SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e534e51b91
littleshop/LittleShop/Areas/Admin/Controllers/UsersController.cs
SysAdmin a2247d7c02
Some checks failed
Build and Deploy LittleShop / Build TeleBot Docker Image (push) Failing after 11s
Details
Build and Deploy LittleShop / Build LittleShop Docker Image (push) Failing after 15s
Details
Build and Deploy LittleShop / Deploy to Production VPS (Manual Only) (push) Has been skipped
Details
Build and Deploy LittleShop / Deploy to Pre-Production (CT109) (push) Has been skipped
Details
feat: Add customer management, payments, and push notifications with security enhancements 
Major Feature Additions:
- Customer management: Full CRUD with data export and privacy compliance
- Payment management: Centralized payment tracking and administration
- Push notification subscriptions: Manage and track web push subscriptions

Security Enhancements:
- IP whitelist middleware for administrative endpoints
- Data retention service with configurable policies
- Enhanced push notification security documentation
- Security fixes progress tracking (2025-11-14)

UI/UX Improvements:
- Enhanced navigation with improved mobile responsiveness
- Updated admin dashboard with order status counts
- Improved product CRUD forms
- New customer and payment management interfaces

Backend Improvements:
- Extended customer service with data export capabilities
- Enhanced order service with status count queries
- Improved crypto payment service with better error handling
- Updated validators and configuration

Documentation:
- DEPLOYMENT_NGINX_GUIDE.md: Nginx deployment instructions
- IP_STORAGE_ANALYSIS.md: IP storage security analysis
- PUSH_NOTIFICATION_SECURITY.md: Push notification security guide
- UI_UX_IMPROVEMENT_PLAN.md: Planned UI/UX enhancements
- UI_UX_IMPROVEMENTS_COMPLETED.md: Completed improvements

Cleanup:
- Removed temporary database WAL files
- Removed stale commit message file

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-16 19:33:02 +00:00

166 lines
4.9 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using LittleShop.Services;
using LittleShop.DTOs;
namespace LittleShop.Areas.Admin.Controllers;
[Area("Admin")]
[Authorize(Policy = "AdminOnly")]
public class UsersController : Controller
{
private readonly IAuthService _authService;
public UsersController(IAuthService authService)
{
_authService = authService;
}
public async Task<IActionResult> Index()
{
var users = await _authService.GetAllUsersAsync();
return View(users);
}
public IActionResult Create()
{
return View();
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CreateUserDto model)
{
try
{
if (!ModelState.IsValid)
{
return View(model);
}
var user = await _authService.CreateUserAsync(model);
if (user == null)
{
ModelState.AddModelError("Username", "User with this username already exists");
return View(model);
}
TempData["SuccessMessage"] = $"User '{user.Username}' created successfully";
return RedirectToAction(nameof(Index));
}
catch (Exception ex)
{
ModelState.AddModelError("", "An error occurred while creating the user: " + ex.Message);
return View(model);
}
}
public async Task<IActionResult> Edit(Guid id)
{
var user = await _authService.GetUserByIdAsync(id);
if (user == null)
{
return NotFound();
}
var model = new UpdateUserDto
{
Username = user.Username,
IsActive = user.IsActive
};
ViewData["UserId"] = id;
return View(model);
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(Guid id, UpdateUserDto model)
{
try
{
// Additional validation for required username
if (string.IsNullOrWhiteSpace(model.Username))
{
ModelState.AddModelError("Username", "Username is required");
}
// Validate password if provided
if (!string.IsNullOrEmpty(model.Password) && model.Password.Length < 8)
{
ModelState.AddModelError("Password", "Password must be at least 8 characters if changing");
}
if (!ModelState.IsValid)
{
ViewData["UserId"] = id;
return View(model);
}
var success = await _authService.UpdateUserAsync(id, model);
if (!success)
{
// Check if it's because of duplicate username
var existingUser = await _authService.GetUserByIdAsync(id);
if (existingUser == null)
{
return NotFound();
}
ModelState.AddModelError("Username", "Username is already taken by another user");
ViewData["UserId"] = id;
return View(model);
}
TempData["SuccessMessage"] = "User updated successfully";
return RedirectToAction(nameof(Index));
}
catch (Exception ex)
{
ModelState.AddModelError("", "An error occurred while updating the user: " + ex.Message);
ViewData["UserId"] = id;
return View(model);
}
}
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Delete(Guid id)
{
try
{
// Prevent admin user from deleting themselves
var currentUserIdClaim = User.FindFirst(System.Security.Claims.ClaimTypes.NameIdentifier)?.Value;
if (Guid.TryParse(currentUserIdClaim, out Guid currentUserId) && currentUserId == id)
{
TempData["ErrorMessage"] = "You cannot delete your own account";
return RedirectToAction(nameof(Index));
}
// Get user info for confirmation message
var user = await _authService.GetUserByIdAsync(id);
if (user == null)
{
TempData["ErrorMessage"] = "User not found";
return RedirectToAction(nameof(Index));
}
var success = await _authService.DeleteUserAsync(id);
if (success)
{
TempData["SuccessMessage"] = $"User '{user.Username}' has been deactivated";
}
else
{
TempData["ErrorMessage"] = "Failed to delete user";
}
return RedirectToAction(nameof(Index));
}
catch (Exception ex)
{
TempData["ErrorMessage"] = "An error occurred while deleting the user: " + ex.Message;
return RedirectToAction(nameof(Index));
}
}
}
Reference in New Issue View Git Blame Copy Permalink