public HttpResponseMessage GetLibraryResources(string token)
{
if (context.CheckIfTokenValid(token) != 10001)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(context.GetLibraryResources(token)))
});
}
public HttpResponseMessage UpdateSessionClient(string token, int clientId)
{
try
{
using (var con = new OrgSys2017DataContext())
{
var isSessionActive = con.CheckIfTokenValid(token) == 10001;
if (!isSessionActive)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
var session = con.Sessions.Single(x => x.SessionToken == token);
var user = con.Users.Single(x => x.UserID == int.Parse(session.UserID));
var isInternalUser = user.UserType == 1;
//all internal users have a default clientId of 0 in session table
var hasPermission = (isInternalUser && clientId == 0) ? true : con.ClientDivisionUserViews.Any(x => x.UserID == user.UserID && x.RootClientID == clientId);
if (!hasPermission || !isInternalUser)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
con.Sessions.Single(x => x.SessionToken == token).ClientID = clientId + "";
con.SubmitChanges();
return(Request.CreateResponse(HttpStatusCode.OK));
}
}
catch (Exception e)
{
ExceptionLog.LogException(e);
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
}
public HttpResponseMessage GetReportedComments(string Token, string ClaimID)
{
try
{
if (context.CheckIfTokenValid(Token) == 10001)
{
using (var command = OrgsysdbConn.CreateCommand())
{
OrgsysdbConn.Open();
command.CommandText = "PORTALORG_GetReportedCommentsByClaimID";
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue("@ClaimID", ClaimID);
var da = new MySqlDataAdapter(command);
var dt = new DataTable();
da.Fill(dt);
OrgsysdbConn.Close();
return(Request.CreateResponse(HttpStatusCode.OK, JsonConvert.SerializeObject(dt, Formatting.None)));
}
}
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
catch (Exception e)
{
ExceptionLog.LogException(e);
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
}
public HttpResponseMessage AddBillingItem([FromBody] string billDetails, string token)
{
if (con.CheckIfTokenValid(token) != 10001 && con.IsUserInternal(token) == 1)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
try
{
BillingDetail bill = JsonConvert.DeserializeObject <BillingDetail>(billDetails);
int UserID = con.GetUserIDSession(token).SingleOrDefault().UserID;
bill.AssignedTo = UserID;
bill.BilledBy = UserID;
bill.DateAdded = DateTime.Now;
con.BillingDetails.InsertOnSubmit(bill);
con.SubmitChanges();
return(new HttpResponseMessage(HttpStatusCode.OK));
}
catch (Exception ex)
{
ExceptionLog.LogException(ex);
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
}
public HttpResponseMessage DownloadClaimFile(string token, int documentId)
{
try
{
using (context = new OrgSys2017DataContext())
{
if (context.CheckIfTokenValid(token) != 10001)
{
return(Request.CreateResponse(HttpStatusCode.Forbidden));
}
var doc = context.Claim_Documents.Where(d => d.DocID == documentId);
if (doc.Count() == 1)
{
string DocName = doc.Single().DocName;
string DocType = doc.Single().DocType;
string DocExt = doc.Single().DocExt;
string DocGuid = doc.Single().StoredGuid;
HttpContext httpContext = HttpContext.Current;
FileInfo file = new FileInfo(path + DocGuid);
httpContext.Response.Clear();
httpContext.Response.ClearHeaders();
httpContext.Response.AddHeader("Content-Disposition", $"attachment; filename={DocName}");
//httpContext.Response.AddHeader("Content-length", file.Length.ToString());
httpContext.Response.ContentType = DocType;
httpContext.Response.Flush();
httpContext.Response.TransmitFile(file.FullName);
httpContext.Response.End();
return(Request.CreateResponse(HttpStatusCode.OK, DocName + "." + DocExt, Configuration.Formatters.JsonFormatter));
}
else
{
return(Request.CreateResponse(HttpStatusCode.NotFound));
}
}
}
catch (Exception e)
{
ExceptionLog.LogException(e);
return(new HttpResponseMessage(HttpStatusCode.BadRequest));
}
}
public HttpResponseMessage UpdateAdjudicateClaim(string token, [FromBody] CloseClaimDTO model)
{
try
{
var valid = context.CheckIfTokenValid(token) != 0;
if (!valid)
{
return(Request.CreateResponse(HttpStatusCode.Unauthorized));
}
context.UpdateAdjudicateClaim(model.Reason, model.ClaimID, model.ClaimReference, model.UserID, model.Comment);
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("Closed")
});
}
catch (Exception e)
{
ExceptionLog.LogException(e);
return(Request.CreateResponse(HttpStatusCode.InternalServerError));
}
}
public HttpResponseMessage CheckIfDuplicateClaim([FromBody] DuplicateEmpCheck Employee)
{
if (context.CheckIfTokenValid(Employee.Token) != 10001)
{
return(new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Invalid token")
});
}
if (String.IsNullOrEmpty(Employee.EmpFirstName) || String.IsNullOrEmpty(Employee.EmplastName) || Employee.DOB == null)
{
return(new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent("Client ID, First name, Last name and date of birth must be specified")
});
}
return(new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(JsonConvert.SerializeObject(context.DetectDuplicateClaim(Employee.ClientID, Employee.EmpNu, Employee.EmpFirstName, Employee.EmplastName, Employee.DOB, Employee.SIN)))
});
}
public string CheckIfTokenValid(string token)
{
return(JsonConvert.SerializeObject(context.CheckIfTokenValid(token), Formatting.None));
}
/// <summary>
/// Executed before action is called when [OSIAuthenticationFilter] is used in a controller action
/// </summary>
/// <param name="actionContext"> http context of action</param>
/// <param name="cancellationToken"></param>
public override Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken)
{
using (var ctx = new OrgSys2017DataContext())
{
if (actionContext.Request.Headers.TryGetValues("Authentication", out IEnumerable <string> values) && ctx.CheckIfTokenValid(values.FirstOrDefault()) == 10001)
{
//User is Authorized, complete execution
return(Task.FromResult <object>(actionContext));
}
else if (SkipAuthorization(actionContext))
{
//User is Authorized, complete execution
return(Task.FromResult <object>(actionContext));
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "The token provided is not valid.");
return(Task.FromResult <object>(null));
}
}
}
