Identity - user rights in ASP.NET Core MVC
Question
I'm creating a web application where a user that is logged in via Identity can create new objects (products) for sale. However I wonder how can I use Identity to make it so that a user can only see their own created objects. I've been thinking about UserManager but I'm fairly new to this so I'm not really sure where to start.
If anyone can show me a pretty simple way to solve this I would appreciate it a lot. Been reading a lot of Microsoft's documentation but I don't feel like I'm getting much wiser.
This is my InventoryController where I manage my "Products":
using auktioner_MarcusR91.Data;
using auktioner_MarcusR91.Models;
using Microsoft.AspNet.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace auktioner_MarcusR91.Controllers
{
public class InventoryController : Controller
{
private readonly AppDbContext _db;
public InventoryController(AppDbContext db)
{
_db = db;
}
public IActionResult Index()
{
IEnumerable<Inventory> objInventoryList = _db.Inventories;
return View(objInventoryList);
}
//GET
[Authorize]
public IActionResult Create()
{
return View();
}
//Post
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Create(Inventory inventory)
{
_db.Inventories.Add(inventory);
_db.SaveChanges();
return RedirectToAction("index");
}
//GET
[Authorize]
public IActionResult Edit(int? id)
{
if (id == 0 || id == 5)
{
return NotFound();
}
var inventoryFromDb = _db.Inventories.Find(id);
if (inventoryFromDb == null)
{
return NotFound();
}
return View(inventoryFromDb);
}
//Post
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Edit(Inventory inventory)
{
if (ModelState.IsValid)
{
_db.Inventories.Update(inventory);
_db.SaveChanges();
return RedirectToAction("index");
}
return View(inventory);
}
}
}
Here is my create view if that helps:
@model Inventory
<form method = "post">
<div class = "border p-3 mt-4">
<div class = "row pb-2">
<h2 class = "text-primary">Add to Inventory</h2>
<hr />
</div>
<div class = "mb-3">
<label asp-for ="inventoryName"></label>
<input asp-for = "inventoryName" />
<label asp-for ="finalPrize"></label>
<input asp-for = "finalPrize" />
<label asp-for ="inventoryDesc"></label>
<input asp-for = "inventoryDesc" />
<p>1 för "Transport</p>
<p>2 för "Smycken"</p>
<p>3 för "Hushåll"</p>
<p>4 för "Dekoration"</p>
<select asp-for = "categoryId">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</div>
<button type = "submit" class = "btn btn-primary" width = "100px">Submit</button>
<a asp-controller = "Inventory" asp-action = "index" class = "btn btn-secondary" style = "width: 100px">Back to products</a>
</div>
</form>
1 answers
solution1
0 2022-01-05 18:13:29
U should use userManager for userId.
private readonly AppDbContext _db;
private readonly UserManager<ApplicationUser> _userManager;
public InventoryController(AppDbContext db, UserManager<ApplicationUser> userManager)
{
_db = db;
_userManager = userManager;
}
Then change your query filter by userId.
var userId = _userManager.GetUserId(HttpContext.User);
IEnumerable<Inventory> objInventoryList = _db.Inventories.Where(d => d.userId == userId);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.