Best practice action result targeting

Asked

Viewed 144 times

3

I need to direct the administrator to a location, the first-time student to another and the student who has already accessed, to another.

My validations are working, everything is going well. However, I would like to know if there is a best practice to apply for such:

[HttpPost]
        public ActionResult Validar(String cpf, String senha)
        {
            var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
            var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
            if (alunos.Count() == 1)
            {
                var aluno = alunos.First();

                if (aluno.Cpf == "1413914")
                {
                    FormsAuthentication.SetAuthCookie("admin", false);
                    return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
                }

                else if (aluno.Senha == "sbe123") {
                    FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                    return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

                }
                else { 
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
                }
            }

            return RedirectToAction("Index");
        }

1 answer

2


The redirection per se is ok, but surely the way decisions are made so that these redirects are made needs a good refactoring.

First the following line can find students who have the same password so making some students may be log with the CPF other students by accident:

var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
// Deve ficar
var alunos = bdAluno.ListarTodos().Where(x =>x.Cpf == cpf && x.Senha == senha);

Nor is it good practice to put data hardcoded in your code as for example in these lines:

if (aluno.Cpf == "1413914")
//e
if (aluno.Senha == "sbe123")

Indicate who are administrators and new students in the student class itself:

class Aluno {
    public String Cpf {get;set;}
    public String Senha {get;set;}
    public boolean JaAcessouOSistema {get;set;}
    public boolean Administrador {get;set;}
}

public ActionResult Validar(String cpf, String senha)
    {
        var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
        var alunos = bdAluno.ListarTodos().Where(x => x.Cpf == cpf x.Senha == senha);
        if (alunos.Count() == 1)
        {
            var aluno = alunos.First();

            if (aluno.Administrador)
            {
                FormsAuthentication.SetAuthCookie("admin", false);
                return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
            }

            else if (!aluno.JaAcessouOSistema) {
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

            }
            else { 
            FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
            return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
            }
        }

        return RedirectToAction("Index");
    }

Other good practices would be the use of 3-tier architecture (not only the MVC but the presentation layer, business and data access layer), Ioc and treat the case the user is not found on the system.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.