/// <summary>
/// Set ViewBag collection return to view.
/// </summary>
/// <param name="nisan"></param>
private void SetViewBag(Nisan nisan)
{
ViewBag.StatusId = new SelectList(db.Statuses.Where(s => s.StockTypeId == HLGranite.Mvc.Models.StockType.NISAN_TYPE_ID), "Id", "Name", nisan.StatusId);
ViewBag.StockId = new SelectList(db.Stocks.Where(s => s.StockTypeId == HLGranite.Mvc.Models.StockType.NISAN_TYPE_ID && s.Active == true).OrderBy(s => s.Name), "Id", "Name", nisan.StockId);
ViewBag.AssigneeId = new SelectList(db.Users.Where(u => (u.UserTypeId == HLGranite.Mvc.Models.User.STAFF_TYPE_ID || u.UserTypeId == HLGranite.Mvc.Models.User.ADMIN_TYPE_ID) && u.Active == true).OrderBy(u => u.UserName), "Id", "DisplayName", nisan.AssigneeId);
HLGranite.Mvc.Models.User user = db.Users.Where(u => u.UserName == User.Identity.Name).FirstOrDefault();
if (user != null)
{
if (user.UserTypeId != Models.User.ADMIN_TYPE_ID && user.UserTypeId != Models.User.STAFF_TYPE_ID)
ViewBag.SoldToId = new SelectList(db.Users.Where(u => u.UserTypeId == HLGranite.Mvc.Models.User.AGENT_TYPE_ID || u.UserTypeId == HLGranite.Mvc.Models.User.CUSTOMER_TYPE_ID).OrderBy(u => u.UserName), "Id", "DisplayName", nisan.SoldToId);
else
ViewBag.SoldToId = new SelectList(db.Users.Where(u => u.UserTypeId == HLGranite.Mvc.Models.User.AGENT_TYPE_ID).OrderBy(u => u.UserName), "Id", "DisplayName", nisan.SoldToId);
}
ViewBag.MuslimMonth = MuslimMonthList;
}
private void LogActivity(Nisan nisan)
{
HLGranite.Mvc.Models.User user = db.Users.Where(u => u.UserName.Equals(User.Identity.Name)).FirstOrDefault();
Activity activity = db.Activities.Create();
activity.WorkItemId = nisan.WorkItemId;
activity.Date = DateTime.Now;
activity.StatusId = nisan.StatusId;
if (user != null) activity.UserId = user.Id;
db.Activities.Add(activity);
}
public ActionResult Create(Nisan nisan)
{
if (ModelState.IsValid)
{
WorkItem workItem = db.WorkItems.Create();
db.WorkItems.Add(workItem);
nisan.WorkItemId = workItem.Id;
db.Nisans.Add(nisan);
LogActivity(nisan);
db.SaveChanges();
return RedirectToAction("Index");
}
SetViewBag(nisan);
return View(nisan);
}
public ActionResult Edit(Nisan nisan)
{
if (ModelState.IsValid)
{
// put loggin person as assignee after submit (normally submit is the second status after save or new).
List<Status> statuses = db.Statuses.Where(s => s.StockTypeId == StockType.NISAN_TYPE_ID).Take(3).ToList();
Status status = statuses[2];
if (nisan.AssigneeId == null || nisan.AssigneeId == 0)
{
if (nisan.StatusId >= status.Id)
{
Mvc.Models.User assignee = db.Users.Where(u => u.UserName == User.Identity.Name).FirstOrDefault();
if (assignee != null) nisan.AssigneeId = assignee.Id;
}
}
nisan.WorkItem = db.WorkItems.Where(w => w.Id.Equals(nisan.WorkItemId)).First();
db.Entry(nisan).State = EntityState.Modified;
LogActivity(nisan);
db.SaveChanges();
return RedirectToAction("Index");
}
SetViewBag(nisan);
return View(nisan);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool canView = false;
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
// the user is either not authenticated or
// not in roles => no need to continue any further
return(false);
}
// get the currently logged on user
var username = httpContext.User.Identity.Name;
// get the id of the article that he is trying to manipulate
// from the route data (this assumes that the id is passed as a route
// data parameter: /foo/edit/123). If this is not the case and you
// are using query string parameters you could fetch the id using the Request
//var id = httpContext.Request.RequestContext.RouteData.Values["id"] as string;
// Now that we have the current user and the id of the article he
// is trying to manipualte all that's left is go ahead and look in
// our database to see if this user is the owner of the article
HLGranite.Mvc.Models.hlgraniteEntities db = new HLGranite.Mvc.Models.hlgraniteEntities();
HLGranite.Mvc.Models.User user = db.Users.Where(u => u.UserName.Equals(username)).FirstOrDefault();
if (user == null)
{
return(false);
}
canView = user.IsAdmin;
// check whether the order is belonged to login user
if (!canView)
{
string controller = httpContext.Request.RequestContext.RouteData.Values.First().Value.ToString();
int id = Convert.ToInt32(httpContext.Request.RequestContext.RouteData.Values["id"]);
switch (controller)
{
case "Nisan":
if (!canView)
{
canView = (user.UserTypeId == HLGranite.Mvc.Models.User.STAFF_TYPE_ID);
}
if (!canView)
{
Nisan nisan = db.Nisans.Where(n => n.Id == id).FirstOrDefault();
if (nisan != null)
{
canView = (nisan.SoldTo.UserName == username);
}
}
break;
case "Tomb":
if (!canView)
{
canView = (user.Id == HLGranite.Mvc.Models.User.STAFF_TYPE_ID);
}
break;
case "Renovation":
if (!canView)
{
canView = (user.Id == HLGranite.Mvc.Models.User.STAFF_TYPE_ID);
}
break;
case "User":
User profile = db.Users.Where(u => u.Id == id).FirstOrDefault();
if (profile != null)
{
canView = (profile.Id == user.Id);
}
break;
}
}
return(canView);
}