/// <summary>
/// Constructor for the Group Edit view
/// </summary>
/// <param name="user"></param>
/// <param name="groupId"></param>
/// <param name="groupName"></param>
/// <param name="adding"></param>
public GroupsModel(MxUser user, string groupId, string groupName, bool adding)
{
Usr = user;
GroupSections = new List <GroupSection>();
GroupRoles = BLL.Groups.RolesForGroupList(new Guid(groupId));
GroupName = groupName;
GroupId = groupId;
Adding = adding;
foreach (BLL.GroupRole role in GroupRoles)
{
string [] names = role.RoleName.Split('_');
GroupSection gs = new GroupSection();
if (GroupSectionCreated(names[0], out gs))
{
gs.Add(role);
}
else
{
gs.Name = names[0];
gs.Description = role.Description;
gs.Add(role);
gs.Id = Guid.NewGuid().ToString();
GroupSections.Add(gs);
}
}
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
MxUser mxUser = (MxUser)filterContext.HttpContext.Session["User"];
RouteValueDictionary rvd = new RouteValueDictionary();
if (mxUser != null)
{
if (!BLL.MxLicense.SeatCheck(mxUser.MbrUser.ProviderUserKey.ToString(), filterContext.HttpContext.Session.SessionID))
{
//user has been kicked out and needs to login
//clear session
filterContext.HttpContext.Session.Clear();
FormsAuthentication.SignOut();
rvd.Add("msg", "noseat");
filterContext.Result = new RedirectToRouteResult("Login", rvd);
}
}
else
{
//user is not logged in
rvd.Add("msg", "session");
filterContext.Result = new RedirectToRouteResult("Login", rvd);
}
}
public JsonResult ChangePassword(FormCollection form)
{
JsonResult jr = new JsonResult();
// ChangePassword will throw an exception rather
// than return false in certain failure scenarios.
bool changePasswordSucceeded;
try
{
MembershipUser currentUser = Membership.GetUser(User.Identity.Name, true /* userIsOnline */);
changePasswordSucceeded = currentUser.ChangePassword(form["oldPassword"], form["newPassword"]);
if (changePasswordSucceeded)
{
currentUser.IsApproved = true;
Membership.UpdateUser(currentUser);
MxUser mxUser = new MxUser(currentUser.ProviderUserKey.ToString());
Session["User"] = mxUser;
jr = Json(new { success = "true" });
}
else
{
jr = Json(new { success = "false" });
}
}
catch (Exception ex)
{
jr = Json(new { success = "false", error = ex.Message });
}
return(jr);
}
/// <summary>
/// Constructor for the Groups List view
/// </summary>
/// <param name="user"></param>
/// <param name="adding"></param>
public GroupsModel(MxUser user, bool adding)
{
GroupNameDictionary = BLL.Groups.GetGroupsDict();
SortedNames = GroupNameDictionary.Keys.ToList();
SortedNames.Sort();
Usr = user;
}
public void GroupsModelConstructorTest()
{
MxUser user = null; // TODO: Initialize to an appropriate value
string groupId = string.Empty; // TODO: Initialize to an appropriate value
string groupName = string.Empty; // TODO: Initialize to an appropriate value
bool adding = false; // TODO: Initialize to an appropriate value
GroupsModel target = new GroupsModel(user, groupId, groupName, adding);
Assert.Inconclusive("TODO: Implement code to verify target");
}
public ActionResult Add()
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("GROUP_Add"))
{
var model = new GroupsModel(GetMxUser(), true);
return(View(model));
}
else
{
return(RedirectToAction("NoAccess", "Account", new { returnUrl = "Admin/Groups" }));
}
}
//
// GET: /Account/Users
public ActionResult Users()
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_View"))
{
var model = new UsersModel(mxUser, ""); // no user
return(View(model));
}
else
{
return(RedirectToAction("Login", "Account", new { returnUrl = "Admin/UserAdmin" }));
}
}
public ActionResult ViewUser(string userId)
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_View"))
{
var model = new UsersModel(mxUser, userId.ToLower());
return(View("Users", model));
}
else
{
return(RedirectToAction("Login", "Account", new { returnUrl = "Admin/UserAdmin" }));
}
}
/****************** User Admin *******************/
#region User Admin
public ActionResult List()
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_View"))
{
var model = new UserListModel(mxUser, MxUser.GetAllUsers());
return(View(model));
}
else
{
return(RedirectToAction("NoAccess", "Account", new { returnUrl = "Admin/UserAdmin" }));
}
}
public ActionResult AddUser()
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_Add"))
{
var model = new AddUserModel(mxUser);
return(View("AddUser", model));
}
else
{
throw new Exception("The currently logged in user does not have user add rights");
}
}
public ActionResult EditUser(string userId)
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_View"))
{
var model = new EditUserModel(new MxUser(userId), mxUser);
return(View(model));
}
else
{
return(RedirectToAction("NoAccess", "Account", new { returnUrl = "Admin/UserAdmin" }));
}
}
public ContentResult DueDatesShipments(string orderId)
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("CUSTOMER_View"))
{
var model = new OrderStatus(mxUser);
return(Content(model.GetDueDatesShipments(orderId)));
}
else
{
return(Content(UnauthorizedContent()));
}
}
public ActionResult Edit(string groupId, string groupName, string add)
{
bool adding = bool.Parse(add);
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("GROUP_View") || mxUser.IsInRole("GROUP_Add") || mxUser.IsInRole("GROUP_Edit") || mxUser.IsInRole("GROUP_Delete"))
{
var model = new GroupsModel(GetMxUser(), groupId, groupName, adding);
return(View(model));
}
else
{
return(RedirectToAction("NoAccess", "Account", new { returnUrl = "Admin/Groups" }));
}
}
public ContentResult List(string status, string companyId)
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("CUSTOMER_View"))
{
//var um = new UserModel(Membership.GetUser().ProviderUserKey.ToString());
var model = new OrderStatus(mxUser);
return(Content(model.GetOrders(status, companyId)));
}
else
{
return(Content(UnauthorizedContent()));
}
}
public ActionResult Status()
{
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("CUSTOMER_View"))
{
//var um = new UserModel(Membership.GetUser().ProviderUserKey.ToString());
//string companyName = BLL.Customer.CustomerName(um);
var model = new OrderStatus(GetMxUser());
return(View(model));
}
else
{
return(RedirectToAction("NoAccess", "Account", new { returnUrl = "Orders" }));
}
}
/// <summary>
/// Constructor for the ButtonModel
/// </summary>
/// <param name="user"></param>
/// <param name="requiredRoles">if the user has any of these roles, then the user will see the button. Pass null or empty array if the button does not require any roles to see</param>
/// <param name="buttonText">localized text</param>
/// <param name="buttonJsCall">Javascript that will be executed when the button is clicked</param>
/// <param name="buttonDescription">localized description of the button</param>
public ButtonModel(MxUser user, string id, string[] requiredRoles, string buttonText, string buttonJsCall, string buttonDescription,
string cssClass, string iconClass, bool showButtonText)
{
Usr = user;
Id = id;
RequiredRoles = requiredRoles;
ButtonText = buttonText;
JsCall = buttonJsCall;
ButtonDescription = buttonDescription;
ShowBtn = false;
if (string.IsNullOrEmpty(iconClass))
{
CssClass = cssClass;
}
else
{
CssClass = cssClass + " icon";
}
IconClass = iconClass;
ShowBtnText = showButtonText;
if (requiredRoles == null || requiredRoles.Length == 0)
{
ShowBtn = true;
}
else
{
for (int i = 0; i < requiredRoles.Length; i++)
{
if (user.IsInRole(requiredRoles[i]))
{
ShowBtn = true;
break;
}
}
}
if (!ShowBtnText)
{
Tooltip = buttonText;
}
}
public JsonResult EditGroup(FormCollection form)
{
JsonResult jr = new JsonResult();
MxUser mxUser = GetMxUser();
if (form["del"] == "true")
{
if (mxUser.IsInRole("GROUP_Delete"))
{
BLL.Groups.Delete(form["groupId"]);
}
else
{
jr = Json(new { success = "false", error = "User does not have Delete rights" });
}
}
else
{
if (mxUser.IsInRole("GROUP_Edit"))
{
if (!String.IsNullOrEmpty(form["edit"]))
{
try
{
BLL.Groups.Update(form["groupId"], form["roles"], form["groupName"], form["description"]);
jr = Json(new { success = "true" });
}
catch (Exception ex)
{
jr = Json(new { success = "false", error = ex.Message });
}
}
}
else
{
jr = Json(new { success = "false", error = "User does not have Edit rights" });
}
}
return(jr);
}
public JsonResult ClearUserSeats(FormCollection form)
{
JsonResult jr = new JsonResult();
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("USERS_Edit"))
{
try
{
BLL.MxLicense.UnseatUser(form["userId"], "");
jr = Json(new { success = "true" });
}
catch (Exception ex)
{
jr = Json(new { success = "false", error = ex.Message });
}
}
else
{
throw new Exception("The currently logged in user does not have user Edit rights");
}
return(jr);
}
public JsonResult AddRolesToGroups(FormCollection form)
{
JsonResult jr = new JsonResult();
MxUser mxUser = GetMxUser();
try
{
if (mxUser.IsInRole("GROUP_Edit"))
{
BLL.Groups.UpdateRoleInGroups(form["groups"].Replace("addRole_", ""), form["role"]);
jr = Json(new { success = "true" });
}
else
{
jr = Json(new { success = "false", error = "User does not have Group Edit rights" });
}
}
catch (Exception ex)
{
jr = Json(new { success = "false", error = ex.Message });
}
return(jr);
}
public JsonResult DeleteGroup(FormCollection form)
{
JsonResult jr = new JsonResult();
MxUser mxUser = GetMxUser();
if (mxUser.IsInRole("GROUP_Delete"))
{
try
{
BLL.Groups.Delete(form["groupId"]);
jr = Json(new { success = "true" });
}
catch (Exception ex)
{
jr = Json(new { success = "false", error = ex.Message });
}
}
else
{
jr = Json(new { success = "false", error = "User does not have Delete rights" });
}
return(jr);
}
public bool UserInRole(string role)
{
MxUser um = (MxUser)Session["User"];
//if (um == null)
//{
// //try to get the user from the currently logged in user
// MembershipUser mu = Membership.GetUser();
// if (mu != null)
// {
// um = new MxUser(mu.ProviderUserKey.ToString());
// Session["User"] = um; // add it to session so we have it next time
// }
//}
if (um != null)
{
if (um.Roles.Contains(role))
{
return(true);
}
}
return(false);
}
public NoAccessModel(MxUser user)
{
Usr = user;
}
/// <summary>
///
/// </summary>
/// <param name="user">logged in user</param>
/// <param name="userId">userid - if we are trying to see a particular user</param>
public UsersModel(MxUser user, string userId)
{
Usr = user;
UserId = userId;
}
public JsonResult EditUser(string userId, FormCollection form)
{
JsonResult jr = new JsonResult();
MembershipUser mbrUser;
MxUser mxUser = GetMxUser();
if (form["del"] == "true")
{
if (mxUser.IsInRole("USERS_Delete"))
{
Membership.DeleteUser(form["userName"], true);
}
else
{
throw new Exception("The currently logged in user does not have user delete rights");
}
}
else
{
if (!String.IsNullOrEmpty(form["edit"]))
{
if (mxUser.IsInRole("USERS_Edit"))
{
mbrUser = Membership.GetUser(new Guid(form["userId"]));
if (form["changePw"] == "on")
{
string generatedPw = mbrUser.ResetPassword();
mbrUser.ChangePassword(generatedPw, "default");
}
if (form["userSuspended"] != "on")
{
mbrUser.IsApproved = true;
}
else
{
mbrUser.IsApproved = false;
}
string clt = form["changedLicType"];
if (bool.Parse(form["changedLicType"]))
{
BLL.MxLicense.UnseatUser(mbrUser.ProviderUserKey.ToString(), "");
}
}
else
{
throw new Exception("The currently logged in user does not have user edit rights");
}
}
else
{
if (mxUser.IsInRole("USERS_Add"))
{
mbrUser = Membership.CreateUser(form["username"], "default", form["emailAddr"]);
mbrUser.IsApproved = true;
}
else
{
throw new Exception("The currently logged in user does not have user add rights");
}
}
System.Web.Profile.ProfileBase profile = System.Web.Profile.ProfileBase.Create(mbrUser.UserName);
mbrUser.Email = form["emailAddr"];
bool compAdmin = form["isCompanyAdmin"] == "on" ? true : false;
bool acctAdmin = form["isAcctAdmin"] == "on" ? true : false;
bool prodAdmin = form["isProdAdmin"] == "on" ? true : false;
bool external = form["isExternal"] == "on" ? true : false;
bool exempt = form["isExempt"] == "on" ? true : false;
bool cantChangePw = form["cantChangePw"] == "on" ? true : false;
profile.SetPropertyValue("firstName", form["firstName"]);
profile.SetPropertyValue("lastName", form["lastName"]);
profile.SetPropertyValue("initials", form["initials"]);
profile.SetPropertyValue("CompanyAdmin", compAdmin);
profile.SetPropertyValue("CantChangePw", cantChangePw);
profile.SetPropertyValue("ProdAdmin", prodAdmin);
profile.SetPropertyValue("AcctAdmin", acctAdmin);
profile.SetPropertyValue("External", external);
profile.SetPropertyValue("Exempt", exempt);
profile.SetPropertyValue("PwExpireInterval", form["pwExpireInterval"]);
profile.SetPropertyValue("MinuteLimit", form["timeoutLimit"]);
profile.SetPropertyValue("LicenseType", form["licenseType"]);
try
{
Membership.UpdateUser(mbrUser);
profile.Save();
BLL.MxUser.UpdateUserPermissions(mbrUser.ProviderUserKey.ToString(), form["suppliers"], form["customers"], form["groups"]);
jr = Json(new { success = "true" });
}
catch (Exception exc)
{
jr = Json(new { success = "false", error = exc.Message });
}
}
return(jr);
}
/// <summary>
///
/// </summary>
/// <param name="editUser">User that is being edited</param>
/// <param name="user">Logged in user</param>
public EditUserModel(MxUser editUser, MxUser user)
{
EditUser = editUser;
Usr = user;
}
/// <summary>
///
/// </summary>
/// <param name="user">Logged in user </param>
public AddUserModel(MxUser user)
{
Usr = user;
//create a default (blank user)
AddUser = new MxUser();
}
/// <summary>
///
/// </summary>
/// <param name="currentUsr">logged in user</param>
/// <param name="userDt">DataTable of all users in the system</param>
public UserListModel(MxUser currentUsr, DataTable userDt)
{
Usr = currentUsr;
Users = userDt;
}
public NavSearchModel(MxUser mxUser)
{
GenCategoryList = new MenuItemListModel(true, GetSearchMenu(string.Empty));
this.Usr = mxUser;
}
public ActionResult LogIn(LogInModel model, string returnUrl)
{
if (ModelState.IsValid)
{
MembershipUser mu = Membership.GetUser(model.UserName);
if (mu != null && (!mu.IsApproved || mu.IsLockedOut))
{
ModelState.AddModelError("", Resources.Account.LogIn.suspendedUser);
}
else
{
if (Membership.ValidateUser(model.UserName, model.Password))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
MxUser mxUser = new MxUser(mu.ProviderUserKey.ToString());
//make sure that the license type has not been tampered with
if (mxUser.IsCompanyAdmin || mxUser.IsAcctAdmin || mxUser.IsProdAdmin)
{
if (mxUser.LicenseType != "full")
{
mu.IsApproved = false;
RedirectToAction("Account", "NoSeat");
}
}
//clear any inactive users for concurrency
BLL.MxLicense.ClearInactiveSeats();
int lCount = BLL.MxLicense.GetLicenseSeatCount();
if (lCount < 1)
{
RedirectToAction("Account", "NoSeat");
}
//check to see if there's room for a seat
if (BLL.MxLicense.GetActiveSeatCount(mxUser.LicenseType) <= lCount)
{
//check to see if the user already has a seat
if (!BLL.MxLicense.SeatCheck(mu.ProviderUserKey.ToString(), Session.SessionID))
{
//seat the user
mxUser.SeatUser(Session.SessionID, "", "", Request.ServerVariables["REMOTE_ADDR"], "");
}
}
else
{
RedirectToAction("Account", "NoSeat");
}
int pwInterval = 0;
int.TryParse(mxUser.GetProperty("PwExpireInterval"), out pwInterval);
if (pwInterval > 0)
{
if (mu.LastPasswordChangedDate.AddDays(pwInterval) < DateTime.Today)
{
return(RedirectToAction("ChangePassword", new RouteValueDictionary(
new { controller = "Account", action = "ChangePassword", option = "PwExpired", username = mu.UserName })));
}
}
if (model.Password == "default")
{
return(RedirectToAction("ChangePassword", new RouteValueDictionary(
new { controller = "Account", action = "ChangePassword", option = "DefaultPw", username = mu.UserName })));
}
//add the user model to the session
Session.Add("User", mxUser);
if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/") &&
!returnUrl.StartsWith("//") && !returnUrl.StartsWith("/\\"))
{
return(Redirect(returnUrl));
}
else
{
return(RedirectToAction("Status", "Orders"));
}
}
else
{
ModelState.AddModelError("", Resources.Account.LogIn.Invalid);
//profile
}
}
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public OrderStatus(MxUser um)
{
Usr = um;
AssignedCustomers = BLL.Customer.GetCustomersForUserDictionary((Guid)Membership.GetUser().ProviderUserKey);
}