Best practice targeting action result

3

I need to direct the administrator to one location, the first-time student to another, and the student you have / p>

My validations are working, everything is working. However, I wonder if there is a best practice to apply for it:

[HttpPost]
        public ActionResult Validar(String cpf, String senha)
        {
            var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
            var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
            if (alunos.Count() == 1)
            {
                var aluno = alunos.First();

                if (aluno.Cpf == "1413914")
                {
                    FormsAuthentication.SetAuthCookie("admin", false);
                    return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
                }

                else if (aluno.Senha == "sbe123") {
                    FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                    return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

                }
                else { 
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
                }
            }

            return RedirectToAction("Index");
        }
    
asked by anonymous 14.05.2014 / 20:08

1 answer

2

Redirecting per se is ok, but certainly the way decisions are made for redirects to be made needs good refactoring.

First the following line can find students who have the same password thus making some students could be log in with the other students CPF by accident:

var alunos = bdAluno.ListarTodos().Where(x => x.Senha == senha);
// Deve ficar
var alunos = bdAluno.ListarTodos().Where(x =>x.Cpf == cpf && x.Senha == senha);

It is also not good practice to put hardcoded data in your code, for example in these lines:

if (aluno.Cpf == "1413914")
//e
if (aluno.Senha == "sbe123")

State who are administrators and novice students in the student class itself:

class Aluno {
    public String Cpf {get;set;}
    public String Senha {get;set;}
    public boolean JaAcessouOSistema {get;set;}
    public boolean Administrador {get;set;}
}

public ActionResult Validar(String cpf, String senha)
    {
        var bdAluno = CONSUL_CA_AlunoAplicacaoConstrutor.CONSUL_CA_AlunoAplicacaoEF();
        var alunos = bdAluno.ListarTodos().Where(x => x.Cpf == cpf x.Senha == senha);
        if (alunos.Count() == 1)
        {
            var aluno = alunos.First();

            if (aluno.Administrador)
            {
                FormsAuthentication.SetAuthCookie("admin", false);
                return RedirectToAction("Index", "HomeADM", new { area = "Administrador" });
            }

            else if (!aluno.JaAcessouOSistema) {
                FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
                return RedirectToAction("AlterarSenha", "HomeAL", new { area = "Aluno" });

            }
            else { 
            FormsAuthentication.SetAuthCookie(aluno.Cpf, false);
            return RedirectToAction("Index", "HomeAL", new { area = "Aluno" });
            }
        }

        return RedirectToAction("Index");
    }

Other good practices would be to use the 3-tier architecture (not only the MVC, but the presentation layer, business and data access), IoC and treat the user's case not being found in the system.

    
20.05.2014 / 16:58