public ActionResult Index(User user, string action, string ReturnUrl)
{
if (action == "Submit")
{
bool result = false;
string msg = string.Empty;
string fullName = string.Empty;
if (ModelState.IsValid)
{
Entities.UserManagement.SampleData entities = new SampleData();
// result = entities.SUsers.Any(u => u.Username == user.Username);
if ( user.Username == null || user.Password == null)
{
ModelState.AddModelError("", "Please enter Username / Password !");
ViewBag.msg = "Error";
return View();
}
if (user.Username == "sadmin")
{
result = _applicationContext.ServiceContext.AdminService.Login(user.Username, user.Password);
fullName = _applicationContext.ServiceContext.AdminService.GetUserName();
}
else
{
if (Url.IsLocalUrl(ReturnUrl) && ReturnUrl.Length > 1 && ReturnUrl.StartsWith("/")
&& !ReturnUrl.StartsWith("//") && !ReturnUrl.StartsWith("/\\"))
{
string InstitutionId = ReturnUrl.Split('=')[1];
Session.Add("InstitutionId", InstitutionId);
//ReInitializing Application Context with Institution Details.
System.Web.HttpContext.Current.Session["ApplicationContext"] = null;
_applicationContext = new ApplicationContext();
System.Web.HttpContext.Current.Session["ApplicationContext"] = _applicationContext;
result = _applicationContext.ServiceContext.UserService.AuthenticateUser(user.Username, user.Password, out msg, out fullName);
}
}
if (result)
{
Session["Username"] = fullName;
System.Web.HttpContext.Current.Session["ApplicationContext"] = null;
Session["InstitutionId"] = null;
FormsAuthentication.SetAuthCookie(user.Username, false);
if (Url.IsLocalUrl(ReturnUrl) && ReturnUrl.Length > 1 && ReturnUrl.StartsWith("/")
&& !ReturnUrl.StartsWith("//") && !ReturnUrl.StartsWith("/\\"))
{
return Redirect(ReturnUrl);
}
else
{
return RedirectToAction("ManageInstitution", "Admin");
}
}
else
{
if (string.IsNullOrWhiteSpace(msg))
msg = "Invalid username / Password !";
ModelState.AddModelError("", msg);
ViewBag.msg = "Error";
string tmp = System.Web.HttpContext.Current.Request.RawUrl;
// RedirectToAction("Index", "Admin", new { ReturnUrl = ReturnUrl });
return View();
}
}
}
else
{
ModelState.Clear();
ViewBag.msg = null;
return View();
}
return View();
}
// GET: Institution
public ActionResult InstitutionDashboard(int? InstitutionId)
{
List<ViewModels.Appointment> apps = new List<ViewModels.Appointment>();
var instList = _applicationContext.ServiceContext.AdminService.GetTenants();
ViewBag.instListcount = instList.Count;
if (instList.Count == 0)
{
return View(apps);
}
if (InstitutionId != null && InstitutionId > 0)
{
//Added to avoid direct injection of Istitution ID.
if(HttpContext.User.Identity.Name != "sadmin")
if (Session["InstitutionId"] != null && Session["InstitutionId"].ToString() != InstitutionId.ToString())
{
FormsAuthentication.SignOut();
Session.Abandon();
return RedirectToAction("Index", "Admin", new { Error = "Sorry you are not Authorized to Perform this Action" });
}
if (Session["InstitutionId"] == null || Session["InstitutionId"].ToString() != InstitutionId.ToString())
{
Session.Add("InstitutionId", InstitutionId);
//ReInitializing Application Context with Institution Details.
System.Web.HttpContext.Current.Session["ApplicationContext"] = null;
_applicationContext = new ApplicationContext();
System.Web.HttpContext.Current.Session["ApplicationContext"] = _applicationContext;
}
int v2 = InstitutionId ?? default(int);
string InstName = _applicationContext.ServiceContext.AdminService.GetInstitutionName(v2);
Session["InstitutionName"] = InstName;
NameValueCollection searchfilter = new NameValueCollection();
searchfilter.Add("name", null);
searchfilter.Add("appdt", DateTime.Now.ToString("MM/dd/yyyy"));
searchfilter.Add("clinicId", "-1");
apps = _applicationContext.ServiceContext.AppointmentService.GetAppointments(v2, searchfilter);
ViewBag.AppointmentCount = apps.Count();
ViewBag.RecordStatus = "";
ViewBag.TodaysDate = DateTime.Now.ToString("MM/dd/yyyy");
ViewBag.LBCCount = _applicationContext.ServiceContext.RiskClinicServices.GetPatients("LBC").Count();
ViewBag.BRCACount = _applicationContext.ServiceContext.RiskClinicServices.GetPatients("BRCA").Count();
if (apps.Count == 0)
{
ViewBag.RecordStatus = "No records found.";
}
/*=======Start Load Clinic Dropdown======================*/
var _ClinicList = _applicationContext.ServiceContext.AppointmentService.GetClinics((int)Session["InstitutionId"]);
ViewBag.ClinicList = new SelectList(_ClinicList.ToList(), "clinicID", "clinicName");
/*=======End Load Clinic Dropdown======================*/
return View(apps);
}
else if (Session["InstitutionId"] != null)
{
InstitutionId = Convert.ToInt32(Session["InstitutionId"]);
return RedirectToAction("InstitutionDashboard", new { InstitutionId = InstitutionId });
}
return RedirectToAction("ManageInstitution", "Admin");
}