Example #1
0
        public bool DeleteDB()
        {
            bool deleted = false;

            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            var permission = Permissions.DeleteAll.ToString().ToLower();

            /// audit both successfull and failed authorization checks
            if (principal.IsInRole(permission))
            {
                value = 0;
                Console.WriteLine("DeleteDB() passed for user {0}.", principal.Identity.Name);
                deleted = true;
            }
            else
            {
                Console.WriteLine("DeleteDB() failed for user {0}.", principal.Identity.Name);
            }

            return(deleted);
        }
Example #2
0
        public bool ModifyDB(int newValue)
        {
            bool modified = false;

            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            var permission = Permissions.Modify.ToString().ToLower();

            /// audit both successfull and failed authorization checks
            if (principal.IsInRole(permission))
            {
                value = newValue;
                Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name);
                modified = true;
            }
            else
            {
                Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name);
            }

            return(modified);
        }
Example #3
0
        public bool DeleteEntityDB(int id)
        {
            bool deleted = false;

            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            var permission = Permissions.Delete.ToString().ToLower();

            /// audit both successfull and failed authorization checks
            if (principal.IsInRole(permission))
            {
                Console.WriteLine("DeleteEntityDB() passed for user {0}.", principal.Identity.Name);
                DataBase.DeleteEntity(id);
                deleted = true;
                logger.Log(principal.Identity.Name, "DeleteEntityDB", "", EventType.AuthorizationSuccess);
            }
            else
            {
                logger.Log(principal.Identity.Name, "DeleteEntityDB", permission, EventType.AuthorizationFailure);
                Console.WriteLine("DeleteEntityDB() failed for user {0}.", principal.Identity.Name);
            }

            return(deleted);
        }
Example #4
0
        public bool ModifyReading(double newValue, int id)
        {
            bool modified = false;

            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            var permission = Permissions.Modify.ToString().ToLower();

            /// audit both successfull and failed authorization checks
            if (principal.IsInRole(permission))
            {
                Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name);
                DataBase.ModifyReading(id, newValue);
                modified = true;
                logger.Log(principal.Identity.Name, "ModifyReading", "", EventType.AuthorizationSuccess);
            }
            else
            {
                logger.Log(principal.Identity.Name, "ModifyReading", permission, EventType.AuthorizationFailure);
                Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name);
            }

            return(modified);
        }
        public void ModifyDiscount(int discount)
        {
            string          clientUsername = GetClientUserName();
            CustomPrincipal principal      = Thread.CurrentPrincipal as CustomPrincipal;

            if (principal.IsInRole("Admin"))
            {
                Console.WriteLine("\nModifying discount...");

                Database.Discount = discount;
                Database.WriteDiscount();

                try
                {
                    Audit.ChangeSuccess(clientUsername, "discount.");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }
            }
            else
            {
                try
                {
                    Audit.AuthorizationFailed(GetClientUserName(), "Modify Discount",
                                              $"Modify Discount can be used only by user in the Admin group.");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                ErrorMessage("Admin", "Modify Discount");
            }
        }
        public bool CheckIfReservationCanBePaied(int reservationsId)
        {
            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
            {
                string clientUsername = GetClientUserName();
                string clientRole     = GetClientRole();
                foreach (User u in Database.users)
                {
                    if (u.Username.Equals(clientUsername))
                    {
                        foreach (Reservation r in u.Reservations)
                        {
                            if (r.Id.Equals(reservationsId))
                            {
                                foreach (Performance p in Database.performances)
                                {
                                    if (p.Id.Equals(r.PerformanceId))
                                    {
                                        if (r.State.Equals(ReservationState.UNPAID))
                                        {
                                            if (clientRole.Equals("Korisnik"))
                                            {
                                                if (u.Balance >= r.TicketQuantity * p.TicketPrice)
                                                {
                                                    return(true);
                                                }
                                            }
                                            else
                                            {
                                                if (u.Balance >= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100))
                                                {
                                                    return(true);
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }

                try
                {
                    Audit.MethodCallFailed(GetClientUserName(), "Pay Reservation",
                                           $"User did not enter a valid id of reservation.");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                return(false);
            }
            else
            {
                try
                {
                    Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation",
                                              $"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation");
                return(false);
            }
        }
        public void PayReservation(int reservationsId)
        {
            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
            {
                string clientUsername = GetClientUserName();
                string clientRole     = GetClientRole();
                Console.WriteLine("\nPaying reservation...");
                foreach (User u in Database.users)
                {
                    if (u.Username.Equals(clientUsername))
                    {
                        foreach (Reservation r in u.Reservations)
                        {
                            foreach (Performance p in Database.performances)
                            {
                                if (p.Id.Equals(r.PerformanceId))
                                {
                                    if (r.Id.Equals(reservationsId))
                                    {
                                        if (clientRole.Equals("Korisnik"))
                                        {
                                            u.Balance -= r.TicketQuantity * p.TicketPrice;
                                            try
                                            {
                                                Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance.");
                                            }
                                            catch (Exception e)
                                            {
                                                Console.WriteLine(e.Message);
                                            }
                                        }
                                        else
                                        {
                                            u.Balance -= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100);
                                            try
                                            {
                                                Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance.");
                                            }
                                            catch (Exception e)
                                            {
                                                Console.WriteLine(e.Message);
                                            }
                                        }

                                        for (int i = 0; i < u.Reservations.Count(); i++)
                                        {
                                            if (u.Reservations[i].Id.Equals(reservationsId))
                                            {
                                                u.Reservations[i].State = ReservationState.PAID;

                                                try
                                                {
                                                    Audit.PayReservationSuccess(clientUsername, ReservationState.UNPAID.ToString(), ReservationState.PAID.ToString());
                                                }
                                                catch (Exception e)
                                                {
                                                    Console.WriteLine(e.Message);
                                                }

                                                Database.WriteReservations();
                                                Database.WriteUsers();
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            else
            {
                try
                {
                    Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation",
                                              $"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }

                ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation");
            }
        }
        public bool CheckIfPerformanceExists(int id, int methodID)
        {
            CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal;

            if (methodID == 2)
            {
                if (principal.IsInRole("Admin"))
                {
                    foreach (Performance p in Database.performances)
                    {
                        if (p.Id.Equals(id))
                        {
                            return(true);
                        }
                    }

                    try
                    {
                        Audit.MethodCallFailed(GetClientUserName(), "Modify Performance",
                                               $"User did not enter a valid id of perfrormance.");
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e.Message);
                    }

                    return(false);
                }
                else
                {
                    try
                    {
                        Audit.AuthorizationFailed(GetClientUserName(), "Modify Performance",
                                                  $"Modify performance can be used only by user in the Admin group.");
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e.Message);
                    }

                    ErrorMessage("Admin", "Modify Performance");
                    return(false);
                }
            }
            else
            {
                if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik"))
                {
                    foreach (Performance p in Database.performances)
                    {
                        if (p.Id.Equals(id))
                        {
                            return(true);
                        }
                    }

                    try
                    {
                        Audit.MethodCallFailed(GetClientUserName(), "Make Reservation",
                                               $"User did not enter a valid id of perfrormance.");
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e.Message);
                    }

                    return(false);
                }
                else
                {
                    try
                    {
                        Audit.AuthorizationFailed(GetClientUserName(), "Make Reservation",
                                                  $"Make Reservation can be used only by user in the Korisnik or SuperKorisnik group.");
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e.Message);
                    }

                    ErrorMessage("Korisnik or SuperKorisnik", "Make Reservation");
                    return(false);
                }
            }
        }