1. 首頁
  2. 問答
  3. 根據用戶名檢索數據

根據用戶名檢索數據

2013-10-11 67 views
1

我根據用戶名進行身份驗證。因此,未經授權的人無法看到任何工作正常的方法。根據用戶名檢索數據

The problem is all of the users are able to each others data. Person A shouldn't see the records of person B so that he/she can't edit another person's records.Does anyone know how I can write a lambda expression for that? I have my Edit method pasted below:

// GET: /IcerikDB_/Edit/5 
[Authorize(Roles = "Administrator")] 
public ActionResult Edit(int id) 
{ 
    icerik icerik = db.icerik.Find(id); 
    ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 
    ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
    return View(icerik); 
} 

[HttpPost] 
public ActionResult Edit(icerik icerik) 
{ 
    if (ModelState.IsValid) 
    { 
     if (User != null && User.Identity != null && User.Identity.IsAuthenticated) 
     { 
      string userName = User.Identity.Name; 
      var user = db.Users.First(u => u.UserName == userName); 
      icerik.Userid = user.UserId; 
      db.Entry(icerik).State = EntityState.Modified; 
      db.SaveChanges(); 
      return RedirectToAction("Index"); 
     } 
    } 
    ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 
    ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
    return View(icerik); 
}

這裏是icerik.cs代碼

namespace KategoriEditor.Icerik_DB 
{ 
    using System; 
    using System.Collections.Generic; 
    using System.ComponentModel.DataAnnotations; 

    public partial class icerik 
    { 
     public int Id { get; set; } 
     public Nullable<int> Kategorid { get; set; } 
     public Nullable<System.Guid> Userid { get; set; } 
     [DataType(DataType.Date)] 
     public Nullable<System.DateTime> Baslangic { get; set; } 
     [DataType(DataType.Date)] 
     public Nullable<System.DateTime> Bitis { get; set; } 
     public string tamicerik { get; set; } 
     public string kisaicerik { get; set; } 
     public string resimlink { get; set; } 

     public virtual Kategoriler Kategoriler { get; set; } 
     public virtual Users Users { get; set; } 
    } 
}

來源

2013-10-11 Ruhi Goktas

+2

你爲什麼要檢查的ActionResult User.Identity,使用授權或屬性定製並在一個地方定義它。每個實體都由某人(id)所有,只顯示該人的實體。編輯時檢查編輯人員是否也創建了實體。 –

+0

這部分代碼是當用戶點擊**「Save」**按鈕時插入UserName。 ** [授權] **寫在控制器的開頭,負責授權。我想讓我的代碼做的是僅顯示登錄用戶的記錄。 –

+0

我沒有看到任何抓取模型的日誌...我看到一個模型傳入,轉換爲選擇列表,並返回一個視圖。 – ps2goat

回答

1

試試這個:

public ActionResult Edit(int id) 
{ 
    // Get the currently logged in user. 
    string userName = User.Identity.Name; 
    var user = db.Users.First(u => u.UserName == userName); 

    // Determine whether the requested id is the same id as the currently logged in user. 
    icerik icerik = db.icerik.Find(id); 
    if (icerik.Userid.HasValue && icerik.Userid.Value == user.UserId) 
    {  
     ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 

     // You should not need this SelectList anymore. 
     //ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
     return View(icerik); 
    } 
    // This redirect the unauthorized user to the homepage. This can be any other page of course. 
    return RedirectToAction("Index", "Home"); 
}

來源

2013-10-11 08:31:18

+0

它給了我和錯誤,表示運算符「==」不能應用於類型爲'int'的操作數XXXController.cs, System.Guid' 錯誤是正確的: 'if(id == user.UserId)' –

+0

@RuhiGoktas您可以顯示icerik類的代碼,並描述它實際上是什麼? –

+0

我更新了問題並粘貼了icerik.cs –

相關問題

 相關問題