);
+            }
+
             if (x.Status == (int)ChequeBookStatus.Deleted)
             {
                 return Json(new
@@ -119,6 +131,18 @@ public ActionResult PutData(int id)
         public ActionResult DeleteData(int id)
         {
             var x = chequebooks.Get(id);
+
+            var user = (Accounts)Session["user"];
+            var account = accounts.Get(user.AccountId);
+            if (!chequebooks.CheckDuplicate(y => y.ChequeBookId == id && y.AccountId == account.AccountId))
+            {
+                return Json(new
+                {
+                    statusCode = 404,
+                    message = "Not found",
+                }, JsonRequestBehavior.AllowGet);
+            }
+
             if (x.Status == (int)ChequeBookStatus.Deleted)
             {
                 return Json(new

diff --git a/Backend/Controllers/TransactionsController.cs b/Backend/Controllers/TransactionsController.cs
@@ -428,18 +428,25 @@ private List<Notifications> CreateNotifications(Transactions transaction)
 
         public ActionResult ProfileAccountNumber(int id)
         {
-            if (((Accounts) Session["user"]) == null)
-                RedirectToAction("Login", "Home", new
-                {
-                    area = ""
-                });
+            var user = (Accounts)Session["user"];
+            var account = accounts.Get(user.AccountId);
+            if (!bankAccounts.CheckDuplicate(x => x.BankAccountId == id && x.AccountId == account.AccountId))
+            {
+                return RedirectToAction("NotFound", "Error");
+            }
             var data = bankAccounts.Get(x => x.BankAccountId == id).FirstOrDefault();
             return data == null ? View() : View(data);
         }
 
         public ActionResult TransactionsDetails(int id)
         {
             var user = (Accounts) Session["user"];
+            var account = accounts.Get(user.AccountId);
+
+            if (!transactionDetails.CheckDuplicate(x => x.TransactionDetailId == id && x.BankAccount.AccountId == account.AccountId))
+            {
+                return RedirectToAction("NotFound", "Error");
+            }
 
             var data = transactionDetails
                 .Get(x => x.TransactionDetailId == id && x.BankAccount.AccountId == user.AccountId)