/// <summary>
/// Simply determine if the user has the necessary roles to execute the ActionResult that inherits this attribute.
/// </summary>
/// <param name="httpContext">http context</param>
/// <returns>bool, if false redirects user to login page.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string RedirectController = "Dashboard";
bool HashAllRoles = true;
Chimera.Entities.Admin.AdminUser AdminUser = Models.AdminUser.GetFromSession(httpContext.Request);
//only allow people to view these pages if they are in the process of ordering IDOS stuff
if (AdminUser != null)
{
//if they don't contain the admin all role then check their roles vs the required role from the action result.
if (!AdminUser.RoleList.Contains("admin-all"))
{
//check to make sure the user has all the necessary roles to continue.
string[] RoleArray = !string.IsNullOrWhiteSpace(Admin_User_Roles) ? Admin_User_Roles.Split(';') : null;
if (RoleArray != null && RoleArray.Length > 0)
{
foreach (var Role in RoleArray)
{
if (!AdminUser.RoleList.Contains(Role))
{
HashAllRoles = false;
break;
}
}
}
}
//if true then no special roles were required or they had all the roles.
if (HashAllRoles)
{
return(true);
}
}
else
{
RedirectController = "Home";
}
System.Web.Mvc.UrlHelper UrlHelper = new UrlHelper(((System.Web.Mvc.MvcHandler)HttpContext.Current.CurrentHandler).RequestContext);
String RedirectUrl = UrlHelper.Action("Index", RedirectController, null, UrlHelper.RequestContext.HttpContext.Request.Url.Scheme);
httpContext.Response.Redirect(RedirectUrl, true);
return(false);
}
/// <summary>
/// Called when the user attempts to login with their admin credentials.
/// </summary>
/// <param name="request">The request so we can access the session & get the variables.</param>
/// <param name="username">username from controller.</param>
/// <param name="password">password from controller.</param>
/// <returns>bool.</returns>
public static bool AttemptLogin(HttpRequestBase request, string username, string password)
{
Chimera.Entities.Admin.AdminUser AdminUser = AdminUserDAO.LoadByAttemptLogin(username, password);
//if true then this is a valid login.
if (AdminUser != null && !AdminUser.Id.Equals(ObjectId.Empty) && username.ToUpper().Equals(AdminUser.Username.ToUpper()))
{
//add user to session.
AddToSession(request, AdminUser);
return(true);
}
return(false);
}
/// <summary>
/// Load either the admin user from database or a new admin user.
/// </summary>
/// <param name="id"></param>
/// <param name="username"></param>
/// <param name="active"></param>
/// <returns></returns>
public static Chimera.Entities.Admin.AdminUser LoadAdminUserForSaving(string id, string username, bool active)
{
Chimera.Entities.Admin.AdminUser AdminUser = new Chimera.Entities.Admin.AdminUser();
//if id field not empty load the user we are editing
if (!id.Equals(string.Empty))
{
AdminUser = Chimera.DataAccess.AdminUserDAO.LoadByBsonId(new MongoDB.Bson.ObjectId(id));
}
//else set the username of the new user
else
{
AdminUser.Username = username;
}
AdminUser.Active = active;
return AdminUser;
}
/// <summary>
/// Load either the admin user from database or a new admin user.
/// </summary>
/// <param name="id"></param>
/// <param name="username"></param>
/// <param name="active"></param>
/// <returns></returns>
public static Chimera.Entities.Admin.AdminUser LoadAdminUserForSaving(string id, string username, bool active)
{
Chimera.Entities.Admin.AdminUser AdminUser = new Chimera.Entities.Admin.AdminUser();
//if id field not empty load the user we are editing
if (!id.Equals(string.Empty))
{
AdminUser = Chimera.DataAccess.AdminUserDAO.LoadByBsonId(new MongoDB.Bson.ObjectId(id));
}
//else set the username of the new user
else
{
AdminUser.Username = username;
}
AdminUser.Active = active;
return(AdminUser);
}
/// <summary>
/// Simply add an admin user to the session.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="adminuser">The admin user to add.</param>
private static void AddToSession(HttpRequestBase request, Chimera.Entities.Admin.AdminUser adminuser)
{
request.RequestContext.HttpContext.Session[SESSION_KEY] = adminuser;
}
public ActionResult Edit_Post()
{
try
{
string id = !string.IsNullOrWhiteSpace(Request["id"]) ? Request["id"] : string.Empty;
string username = !string.IsNullOrWhiteSpace(Request["username"]) ? Request["username"] : string.Empty;
string email = !string.IsNullOrWhiteSpace(Request["email"]) ? Request["email"] : string.Empty;
string password = !string.IsNullOrWhiteSpace(Request["password"]) ? Request["password"] : string.Empty;
string passwordrepeat = !string.IsNullOrWhiteSpace(Request["passwordrepeat"]) ? Request["passwordrepeat"] : string.Empty;
bool active = (!string.IsNullOrWhiteSpace(Request["active"]) && Request["active"].Equals("yes")) ? true : false;
List <WebUserMessage> ErrorUserMessageList = new List <WebUserMessage>();
//Add New User - Require Username
ErrorUserMessageList.AddIfNotNull(Models.AdminUser.SaveValidation.AddNewRequireUsername(Request, id, username));
if (password.Equals(passwordrepeat))
{
//Add New User - Require Password
ErrorUserMessageList.AddIfNotNull(Models.AdminUser.SaveValidation.AddNewRequirePassword(Request, id, password));
//only continue if no errors
if (ErrorUserMessageList.Count == 0)
{
//if adding new password requires >= 8 characters, capital and lower, and numbers
ErrorUserMessageList.AddIfNotNull(Models.AdminUser.SaveValidation.AddNewCheckPasswordStrength(Request, id, password));
//if we reached this point its time to save.
if (ErrorUserMessageList.Count == 0)
{
Chimera.Entities.Admin.AdminUser AdminUser = Models.AdminUser.LoadAdminUserForSaving(id, username, active);
string OnSuccessUserMessage = Chimera.Resources.Admin.Website.Controllers.AdminUser.UserMessages.Edit_Saved_Success.Replace("[USERNAME]", AdminUser.Username);
//if adding new and no errors set password.
if (AdminUser.Id.Equals(ObjectId.Empty))
{
AdminUser.Hashed_Password = password;
OnSuccessUserMessage = Chimera.Resources.Admin.Website.Controllers.AdminUser.UserMessages.Add_New_Saved_Success.Replace("[USERNAME]", AdminUser.Username);
}
//setup admin users new role list from the request.
AdminUser.RoleList = Models.AdminUser.SaveValidation.SetupAdminUserRolesOnSave(Request, AdminUser.RoleList);
//if successfully saved.
if (Chimera.DataAccess.AdminUserDAO.Save(AdminUser))
{
AddWebUserMessageToSession(Request, OnSuccessUserMessage, SUCCESS_MESSAGE_TYPE);
}
else
{
ErrorUserMessageList.Add(new WebUserMessage(Chimera.Resources.Admin.Website.Controllers.AdminUser.UserMessages.Unable_To_Complete_Save_Default_Fail, FAILED_MESSAGE_TYPE));
}
}
}
}
else
{
//add user message to tell them that passwords must repeat
ErrorUserMessageList.Add(new WebUserMessage(Chimera.Resources.Admin.Website.Controllers.AdminUser.UserMessages.Add_New_Passwords_Dont_Match_Fail, FAILED_MESSAGE_TYPE));
}
if (ErrorUserMessageList.Count > 0)
{
AddWebUserMessageToSession(Request, ErrorUserMessageList);
return(RedirectToAction("Edit", "AdminUser", new { id = id }));
}
}
catch (Exception e)
{
AddWebUserMessageToSession(Request, Chimera.Resources.Admin.Website.Controllers.AdminUser.UserMessages.Unable_To_Complete_Save_Default_Fail, FAILED_MESSAGE_TYPE);
CompanyCommons.Logging.WriteLog("ChimeraWebsite.Areas.Admin.Controllers.AdminUserController.Edit_Post()" + e.Message);
}
return(RedirectToAction("ViewAll", "AdminUser"));
}
