public ActionResult EditUser(int id, UserFilterModel filter, FormCollection collection)
{
var user = EmployeeServices.GetUser(id);
try
{
UpdateModel(user, "User");
EmployeeServices.UpdateUser(user);
return(RedirectToAction("UserListing", filter.GenerateUserAccessRoute()));
}
catch (Exception ex)
{
// Invalid - redisplay with errors
Logger.Error(ex.ToString());
ModelState.AddModelError(String.Empty, Constants.ServerError);
var model = new UserDetailModel()
{
Action = "EditUser",
User = user,
Filter = filter,
Roles = LookupServices.GetRoleOptions(user.RoleName)
};
ViewBag.Locations = LocationServices.GetLocationLookup(true, model.User.LocationId);
return(View("UserDetail", model));
}
}
public ActionResult NewUser(UserModel user, UserFilterModel filter)
{
try
{
if (ModelState.IsValid)
{
EmployeeServices.CreateUser(user);
return(RedirectToAction("UserListing", filter.GenerateUserAccessRoute()));
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString());
ModelState.AddModelError(String.Empty, Constants.ServerError);
}
// Invalid - redisplay with errors
var model = new UserDetailModel()
{
Action = "NewUser",
User = user,
Filter = filter,
Roles = LookupServices.GetRoleOptions(user.RoleName)
};
ViewBag.Locations = LocationServices.GetLocationLookup(true, -1);
return(View("UserDetail", model));
}
//TODO: exclude from token validation
public ActionResult Index(string returnUrl)
{
var model = new LoginModel()
{
ReturnUrl = returnUrl
};
ViewBag.Locations = LocationServices.GetLocationLookup();
return(View(model));
}
public ActionResult EditUser(int id, UserFilterModel filter)
{
var user = EmployeeServices.GetUser(id);
var model = new UserDetailModel()
{
Action = "EditUser",
User = user,
Filter = filter,
Roles = LookupServices.GetRoleOptions(user.RoleName)
};
ViewBag.Locations = LocationServices.GetLocationLookup(true, model.User.LocationId);
return(View("UserDetail", model));
}
public ActionResult NewUser(UserFilterModel filter)
{
var model = new UserDetailModel()
{
Action = "NewUser",
User = new UserModel(),
Filter = filter,
Roles = LookupServices.GetRoleOptions("Employee")
};
model.User.PasswordString = PasswordGenerator.GeneratePassword();
ViewBag.Locations = LocationServices.GetLocationLookup(true, -1);
return(View("UserDetail", model));
}
// TODO: test?
public ActionResult InvoiceDetail(InvoiceFilterModel filter)
{
var detail = AdministrationServices.GetInvoiceAdministrationDetail(filter);
ViewBag.Filter = "InvoiceDetail";
ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
ViewBag.Paid = LookupServices.GetPaidOptions(filter.HasBeenPaid, true);
if (detail.InvoiceList.Count == 0)
{
return(View("InvoiceDetailNoData", detail));
}
else
{
return(View("InvoiceDetail", detail));
}
}
public ActionResult SecurityLog(SecurityLogFilterModel filter)
{
var listing = SecurityServices.GetSecurityLog(filter);
ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
ViewBag.Result = LookupServices.GetLoginResultOptions(filter.ResultFlag, true);
ViewBag.Size = LookupServices.GetSizeOptions(filter.Size);
if (listing.SecurityLog.Count == 0)
{
return(View("SecurityLogNoData", listing));
}
else
{
return(View("SecurityLog", listing));
}
}
// TODO: test?
public ActionResult InvoiceListing(InvoiceFilterModel filter)
{
var listing = AdministrationServices.GetInvoiceListing(filter);
ViewBag.Filter = "InvoiceListing";
ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
ViewBag.Paid = LookupServices.GetPaidOptions(filter.HasBeenPaid, true);
ViewBag.Size = LookupServices.GetSizeOptions(filter.Size);
if (listing.InvoiceList.Count == 0)
{
return(View("InvoiceListingNoData", listing));
}
else
{
return(View("InvoiceListing", listing));
}
}
public ActionResult ValidateLogin(LoginModel login)
{
try
{
if (ModelState.IsValid)
{
var user = SecurityServices.ValidateUser(login.Name, login.Password);
if (user == null)
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid credentials: {0} - {1}", login.Name, login.Password));
ModelState.AddModelError(String.Empty, "The login name or password is invalid.");
}
if (user != null && !user.CanLogin)
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "User login disabled");
ModelState.AddModelError(String.Empty, "Access denied.");
}
if (user != null && !IsIpValid(user.RoleName, login.LocationId))
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "Invalid IP address");
ModelState.AddModelError(String.Empty, "Access denied.");
}
if (ModelState.IsValid)
{
if (login.DowngradeRole)
{
user.RoleName = "Employee";
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, "Downgraded to Employee role");
}
else if (user.RoleName == "Manager" && login.LocationId != user.LocationId)
{
user.RoleName = "Employee";
var message = string.Format("Manager downgraded to Employee role");
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, message);
}
else
{
SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress);
}
var token = CreateToken(user.Id, user.RoleName, login.LocationId);
var auth = TokenSerializer.GetCookieFromToken(token);
if (HttpContext.Request.IsLocal) //local development overrides
{
auth.Domain = null;
auth.Secure = false;
}
HttpContext.Response.Cookies.Add(auth);
if (Url.IsLocalUrl(login.ReturnUrl) && user.RoleName == "Administrator")
{
return(Redirect(login.ReturnUrl));
}
else
{
return(RedirectToAction("Index", "ShopFloor"));
}
}
}
else
{
SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid model state: {0}", ModelState.ToString()));
}
}
catch (Exception ex)
{
Logger.Error(ex.ToString());
ModelState.AddModelError(String.Empty, Constants.ServerError);
}
// Invalid - redisplay with errors
ViewBag.Locations = LocationServices.GetLocationLookup();
return(View("Index", login));
}
