public ActionResult needPassword(FormCollection form)
{
BaseUser user = Helper.GetUser(db);
BaseUserAction action = user.getOneBaseUserAction(user.tryAction, user.tryController);
if (action != null)
{
if (form["password"] != null)
{
string password = Permission.CalculateMD5Hash(form["password"]);
if (action.password.ToUpper() == password.ToString())
{
BaseUserAction Baction = db.BaseUserActions.FirstOrDefault(d => d.actionID == action.actionID && d.userID == user.ID);
if (Baction != null)
{
Baction.leftSeconds = 1;
db.SaveChanges();
}
return(Redirect(URLHelper.getUrl(user.tryController, user.tryAction)));
}
else
{
GlobalsViewBag.Add("error", "Contraseña Incorrecta.");
return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext)));
}
}
}
else
{
return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext)));
}
return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext)));
}
public void AddUserAction(BaseUserAction action)
{
this.db.UserActions.Add(new UserAction
{
BaseUserAction = action,
});
}
public JsonResult actionsProperties(FormCollection form)
{
try
{
int idaction = int.Parse(form["id"]);
int user = int.Parse(form["userid"]);
var actiondata = db.BaseActions.Find(idaction);
if (actiondata != null)
{
var k = form["forever"].Split(',')[0];
var s = form["passwordAccess"].Split(',')[0];
bool pp = Convert.ToBoolean(k);
var exis = db.BaseUserActions.FirstOrDefault(x => x.userID == user && x.actionID == actiondata.id);
if (exis != null)
{
if (form["password"].ToString() == Permission.defaultShowPassword)
{
exis.password = Helper.getData("SELECT password from [BaseUserAction] where actionID=" + exis.actionID, db).Rows[0][0].ToString();
}
else
{
exis.password = Permission.CalculateMD5Hash(form["password"]);
}
exis.forever = pp;
exis.passwordAccess = Convert.ToBoolean(s);
exis.untilDate = Convert.ToDateTime(form["untilDate"]);
//exis.leftSeconds = int.Parse(form["leftSeconds"]);
exis.actionID = actiondata.id;
exis.userID = user;
}
else
{
BaseUserAction bu = new BaseUserAction();
bu.forever = pp;
bu.password = Permission.CalculateMD5Hash(form["password"]);
bu.passwordAccess = Convert.ToBoolean(s);
bu.untilDate = Convert.ToDateTime(form["untilDate"]);
bu.leftSeconds = int.Parse(form["leftSeconds"]);
bu.actionID = actiondata.id;
bu.userID = user;
db.BaseUserActions.Add(bu);
}
db.SaveChanges();
}
return(Json("Ok"));
}
catch (Exception ex)
{
return(Json(new { Message = "Error " + ex.Message }, JsonRequestBehavior.AllowGet));
}
}
public ActionResult SaveData(FormCollection form)
{
int userID = int.Parse(form["ID"]);
var us = db.BaseUsers.Find(userID);
bool firsttime = false;
int increment = 0;
List <BaseUserAction> luserActions = new List <BaseUserAction>();
foreach (var f in form.AllKeys)
{
if (!firsttime)
{
Helper.executeNonQUery("Delete from dbo.BaseWidgetUser where UserID = " + us.ID, db);
Helper.executeNonQUery("Delete from dbo.BaseUserMenu where userID = " + us.ID, db);
Helper.executeNonQUery("Delete from dbo.BaseUserProfile where userID = " + us.ID, db);
var beforeDelete = db.BaseUserActions.Where(x => x.userID == us.ID);
foreach (var item in beforeDelete)
{
luserActions.Add(new BaseUserAction()
{
actionID = item.actionID,
userID = item.userID,
forever = item.forever,
untilDate = item.untilDate,
password = item.password,
passwordAccess = item.passwordAccess,
leftSeconds = item.leftSeconds
});
}
Helper.executeNonQUery("Delete from dbo.BaseUserAction where userID = " + us.ID, db);
Helper.executeNonQUery("Delete from dbo.BaseUserGraph where UserID = " + us.ID, db);
firsttime = true;
}
db = new Context();
//ELEMENTEO DEL MENU
if (f.Contains("MenuID_"))
{
string sp = f.Split('_')[1];
if (sp != "")
{
//inserts
int id = int.Parse(sp);
BaseMenu m = db.BaseMenus.Find(id);
BaseUserMenu bpm = new BaseUserMenu();
bpm.menuID = m.id;
bpm.userID = us.ID;
bpm.noOrder = increment;
db.BaseUserMenus.Add(bpm);
increment++;
db.SaveChanges();
}
}
else if (f.Contains("ActionID_"))
{
string sp = f.Split('_')[1];
if (sp != "")
{
//inserts
int id = int.Parse(sp);
BaseUserAction ac = new BaseUserAction();
var existOnList = luserActions.FirstOrDefault(x => x.userID == us.ID && x.actionID == id);
ac.actionID = (existOnList != null) ? existOnList.actionID : id;
ac.userID = (existOnList != null) ? existOnList.userID : us.ID;
ac.forever = (existOnList != null) ? existOnList.forever : true;
ac.untilDate = (existOnList != null) ? existOnList.untilDate : null;
ac.password = (existOnList != null) ? existOnList.password : null;
ac.passwordAccess = (existOnList != null) ? existOnList.passwordAccess : null;
ac.leftSeconds = (existOnList != null) ? existOnList.leftSeconds : null;
db.BaseUserActions.Add(ac);
db.SaveChanges();
}
}
else if (f.Contains("WidgetID_"))
{
string sp = f.Split('_')[1];
if (sp != "")
{
//inserts
int id = int.Parse(sp);
Helper.executeNonQUery(string.Format("insert into dbo.WidgetUser " +
"(UserID,WidgetID) VALUES({0},{1})", us.ID, id), db);
//BaseWidget a = pp.BaseWidgets.Find(id);
//ii.BaseWidgets1.Add(a);
//pp.SaveChanges();
}
}
else if (f.Contains("GraphID_"))
{
string sp = f.Split('_')[1];
if (sp != "")
{
//inserts
int id = int.Parse(sp);
Helper.executeNonQUery(string.Format("insert into dbo.UserGraph " +
"(GraphsID,UserID) VALUES({1},{0})", us.ID, id), db);
//Graph a = db.Graphs.Find(id);
//us.Graphs.Add(a);
//db.SaveChanges();
}
}
}
db = new Context();
if (!string.IsNullOrEmpty(form["userProfileID"]))
{
foreach (var item in form["userProfileID"].Split(','))
{
int i = int.Parse(item);
BaseProfile p = db.BaseProfiles.Find(i);
if (p != null)
{
//us.BaseProfiles.Add(p);
//db.SaveChanges();
Helper.executeNonQUery(string.Format("insert into dbo.BaseUserProfile " +
"(profileID,userID) VALUES({1},{0})", us.ID, i), db);
}
}
}
//db.SaveChanges();
string parameters = "?id=" + us.ID;
string url = URLHelper.getUrl("BasePermissionsUser", "Index") + parameters;
return(Redirect(url));
}
/// <summary>
/// Retorna true si el usuario loged acutal tiene permiso al controlador-acción
/// </summary>
/// <param name="actionName">Nombre de la acción</param>
/// <param name="ControllerName">Nombre del controlador</param>
/// <returns></returns>
public AccessPermission HasPermission(string actionName, string ControllerName)
{
System.Data.DataRow user = Helper.getData("select * from [BaseUser] where ID=" + WebSecurity.CurrentUserId.ToString(), db).Rows[0];
int userID = int.Parse(user["ID"].ToString());
BaseUser userObj = Helper.GetUser(db);
if (user["superUser"].ToString() == "True")
{
return(AccessPermission.Grant);
}
DateTime nowy = DateTime.Now;
BaseUserAction action = db.BaseUserActions.FirstOrDefault(d =>
d.BaseAction.name == actionName &&
d.BaseAction.BaseController.name == ControllerName &&
d.userID == userID
);
BaseAction outside = null;
foreach (var item in userObj.BaseProfiles)
{
foreach (var act in item.BaseActions)
{
if (act.name.ToLower() == actionName.ToLower() && act.BaseController.name.ToLower() == ControllerName.ToLower())
{
outside = act;
}
}
}
if (action != null)
{
if (action.forever)
{
if (action.untilDate < DateTime.UtcNow)
{
Helper.currentExpired = action.untilDate;
return(AccessPermission.Expired);
}
}
if (!string.IsNullOrEmpty(action.password))
{
if (!string.IsNullOrEmpty(action.password))
{
if (action.passwordAccess.HasValue)
{
if (action.passwordAccess.Value)
{
if (action.leftSeconds == null)
{
Helper.executeNonQUery(string.Format("UPDATE [USER] SET tryAction='{0}', tryController='{1}' WHERE ID={2}", actionName, ControllerName, userID), db);
return(AccessPermission.Password);
}
else
{
action.leftSeconds = null;
db.SaveChanges();
}
}
}
}
}
return(AccessPermission.Grant);
}
else
{
if (outside != null)
{
return(AccessPermission.Grant);
}
return(AccessPermission.Deny);
}
}
