protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) { return(false); } var myAppEntities = new MyAppEntities(); var userRoles = new UserRole(); var rd = httpContext.Request.RequestContext.RouteData; if (Access == null) { Access = rd.GetRequiredString("action"); } string controllerName = rd.GetRequiredString("controller"); var UserID = MyAppHelper.GetUserIdentityValue(httpContext.User, ClaimTypes.NameIdentifier); var access = myAppEntities.UserRole.Where(a => a.Users.userid == UserID).Where(a => a.Roles.controller == controllerName).FirstOrDefault(); httpContext.Items["Access"] = access; if (Access == AuthorizeUserType.View || Access == "Details") { return(access.allow_view); } else if (Access == AuthorizeUserType.Add) { return(access.allow_add); } else if (Access == AuthorizeUserType.Edit) { return(access.allow_edit); } else if (Access == AuthorizeUserType.Delete) { return(access.allow_delete); } else if (Access == AuthorizeUserType.Print) { return(access.allow_print); } else if (Access == AuthorizeUserType.Custom) { return(access.allow_custom); } else { return(false); } }
// GET: Login public ActionResult Login(Users user) { if (AuthenticationManager.User.Identity.IsAuthenticated) { return(RedirectToAction("Index", "Home")); } if (user.userid == null) { return(View()); } MyAppEntities myAppEntities = new MyAppEntities(); var pass = MyAppHelper.GetHashMD5(user.password); var usr = myAppEntities.Users.Where(a => a.userid == user.userid).FirstOrDefault(); if (usr != null) { bool verify = false; try{ verify = BCrypt.Net.BCrypt.Verify(user.password, usr.password); } catch { verify = MyAppHelper.GetHashMD5(user.password) == user.password; } if (verify) { var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.NameIdentifier, usr.userid)); claims.Add(new Claim(ClaimTypes.Name, usr.name)); claims.Add(new Claim(ClaimTypes.Email, usr.email)); var identity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); AuthenticationManager.SignIn(new AuthenticationProperties() { AllowRefresh = true, IsPersistent = false, ExpiresUtc = DateTime.UtcNow.AddDays(7) }, identity); return(RedirectToAction("Index", "Home")); } else { TempData["Message"] = "Login Failed, Password wrong!"; return(View()); } } else { TempData["Message"] = "Login Failed, Email not found!"; return(View()); } }
public async Task <ActionResult> Create(PatientView view) { var userId = await GetUserId(); var response = await UsersHelper.HavePermisionToAction(userId, "Patients", 3); if (!response) { return(View("Error")); } if (ModelState.IsValid) { //var doctor = await _db.Doctors.FirstOrDefaultAsync(p => p.UserId == userId); //if (doctor == null) //{ // return RedirectToAction("CreateDoctorInformation", "Authors", new { area = "Configurations" }); //} var pic = string.Empty; const string folder = "~/Content/Patients"; if (view.ImageFile != null) { pic = Files.UploadPhoto(view.ImageFile, folder, ""); pic = string.Format("{0}/{1}", folder, pic); } var person = ToPeople(view); person.Imagen = pic; if (person.Tel != null) { person.Tel = Strings.RemoveCharacters(person.Tel); } if (person.Cel != null) { person.Cel = Strings.RemoveCharacters(person.Cel); } if (person.Rnc != null) { person.Rnc = Strings.RemoveCharacters(person.Rnc); } // person.AuthorId = doctor.User.AuthorId; person.StatusId = 1; _db.People.Add(person); await _db.SaveChangesAsync(); var patient = ToPatient(view); patient.PersonId = person.PersonId; patient.Record = MyAppHelper.GenerateRecord(person.AuthorId); //if (string.IsNullOrEmpty(view.Record2)) //{ // patient.Record2 = doctor.Prefix + patient.Record.ToString("00000"); //} _db.Patients.Add(patient); //var customer = new Customer //{ // CreditAmount=0,DebAmount=0,WastedAmount=0,Name=view.Name,LastName=view.LastName //}; //customer.PersonId = person.PersonId; //customer.Code = MyAppHelper.GenerateRecord(doctor.User.AuthorId, 2); //_db.Customers.Add(customer); try { await _db.SaveChangesAsync(); } catch (Exception e) { Console.WriteLine(e); throw; } return(RedirectToAction(string.Format("Details/{0}", patient.PatientId))); } // ViewBag.AuthorId = view.AuthorId; ViewBag.CountryId = new SelectList(_db.Countries, "CountryId", "NAme", view.CountryId); ViewBag.GenderId = new SelectList(_db.Genders.OrderBy(o => o.GenderId), "GenderId", "Name", view.GenderId); ViewBag.MaritalSituationId = new SelectList(_db.MaritalSituations.OrderBy(m => m.MaritalSituationId), "MaritalSituationId", "Name", view.MaritalSituationId); ViewBag.OcupationId = new SelectList(_db.Ocupations, "OcupationId", "Name", view.OcupationId); ViewBag.ReligionId = new SelectList(_db.Religions.OrderBy(o => o.ReligionId), "ReligionId", "Name", view.ReligionId); // ViewBag.StatusId = view.StatusId; ViewBag.BloodTypeId = new SelectList(_db.BloodTypes, "BloodTypeId", "Name", view.BloodTypeId); ViewBag.InsuranceId = new SelectList(_db.Insurances, "InsuranceId", "Name", view.InsuranceId); // ViewBag.PersonId = view.PersonId; ViewBag.SchoolLevelId = new SelectList(_db.SchoolLevels, "SchoolLevelId", "Name", view.SchoolLevelId); return(View(view)); }