public bool CheckPersonHasProjects(Person person, int timePeriodId)
{
if (person.profile.PersonID <= 0)
{
// a non-person cannot sponsor a project
return false;
}
using (var tdb = new Trips4.Data.Models.TRIPSEntities())
{
var found = tdb.CheckPersonSponsorsProject(person.profile.PersonID, null, timePeriodId).FirstOrDefault();
if (found == null)
{
throw new Exception("CheckPersonSponsorsProject did not return a result.");
}
return found.Value;
}
}
public bool CheckPersonHasProjects(Person person, int timePeriodId)
{
if (person != null)
{
SqlCommand cmd = new SqlCommand("[dbo].[CheckPersonSponsorsProject]");
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@PersonId", person.profile.PersonID.Equals(default(int)) ? (object)DBNull.Value : person.profile.PersonID);
cmd.Parameters.AddWithValue("@PersonGuid", person.profile.PersonGUID.Equals(default(Guid)) ? (object)DBNull.Value : person.profile.PersonGUID);
if (!timePeriodId.Equals(default(int))) cmd.Parameters.AddWithValue("@TimePeriodId", timePeriodId);
using (IDataReader rdr = this.ExecuteReader(cmd))
{
//be sure we got a reader
while (rdr.Read())
{
person.HasProjects = rdr["SponsorsProject"].ToString().SmartParseDefault<bool>(default(bool));
}
}
return person.HasProjects;
}
return false;
}
public Person GetUserByID(Guid guid, bool loadRoles)
{
var person = new Person();
// get Person data from Trips
using (var tdb = new Trips4.Data.Models.TRIPSEntities())
{
var found = tdb.GetPersonById(null, guid).FirstOrDefault();
if (found == null)
{
Logger.Info("Person not found (so he cannot sponsor projects) " + guid.ToString());
}
else
{
Debug.Assert(found.PersonGUID == guid);
person.profile.PersonID = found.PersonID;
person.HasProjects = found.SponsorsProject ?? false;
person.SponsorOrganizationId = found.SponsorOrganizationId ?? 0;
person.SponsorOrganizationName = found.SponsorOrganization;
}
if (person.HasProjects)
{
person.SponsoredProjectVersionIds.AddRange(tdb.GetPersonsProjectVersionIds(person.profile.PersonID).Select(x => x.Value));
}
}
// get profile data from Trips_User
using (var tudb = new Trips4.Data.Models.TRIPS_UserEntities())
{
var found = tudb.GetUserById(guid).FirstOrDefault();
if (found == null)
{
throw new Exception("User not found " + guid.ToString());
}
Debug.Assert(guid == found.UserId.Value);
person.profile.PersonGUID = found.UserId.Value;
person.profile.FirstName = found.FirstName;
person.profile.LastName = found.LastName;
person.profile.Phone = found.PrimaryContact;
person.profile.RecoveryEmail = found.LoweredEmail; // TODO: is this true?
person.profile.UserName = found.UserName;
}
// get roles from RoleProvider
if (loadRoles)
{
var roles = Roles.GetRolesForUser(person.profile.UserName);
person.profile.Roles.AddRange(roles);
}
return person;
}
public void LoadPerson(ref Person person)
{
UserRepository.LoadPerson(ref person);
}
public bool CheckPersonHasProjects(Person person, int timePeriodId)
{
return UserRepository.CheckPersonHasProjects(person, timePeriodId);
}
/// <summary>
/// Base constructor that just creates a new empty
/// Account
/// </summary>
public AccountDetailModel()
{
AccountDetail = new Person();
this.CanEdit = false;
}
public BaseViewModel()
{
Current = new DRCOG.Domain.Models.Survey.Survey();
Person = new Person();
}
public ActionResult Index(LoginViewModel viewModel, string returnUrl)
{
LogOnModel model = viewModel.LogOnModel;
try
{
LoadSession();
if (GuestUser(model))
{
return base.SetAuthCookie(model, returnUrl);
}
viewModel.RefreshAssemblyVersion();
if (ModelState.IsValid)
{
this.LoadSession();
Person person = new Person(model.UserName);
// First try to authenicate through service
if (Membership.ValidateUser(model.UserName, model.Password))
{
return base.SetAuthCookie(model, returnUrl);
}
else
{
ModelState.AddModelError("", "The user name or password provided is incorrect.");
string exceptionMessage;
bool isApproved = UserService.GetUserApproval(model.UserName);
if (isApproved)
exceptionMessage = "The user name or password provided is incorrect.";
else
exceptionMessage = "Your account has not been activated. Please click on the link in your verification email or use the link above to resend the verification email to this email address.";
//ModelState.AddModelError("", exceptionMessage);
viewModel.Message = exceptionMessage;
}
}
else
{
//pass back the Error
viewModel.Message = "User name and password must be entered.";
}
return View(viewModel);
}
catch (SqlException sqlex)
{
//Send to Error Message on Login view
viewModel.Message = "A database has occurred while attempting to log you into the system.";
return View(viewModel);
}
catch (Exception ex)
{
ErrorViewModel error = new ErrorViewModel(ex + "An unexpected error has occurred while attempting to log you into the system.", "This error has been logged.", ex, this.ControllerName, "Index - Post");
return View("CustomError", error);
}
}
public void LoadPerson(Person person)
{
SqlCommand cmd = new SqlCommand("[dbo].[GetPersonById]");
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@PersonId", person.profile.PersonID.Equals(default(int)) ? (object)DBNull.Value : person.profile.PersonID);
cmd.Parameters.AddWithValue("@PersonGuid", person.profile.PersonGUID.Equals(default(Guid)) ? (object)DBNull.Value : person.profile.PersonGUID);
using (IDataReader rdr = this.ExecuteReader(cmd))
{
//be sure we got a reader
while (rdr.Read())
{
person.profile.PersonGUID = rdr["PersonGUID"].ToString().SmartParseDefault<Guid>(default(Guid));
person.profile.PersonID = rdr["PersonID"].ToString().SmartParseDefault<int>(default(int));
person.HasProjects = rdr["SponsorsProject"].ToString().SmartParseDefault<bool>(default(bool));
person.SponsorOrganizationId = rdr["SponsorOrganizationId"].ToString().SmartParseDefault<int>(default(int));
person.SponsorOrganizationName = rdr["SponsorOrganization"].ToString();
}
}
if (person.HasProjects)
{
person.SponsoredProjectVersionIds = this.SponsoredProjectVersionIds(person.profile.PersonID);
}
if (person.profile.PersonID.Equals(default(int)) && !person.profile.PersonGUID.Equals(default(Guid)))
{
Logger.Error("Person has a GUID but no entry in Person Table.");
//CreatePerson(ref person.profile);
}
}
public Person GetUserByEmail(string emailAddress, bool loadRoles)
{
var found = Membership.FindUsersByEmail(emailAddress);
if (found.Count == 0)
{
throw new Exception("Email not found.");
}
if (found.Count > 1)
{
Logger.Error("Multiple users found with email address {0}", emailAddress);
throw new Exception("Multiple users found with email address " + emailAddress);
}
var users = new MembershipUser[1];
found.CopyTo(users, 0);
var user = users[0];
var person = new Person();
person.IsApproved = user.IsApproved;
return person;
}
public ApplicationState()
{
CurrentUser = new Person();
}
/// <summary>
/// Check the role authorization
/// </summary>
/// <param name="filterContext"></param>
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
//See if the session is active
HttpContextBase ctx = filterContext.HttpContext;
if (ctx.Session != null && HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = id.Ticket;
if (ctx.Session.IsNewSession && !ticket.IsPersistent)
{
// from: http://www.tyronedavisjr.com/index.php/2008/11/23/detecting-session-timeouts-using-a-aspnet-mvc-action-filter/
// If it says it is a new session, but an existing cookie exists, then it must
// have timed out
string sessionCookie = ctx.Request.Headers["Cookie"];
if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0))
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "message", "Session Timed Out" },
{ "controller", "Login" },
{ "action", "index" },
{ "ReturnUrl", filterContext.HttpContext.Request.RawUrl }
});
}
}
else
{
//an existing session...
ApplicationState appState = this.GetSession(filterContext.HttpContext);
Person user;
if (ticket.IsPersistent)
{
user = new Person(HttpContext.Current.User.Identity.Name);
user.Load();
user.profile = ProfileService.GetUserProfile(user.profile.UserName, Common.Services.MemberShipServiceSupport.MembershipProviderType.DRCOG);
appState.CurrentUser = user;
}
else
{
user = appState.CurrentUser;
if (user == null || String.IsNullOrEmpty(user.profile.UserName))
{
user = new Person(HttpContext.Current.User.Identity.Name);
user.Load();
user.profile = ProfileService.GetUserProfile(user.profile.UserName, Common.Services.MemberShipServiceSupport.MembershipProviderType.DRCOG);
appState.CurrentUser = user;
}
}
user.profile.Roles["TripsRoleProvider"] = ProfileService.GetRolesForUser(user.profile.UserName, Common.Services.MemberShipServiceSupport.RoleProviderType.TRIPS);
//user.LoadRoles(HttpContext.Current.User);
if (user.SponsorsProject())
{
user.AddRole("Sponsor");
}
//user.AddRole("Sponsor");
//Check if user is in the authorized roles
if (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole))
{
//User not in role - unauthorized access attempt (or we messed up and exposed a link to the wrong class of user
UnauthorizedViewModel model = new UnauthorizedViewModel();
//model.CurrentUser = user;
//model.Message = String.Join(",", user.profile.Roles) + " The resource you attempted to access is restricted. This access attempt has been logged.";
model.Message = Roles + " The resource you attempted to access is restricted. This access attempt has been logged.";
ViewDataDictionary viewData = new ViewDataDictionary(model);
filterContext.Result = new ViewResult { ViewName = "~/Views/Error/Unauthorized.aspx", ViewData = viewData };
//If the controller is not null, use it's logger!
if (filterContext.Controller != null)
{
DRCOG.Web.Controllers.ControllerBase ctl = filterContext.Controller as DRCOG.Web.Controllers.ControllerBase;
//ctl.Logger.Log.Warn("Unauthorized attempt to access " + filterContext.HttpContext.Request.RawUrl + " by " + user.Login);
}
}
else
{
//User is in the role... let'er rip
// ** IMPORTANT ** (Note from the Microsoft AuthorizeAttribute source code
// Since we're performing authorization at the action level, the authorization code runs
// after the output caching module. In the worst case this could allow an authorized user
// to cause the page to be cached, then an unauthorized user would later be served the
// cached page. We work around this by telling proxies not to cache the sensitive page,
// then we hook our custom authorization code into the caching mechanism so that we have
// the final say on whether a page should be served from the cache.
HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
cachePolicy.SetProxyMaxAge(new TimeSpan(0));
cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
}
}
}
else
{
//Null session
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "message", "You must login before accessing that page." },
{ "controller", "Login" },
{ "action", "index" },
{ "ReturnUrl", filterContext.HttpContext.Request.RawUrl }
});
}
}
