droits d'accès

2016-09-05 00:22:27 +02:00
parent fbefa91fb0
commit a4897dc292
1 changed files with 34 additions and 5 deletions
--- a/Yavsc/Controllers/EstimateController.cs
+++ b/Yavsc/Controllers/EstimateController.cs
@ -1,6 +1,8 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.FileProviders;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Mvc;
@ -9,9 +11,11 @@ using Microsoft.Extensions.OptionsModel;
 using Yavsc.Helpers;
 using Yavsc.Models;
 using Yavsc.Models.Billing;
 using Yavsc.Models.Booking;
 namespace Yavsc.Controllers
 {
    [Authorize]
    public class EstimateController : Controller
    {
        private ApplicationDbContext _context;
@ -24,14 +28,19 @@ namespace Yavsc.Controllers
        }
        // GET: Estimate
        public IActionResult Index()
        {
-            return View(_context.Estimates.ToList());
+            var uid = User.GetUserId();
            return View(_context.Estimates.Where(
                e=>e.OwnerId == uid || e.ClientId == uid
            ).ToList());
        }
        // GET: Estimate/Details/5
        public IActionResult Details(long? id)
        {
            var uid = User.GetUserId();
            if (id == null)
            {
                return HttpNotFound();
@ -41,20 +50,32 @@ namespace Yavsc.Controllers
            .Include(e => e.Query)
            .Include(e => e.Query.PerformerProfile)
            .Include(e => e.Query.PerformerProfile.Performer)
            .Where(
                e=>e.OwnerId == uid || e.ClientId == uid
            )
            .Single(m => m.Id == id);
            if (estimate == null)
            {
                return HttpNotFound();
            }
            DirectoryInfo di = new DirectoryInfo(_site.UserFiles.DirName);
-            ViewBag.Files = estimate.GetFileContent(_site.UserFiles.DirName);
+
            ViewBag.Files = estimate.GetFileContent(di.FullName);
            return View(estimate);
        }
        // GET: Estimate/Create
        [Authorize]
        public IActionResult Create()
        {
            var uid = User.GetUserId();
            IQueryable<BookQuery> queries = _context.BookQueries.Include(q=>q.Location).Where(bq=>bq.PerformerId == uid);
            //.Select(bq=>new SelectListItem{ Text = bq.Client.UserName, Value = bq.Client.Id });
            ViewBag.Clients = queries.Select(q=>q.Client).Distinct();
            ViewBag.Queries = queries;
            return View();
        }
@ -66,6 +87,7 @@ namespace Yavsc.Controllers
         ICollection<IFormFile> newFiles
         )
        {
            estimate.OwnerId = User.GetUserId();
            if (ModelState.IsValid)
            {
                _context.Estimates
@ -114,8 +136,10 @@ namespace Yavsc.Controllers
            {
                return HttpNotFound();
            }
            var uid = User.GetUserId();
-            Estimate estimate = _context.Estimates.Single(m => m.Id == id);
+            Estimate estimate = _context.Estimates
            .Where(e=>e.OwnerId==uid||e.ClientId==uid).Single(m => m.Id == id);
            if (estimate == null)
            {
                return HttpNotFound();
@ -129,6 +153,9 @@ namespace Yavsc.Controllers
        [ValidateAntiForgeryToken]
        public IActionResult Edit(Estimate estimate)
        {
            var uid = User.GetUserId();
            if (estimate.OwnerId!=uid&&estimate.ClientId!=uid
            ) return new HttpNotFoundResult();
            if (ModelState.IsValid)
            {
                _context.Update(estimate);
@ -146,8 +173,10 @@ namespace Yavsc.Controllers
            {
                return HttpNotFound();
            }
            var uid = User.GetUserId();
-            Estimate estimate = _context.Estimates.Single(m => m.Id == id);
+            Estimate estimate = _context.Estimates
            .Where(e=>e.OwnerId==uid||e.ClientId==uid) .Single(m => m.Id == id);
            if (estimate == null)
            {
                return HttpNotFound();