Ejemplo n.º 1
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var isAuthorized = base.AuthorizeCore(httpContext);

            if (!isAuthorized)
            {
                return(false);
            }
            UserDetailsModel userModel = null;

            if (httpContext.Session["currentUserModel"] != null)
            {
                userModel = (UserDetailsModel)httpContext.Session["currentUserModel"];
            }
            else
            {
                var db            = new CareConnectCrmEntities();
                var currentUserId = httpContext.User.Identity.GetUserId <int>();

                var query = db.Users.Where(a => a.Id == currentUserId);

                userModel = query
                            .Select(currentUser => new UserDetailsModel
                {
                    Id           = currentUser.Id,
                    FirstName    = currentUser.FirstName,
                    MiddleName   = currentUser.MiddleName,
                    LastName     = currentUser.LastName,
                    BusinessId   = currentUser.BusinessId,
                    Email        = currentUser.Email,
                    PhoneNumber  = currentUser.PhoneNumber,
                    UserName     = currentUser.UserName,
                    BusinessName = currentUser.BusinessMaster.BusinessName,
                    RelativeUrl  = currentUser.BusinessMaster.RelativeUrl,
                    OtherEmails  = currentUser.BusinessMaster.OtherEmails,
                    IRoles       = currentUser.Roles,
                    IDepartments = currentUser.UserDepartments
                }).FirstOrDefault();
                var profileRepository = new RepositoryUserProfile();

                userModel.UserPrivileges = profileRepository.GetUserPrivilages(userModel.Id);

                httpContext.Session["currentUserModel"] = userModel;
            }

            if (userModel.BusinessId == null || userModel.BusinessId == 0)
            {
                httpContext.Items["CurrentUser"]         = userModel;
                httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
                return(false);
            }

            httpContext.Items["CurrentUser"]         = userModel;
            httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;

            return(true);
        }
Ejemplo n.º 2
0
        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            return(true);

            #region Unreachable Code Block

            var userName = "";
            if (actionContext.Request.Headers.GetValues("User") != null)
            {
                var userNameHeader = actionContext.Request.Headers.GetValues("User");
                userName = userNameHeader.FirstOrDefault();
            }
            else
            {
                var isAuthorized = base.IsAuthorized(actionContext);

                if (!isAuthorized)
                {
                    //if (actionContext.Request.Headers.GetValues("User") != null)
                    //{
                    //   var userNameHeader = actionContext.Request.Headers.GetValues("User");
                    //   userName = userNameHeader.FirstOrDefault();

                    //TODO: //add additional security validation cases
                    //    goto userLoggedIn;
                    //}

                    return(false);
                }
            }
userLoggedIn:


            var httpContext = HttpContext.Current;

            if (httpContext.Items["CurrentUser"] != null)
            {
            }

            var db = new CareConnectCrmEntities();
            // var currentUserId = httpContext.User.Identity.GetUserId<int>();
            var query = db.Users.Where(a => a.UserName == userName);
            if (userName == "")
            {
                query = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name);
            }

            var userModel = query
                            .Select(currentUser => new UserDetailsModel
            {
                Id           = currentUser.Id,
                FirstName    = currentUser.FirstName,
                MiddleName   = currentUser.MiddleName,
                LastName     = currentUser.LastName,
                BusinessId   = currentUser.BusinessId,
                Email        = currentUser.Email,
                PhoneNumber  = currentUser.PhoneNumber,
                UserName     = currentUser.UserName,
                BusinessName = currentUser.BusinessMaster.BusinessName,
                RelativeUrl  = currentUser.BusinessMaster.RelativeUrl,
                OtherEmails  = currentUser.BusinessMaster.OtherEmails,
                IRoles       = currentUser.Roles,
                IDepartments = currentUser.UserDepartments
            }).FirstOrDefault();

            var profileRepository = new RepositoryUserProfile();

            //userModel.Roles = profileRepository.GetAllUserRoles(userModel.Id).Model.ToNameArray(); //new string[] { "MasterAdmin", "SuperAdmin" };
            //userModel.Departments = profileRepository.GetAllUserDepartments(userModel.Id).Model.ToNameArray();

            if (userModel.BusinessId == null || userModel.BusinessId == 0)
            {
                httpContext.Items["CurrentUser"]         = userModel;
                httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
                return(false);
            }

            userModel.UserPrivileges                 = profileRepository.GetUserPrivilages(userModel.Id);
            httpContext.Items["CurrentUser"]         = userModel;
            httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;

            return(true);

            #endregion
        }
Ejemplo n.º 3
0
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var httpContext = HttpContext.Current;

            if (!httpContext.User.Identity.IsAuthenticated)
            {
                throw new HttpException(403, "Access Denied");
            }

            var userName = httpContext.User.Identity.Name;

            //if (actionContext.Request.Headers.GetValues("User") != null)
            //{
            //    var userNameHeader = actionContext.Request.Headers.GetValues("User");
            //    userName = userNameHeader.FirstOrDefault();
            //    var genericPrincipal = new System.Security.Principal.GenericPrincipal(new System.Security.Principal.GenericIdentity(userName), null);
            //    actionContext.RequestContext.Principal = genericPrincipal;
            //}

            UserDetailsModel userModel = null;

            if (HttpRuntime.Cache[httpContext.User.Identity.Name] != null)
            {
                userModel = (UserDetailsModel)HttpRuntime.Cache[httpContext.User.Identity.Name];
            }
            else
            {
                var db = new CareConnectCrmEntities();
                // var currentUserId = httpContext.User.Identity.GetUserId<int>();
                var query = db.Users.Where(a => a.UserName == userName);
                if (userName == "" && httpContext.User.Identity.IsAuthenticated)
                {
                    query = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name);
                }

                userModel = query
                            .Select(currentUser => new UserDetailsModel
                {
                    Id               = currentUser.Id,
                    FirstName        = currentUser.FirstName,
                    MiddleName       = currentUser.MiddleName,
                    LastName         = currentUser.LastName,
                    BusinessId       = currentUser.BusinessId,
                    Email            = currentUser.Email,
                    PhoneNumber      = currentUser.PhoneNumber,
                    UserName         = currentUser.UserName,
                    BusinessName     = currentUser.BusinessMaster.BusinessName,
                    DomainUrl        = currentUser.BusinessMaster.DomainUrl,
                    RelativeUrl      = currentUser.BusinessMaster.RelativeUrl,
                    OtherEmails      = currentUser.BusinessMaster.OtherEmails,
                    IsRep            = currentUser.Reps2.Any(),
                    IsSalesManager   = currentUser.RepgroupManagerMappers.Any(),
                    DefaultDateRange = currentUser.BusinessMaster.DateRange,
                    IRoles           = currentUser.Roles,
                    IDepartments     = currentUser.UserDepartments,
                    SalesGroupBy     = currentUser.BusinessMaster.SalesGroupBy,
                    LogoUrl          = currentUser.BusinessMaster.Logo
                }).FirstOrDefault();

                var profileRepository = new RepositoryUserProfile();

                userModel.UserPrivileges = profileRepository.GetUserPrivilages(userModel.Id);

                HttpRuntime.Cache[httpContext.User.Identity.Name] = userModel;
            }
            if (userModel.BusinessId == null || userModel.BusinessId == 0)
            {
                httpContext.Items["CurrentUser"]         = userModel;
                httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
                return;
            }

            httpContext.Items["CurrentUser"]         = userModel;
            httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
        }
Ejemplo n.º 4
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var isAuthorized = base.AuthorizeCore(httpContext);

            if (!isAuthorized)
            {
                return(false);
            }

            UserDetailsModel userModel = null;

            if (HttpRuntime.Cache[httpContext.User.Identity.Name] != null)
            {
                userModel = (UserDetailsModel)HttpRuntime.Cache[httpContext.User.Identity.Name];
            }
            else
            {
                var db = new CareConnectCrmEntities();
                // var currentUserId = httpContext.User.Identity.GetUserId<int>();

                userModel = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name).Select(currentUser => new UserDetailsModel
                {
                    Id           = currentUser.Id,
                    FirstName    = currentUser.FirstName,
                    MiddleName   = currentUser.MiddleName,
                    LastName     = currentUser.LastName,
                    BusinessId   = currentUser.BusinessId,
                    Email        = currentUser.Email,
                    PhoneNumber  = currentUser.PhoneNumber,
                    UserName     = currentUser.UserName,
                    BusinessName = currentUser.BusinessMaster.BusinessName,
                    RelativeUrl  = currentUser.BusinessMaster.RelativeUrl,
                    IRoles       = currentUser.Roles,
                    IDepartments = currentUser.UserDepartments,
                    OtherEmails  = currentUser.BusinessMaster.OtherEmails,
                    LogoUrl      = currentUser.BusinessMaster.Logo
                }).FirstOrDefault();

                var profileRepository = new RepositoryUserProfile();

                if (userModel.BusinessId == null || userModel.BusinessId == 0)
                {
                    httpContext.Items["CurrentUser"]         = userModel;
                    httpContext.Items["CurrentUserName"]     = userModel.FirstName + " " + userModel.LastName;
                    httpContext.Items["CurrentBusinessName"] = userModel.BusinessName.Replace(" ", "-");
                    return(false);
                }

                userModel.UserPrivileges = profileRepository.GetUserPrivilages(userModel.Id);

                HttpRuntime.Cache[httpContext.User.Identity.Name] = userModel;
            }
            if (!userModel.Roles.Contains("BusinessAdmin"))
            {
                if (!userModel.UserPrivileges.Contains("RDSETTINGS"))
                {
                    return(false);
                }
            }

            httpContext.Items["CurrentUser"]         = userModel;
            httpContext.Items["CurrentUserName"]     = userModel.FirstName + " " + userModel.LastName;
            httpContext.Items["CurrentBusinessName"] = userModel.BusinessName.Replace(" ", "-");

            return(true);
        }
Ejemplo n.º 5
0
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var httpContext = HttpContext.Current;
            var userName    = "";

            if (actionContext.Request.Headers.Any(a => a.Key == "User") && actionContext.Request.Headers.GetValues("User") != null)
            {
                var userNameHeader = actionContext.Request.Headers.GetValues("User");
                userName = userNameHeader.FirstOrDefault();
                IPrincipal genericPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
                actionContext.RequestContext.Principal = genericPrincipal;
            }

            if (httpContext.User.Identity.Name == "")
            {
                return;
            }

            var db = new CareConnectCrmEntities();
            // var currentUserId = httpContext.User.Identity.GetUserId<int>();
            var query = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name);

            if (userName == "" && httpContext.User.Identity.IsAuthenticated)
            {
                query = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name);
            }

            var userModel = db.Users.Where(a => a.UserName == httpContext.User.Identity.Name).Select(currentUser => new UserDetailsModel
            {
                Id             = currentUser.Id,
                FirstName      = currentUser.FirstName,
                MiddleName     = currentUser.MiddleName,
                LastName       = currentUser.LastName,
                BusinessId     = currentUser.BusinessId,
                Email          = currentUser.Email,
                PhoneNumber    = currentUser.PhoneNumber,
                UserName       = currentUser.UserName,
                BusinessName   = currentUser.BusinessMaster.BusinessName,
                DomainUrl      = currentUser.BusinessMaster.DomainUrl,
                RelativeUrl    = currentUser.BusinessMaster.RelativeUrl,
                OtherEmails    = currentUser.BusinessMaster.OtherEmails,
                IsRep          = currentUser.Reps2.Any(),
                IsSalesManager = currentUser.RepgroupManagerMappers.Any(),
                IRoles         = currentUser.Roles,
                IDepartments   = currentUser.UserDepartments
            }).FirstOrDefault();

            if (userModel == null)
            {
                return;
            }

            var profileRepository = new RepositoryUserProfile();

            if (userModel.BusinessId == null || userModel.BusinessId == 0)
            {
                httpContext.Items["CurrentUser"]         = userModel;
                httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
                return;
            }

            userModel.UserPrivileges = profileRepository.GetUserPrivilages(userModel.Id);

            httpContext.Items["CurrentUser"]         = userModel;
            httpContext.Items["CurrentBusinessName"] = userModel.BusinessName;
        }