public void Delete(string fileOrFolder)
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
WindowsIdentity winID = principal.Identity as WindowsIdentity;
try
{
using (winID.Impersonate())
{
Console.WriteLine("Impersonifikacija klijenta {0}", WindowsIdentity.GetCurrent().Name);
if (!Thread.CurrentPrincipal.IsInRole("Delete"))
{
string username = Parser.Parse(Thread.CurrentPrincipal.Identity.Name);
try
{
Audit.AuthorizationFailed(principal.Identity.Name,
OperationContext.Current.IncomingMessageHeaders.Action,
"Nemam dozvolu za Delete.");
}
catch (ArgumentException e)
{
Console.WriteLine(e.Message);
}
throw new FaultException(username + " je pokušao da pozove Delete, za šta mu treba dozvola.");
}
else
{
FilesAndFolders.Delete(fileOrFolder);
try
{
Audit.AuthorizationSuccess(principal.Identity.Name,
OperationContext.Current.IncomingMessageHeaders.Action);
}
catch (ArgumentException e)
{
Console.WriteLine(e.Message);
}
}
}
}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e.Message);
}
}
public int GetBill()
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
// if (principal.IsInRole(Permissions.Read.ToString()))
// {
Console.WriteLine("Read() successfully executed by {0}.", principal.Identity.Name);
return(value);
// }
/* else
* {
* Console.WriteLine("GetBill() failed for user {0}.", principal.Identity.Name);
* }
* return -1;
*/
}
public void ModifyPerformance(int id, string name, DateTime date, int room, double ticketPrice)
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (principal.IsInRole("Admin"))
{
Console.WriteLine("\nModifying performance...");
for (int i = 0; i < Database.performances.Count(); ++i)
{
if (id.Equals(Database.performances[i].Id))
{
Database.performances[i].Name = name;
Database.performances[i].Date = date;
Database.performances[i].Room = room;
Database.performances[i].TicketPrice = ticketPrice;
}
}
try
{
Audit.ChangeSuccess(GetClientUserName(), "performance.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Database.WritePerformances();
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Modify Performance",
$"Modify Performance can be used only by user in the Admin group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Admin", "Modify Performance");
}
}
public bool DeleteDB()
{
bool deleted = false;
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
var permission = Permissions.DeleteAll.ToString().ToLower();
/// audit both successfull and failed authorization checks
if (principal.IsInRole(permission))
{
value = 0;
Console.WriteLine("DeleteDB() passed for user {0}.", principal.Identity.Name);
deleted = true;
}
else
{
Console.WriteLine("DeleteDB() failed for user {0}.", principal.Identity.Name);
}
return(deleted);
}
public bool ModifyDB(int newValue)
{
bool modified = false;
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
var permission = Permissions.Modify.ToString().ToLower();
/// audit both successfull and failed authorization checks
if (principal.IsInRole(permission))
{
value = newValue;
Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name);
modified = true;
}
else
{
Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name);
}
return(modified);
}
public bool DeleteEntityDB(int id)
{
bool deleted = false;
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
var permission = Permissions.Delete.ToString().ToLower();
/// audit both successfull and failed authorization checks
if (principal.IsInRole(permission))
{
Console.WriteLine("DeleteEntityDB() passed for user {0}.", principal.Identity.Name);
DataBase.DeleteEntity(id);
deleted = true;
logger.Log(principal.Identity.Name, "DeleteEntityDB", "", EventType.AuthorizationSuccess);
}
else
{
logger.Log(principal.Identity.Name, "DeleteEntityDB", permission, EventType.AuthorizationFailure);
Console.WriteLine("DeleteEntityDB() failed for user {0}.", principal.Identity.Name);
}
return(deleted);
}
public bool ModifyReading(double newValue, int id)
{
bool modified = false;
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
var permission = Permissions.Modify.ToString().ToLower();
/// audit both successfull and failed authorization checks
if (principal.IsInRole(permission))
{
Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name);
DataBase.ModifyReading(id, newValue);
modified = true;
logger.Log(principal.Identity.Name, "ModifyReading", "", EventType.AuthorizationSuccess);
}
else
{
logger.Log(principal.Identity.Name, "ModifyReading", permission, EventType.AuthorizationFailure);
Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name);
}
return(modified);
}
public void ModifyDiscount(int discount)
{
string clientUsername = GetClientUserName();
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (principal.IsInRole("Admin"))
{
Console.WriteLine("\nModifying discount...");
Database.Discount = discount;
Database.WriteDiscount();
try
{
Audit.ChangeSuccess(clientUsername, "discount.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Modify Discount",
$"Modify Discount can be used only by user in the Admin group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Admin", "Modify Discount");
}
}
bool HasPermission(Permission perm)
{
CustomPrincipal currUser = new CustomPrincipal(ServiceSecurityContext.Current.WindowsIdentity);
return(currUser.HasPermission(perm.ToString()));
}
public bool CheckIfReservationCanBePaied(int reservationsId)
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
{
string clientUsername = GetClientUserName();
string clientRole = GetClientRole();
foreach (User u in Database.users)
{
if (u.Username.Equals(clientUsername))
{
foreach (Reservation r in u.Reservations)
{
if (r.Id.Equals(reservationsId))
{
foreach (Performance p in Database.performances)
{
if (p.Id.Equals(r.PerformanceId))
{
if (r.State.Equals(ReservationState.UNPAID))
{
if (clientRole.Equals("Korisnik"))
{
if (u.Balance >= r.TicketQuantity * p.TicketPrice)
{
return(true);
}
}
else
{
if (u.Balance >= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100))
{
return(true);
}
}
}
}
}
}
}
}
}
try
{
Audit.MethodCallFailed(GetClientUserName(), "Pay Reservation",
$"User did not enter a valid id of reservation.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return(false);
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation",
$"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation");
return(false);
}
}
public void PayReservation(int reservationsId)
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
{
string clientUsername = GetClientUserName();
string clientRole = GetClientRole();
Console.WriteLine("\nPaying reservation...");
foreach (User u in Database.users)
{
if (u.Username.Equals(clientUsername))
{
foreach (Reservation r in u.Reservations)
{
foreach (Performance p in Database.performances)
{
if (p.Id.Equals(r.PerformanceId))
{
if (r.Id.Equals(reservationsId))
{
if (clientRole.Equals("Korisnik"))
{
u.Balance -= r.TicketQuantity * p.TicketPrice;
try
{
Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
else
{
u.Balance -= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100);
try
{
Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
for (int i = 0; i < u.Reservations.Count(); i++)
{
if (u.Reservations[i].Id.Equals(reservationsId))
{
u.Reservations[i].State = ReservationState.PAID;
try
{
Audit.PayReservationSuccess(clientUsername, ReservationState.UNPAID.ToString(), ReservationState.PAID.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Database.WriteReservations();
Database.WriteUsers();
}
}
}
}
}
}
}
}
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation",
$"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation");
}
}
public bool CheckIfPerformanceExists(int id, int methodID)
{
CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;
if (methodID == 2)
{
if (principal.IsInRole("Admin"))
{
foreach (Performance p in Database.performances)
{
if (p.Id.Equals(id))
{
return(true);
}
}
try
{
Audit.MethodCallFailed(GetClientUserName(), "Modify Performance",
$"User did not enter a valid id of perfrormance.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return(false);
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Modify Performance",
$"Modify performance can be used only by user in the Admin group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Admin", "Modify Performance");
return(false);
}
}
else
{
if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
{
foreach (Performance p in Database.performances)
{
if (p.Id.Equals(id))
{
return(true);
}
}
try
{
Audit.MethodCallFailed(GetClientUserName(), "Make Reservation",
$"User did not enter a valid id of perfrormance.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
return(false);
}
else
{
try
{
Audit.AuthorizationFailed(GetClientUserName(), "Make Reservation",
$"Make Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
ErrorMessage("Korisnik or SuperKorisnik", "Make Reservation");
return(false);
}
}
}
