Section 12 - Authorization

BulkyBookWeb/Areas/Admin/Controllers/CategoryController.cs

@@ -1,12 +1,15 @@
 using BulkyBook.DataAccess;
 using BulkyBook.DataAccess.Repository.IRepository;
 using BulkyBook.Models;
+using BulkyBook.Utility;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using System.Linq;
 
 namespace BulkyBookWeb.Controllers;
 [Area("Admin")]
+[Authorize(Roles = SD.Role_Admin)]
 public class CategoryController : Controller
 {
     private readonly IUnitOfWork _unitOfWork;

BulkyBookWeb/Areas/Admin/Controllers/CompanyController.cs

@@ -2,6 +2,8 @@
 using BulkyBook.DataAccess.Repository.IRepository;
 using BulkyBook.Models;
 using BulkyBook.Models.ViewModels;
+using BulkyBook.Utility;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -13,6 +15,7 @@
 
 namespace BulkyBookWeb.Controllers;
 [Area("Admin")]
+[Authorize(Roles = SD.Role_Admin)]
 public class CompanyController : Controller
 {
     private readonly IUnitOfWork _unitOfWork;

BulkyBookWeb/Areas/Admin/Controllers/CoverTypeController.cs

@@ -1,12 +1,15 @@
 using BulkyBook.DataAccess;
 using BulkyBook.DataAccess.Repository.IRepository;
 using BulkyBook.Models;
+using BulkyBook.Utility;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using System.Collections.Generic;
 using System.Linq;
 
 namespace BulkyBookWeb.Controllers;
 [Area("Admin")]
+[Authorize(Roles = SD.Role_Admin)]
 public class CoverTypeController : Controller
 {
     private readonly IUnitOfWork _unitOfWork;

BulkyBookWeb/Areas/Admin/Controllers/ProductController.cs

@@ -2,6 +2,8 @@
 using BulkyBook.DataAccess.Repository.IRepository;
 using BulkyBook.Models;
 using BulkyBook.Models.ViewModels;
+using BulkyBook.Utility;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
@@ -13,6 +15,7 @@
 
 namespace BulkyBookWeb.Controllers;
 [Area("Admin")]
+[Authorize(Roles = SD.Role_Admin)]
 public class ProductController : Controller
 {
     private readonly IUnitOfWork _unitOfWork;

BulkyBookWeb/Areas/Admin/Views/Order/Details.cshtml

@@ -233,7 +233,11 @@
 									</div>
 								</li>
 							</ul>
-
+							@if (Model.OrderHeader.PaymentStatus == SD.PaymentStatusDelayedPayment &&
+										Model.OrderHeader.OrderStatus == SD.StatusShipped)
+								{
+									<input type="submit" class="btn btn-success form-control my-1" value="Pay Now" />
+								}
 							@if (User.IsInRole(SD.Role_Admin) || User.IsInRole(SD.Role_Employee))
 							{
 								if (Model.OrderHeader.OrderStatus == SD.StatusApproved)
@@ -245,11 +249,7 @@
 									<input type="submit" onclick="return validateInput()"
 									asp-action="ShipOrder" class="btn btn-primary form-control my-1" value="Ship Order" />
 								}
-								@if (Model.OrderHeader.PaymentStatus == SD.PaymentStatusDelayedPayment &&
-										Model.OrderHeader.OrderStatus == SD.StatusShipped)
-								{
-									<input type="submit" class="btn btn-success form-control my-1" value="Pay Now" />
-								}
+
 								@if (Model.OrderHeader.OrderStatus != SD.StatusRefunded &&
 										Model.OrderHeader.OrderStatus != SD.StatusCancelled &&
 								Model.OrderHeader.OrderStatus!=SD.StatusShipped)

BulkyBookWeb/Views/Shared/_Layout.cshtml

@@ -1,4 +1,5 @@
-<!DOCTYPE html>
+@using BulkyBook.Utility
+<!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8" />
@@ -24,16 +25,19 @@
 
 							<a class="nav-link " asp-area="Customer" asp-controller="Home" asp-action="Index">Home</a>
 						</li>
-						<li class="nav-item dropdown">
-							<a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="true" aria-expanded="false">Content Managment</a>
-							<div class="dropdown-menu">
-								<a class="dropdown-item" asp-area="Admin" asp-controller="Category" asp-action="Index">Category</a>
-								<a class="dropdown-item" asp-area="Admin" asp-controller="CoverType" asp-action="Index">Cover Type</a>
-								<a class="dropdown-item" asp-area="Admin" asp-controller="Product" asp-action="Index">Product</a>
-								<div class="dropdown-divider"></div>
-								<a class="dropdown-item" asp-area="Admin" asp-controller="Company" asp-action="Index">Company</a>
-							</div>
-						</li>
+						@if (User.IsInRole(SD.Role_Admin))
+						{
+							<li class="nav-item dropdown">
+								<a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#" role="button" aria-haspopup="true" aria-expanded="false">Content Managment</a>
+								<div class="dropdown-menu">
+									<a class="dropdown-item" asp-area="Admin" asp-controller="Category" asp-action="Index">Category</a>
+									<a class="dropdown-item" asp-area="Admin" asp-controller="CoverType" asp-action="Index">Cover Type</a>
+									<a class="dropdown-item" asp-area="Admin" asp-controller="Product" asp-action="Index">Product</a>
+									<div class="dropdown-divider"></div>
+									<a class="dropdown-item" asp-area="Admin" asp-controller="Company" asp-action="Index">Company</a>
+								</div>
+							</li>
+						}
 						<li class="nav-item">
 							<a class=nav-link asp-area="Admin" asp-controller="Order" asp-action="Index">
 								Manage Order