public IHttpActionResult PutRole(int id, Role role)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != role.Id)
{
return(BadRequest());
}
db.Entry(role).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!RoleExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult PutPaRequest(int id, PaRequest paRequest)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != paRequest.Id)
{
return(BadRequest());
}
// paRequest.CompletedTimeStamp = DateTime.Now;
db.Entry(paRequest).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!PaRequestExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult PutUser(int id, User user, HttpRequestMessage request)
{
var headers = request.Headers;
if (headers.Contains("token"))
{
var userToken = headers.GetValues("token").First();
Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
if (validationResult.Item1)
{
// Check to see if the refreshId's match. If they do not, then it means something (i.e. invalid password)
// has caused the issued token to become invalidated. If so, then we need to send a message back to
// the calling client.
long refreshId = 0;
if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
{
if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
{
return(Content(HttpStatusCode.Unauthorized,
"Token failed refresh check, User account disabled/locked-out"));
}
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != user.Id)
{
return(BadRequest());
}
User updUser = db.Users.Find(id);
db.Entry(updUser).CurrentValues.SetValues(user);
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return(NotFound());
}
throw;
}
return(Ok(user));
}
return(BadRequest(validationResult.Item2));
}
return(BadRequest("Token invalid or not present"));
}
public IHttpActionResult PutPaRequestNote(int id, PaRequestNote paRequestNote)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != paRequestNote.Id)
{
return(BadRequest());
}
var headers = Request.Headers;
if (headers.Contains("token"))
{
var userToken = headers.GetValues("token").First();
string userName = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
string userRole = JwtTokenHelper.GetTokenPayloadValue(userToken, "role");
if (userRole != "Administrator") //Need to check that the userName is the same as the created by
{
if (userName != paRequestNote.CreatedBy)
{
return(BadRequest("Editing user is not an Administrator or did not create the original note."));
}
}
// paRequest.CompletedTimeStamp = DateTime.Now;
paRequestNote.LastModified = DateTime.Now;
paRequestNote.LastModifiedBy = userName;
db.Entry(paRequestNote).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!PaRequestNoteExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult Put(int id, LookupType lookupType)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != lookupType.Id)
{
return(BadRequest());
}
try
{
db.Entry(lookupType).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException dbError)
{
if (!LookupTypeExists(id))
{
return(NotFound());
}
else
{
_log.Error(string.Format(Resource.DBConcurrencyError_Pre, "Put:LookupTypesController"), dbError);
return(InternalServerError(dbError));
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "Put:LookupTypesController"), e);
return(InternalServerError(e));
}
}
public IHttpActionResult PutInsuranceCompany(int id, InsuranceCompany insuranceCompany)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != insuranceCompany.Id)
{
return(BadRequest());
}
try
{
db.Entry(insuranceCompany).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!InsuranceCompanyExists(id))
{
return(NotFound());
}
throw;
}
return(StatusCode(HttpStatusCode.NoContent));
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "PutInsuranceCompany"), e);
throw;
}
}
public IHttpActionResult PutFileUploadLog(int id, FileUploadLog fileUploadLog)
{
if (_log.IsDebugEnabled)
{
_log.DebugFormat(Resource.LogDebugModeMessage);
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != fileUploadLog.Id)
{
return(BadRequest());
}
db.Entry(fileUploadLog).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException dbException)
{
_log.Error(string.Format(Resource.DBConcurrencyError_Pre, "PutFileUploadLog"), dbException);
if (!FileUploadLogExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public List <string> Import(HttpFileCollection files, string saveFolder, string user, string hostIP)
{
LMSDataDBContext db = new LMSDataDBContext();
ILog _log = log4net.LogManager.GetLogger(
System.Reflection.MethodBase.GetCurrentMethod().DeclaringType
);
var filePath = string.Empty;
var docfiles = new List <string>();
foreach (string file in files)
{
var postedFile = files[file];
if (!System.IO.Directory.Exists(HttpContext.Current.Server.MapPath("~/" + saveFolder + "/")))
{
System.IO.Directory.CreateDirectory(
HttpContext.Current.Server.MapPath("~/" + saveFolder + "/"));
}
if (postedFile != null)
{
filePath =
HttpContext.Current.Server.MapPath("~/" + saveFolder + "/" + postedFile.FileName);
var errRows = 0;
var successRows = 0;
var totalRowCount = 0;
var fileUploadId = 0;
//var filePath = saveFolder + postedFile.FileName;
postedFile.SaveAs(filePath);
FileUploadLog fileUploadLogRecord = db.FileUploadLogs.Create();
fileUploadLogRecord.Id = 0;
fileUploadLogRecord.Created = DateTime.Now;
fileUploadLogRecord.CreatedBy = user;
fileUploadLogRecord.FileName = postedFile.FileName;
fileUploadLogRecord.ModuleId = 2;
fileUploadLogRecord.RecordCount = totalRowCount;
fileUploadLogRecord.SuccessCount = successRows;
fileUploadLogRecord.FailureCount = errRows;
fileUploadLogRecord.SourceIpAddress = hostIP;
fileUploadLogRecord.Uploaded = DateTime.Now;
db.FileUploadLogs.Add(fileUploadLogRecord);
db.SaveChanges();
fileUploadId = fileUploadLogRecord.Id;
fileUploadLogRecord.BatchName =
fileUploadLogRecord.Created.ToString("yyyyMMdd") + fileUploadId;
db.SaveChanges();
// Process the file.
using (var stream = File.Open(filePath, FileMode.Open, FileAccess.Read))
{
// Auto-detect format, supports:
// - Binary Excel files (2.0-2003 format; *.xls)
// - OpenXml Excel files (2007 format; *.xlsx)
using (var reader = ExcelReaderFactory.CreateReader(stream))
{
// Need to hold the Submitted date and the Insurance Code.
// If the following row is blank for either, then assume the one before.
var curSubmitDate = string.Empty;
var curInsuranceCode = string.Empty;
var excelSet = reader.AsDataSet();
totalRowCount = excelSet.Tables[0].Rows.Count - 1;
bool firstRow = true;
foreach (DataRow dr in excelSet.Tables[0].Rows)
{
var insuranceCompanyCode = dr[_INSURANCE_IDX].ToString().Trim() == string.Empty
? curInsuranceCode
: dr[_INSURANCE_IDX].ToString();
curInsuranceCode = insuranceCompanyCode;
if (firstRow)
{
firstRow = false;
continue;
}
PaRequest newRequest = db.PaRequests.Create();
newRequest.Id = 0;
newRequest.Created = DateTime.Now;
InsuranceCompany insCompany = db.InsuranceCompanies.SingleOrDefault(p =>
p.CompanyCode == insuranceCompanyCode);
if (insCompany == null) //If it doesn't exist, then add it by default.
{
var newInsCompany = db.InsuranceCompanies.Create();
newInsCompany.Id = 0;
newInsCompany.CompanyCode = dr[_INSURANCE_IDX].ToString();
newInsCompany.CompanyName =
(newInsCompany.CompanyCode.Trim() == string.Empty)
? "Unknown"
: newInsCompany.CompanyCode;
newInsCompany.Archived = false;
newInsCompany.CreatedBy = user;
newInsCompany.Created = DateTime.Now;
newInsCompany.LastModified = DateTime.Now;
newInsCompany.LastModifiedBy = user;
db.InsuranceCompanies.Add(newInsCompany);
try
{
db.SaveChanges();
insCompany = newInsCompany;
}
catch (Exception e)
{
_log.Error(
"An error occurred when trying to add new Insurance Company.", e);
insCompany = null;
errRows++;
}
}
if (insCompany == null)
{
continue;
}
{
newRequest.InsuranceCompany_Id = insCompany.Id;
newRequest.CreatedBy = user;
newRequest.LastModifiedBy = user;
newRequest.LastModified = DateTime.Now;
var submitDate = dr[_SUBMIT_DATE_IDX].ToString().Trim() == string.Empty
? curSubmitDate
: dr[_SUBMIT_DATE_IDX].ToString();
curSubmitDate = submitDate;
newRequest.Submitted = DateTime.Parse(submitDate);
newRequest.Archived = false;
newRequest.DoctorName = dr[_DOCTOR_IDX].ToString();
newRequest.PatientName = dr[_PATIENT_IDX].ToString();
newRequest.DrugName = dr[_DRUG_NAME_IDX].ToString();
newRequest.Note = dr[_NOTES_IDX].ToString();
newRequest.Completed = false;
newRequest.Status = 2; // Default value of 'Pending'
newRequest.AssignedToId = 1;
// newRequest.CompletedTimeStamp = DateTime.Parse("1/1/1900");
newRequest.FileUploadLogId = fileUploadId;
// Need to check for Duplicates. This is based on the Patient Name, Prescription Name and Doctor Name.
var foundRequest = db.PaRequests.Any(p =>
p.Submitted == newRequest.Submitted &&
p.PatientName == newRequest.PatientName &&
p.DoctorName == newRequest.DoctorName &&
p.DrugName == newRequest.DrugName);
if (foundRequest)
{
errRows++;
continue;
}
db.PaRequests.Add(newRequest);
try
{
db.SaveChanges();
successRows++;
}
catch (Exception e)
{
_log.Error("An Error occurred during Excel Import of PA Requests", e);
errRows++;
}
}
}
// The result of each spreadsheet is in result.Tables
}
}
fileUploadLogRecord.RecordCount = totalRowCount;
fileUploadLogRecord.SuccessCount = successRows;
fileUploadLogRecord.FailureCount = errRows;
}
db.SaveChanges(); //Save to pickup the File Upload Log Record changes.
// Delete the temp file.
}
// Need to delete working file.
File.Delete(filePath);
return(docfiles);
//result = Request.CreateResponse(HttpStatusCode.Created, docfiles);
}
// POST: api/Security
public IHttpActionResult Post(HttpRequestMessage request, [FromBody] string value)
{
var headers = request.Headers;
var returnMessage = string.Empty;
//Check the request object to see if they passed a userId
if (headers.Contains("userid"))
{
try
{
var login = headers.GetValues("userid").First();
if (headers.Contains("password"))
{
var passwordTry = headers.GetValues("password").First();
try
{
var userDetails = db.Users.Where(p => p.UserName == login && p.Archived == false)
.Include(i => i.Role)
.FirstOrDefault();
if (userDetails == null || userDetails.Archived)
{
return(Unauthorized());
}
{
var userAccount = db.UserLogins.FirstOrDefault(p => p.Login == login);
if (userAccount != null && !UserIsLockedOut(userAccount))
{
if (LMSDataService.SecurityHelper.Sha256Hash(passwordTry).ToUpper() ==
userAccount.PasswordHash.ToUpper()) // Success!
{
SecurityController securityController = new SecurityController();
var token = securityController.RefreshToken(userAccount, userDetails);
return(Ok(token));
}
}
if (userAccount != null)
{
returnMessage = "Token failed refresh check, User account disabled/locked-out";
userAccount.AccessFailedCount = userAccount.AccessFailedCount + 1;
if (userAccount.AccessFailedCount >= 5)
{
userAccount.LockoutEnabled = true;
userAccount.RefreshId = 0;
userAccount.LockoutEnd = DateTime.Now.AddMinutes(15);
}
userAccount.LastModifiedBy = "SECURITY";
userAccount.LastModified = DateTime.Now;
db.Entry(userAccount).State = EntityState.Modified;
}
try
{
db.SaveChanges();
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
return(Content(HttpStatusCode.Unauthorized, returnMessage));
}
}
catch (Exception e)
{
_log.Error("An error occurred while adding Users.", e);
return(InternalServerError(e));
}
}
}
catch (Exception e)
{
_log.Error(e.Message);
}
}
return(BadRequest("Header values not found."));
}
// POST: api/UserLoginCreation
public IHttpActionResult Post(HttpRequestMessage request, UserLoginCreation userLogin)
{
var headers = request.Headers;
var requestingUser = string.Empty;
if (headers.Contains("token"))
{
try
{
var userToken = headers.GetValues("token").First();
Tuple <bool, string> validationResult = JwtTokenHelper.ValidateToken(userToken);
if (validationResult.Item1)
{
// Check to see if the refreshId's match. If they do not, then it means something (i.e. invalid password)
// has caused the issued token to become invalidated. If so, then we need to send a message back to
// the calling client.
long refreshId = 0;
if (long.TryParse(JwtTokenHelper.GetTokenPayloadValue(userToken, "refreshId"), out refreshId))
{
if (db.UserLogins.FirstOrDefault(p => p.RefreshId == refreshId) == null)
{
return(Content(HttpStatusCode.Unauthorized,
"Token failed refresh check, User account disabled/locked-out"));
}
}
requestingUser = JwtTokenHelper.GetTokenPayloadValue(userToken, "unique_name");
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
UserLogin newUserLogin = db.UserLogins.Create();
newUserLogin.Id = userLogin.Id;
newUserLogin.AccessFailedCount = 0;
newUserLogin.Created = DateTime.Now;
newUserLogin.CreatedBy = requestingUser;
newUserLogin.LastModifiedBy = requestingUser;
newUserLogin.LastModified = DateTime.Now;
newUserLogin.LockoutEnabled = false;
newUserLogin.LockoutEnd = DateTime.Parse("1/1/1900");
newUserLogin.Login = userLogin.Login;
newUserLogin.IsAdmin = userLogin.IsAdmin;
newUserLogin.RefreshId = 0;
newUserLogin.PasswordHash = LMSDataService.SecurityHelper.Sha256Hash(userLogin.Password);
db.UserLogins.Add(newUserLogin);
db.SaveChanges();
return(CreatedAtRoute("DefaultApi", new { id = newUserLogin.Id }, newUserLogin));
}
}
catch (Exception e)
{
_log.Error(string.Format(Resource.GeneralError_Pre, "UserLoginCreation:Post"), e);
}
}
return(BadRequest("Token invalid or not present"));
}