1. 首页
  2. 问答
  3. 根据用户名检索数据

根据用户名检索数据

2013-10-11 33 views
1

我根据用户名进行身份验证。因此,未经授权的人无法看到任何工作正常的方法。根据用户名检索数据

The problem is all of the users are able to each others data. Person A shouldn't see the records of person B so that he/she can't edit another person's records.Does anyone know how I can write a lambda expression for that? I have my Edit method pasted below:

// GET: /IcerikDB_/Edit/5 
[Authorize(Roles = "Administrator")] 
public ActionResult Edit(int id) 
{ 
    icerik icerik = db.icerik.Find(id); 
    ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 
    ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
    return View(icerik); 
} 

[HttpPost] 
public ActionResult Edit(icerik icerik) 
{ 
    if (ModelState.IsValid) 
    { 
     if (User != null && User.Identity != null && User.Identity.IsAuthenticated) 
     { 
      string userName = User.Identity.Name; 
      var user = db.Users.First(u => u.UserName == userName); 
      icerik.Userid = user.UserId; 
      db.Entry(icerik).State = EntityState.Modified; 
      db.SaveChanges(); 
      return RedirectToAction("Index"); 
     } 
    } 
    ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 
    ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
    return View(icerik); 
}

这里是icerik.cs代码

namespace KategoriEditor.Icerik_DB 
{ 
    using System; 
    using System.Collections.Generic; 
    using System.ComponentModel.DataAnnotations; 

    public partial class icerik 
    { 
     public int Id { get; set; } 
     public Nullable<int> Kategorid { get; set; } 
     public Nullable<System.Guid> Userid { get; set; } 
     [DataType(DataType.Date)] 
     public Nullable<System.DateTime> Baslangic { get; set; } 
     [DataType(DataType.Date)] 
     public Nullable<System.DateTime> Bitis { get; set; } 
     public string tamicerik { get; set; } 
     public string kisaicerik { get; set; } 
     public string resimlink { get; set; } 

     public virtual Kategoriler Kategoriler { get; set; } 
     public virtual Users Users { get; set; } 
    } 
}

来源

2013-10-11 Ruhi Goktas

+2

你为什么要检查的ActionResult User.Identity,使用授权或属性定制并在一个地方定义它。每个实体都由某人(id)所有,只显示该人的实体。编辑时检查编辑人员是否也创建了实体。 –

+0

这部分代码是当用户点击**“Save”**按钮时插入UserName。 ** [授权] **写在控制器的开头,负责授权。我想让我的代码做的是仅显示登录用户的记录。 –

+0

我没有看到任何抓取模型的日志...我看到一个模型传入,转换为选择列表,并返回一个视图。 – ps2goat

回答

1

试试这个:

public ActionResult Edit(int id) 
{ 
    // Get the currently logged in user. 
    string userName = User.Identity.Name; 
    var user = db.Users.First(u => u.UserName == userName); 

    // Determine whether the requested id is the same id as the currently logged in user. 
    icerik icerik = db.icerik.Find(id); 
    if (icerik.Userid.HasValue && icerik.Userid.Value == user.UserId) 
    {  
     ViewBag.Kategorid = new SelectList(db.Kategoriler, "Id", "Adi", icerik.Kategorid); 

     // You should not need this SelectList anymore. 
     //ViewBag.Userid = new SelectList(db.Users, "UserId", "UserName", icerik.Userid); 
     return View(icerik); 
    } 
    // This redirect the unauthorized user to the homepage. This can be any other page of course. 
    return RedirectToAction("Index", "Home"); 
}

来源

2013-10-11 08:31:18

+0

它给了我和错误,表示运算符“==”不能应用于类型为'int'的操作数XXXController.cs, System.Guid' 错误是正确的: 'if(id == user.UserId)' –

+0

@RuhiGoktas您可以显示icerik类的代码,并描述它实际上是什么? –

+0

我更新了问题并粘贴了icerik.cs –

相关问题

 相关问题