public HttpResponseMessage GetLibraryResources(string token) { if (context.CheckIfTokenValid(token) != 10001) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(JsonConvert.SerializeObject(context.GetLibraryResources(token))) }); }
public HttpResponseMessage UpdateSessionClient(string token, int clientId) { try { using (var con = new OrgSys2017DataContext()) { var isSessionActive = con.CheckIfTokenValid(token) == 10001; if (!isSessionActive) { return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } var session = con.Sessions.Single(x => x.SessionToken == token); var user = con.Users.Single(x => x.UserID == int.Parse(session.UserID)); var isInternalUser = user.UserType == 1; //all internal users have a default clientId of 0 in session table var hasPermission = (isInternalUser && clientId == 0) ? true : con.ClientDivisionUserViews.Any(x => x.UserID == user.UserID && x.RootClientID == clientId); if (!hasPermission || !isInternalUser) { return(Request.CreateResponse(HttpStatusCode.Forbidden)); } con.Sessions.Single(x => x.SessionToken == token).ClientID = clientId + ""; con.SubmitChanges(); return(Request.CreateResponse(HttpStatusCode.OK)); } } catch (Exception e) { ExceptionLog.LogException(e); return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } }
public HttpResponseMessage GetReportedComments(string Token, string ClaimID) { try { if (context.CheckIfTokenValid(Token) == 10001) { using (var command = OrgsysdbConn.CreateCommand()) { OrgsysdbConn.Open(); command.CommandText = "PORTALORG_GetReportedCommentsByClaimID"; command.CommandType = CommandType.StoredProcedure; command.Parameters.AddWithValue("@ClaimID", ClaimID); var da = new MySqlDataAdapter(command); var dt = new DataTable(); da.Fill(dt); OrgsysdbConn.Close(); return(Request.CreateResponse(HttpStatusCode.OK, JsonConvert.SerializeObject(dt, Formatting.None))); } } return(Request.CreateResponse(HttpStatusCode.NotFound)); } catch (Exception e) { ExceptionLog.LogException(e); return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } }
public HttpResponseMessage AddBillingItem([FromBody] string billDetails, string token) { if (con.CheckIfTokenValid(token) != 10001 && con.IsUserInternal(token) == 1) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); } try { BillingDetail bill = JsonConvert.DeserializeObject <BillingDetail>(billDetails); int UserID = con.GetUserIDSession(token).SingleOrDefault().UserID; bill.AssignedTo = UserID; bill.BilledBy = UserID; bill.DateAdded = DateTime.Now; con.BillingDetails.InsertOnSubmit(bill); con.SubmitChanges(); return(new HttpResponseMessage(HttpStatusCode.OK)); } catch (Exception ex) { ExceptionLog.LogException(ex); return(new HttpResponseMessage(HttpStatusCode.BadRequest)); } }
public HttpResponseMessage DownloadClaimFile(string token, int documentId) { try { using (context = new OrgSys2017DataContext()) { if (context.CheckIfTokenValid(token) != 10001) { return(Request.CreateResponse(HttpStatusCode.Forbidden)); } var doc = context.Claim_Documents.Where(d => d.DocID == documentId); if (doc.Count() == 1) { string DocName = doc.Single().DocName; string DocType = doc.Single().DocType; string DocExt = doc.Single().DocExt; string DocGuid = doc.Single().StoredGuid; HttpContext httpContext = HttpContext.Current; FileInfo file = new FileInfo(path + DocGuid); httpContext.Response.Clear(); httpContext.Response.ClearHeaders(); httpContext.Response.AddHeader("Content-Disposition", $"attachment; filename={DocName}"); //httpContext.Response.AddHeader("Content-length", file.Length.ToString()); httpContext.Response.ContentType = DocType; httpContext.Response.Flush(); httpContext.Response.TransmitFile(file.FullName); httpContext.Response.End(); return(Request.CreateResponse(HttpStatusCode.OK, DocName + "." + DocExt, Configuration.Formatters.JsonFormatter)); } else { return(Request.CreateResponse(HttpStatusCode.NotFound)); } } } catch (Exception e) { ExceptionLog.LogException(e); return(new HttpResponseMessage(HttpStatusCode.BadRequest)); } }
public HttpResponseMessage UpdateAdjudicateClaim(string token, [FromBody] CloseClaimDTO model) { try { var valid = context.CheckIfTokenValid(token) != 0; if (!valid) { return(Request.CreateResponse(HttpStatusCode.Unauthorized)); } context.UpdateAdjudicateClaim(model.Reason, model.ClaimID, model.ClaimReference, model.UserID, model.Comment); return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("Closed") }); } catch (Exception e) { ExceptionLog.LogException(e); return(Request.CreateResponse(HttpStatusCode.InternalServerError)); } }
public HttpResponseMessage CheckIfDuplicateClaim([FromBody] DuplicateEmpCheck Employee) { if (context.CheckIfTokenValid(Employee.Token) != 10001) { return(new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("Invalid token") }); } if (String.IsNullOrEmpty(Employee.EmpFirstName) || String.IsNullOrEmpty(Employee.EmplastName) || Employee.DOB == null) { return(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Client ID, First name, Last name and date of birth must be specified") }); } return(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent(JsonConvert.SerializeObject(context.DetectDuplicateClaim(Employee.ClientID, Employee.EmpNu, Employee.EmpFirstName, Employee.EmplastName, Employee.DOB, Employee.SIN))) }); }
public string CheckIfTokenValid(string token) { return(JsonConvert.SerializeObject(context.CheckIfTokenValid(token), Formatting.None)); }
/// <summary> /// Executed before action is called when [OSIAuthenticationFilter] is used in a controller action /// </summary> /// <param name="actionContext"> http context of action</param> /// <param name="cancellationToken"></param> public override Task OnAuthorizationAsync(HttpActionContext actionContext, System.Threading.CancellationToken cancellationToken) { using (var ctx = new OrgSys2017DataContext()) { if (actionContext.Request.Headers.TryGetValues("Authentication", out IEnumerable <string> values) && ctx.CheckIfTokenValid(values.FirstOrDefault()) == 10001) { //User is Authorized, complete execution return(Task.FromResult <object>(actionContext)); } else if (SkipAuthorization(actionContext)) { //User is Authorized, complete execution return(Task.FromResult <object>(actionContext)); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "The token provided is not valid."); return(Task.FromResult <object>(null)); } } }