public ActionResult needPassword(FormCollection form) { BaseUser user = Helper.GetUser(db); BaseUserAction action = user.getOneBaseUserAction(user.tryAction, user.tryController); if (action != null) { if (form["password"] != null) { string password = Permission.CalculateMD5Hash(form["password"]); if (action.password.ToUpper() == password.ToString()) { BaseUserAction Baction = db.BaseUserActions.FirstOrDefault(d => d.actionID == action.actionID && d.userID == user.ID); if (Baction != null) { Baction.leftSeconds = 1; db.SaveChanges(); } return(Redirect(URLHelper.getUrl(user.tryController, user.tryAction))); } else { GlobalsViewBag.Add("error", "Contraseña Incorrecta."); return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext))); } } } else { return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext))); } return(Redirect(URLHelper.getCurrentUrl(this.ControllerContext))); }
public void AddUserAction(BaseUserAction action) { this.db.UserActions.Add(new UserAction { BaseUserAction = action, }); }
public JsonResult actionsProperties(FormCollection form) { try { int idaction = int.Parse(form["id"]); int user = int.Parse(form["userid"]); var actiondata = db.BaseActions.Find(idaction); if (actiondata != null) { var k = form["forever"].Split(',')[0]; var s = form["passwordAccess"].Split(',')[0]; bool pp = Convert.ToBoolean(k); var exis = db.BaseUserActions.FirstOrDefault(x => x.userID == user && x.actionID == actiondata.id); if (exis != null) { if (form["password"].ToString() == Permission.defaultShowPassword) { exis.password = Helper.getData("SELECT password from [BaseUserAction] where actionID=" + exis.actionID, db).Rows[0][0].ToString(); } else { exis.password = Permission.CalculateMD5Hash(form["password"]); } exis.forever = pp; exis.passwordAccess = Convert.ToBoolean(s); exis.untilDate = Convert.ToDateTime(form["untilDate"]); //exis.leftSeconds = int.Parse(form["leftSeconds"]); exis.actionID = actiondata.id; exis.userID = user; } else { BaseUserAction bu = new BaseUserAction(); bu.forever = pp; bu.password = Permission.CalculateMD5Hash(form["password"]); bu.passwordAccess = Convert.ToBoolean(s); bu.untilDate = Convert.ToDateTime(form["untilDate"]); bu.leftSeconds = int.Parse(form["leftSeconds"]); bu.actionID = actiondata.id; bu.userID = user; db.BaseUserActions.Add(bu); } db.SaveChanges(); } return(Json("Ok")); } catch (Exception ex) { return(Json(new { Message = "Error " + ex.Message }, JsonRequestBehavior.AllowGet)); } }
public ActionResult SaveData(FormCollection form) { int userID = int.Parse(form["ID"]); var us = db.BaseUsers.Find(userID); bool firsttime = false; int increment = 0; List <BaseUserAction> luserActions = new List <BaseUserAction>(); foreach (var f in form.AllKeys) { if (!firsttime) { Helper.executeNonQUery("Delete from dbo.BaseWidgetUser where UserID = " + us.ID, db); Helper.executeNonQUery("Delete from dbo.BaseUserMenu where userID = " + us.ID, db); Helper.executeNonQUery("Delete from dbo.BaseUserProfile where userID = " + us.ID, db); var beforeDelete = db.BaseUserActions.Where(x => x.userID == us.ID); foreach (var item in beforeDelete) { luserActions.Add(new BaseUserAction() { actionID = item.actionID, userID = item.userID, forever = item.forever, untilDate = item.untilDate, password = item.password, passwordAccess = item.passwordAccess, leftSeconds = item.leftSeconds }); } Helper.executeNonQUery("Delete from dbo.BaseUserAction where userID = " + us.ID, db); Helper.executeNonQUery("Delete from dbo.BaseUserGraph where UserID = " + us.ID, db); firsttime = true; } db = new Context(); //ELEMENTEO DEL MENU if (f.Contains("MenuID_")) { string sp = f.Split('_')[1]; if (sp != "") { //inserts int id = int.Parse(sp); BaseMenu m = db.BaseMenus.Find(id); BaseUserMenu bpm = new BaseUserMenu(); bpm.menuID = m.id; bpm.userID = us.ID; bpm.noOrder = increment; db.BaseUserMenus.Add(bpm); increment++; db.SaveChanges(); } } else if (f.Contains("ActionID_")) { string sp = f.Split('_')[1]; if (sp != "") { //inserts int id = int.Parse(sp); BaseUserAction ac = new BaseUserAction(); var existOnList = luserActions.FirstOrDefault(x => x.userID == us.ID && x.actionID == id); ac.actionID = (existOnList != null) ? existOnList.actionID : id; ac.userID = (existOnList != null) ? existOnList.userID : us.ID; ac.forever = (existOnList != null) ? existOnList.forever : true; ac.untilDate = (existOnList != null) ? existOnList.untilDate : null; ac.password = (existOnList != null) ? existOnList.password : null; ac.passwordAccess = (existOnList != null) ? existOnList.passwordAccess : null; ac.leftSeconds = (existOnList != null) ? existOnList.leftSeconds : null; db.BaseUserActions.Add(ac); db.SaveChanges(); } } else if (f.Contains("WidgetID_")) { string sp = f.Split('_')[1]; if (sp != "") { //inserts int id = int.Parse(sp); Helper.executeNonQUery(string.Format("insert into dbo.WidgetUser " + "(UserID,WidgetID) VALUES({0},{1})", us.ID, id), db); //BaseWidget a = pp.BaseWidgets.Find(id); //ii.BaseWidgets1.Add(a); //pp.SaveChanges(); } } else if (f.Contains("GraphID_")) { string sp = f.Split('_')[1]; if (sp != "") { //inserts int id = int.Parse(sp); Helper.executeNonQUery(string.Format("insert into dbo.UserGraph " + "(GraphsID,UserID) VALUES({1},{0})", us.ID, id), db); //Graph a = db.Graphs.Find(id); //us.Graphs.Add(a); //db.SaveChanges(); } } } db = new Context(); if (!string.IsNullOrEmpty(form["userProfileID"])) { foreach (var item in form["userProfileID"].Split(',')) { int i = int.Parse(item); BaseProfile p = db.BaseProfiles.Find(i); if (p != null) { //us.BaseProfiles.Add(p); //db.SaveChanges(); Helper.executeNonQUery(string.Format("insert into dbo.BaseUserProfile " + "(profileID,userID) VALUES({1},{0})", us.ID, i), db); } } } //db.SaveChanges(); string parameters = "?id=" + us.ID; string url = URLHelper.getUrl("BasePermissionsUser", "Index") + parameters; return(Redirect(url)); }
/// <summary> /// Retorna true si el usuario loged acutal tiene permiso al controlador-acción /// </summary> /// <param name="actionName">Nombre de la acción</param> /// <param name="ControllerName">Nombre del controlador</param> /// <returns></returns> public AccessPermission HasPermission(string actionName, string ControllerName) { System.Data.DataRow user = Helper.getData("select * from [BaseUser] where ID=" + WebSecurity.CurrentUserId.ToString(), db).Rows[0]; int userID = int.Parse(user["ID"].ToString()); BaseUser userObj = Helper.GetUser(db); if (user["superUser"].ToString() == "True") { return(AccessPermission.Grant); } DateTime nowy = DateTime.Now; BaseUserAction action = db.BaseUserActions.FirstOrDefault(d => d.BaseAction.name == actionName && d.BaseAction.BaseController.name == ControllerName && d.userID == userID ); BaseAction outside = null; foreach (var item in userObj.BaseProfiles) { foreach (var act in item.BaseActions) { if (act.name.ToLower() == actionName.ToLower() && act.BaseController.name.ToLower() == ControllerName.ToLower()) { outside = act; } } } if (action != null) { if (action.forever) { if (action.untilDate < DateTime.UtcNow) { Helper.currentExpired = action.untilDate; return(AccessPermission.Expired); } } if (!string.IsNullOrEmpty(action.password)) { if (!string.IsNullOrEmpty(action.password)) { if (action.passwordAccess.HasValue) { if (action.passwordAccess.Value) { if (action.leftSeconds == null) { Helper.executeNonQUery(string.Format("UPDATE [USER] SET tryAction='{0}', tryController='{1}' WHERE ID={2}", actionName, ControllerName, userID), db); return(AccessPermission.Password); } else { action.leftSeconds = null; db.SaveChanges(); } } } } } return(AccessPermission.Grant); } else { if (outside != null) { return(AccessPermission.Grant); } return(AccessPermission.Deny); } }