public bool CheckPersonHasProjects(Person person, int timePeriodId) { if (person.profile.PersonID <= 0) { // a non-person cannot sponsor a project return false; } using (var tdb = new Trips4.Data.Models.TRIPSEntities()) { var found = tdb.CheckPersonSponsorsProject(person.profile.PersonID, null, timePeriodId).FirstOrDefault(); if (found == null) { throw new Exception("CheckPersonSponsorsProject did not return a result."); } return found.Value; } }
public bool CheckPersonHasProjects(Person person, int timePeriodId) { if (person != null) { SqlCommand cmd = new SqlCommand("[dbo].[CheckPersonSponsorsProject]"); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@PersonId", person.profile.PersonID.Equals(default(int)) ? (object)DBNull.Value : person.profile.PersonID); cmd.Parameters.AddWithValue("@PersonGuid", person.profile.PersonGUID.Equals(default(Guid)) ? (object)DBNull.Value : person.profile.PersonGUID); if (!timePeriodId.Equals(default(int))) cmd.Parameters.AddWithValue("@TimePeriodId", timePeriodId); using (IDataReader rdr = this.ExecuteReader(cmd)) { //be sure we got a reader while (rdr.Read()) { person.HasProjects = rdr["SponsorsProject"].ToString().SmartParseDefault<bool>(default(bool)); } } return person.HasProjects; } return false; }
public Person GetUserByID(Guid guid, bool loadRoles) { var person = new Person(); // get Person data from Trips using (var tdb = new Trips4.Data.Models.TRIPSEntities()) { var found = tdb.GetPersonById(null, guid).FirstOrDefault(); if (found == null) { Logger.Info("Person not found (so he cannot sponsor projects) " + guid.ToString()); } else { Debug.Assert(found.PersonGUID == guid); person.profile.PersonID = found.PersonID; person.HasProjects = found.SponsorsProject ?? false; person.SponsorOrganizationId = found.SponsorOrganizationId ?? 0; person.SponsorOrganizationName = found.SponsorOrganization; } if (person.HasProjects) { person.SponsoredProjectVersionIds.AddRange(tdb.GetPersonsProjectVersionIds(person.profile.PersonID).Select(x => x.Value)); } } // get profile data from Trips_User using (var tudb = new Trips4.Data.Models.TRIPS_UserEntities()) { var found = tudb.GetUserById(guid).FirstOrDefault(); if (found == null) { throw new Exception("User not found " + guid.ToString()); } Debug.Assert(guid == found.UserId.Value); person.profile.PersonGUID = found.UserId.Value; person.profile.FirstName = found.FirstName; person.profile.LastName = found.LastName; person.profile.Phone = found.PrimaryContact; person.profile.RecoveryEmail = found.LoweredEmail; // TODO: is this true? person.profile.UserName = found.UserName; } // get roles from RoleProvider if (loadRoles) { var roles = Roles.GetRolesForUser(person.profile.UserName); person.profile.Roles.AddRange(roles); } return person; }
public void LoadPerson(ref Person person) { UserRepository.LoadPerson(ref person); }
public bool CheckPersonHasProjects(Person person, int timePeriodId) { return UserRepository.CheckPersonHasProjects(person, timePeriodId); }
/// <summary> /// Base constructor that just creates a new empty /// Account /// </summary> public AccountDetailModel() { AccountDetail = new Person(); this.CanEdit = false; }
public BaseViewModel() { Current = new DRCOG.Domain.Models.Survey.Survey(); Person = new Person(); }
public ActionResult Index(LoginViewModel viewModel, string returnUrl) { LogOnModel model = viewModel.LogOnModel; try { LoadSession(); if (GuestUser(model)) { return base.SetAuthCookie(model, returnUrl); } viewModel.RefreshAssemblyVersion(); if (ModelState.IsValid) { this.LoadSession(); Person person = new Person(model.UserName); // First try to authenicate through service if (Membership.ValidateUser(model.UserName, model.Password)) { return base.SetAuthCookie(model, returnUrl); } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); string exceptionMessage; bool isApproved = UserService.GetUserApproval(model.UserName); if (isApproved) exceptionMessage = "The user name or password provided is incorrect."; else exceptionMessage = "Your account has not been activated. Please click on the link in your verification email or use the link above to resend the verification email to this email address."; //ModelState.AddModelError("", exceptionMessage); viewModel.Message = exceptionMessage; } } else { //pass back the Error viewModel.Message = "User name and password must be entered."; } return View(viewModel); } catch (SqlException sqlex) { //Send to Error Message on Login view viewModel.Message = "A database has occurred while attempting to log you into the system."; return View(viewModel); } catch (Exception ex) { ErrorViewModel error = new ErrorViewModel(ex + "An unexpected error has occurred while attempting to log you into the system.", "This error has been logged.", ex, this.ControllerName, "Index - Post"); return View("CustomError", error); } }
public void LoadPerson(Person person) { SqlCommand cmd = new SqlCommand("[dbo].[GetPersonById]"); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.AddWithValue("@PersonId", person.profile.PersonID.Equals(default(int)) ? (object)DBNull.Value : person.profile.PersonID); cmd.Parameters.AddWithValue("@PersonGuid", person.profile.PersonGUID.Equals(default(Guid)) ? (object)DBNull.Value : person.profile.PersonGUID); using (IDataReader rdr = this.ExecuteReader(cmd)) { //be sure we got a reader while (rdr.Read()) { person.profile.PersonGUID = rdr["PersonGUID"].ToString().SmartParseDefault<Guid>(default(Guid)); person.profile.PersonID = rdr["PersonID"].ToString().SmartParseDefault<int>(default(int)); person.HasProjects = rdr["SponsorsProject"].ToString().SmartParseDefault<bool>(default(bool)); person.SponsorOrganizationId = rdr["SponsorOrganizationId"].ToString().SmartParseDefault<int>(default(int)); person.SponsorOrganizationName = rdr["SponsorOrganization"].ToString(); } } if (person.HasProjects) { person.SponsoredProjectVersionIds = this.SponsoredProjectVersionIds(person.profile.PersonID); } if (person.profile.PersonID.Equals(default(int)) && !person.profile.PersonGUID.Equals(default(Guid))) { Logger.Error("Person has a GUID but no entry in Person Table."); //CreatePerson(ref person.profile); } }
public Person GetUserByEmail(string emailAddress, bool loadRoles) { var found = Membership.FindUsersByEmail(emailAddress); if (found.Count == 0) { throw new Exception("Email not found."); } if (found.Count > 1) { Logger.Error("Multiple users found with email address {0}", emailAddress); throw new Exception("Multiple users found with email address " + emailAddress); } var users = new MembershipUser[1]; found.CopyTo(users, 0); var user = users[0]; var person = new Person(); person.IsApproved = user.IsApproved; return person; }
public ApplicationState() { CurrentUser = new Person(); }
/// <summary> /// Check the role authorization /// </summary> /// <param name="filterContext"></param> public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } //See if the session is active HttpContextBase ctx = filterContext.HttpContext; if (ctx.Session != null && HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; if (ctx.Session.IsNewSession && !ticket.IsPersistent) { // from: http://www.tyronedavisjr.com/index.php/2008/11/23/detecting-session-timeouts-using-a-aspnet-mvc-action-filter/ // If it says it is a new session, but an existing cookie exists, then it must // have timed out string sessionCookie = ctx.Request.Headers["Cookie"]; if ((null != sessionCookie) && (sessionCookie.IndexOf("ASP.NET_SessionId") >= 0)) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "message", "Session Timed Out" }, { "controller", "Login" }, { "action", "index" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); } } else { //an existing session... ApplicationState appState = this.GetSession(filterContext.HttpContext); Person user; if (ticket.IsPersistent) { user = new Person(HttpContext.Current.User.Identity.Name); user.Load(); user.profile = ProfileService.GetUserProfile(user.profile.UserName, Common.Services.MemberShipServiceSupport.MembershipProviderType.DRCOG); appState.CurrentUser = user; } else { user = appState.CurrentUser; if (user == null || String.IsNullOrEmpty(user.profile.UserName)) { user = new Person(HttpContext.Current.User.Identity.Name); user.Load(); user.profile = ProfileService.GetUserProfile(user.profile.UserName, Common.Services.MemberShipServiceSupport.MembershipProviderType.DRCOG); appState.CurrentUser = user; } } user.profile.Roles["TripsRoleProvider"] = ProfileService.GetRolesForUser(user.profile.UserName, Common.Services.MemberShipServiceSupport.RoleProviderType.TRIPS); //user.LoadRoles(HttpContext.Current.User); if (user.SponsorsProject()) { user.AddRole("Sponsor"); } //user.AddRole("Sponsor"); //Check if user is in the authorized roles if (_rolesSplit.Length > 0 && !_rolesSplit.Any(user.IsInRole)) { //User not in role - unauthorized access attempt (or we messed up and exposed a link to the wrong class of user UnauthorizedViewModel model = new UnauthorizedViewModel(); //model.CurrentUser = user; //model.Message = String.Join(",", user.profile.Roles) + " The resource you attempted to access is restricted. This access attempt has been logged."; model.Message = Roles + " The resource you attempted to access is restricted. This access attempt has been logged."; ViewDataDictionary viewData = new ViewDataDictionary(model); filterContext.Result = new ViewResult { ViewName = "~/Views/Error/Unauthorized.aspx", ViewData = viewData }; //If the controller is not null, use it's logger! if (filterContext.Controller != null) { DRCOG.Web.Controllers.ControllerBase ctl = filterContext.Controller as DRCOG.Web.Controllers.ControllerBase; //ctl.Logger.Log.Warn("Unauthorized attempt to access " + filterContext.HttpContext.Request.RawUrl + " by " + user.Login); } } else { //User is in the role... let'er rip // ** IMPORTANT ** (Note from the Microsoft AuthorizeAttribute source code // Since we're performing authorization at the action level, the authorization code runs // after the output caching module. In the worst case this could allow an authorized user // to cause the page to be cached, then an unauthorized user would later be served the // cached page. We work around this by telling proxies not to cache the sensitive page, // then we hook our custom authorization code into the caching mechanism so that we have // the final say on whether a page should be served from the cache. HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache; cachePolicy.SetProxyMaxAge(new TimeSpan(0)); cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */); } } } else { //Null session filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "message", "You must login before accessing that page." }, { "controller", "Login" }, { "action", "index" }, { "ReturnUrl", filterContext.HttpContext.Request.RawUrl } }); } }