protected void Page_Load(object sender, EventArgs e)
{
if (!Request.Url.AbsoluteUri.Contains("localhost") && !Request.IsSecureConnection)
{
string absoluteUri = Request.Url.AbsoluteUri;
Response.Redirect(absoluteUri.Replace("http://", "https://"));
}
if (Request.QueryString["action"] == "logout")
{
AuthAdmin authAdmin = new AuthAdmin(db);
authAdmin.Logout();
}
if (!Page.IsPostBack)
{
if (!String.IsNullOrEmpty(Request.QueryString["verify"]))
{
CRM.Code.Models.Admin admin = db.Admins.FirstOrDefault(a => a.ResetLink.Contains(Request.RawUrl) && a.ResetLink != String.Empty);
if (admin != null)
{
if (((DateTime)admin.LastReset).AddMinutes(5) < UKTime.Now)
{
mvLogin.SetActiveView(viewLogin);
}
mvLogin.SetActiveView(viewReset);
}
}
lnkForgotten.Visible = true;
}
}
protected void btnReset_Click(object sender, EventArgs e)
{
CRM.Code.Models.Admin admin = db.Admins.First(a => a.ResetLink.Contains(Request.RawUrl));
admin.Password = AuthAdmin.GetHashedString(txtNewPassword.Text);
db.SubmitChanges();
mvLogin.SetActiveView(viewDone);
}
protected void Page_PreInit(object sender, EventArgs e)
{
AuthAdmin authAdmin = new AuthAdmin(db);
AdminUser = authAdmin.Authorise();
if (AdminUser == null)
{
Session.Remove("IsAuthorized");
Response.Redirect("/admin/login.aspx?redirect=" + Request.RawUrl);
}
else
{
string currentURL = GetCurrentURL();
if (currentURL.StartsWith("\\admin"))
{
int adminLength = "\\admin".Length;
currentURL = currentURL.Substring(adminLength, currentURL.Length - adminLength);
}
AdminPermission = AdminUser.CRM_SystemAccessAdmins.SingleOrDefault(s => s.CRM_SystemAccess != null && s.CRM_SystemAccess.Path.ToLower() == currentURL.ToLower());
bool CanView = true;
if (!Request.RawUrl.StartsWith("/admin/default.aspx"))
{
if (AdminPermission == null || !AdminPermission.IsRead)
{
CanView = false;
AdminPermission = AdminUser.CRM_SystemAccessAdmins.SingleOrDefault(s => s.CRM_SystemAccess == null && ((string)s.BespokeURL).ToLower() == Request.RawUrl);
if (AdminPermission == null || !AdminPermission.IsRead)
{
CanView = false;
}
else if (AdminPermission != null)
{
CanView = true;
}
}
}
if (!CanView)
{
NoticeManager.SetMessage("You do not have permission to view this page, please contact a Master Admin", "/admin");
}
IsAuthorised = true;
Session["IsAuthorized"] = true;
}
}
public void Initialize()
{
db = new MainDataContext();
if (HttpContext.Current.CurrentHandler is AdminPage)
{
AdminPage adminPage = (AdminPage)HttpContext.Current.CurrentHandler;
CurrentAdmin = adminPage.AdminUser;
}
else
{
AuthAdmin AuthAdmin = new AuthAdmin(db);
CurrentAdmin = AuthAdmin.Authorise();
}
}
private void reorderHeader(ImageButton button, bool increase)
{
int admin = 1;
if (ViewID == -1)
{
admin = new AuthAdmin(db).Authorise().ID;
}
var entities = DQManager.GetDataTable()._DataTableColumns.Where(d => d.AdminID == admin);
_DataTableColumn record = DQManager.GetDataTable()._DataTableColumns.SingleOrDefault(a => a.ID == Int32.Parse(button.CommandArgument));
Ordering.ChangeOrder(entities, record, increase);
DQManager.db.SubmitChanges();
LoadView();
}
protected void btnLogin_Click(object sender, EventArgs e)
{
AuthAdmin authAdmin = new AuthAdmin(db);
if (authAdmin.Login(txtUsername.Text, txtPassword.Text))
{
if (Request.QueryString["redirect"] != null)
{
Response.Redirect(Request.QueryString["redirect"]);
}
Response.Redirect("default.aspx");
}
else
{
lblMessage.Text = "Invalid Username or Password. Please try again.";
lblMessage.Visible = true;
}
}
/// <summary>
/// Evaluates admin authorization privileges to provide to AuthZFactory
/// </summary>
/// <param name="auth">Enumeration of admin authorization privileges.</param>
/// <returns></returns>
public bool[] GetAdminAuthZ(AuthAdmin auth)
{
switch (auth)
{
case AuthAdmin.admin:
return(new bool[2] {
false, true
});
case AuthAdmin.sysadmin:
return(new bool[2] {
true, true
});
default:
return(new bool[2] {
false, false
});
}
}
public List <_DataTableColumn> GetSchema()
{
if (GetDataTable() == null)
{
_DataTable datatable = new _DataTable();
datatable.TableReference = Type.Name;
datatable.FriendlyName = Type.Name;
datatable.IsAllowCustom = false;
db._DataTables.InsertOnSubmit(datatable);
db.SubmitChanges();
}
int viewID = ViewID;
if (viewID == -1)
{
AuthAdmin auth = new AuthAdmin(db);
viewID = auth.Authorise().ID;
}
List <_DataTableColumn> dtc = (from p in GetDataTable()._DataTableColumns
where p.AdminID == viewID
orderby p.OrderNo
select p).ToList();
if (IncludeDataReference)
{
var fields = GetAllFields();
_DataTableColumn tempDTC = new _DataTableColumn();
tempDTC.AdminID = 0;
tempDTC._DataTableID = 0;
tempDTC._DataFieldName = "Reference";
tempDTC._DataFieldFriendly = "Reference";
tempDTC.OrderNo = 999;
dtc.Add(tempDTC);
}
return(dtc);
}
public void ProcessRequest(HttpContext context)
{
byte route = Convert.ToByte(HttpContext.Current.Request.QueryString["route"]);
string recordid = HttpContext.Current.Request.QueryString["recordid"];
string returnurl = HttpContext.Current.Request.QueryString["returnURL"];
string message = "Done";
using (MainDataContext db = new MainDataContext())
{
AuthAdmin auth = new AuthAdmin(db);
if (auth.Authorise() == null)
{
context.Response.Write("Admin Auth Error");
context.Response.End();
}
db.Dispose();
}
DateTime timekey = DateTime.Parse(HttpUtility.UrlDecode(HttpContext.Current.Request.QueryString["timekey"]));
if (UKTime.Now > timekey.AddMinutes(62))
{
NoticeManager.SetMessage("This action has expired for security reasons - did you use your browser back button?", HttpUtility.UrlDecode(returnurl));
}
else
{
bool disableNoticeManager = false;
using (MainDataContext db = new MainDataContext())
{
switch (route)
{
case (byte)ActionLink.Route.RemoveAdminFromCalendarItem:
{
CRM_CalendarAdmin calendarAdmin = db.CRM_CalendarAdmins.Single(c => c.ID.ToString() == recordid);
message = calendarAdmin.AdminName + " removed from " + calendarAdmin.CRM_Calendar.DisplayName;
db.CRM_CalendarAdmins.DeleteOnSubmit(calendarAdmin);
db.SubmitChanges();
}
break;
case (byte)ActionLink.Route.RemoveFamilyPerson:
{
CRM_FamilyPerson familyPerson = db.CRM_FamilyPersons.Single(f => f.ID.ToString() == recordid);
message = familyPerson.CRM_Person.Fullname + " removed from the " + familyPerson.CRM_Family.Name + " family";
db.CRM_FamilyPersons.DeleteOnSubmit(familyPerson);
db.SubmitChanges();
}
break;
case (byte)ActionLink.Route.ArchiveTaskParticipant:
{
CRM_TaskParticipant participant = db.CRM_TaskParticipants.Single(t => t.ID.ToString() == recordid);
participant.IsArchived = true;
db.SubmitChanges();
message = participant.Name + " archived.";
}
break;
case (byte)ActionLink.Route.ReinstateTaskParticipant:
{
CRM_TaskParticipant participant = db.CRM_TaskParticipants.Single(t => t.ID.ToString() == recordid);
participant.IsArchived = false;
db.SubmitChanges();
message = participant.Name + " reinstated.";
}
break;
case (byte)ActionLink.Route.ArchivePassPerson:
{
CRM_AnnualPassPerson person = db.CRM_AnnualPassPersons.Single(t => t.ID.ToString() == recordid);
person.IsArchived = true;
db.SubmitChanges();
message = person.DisplayName + " archived.";
}
break;
case (byte)ActionLink.Route.ReinstatePassPerson:
{
CRM_AnnualPassPerson person = db.CRM_AnnualPassPersons.Single(t => t.ID.ToString() == recordid);
person.IsArchived = false;
db.SubmitChanges();
message = person.DisplayName + " reinstanted.";
}
break;
case (byte)ActionLink.Route.ToggleReadStatus:
{
NoteManager manager = new NoteManager();
bool IsRead = manager.IsRead(Convert.ToInt32(recordid));
disableNoticeManager = true;
if (IsRead)
{
MarkAsUnread(recordid);
message = "Marked as unread.";
}
else
{
MarkAsRead(recordid);
message = "Marked as read.";
}
}
break;
case (byte)ActionLink.Route.MarkNoteAsRead:
{
MarkAsRead(recordid);
db.SubmitChanges();
message = "Marked as read.";
}
break;
case (byte)ActionLink.Route.MarkNoteAsUnread:
{
MarkAsUnread(recordid);
db.SubmitChanges();
message = "Marked as unread.";
}
break;
case (byte)ActionLink.Route.DeleteOrganisationSchool:
{
CRM_OrganisationSchool orgSchool = db.CRM_OrganisationSchools.FirstOrDefault(s => s.ID.ToString() == recordid);
if (orgSchool != null)
{
db.CRM_OrganisationSchools.DeleteOnSubmit(orgSchool);
db.SubmitChanges();
message = "Link removed";
}
}
break;
case (byte)ActionLink.Route.ToggleInviteIsAttended:
{
CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid);
if (invite != null)
{
invite.IsAttended = !invite.IsAttended;
db.SubmitChanges();
message = "Invite Attendance Toggled";
}
}
break;
case (byte)ActionLink.Route.ToggleInviteIsBooked:
{
CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid);
if (invite != null)
{
invite.IsBooked = !invite.IsBooked;
db.SubmitChanges();
message = "Invite Booked Toggled";
}
}
break;
case (byte)ActionLink.Route.ToggleInviteIsCancelled:
{
CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid);
if (invite != null)
{
invite.IsCancelled = !invite.IsCancelled;
db.SubmitChanges();
message = "Invite Cancellation Toggled";
}
}
break;
case (byte)ActionLink.Route.ToggleInviteIsInvited:
{
CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid);
if (invite != null)
{
invite.IsInvited = !invite.IsInvited;
db.SubmitChanges();
message = "Invite Toggled";
}
}
break;
case (byte)ActionLink.Route.DeleteInvite:
{
CRM_CalendarInvite invite = db.CRM_CalendarInvites.FirstOrDefault(s => s.ID.ToString() == recordid);
if (invite != null)
{
db.CRM_CalendarInvites.DeleteOnSubmit(invite);
db.SubmitChanges();
message = "Invite Removed";
}
}
break;
case (byte)ActionLink.Route.ToggleGiftAidRecord:
{
CRM_FundraisingGiftProfileLog log = db.CRM_FundraisingGiftProfileLogs.FirstOrDefault(f => f.ID.ToString() == recordid);
if (log != null)
{
if (!log.IsConfirmed)
{
log.TimestampConfirmed = UKTime.Now;
log.IsConfirmed = true;
}
else
{
log.TimestampConfirmed = null;
log.IsConfirmed = false;
}
db.SubmitChanges();
message = "Gift aid record toggled";
}
}
break;
case (byte)ActionLink.Route.DeleteGiftAidRecord:
{
CRM_FundraisingGiftProfileLog log = db.CRM_FundraisingGiftProfileLogs.FirstOrDefault(f => f.ID.ToString() == recordid);
if (log != null)
{
db.CRM_FundraisingGiftProfileLogs.DeleteOnSubmit(log);
db.SubmitChanges();
message = "Gift aid record deleted";
}
}
break;
}
db.Dispose();
if (!disableNoticeManager)
{
NoticeManager.SetMessage(message, HttpUtility.UrlDecode(returnurl));
}
else
{
HttpContext.Current.Response.Redirect(returnurl);
}
}
}
}
public ActionResult Login(string username, string password, string returnUrl)
{
using (PeContext db = new PeContext())
{
var admin = db.ADMIN.Where(x => x.USER_NAME == username.Trim()).FirstOrDefault();
var a2 = db.ROLE_FUNCTION_RELATION.ToList();
var a3 = db.ROLE_FUNCTIONS.ToList();
var a4 = db.ADMIN_ROLE_RELATION.ToList();
var a = db.ADMIN.ToList();
if (admin == null)
{
ModelState.AddModelError("Username", "用户不存在");
ViewBag.ReturnUrl = returnUrl;
return(View("Index"));
}
if (password.Trim() != admin.PASSWORD)
{
ModelState.AddModelError("Password", "密码错误");
ViewBag.ReturnUrl = returnUrl;
return(View("Index"));
}
AuthAdmin authAdmin = new AuthAdmin()
{
AdminId = admin.UUID,
UserName = admin.USER_NAME,
RealName = admin.REAL_NAME,
Mobile = admin.PHONE,
};
//var a = db.ADMIN.ToList();
//var a1 = db.ADMIN_ROLE_RELATION.ToList();
//角色权限,用户与角色有对应关系
if (admin.ADMIN_ROLE_RELATION.Count > 0)
{
authAdmin.FirstRoleName = admin.ADMIN_ROLE_RELATION.FirstOrDefault().ROLE.NAME;
}
authAdmin.FunctionsId = new List <int>();
foreach (var adminRole in admin.ADMIN_ROLE_RELATION)
{//查询出所有
var funs = adminRole.ROLE.ROLE_FUNCTION_RELATION.Select(x => x.FUNCTION_ID.Value).ToList();
authAdmin.FunctionsId = authAdmin.FunctionsId.Union(funs).ToList();
}
//对应方法名就是权限
string json = JsonConvert.SerializeObject(authAdmin);
FormsAuthentication.SetAuthCookie(json, false);
}
//白名单
if (!string.IsNullOrWhiteSpace(returnUrl))
{
return(Redirect(returnUrl));
}
else
{
return(Redirect(FormsAuthentication.DefaultUrl));
}
}
/// <summary>
/// Creates an AuthZAttribute object depending on authorization parameters.
/// </summary>
/// <param name="displayName">Display name of a user. Cannot be null for non anon AuthZ</param>
/// <param name="householdID">HouseholdID of a user. Value is 0 for anon and user AuthZ</param>
/// <param name="role">Enumeration of user authorization privileges</param>
/// <param name="admin">Enumeration of admin authorization privileges</param>
/// <returns></returns>
public AuthZAttribute CreateAuthZ(string displayName, int householdID, AuthRole role, AuthAdmin admin)
{
try
{
bool[] adminAuthZ = GetAdminAuthZ(admin);
switch (role)
{
case AuthRole.user:
if ((displayName == null))
{
throw new ArgumentException("User display name is invalid");
}
return(_authZFactory.CreateUserAuthZ(displayName, adminAuthZ));
case AuthRole.host:
if ((displayName == null) || (householdID == 0))
{
throw new ArgumentException("Host display name or householdID is invalid");
}
return(_authZFactory.CreateHostAuthZ(displayName, householdID, adminAuthZ));
case AuthRole.cohost:
if ((displayName == null) || (householdID == 0))
{
throw new ArgumentException("CoHost display name or householdID is invalid");
}
return(_authZFactory.CreateCoHostAuthZ(displayName, householdID, adminAuthZ));
case AuthRole.tenant:
if ((displayName == null) || (householdID == 0))
{
throw new ArgumentException("Host display name or householdID is invalid");
}
return(_authZFactory.CreateTenantAuthZ(displayName, householdID, adminAuthZ));
default:
return(_authZFactory.CreateAnonAuthZ());
}
}
catch (ArgumentException)
{
return(_authZFactory.CreateAnonAuthZ());
}
}
