/// <summary>
/// Renders left menu based on <see cref="ModuleGroup"/> and <see cref="Module"/> stored in admin database.
/// </summary>
/// <param name="e"></param>
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
if (ConfigurationManager.AppSettings["appId"] == null)
{
throw new ArgumentException("appId must be specified in configuration file.");
}
int appId = int.Parse(ConfigurationManager.AppSettings["appId"]);
var dotWebDb = new DotWebDb();
var groups = dotWebDb.ModuleGroups
.Include(g => g.App)
.Include(g => g.Modules)
.Where(g => g.App.Id == appId && g.ShowInLeftMenu == true)
.OrderBy(o => o.OrderNo).ToList();
this.Groups.Clear();
foreach (var group in groups)
{
var navBarGroup = new DevExpress.Web.NavBarGroup(group.Title);
var modules = group.Modules.Where(m => m.ShowInLeftMenu == true).OrderBy(m => m.OrderNo);
foreach (var module in modules)
{
var moduleUrl = module.Url;
if (module.ModuleType == ModuleType.AutoGenerated)
{
moduleUrl = "~/" + module.TableName + "/list";
}
navBarGroup.Items.Add(new DevExpress.Web.NavBarItem(module.Title, module.Title, null, moduleUrl));
}
this.Groups.Add(navBarGroup);
}
dotWebDb.Dispose();
}
void FillPrincipalIdCombo(ASPxComboBox comboBox, string principalType)
{
if (principalType == "User")
{
using (var context = new DotWebDb())
{
var users = context.Users.ToList();
comboBox.DataSource = users;
comboBox.ValueField = "Id";
comboBox.TextField = "UserName";
comboBox.DataBind();
}
}
else if (principalType == "Group")
{
using (var context = new DotWebDb())
{
int appId = int.Parse(Session["AppId"].ToString());
var userGroups = context.UserGroups.Where(g => g.AppId == appId).ToList();
comboBox.DataSource = userGroups;
comboBox.ValueField = "Id";
comboBox.TextField = "GroupName";
comboBox.DataBind();
}
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
using (var context = new IdentityDb())
{
var userStore = new UserStore <IdentityUser>(context);
var userManager = new UserManager <IdentityUser>(userStore);
var user = userManager.Find(tbUserName.Text, tbPassword.Text);
if (user == null)
{
lblError.Text = "Invalid username or password!";
divError.Attributes["class"] = "form-field visible";
}
else
{
var authMgr = HttpContext.Current.GetOwinContext().Authentication;
var userIdentity = userManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
authMgr.SignIn(new AuthenticationProperties()
{
IsPersistent = false
}, userIdentity);
using (var appContext = new DotWebDb())
{
var appUser = appContext.Users.SingleOrDefault(u => u.UserName.Equals(user.UserName, StringComparison.InvariantCultureIgnoreCase));
if (appUser != null)
{
Session["user"] = appUser;
}
}
Response.Redirect("~/");
}
}
}
public static List <User> getUserName()
{
using (DotWebDb context = new DotWebDb())
{
return(context.Users.ToList());
}
}
public static string RetrieveUserNameById(int userId)
{
using (DotWebDb context = new DotWebDb())
{
User user = context.Users.FirstOrDefault(p => p.UserId == userId);
if (user != null)
{
return(user.FullName);
}
}
return("");
}
public static string RetrieveUserGroupNameById(int groupId)
{
using (DotWebDb context = new DotWebDb())
{
UserGroup userGroup = context.UserGroups.FirstOrDefault(p => p.GroupId == groupId);
if (userGroup != null)
{
return(userGroup.GroupName);
}
}
return("");
}
public static int RetrieveOrganizationByName(string organizationName)
{
using (DotWebDb context = new DotWebDb())
{
var organization = context.Organizations.FirstOrDefault(o => o.Name == organizationName);
if (organization != null)
{
return(organization.Id);
}
}
return(0);
}
public static int?RetrieveOrganizationIdByUserName(string userName)
{
using (DotWebDb context = new DotWebDb())
{
var user = context.Users.FirstOrDefault(p => p.UserName == userName);
if (user != null)
{
return(user.OrganizationId);
}
}
return(0);
}
private static int getOrganizationId()
{
using (DotWebDb context = new DotWebDb())
{
Organization name = context.Organizations.FirstOrDefault(o => o.Name == "ENG");
if (name != null)
{
return(name.Id);
}
}
return(0);
}
protected void btnCreateUser_Click(object sender, EventArgs e)
{
try
{
using (var context = new IdentityDb())
{
var userStore = new UserStore <IdentityUser>(context);
var userManager = new UserManager <IdentityUser>(userStore);
var user = new IdentityUser()
{
UserName = tbUserName.Text, Email = tbEmail.Text
};
IdentityResult result = userManager.Create(user, tbPassword.Text);
if (result.Succeeded)
{
using (var appContext = new DotWebDb())
{
var appUser = new User()
{
Id = user.Id,
UserName = user.UserName,
Email = user.Email,
FirstName = tbFirstName.Text,
LastName = tbLastName.Text,
OrganizationId = cbOrganization.SelectedItem == null ? null : (int?)int.Parse(cbOrganization.SelectedItem.Value.ToString())
};
appContext.Users.Add(appUser);
appContext.SaveChanges();
}
Response.Redirect(Request.QueryString["ReturnUrl"] ?? "~/Admin/Users.aspx");
}
else
{
lblError.Text = "";
foreach (var error in result.Errors)
{
lblError.Text += error;
}
divError.Attributes["class"] = "form-field visible";
}
}
}
catch (Exception ex)
{
lblError.Text = ex.Message;
divError.Attributes["class"] = "form-field visible";
}
}
void Session_Start(object sender, EventArgs e)
{
if (HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.Session["user"] == null)
{
using (var appContext = new DotWebDb())
{
var appUser = appContext.Users.SingleOrDefault(u => u.UserName.Equals(HttpContext.Current.User.Identity.Name, StringComparison.InvariantCultureIgnoreCase));
if (appUser != null)
{
Session["user"] = appUser;
}
}
}
}
public static string CheckUser(string password)
{
if (string.IsNullOrEmpty(password))
{
return("");
}
using (DotWebDb context = new DotWebDb())
{
int organizationId = getOrganizationId();
User user = context.Users.Where(p => p.OrganizationId == organizationId && p.AuthKey == password).FirstOrDefault();
if (user != null)
{
return(user.UserName);
}
}
return("");
}
public static List <User> RetrieveUsersByGroupId(string groupId)
{
using (DotWebDb context = new DotWebDb())
{
int[] userIdArray;
string sql = "SELECT DISTINCT UserId FROM UserGroupMembers WHERE GroupId = @GroupId";
using (SqlConnection con = new SqlConnection(context.Database.Connection.ConnectionString))
{
if (con.State == ConnectionState.Closed)
{
con.Open();
}
using (SqlCommand cmd = new SqlCommand(sql, con))
{
cmd.Parameters.AddWithValue("@GroupId", groupId);
cmd.CommandTimeout = 7000;
DataSet dsData = new DataSet();
new SqlDataAdapter(cmd).Fill(dsData);
userIdArray = new int[dsData.Tables[0].Rows.Count];
if (dsData.Tables[0].Rows.Count > 0)
{
for (int i = 0; i < dsData.Tables[0].Rows.Count; i++)
{
userIdArray[i] = Convert.ToInt32(dsData.Tables[0].Rows[i][0]);
}
}
}
}
List <User> lUsers = (from a in context.Users
where userIdArray.Contains(a.UserId)
select a).ToList();
return(lUsers);
}
}
public static List <PermissionType> GetPermissions(User user, string url, int appId)
{
var result = new List <PermissionType>();
var accessRights = new List <AccessRight>();
using (var context = new DotWebDb())
{
// Get group membership
var membership = context.UserGroupMembers.Include(m => m.Group)
.Where(m => m.UserId == user.Id && m.Group.AppId == appId).ToList();
// Add everyone
var everyone = context.UserGroups.SingleOrDefault(g => g.AppId == appId && g.GroupName.Equals(Constants.Everyone, StringComparison.InvariantCultureIgnoreCase));
if (everyone != null)
{
membership.Add(new UserGroupMembers()
{
UserId = user.Id, Group = everyone
});
}
// extract its id
var sb = new StringBuilder();
foreach (var mbr in membership)
{
sb = sb.AppendFormat("{0},", mbr.Group.Id);
}
var gids = sb.ToString();
// Get module and module group of the URL
Module module = null;
if (!url.EndsWith(".aspx"))
{
var strs = url.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
if (strs.Length == 2)
{
var moduleName = strs[0];
module = context.Modules.Include(m => m.Group).SingleOrDefault(m => m.ModuleType == ModuleType.AutoGenerated && m.TableName.Equals(moduleName, StringComparison.InvariantCultureIgnoreCase) &&
m.Group.AppId == appId);
}
}
if (module == null)
{
module = context.Modules.Include(m => m.Group).SingleOrDefault(m => m.ModuleType == ModuleType.CustomUrl && m.Url.Equals(url, StringComparison.InvariantCultureIgnoreCase));
}
// Get access rights for module and module groups
if (module != null)
{
// user - module access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.Module && r.SecuredObjectId == module.Id &&
r.PrincipalType == PrincipalType.User && r.PrincipalId == user.Id).ToList());
// user - module group access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.ModuleGroup && r.SecuredObjectId == module.Group.Id &&
r.PrincipalType == PrincipalType.User && r.PrincipalId == user.Id).ToList());
// user group - module access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.Module && r.SecuredObjectId == module.Id &&
r.PrincipalType == PrincipalType.Group && gids.Contains(r.PrincipalId)).ToList());
// user group - module group access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.ModuleGroup && r.SecuredObjectId == module.Group.Id &&
r.PrincipalType == PrincipalType.Group && gids.Contains(r.PrincipalId)).ToList());
}
// user - app access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.App && r.SecuredObjectId == appId &&
r.PrincipalType == PrincipalType.User && r.PrincipalId == user.Id).ToList());
// user group - app access rights
accessRights.AddRange(context.AccessRights.Include(r => r.Role.Permissions).Where(r => r.SecuredObjectType == SecuredObjectType.App && r.SecuredObjectId == appId &&
r.PrincipalType == PrincipalType.Group && gids.Contains(r.PrincipalId)).ToList());
}
foreach (var accessRight in accessRights)
{
foreach (var permission in accessRight.Role.Permissions)
{
if (!result.Contains(permission.PermissionType))
{
result.Add(permission.PermissionType);
}
}
}
return(result);
}
