public async Task <HttpResponseMessage> Create(MT_User_Permission UPMD)
{
Db = con.SurgeryCenterDb(UPMD.Slug);
UserPermissionResponse Response = new UserPermissionResponse();
try
{
UniqueID = con.GetUniqueKey();
UPMD.UP_Unique_ID = UniqueID;
DocumentReference docRef = Db.Collection("MT_User_Permission").Document(UniqueID);
WriteResult Result = await docRef.SetAsync(UPMD);
if (Result != null)
{
Response.Status = con.StatusSuccess;
Response.Message = con.MessageSuccess;
Response.Data = UPMD;
}
else
{
Response.Status = con.StatusNotInsert;
Response.Message = con.MessageNotInsert;
Response.Data = null;
}
}
catch (Exception ex)
{
Response.Status = con.StatusFailed;
Response.Message = con.MessageFailed + ", Exception : " + ex.Message;
}
return(ConvertToJSON(Response));
}
public async Task <HttpResponseMessage> ListFilterWithUserID(MT_User_Permission UPMD)
{
Db = con.SurgeryCenterDb(UPMD.Slug);
UserPermissionResponse Response = new UserPermissionResponse();
try
{
List <MT_User_Permission> PMList = new List <MT_User_Permission>();
Query ObjQuery = Db.Collection("MT_User_Permission").WhereEqualTo("User_ID", UPMD.User_ID).OrderBy("Category_Name");
QuerySnapshot ObjQuerySnap = await ObjQuery.GetSnapshotAsync();
if (ObjQuerySnap != null)
{
foreach (DocumentSnapshot Docsnap in ObjQuerySnap.Documents)
{
PMList.Add(Docsnap.ConvertTo <MT_User_Permission>());
}
Response.DataList = PMList;
Response.Status = con.StatusSuccess;
Response.Message = con.MessageSuccess;
}
else
{
Response.Status = con.StatusDNE;
Response.Message = con.MessageDNE;
}
}
catch (Exception ex)
{
Response.Status = con.StatusFailed;
Response.Message = con.MessageFailed + ", Exception : " + ex.Message;
}
return(ConvertToJSON(Response));
}
protected void btnLogin_Click(object sender, EventArgs e)
{// Do a sanity check on the username and password
string username = Authentication.ParseUsername(txtUsername.Text);
string password = txtPassword.Text;
if (
(username.Length > 3) &&
(password.Length > 3)
)
{
// Validate username and password
if (Authentication.ValidateADCredentials(Settings.Domain, username, password))
{
// Check the user's permissions
UserPermissionResponse permissions = Authentication.GetUserPermissions(Settings.Domain, username);
// Check if the user is a member of a required group
if (permissions.CanUserUseSystem)
{
// Attempt to create a session for the user
LoginSessionRepository loginSessionRepo = new LoginSessionRepository();
string newSessionID = loginSessionRepo.CreateSession(username, Request.ServerVariables["REMOTE_ADDR"], Request.ServerVariables["HTTP_USER_AGENT"], permissions.IsAdministrator);
if (newSessionID != string.Empty)
{
// Create a cookie with the user's shiny new session ID
createCookie(newSessionID);
// Wait a few seconds
System.Threading.Thread.Sleep(1000 * 3);
// Redirect to the front page
tblAlreadyLoggedIn.Visible = true;
tblLoginform.Visible = false;
lblUsername.Text = username;
redirectToIndex();
}
else
{
displayError(
"<b style=\"color: red\">Access denied:</b> There was an error creating your login session.<br><br> Please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>.");
}
}
else
{
displayError(
"<b style=\"color: red\">Access denied:</b> Your account is not authorized for access to this site.<br><br> To request access to this site, please create a ticket in our <a href=\"https://helpdesk.lskysd.ca\">Help Desk system</a>.");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
}
}
else
{
displayError("<b style=\"color: red\">Access denied:</b> Invalid username or password entered");
}
}
public async Task <HttpResponseMessage> AssignDefaultPermission(MT_User_Permission UPMD)
{
Db = con.SurgeryCenterDb(UPMD.Slug);
UserPermissionResponse Response = new UserPermissionResponse();
try
{
MT_Page_Master PMaster = new MT_Page_Master();
MT_User_Permission UPermission = new MT_User_Permission();
Query QueryPageMater = Db.Collection("MT_Page_Master");
QuerySnapshot ObjPageMasterSnap = await QueryPageMater.GetSnapshotAsync();
if (ObjPageMasterSnap != null)
{
foreach (DocumentSnapshot Snapshot in ObjPageMasterSnap.Documents)
{
PMaster = Snapshot.ConvertTo <MT_Page_Master>();
UniqueID = con.GetUniqueKey();
UPermission.UP_Unique_ID = UniqueID;
UPermission.User_ID = UPMD.User_ID;
UPermission.Page_ID = PMaster.PM_Unique_ID;
UPermission.Page_Name = PMaster.Page_Name;
UPermission.Category_Name = PMaster.Category_Name;
UPermission.Is_View = true;
UPermission.Is_Add = true;
UPermission.Is_Edit = true;
UPermission.Is_Delete = true;
DocumentReference docRef = Db.Collection("MT_User_Permission").Document(UniqueID);
WriteResult Result = await docRef.SetAsync(UPermission);
if (Result != null)
{
Response.Status = con.StatusSuccess;
Response.Message = con.MessageSuccess;
Response.Data = UPMD;
}
}
}
}
catch (Exception ex)
{
Response.Status = con.StatusFailed;
Response.Message = con.MessageFailed + ", Exception : " + ex.Message;
}
return(ConvertToJSON(Response));
}
/// <summary>
/// Creates a new session and returns the session ID. This assumes that the username and password were valid.
/// </summary>
/// <param name="username"></param>
/// <param name="remoteIP"></param>
/// <param name="useragent"></param>
/// <returns></returns>
public string CreateSession(string username, UserPermissionResponse permissions, string remoteIP, string useragent)
{
// Generate a session ID
string newSessionID = CreateSessionID(username + remoteIP + useragent);
// Determine a timespan for this session based on the current time of day
// If logging in during the work day, make a session last 8 hours
// If logging in after hours, make the session only last 2 hours
TimeSpan sessionDuration = new TimeSpan(0, 30, 0);
// Create a session in the database
// Also while we are querying the database, clear out expired sessions that are lingering, and clear any existing sessions for
// this user, limiting the site to one session per user (per site code)
using (SqlConnection connection = new SqlConnection(Settings.dbConnectionString_Internal))
{
using (SqlCommand sqlCommand = new SqlCommand())
{
sqlCommand.Connection = connection;
sqlCommand.CommandType = CommandType.Text;
sqlCommand.CommandText = "DELETE FROM sessions WHERE sessionends < {fn NOW()};DELETE FROM sessions WHERE username=@USERNAME;INSERT INTO sessions(thumbprint,username,ip,useragent,sessionstarts,sessionends, can_bypass_limits, can_create_batches, can_view_logs) VALUES(@ID, @USERNAME, @IP, @USERAGENT, @SESSIONSTART, @SESSIONEND, @CANBYPASSLIMITS, @CANCREATEBATCHES, @CANVIEWLOGS);";
sqlCommand.Parameters.AddWithValue("@ID", newSessionID);
sqlCommand.Parameters.AddWithValue("@USERNAME", username);
sqlCommand.Parameters.AddWithValue("@IP", remoteIP);
sqlCommand.Parameters.AddWithValue("@USERAGENT", useragent);
sqlCommand.Parameters.AddWithValue("@SESSIONSTART", DateTime.Now.AddMinutes(-10));
sqlCommand.Parameters.AddWithValue("@SESSIONEND", DateTime.Now.Add(sessionDuration));
sqlCommand.Parameters.AddWithValue("@CANBYPASSLIMITS", permissions.CanUserBypassLimits);
sqlCommand.Parameters.AddWithValue("@CANCREATEBATCHES", permissions.CanUserCreateBatches);
sqlCommand.Parameters.AddWithValue("@CANVIEWLOGS", permissions.CanUserViewLog);
sqlCommand.Connection.Open();
sqlCommand.ExecuteNonQuery();
sqlCommand.Connection.Close();
return(newSessionID);
}
}
return(string.Empty);
}
public async Task <HttpResponseMessage> Update(MT_User_Permission UPMD)
{
Db = con.SurgeryCenterDb(UPMD.Slug);
UserPermissionResponse Response = new UserPermissionResponse();
try
{
Dictionary <string, object> initialData = new Dictionary <string, object>
{
{ "Is_View", UPMD.Is_View },
{ "Is_Add", UPMD.Is_Add },
{ "Is_Edit", UPMD.Is_Edit },
{ "Is_Delete", UPMD.Is_Delete },
};
DocumentReference docRef = Db.Collection("MT_User_Permission").Document(UPMD.UP_Unique_ID);
WriteResult Result = await docRef.UpdateAsync(initialData);
if (Result != null)
{
Response.Status = con.StatusSuccess;
Response.Message = con.MessageSuccess;
Response.Data = UPMD;
}
else
{
Response.Status = con.StatusNotUpdate;
Response.Message = con.MessageNotUpdate;
Response.Data = null;
}
}
catch (Exception ex)
{
Response.Status = con.StatusFailed;
Response.Message = con.MessageFailed + ", Exception : " + ex.Message;
}
return(ConvertToJSON(Response));
}
