public ViewResult AccessRights(int id)
{
var rightModel = new RightsModel();
try
{
using (var dbContext = new DatabaseContext())
{
var query = (from d in dbContext.UserRights
join e in dbContext.RightsItems on d.RightsId equals e.RightsId
join u in dbContext.Users on d.UserId equals u.UserId
where d.UserId == id
select new Rights
{
RightsId = d.RightsId,
RightsName = e.RightsName,
Read = d.Read,
Write = d.Write,
UserId = d.UserId,
UserName = u.UserName
});
rightModel.rights = query.ToList();
}
}
catch (Exception ex)
{
Helper.Helper.LogFile(ex, Server.MapPath("~/Error"));
throw ex;
}
return(View(rightModel));
}
protected void btnSaveMenu_click(object sender, EventArgs e)
{
try
{
RightsModel RightsModels = new RightsModel();
if (hdfID.Value == "" || hdfID.Value == "0" || hdfID.Value == null)
{
RightsModels.ID = 0;
RightsModels.CreateBy = UserName;
RightsModels.CreatedDate = DateTime.Now;
}
else
{
RightsModels.ID = Convert.ToInt32(hdfID.Value);
RightsModels.UpdateBy = UserName;
RightsModels.UpdateDate = DateTime.Now;
}
RightsModels.ApplicationID = Convert.ToInt32(ddlapplication.SelectedValue);
RightsModels.InMenu = chkInmenu.Checked;
RightsModels.MenuName = txtMenuName.Text;
RightsModels.MenuURL = txtMenuURL.Text;
RightsModels.MenuLevel = Convert.ToInt32(ddlmenulevel.SelectedValue);
RightsModels.ParentRightId = ddlParentRole.SelectedValue.ToString();
RightsModels.IsMenu = chkIsMenu.Checked;
RightsModels.IsOthers = chkIsOthers.Checked;
RightsModels.MenuOrder = Convert.ToInt32(txtMenuOrder.Text);
RightsModels.IsForm = chkIsForm.Checked;
RightsModels.FormName = txtFormName.Text;
RightsModels.Formkey = txtFormkey.Text;
RightsModels.IconClassName = txtIconClassName.Text;
RightsModels.IsRead = chkIsRead.Checked;
RightsModels.IsCreate = chkIsCreate.Checked;
RightsModels.IsUpdate = chkIsUpdate.Checked;
RightsModels.IsDelete = chkIsDelete.Checked;
RightsModels.Description = txtDescription.Text;
RightsModels.RoleId = ddlParentRole.SelectedValue;
if (RightsModels.ID == 0)
{
int a = client.SavetblRight(RightsModels);
ShowMessage(ref lblMessage, MessageType.Success, "Menu Successfully Saved.");
}
else
{
int a = client.SavetblRight(RightsModels);
ShowMessage(ref lblMessage, MessageType.Success, "Menu Successfully Updated.");
}
BindParentRoleForm();
Clearcontrol();
}
catch (Exception ex)
{
ShowMessage(ref lblMessage, MessageType.Danger, ex.Message);
}
}
/// <summary>
/// This method sends HTTP POST request with new RightsModel to the server to create a new RightsModel recored in
/// the database. The new model must have application id filled.
/// </summary>
/// <param name="rightsModel">New RightsModel</param>
/// <param name="token">JWT authentication token</param>
/// <returns>Response from the server.</returns>
public async Task <HttpResponseMessage> Create(RightsModel rightsModel, JWTToken token)
{
// Serialize RightsModel
string jsonData = JsonConvert.SerializeObject(rightsModel);
var jsonDataContent = new StringContent(jsonData, Encoding.UTF8, "application/json");
// Add JWT token value to the authorization header
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.Value);
var address = new Uri(client.BaseAddress.OriginalString + "/create/");
return(await client.PostAsync(address, jsonDataContent));
}
public ActionResult AddRights(int roleId, string[] menuData)
{
using (var db = new HospitalTransparencyEntities())
{
#region Remove rights first from table
db.Database.ExecuteSqlCommand("Delete from RightsMaster where RoleId = '" + roleId + "'");
#endregion
#region If rights are not for Super Admin then Update Rights for all users for that particular role
foreach (var item in menuData)
{
var menus = item.Split(',');
var menuId = menus[0];
bool?add = Convert.ToBoolean(menus[1]);
bool?edit = Convert.ToBoolean(menus[2]);
bool?delete = Convert.ToBoolean(menus[3]);
bool?display = Convert.ToBoolean(menus[4]);
var right = new RightsModel();
right.MenuId = int.Parse(menuId);
right.RoleId = roleId;
right.Add = add;
right.Edit = edit;
right.Display = display;
right.Delete = delete;
right.ClientId = null;
right.UserId = null;
right.CreatedBy = Convert.ToInt32(System.Web.HttpContext.Current.Session["UserId"]);
right.CreatedDate = DateTime.Now;
using (var context = new RightsRepository())
{
context.AddRights(right);
}
}
CustomCacheManagement.MenuList = new RightsListRepository().GetMenuList();
#endregion
return(Json(true, JsonRequestBehavior.AllowGet));
}
}
public IEnumerable <RightsModel> GetRightsDetails(string userId)
{
IList <RightsModel> rightsDetails = new List <RightsModel>();
using (var db = new HospitalTransparencyEntities())
{
var rightsData = db.Sp_MenuRightsList().ToList();
foreach (var item in rightsData)
{
var pageModel = new RightsModel();
{
//pageModel.MenuId = item.MenuId;
//pageModel.MenuName = item.MenuName;
//pageModel.MenuType = item.MenuType;
//rightsDetails.Add(pageModel);
}
}
}
return(rightsDetails);
}
public IEnumerable <RightsModel> GetRightsByRoleId(int roleId)
{
using (var db = new HospitalTransparencyEntities())
{
IList <RightsModel> details = new List <RightsModel>();
var data = (from mm in db.MenuMasters
join rm in db.RightsMasters on mm.MenuId equals rm.MenuId into rights
from right in rights.DefaultIfEmpty()
where right.RoleId == roleId && mm.IsDeleted == false && mm.IsActive == true
select new
{
right.Display,
right.MenuId,
right.Add,
right.Delete,
right.Edit,
right.RightsId,
right.RoleId,
mm.MenuName
}).ToList();
if (data.Count() > 0)
{
foreach (var item in data)
{
var rights = new RightsModel();
{
rights.MenuId = item.MenuId;
rights.MenuName = item.MenuName;
rights.Add = item.Add;
rights.Edit = item.Edit;
rights.Delete = item.Delete;
rights.Display = item.Display;
rights.RoleId = item.RoleId;
details.Add(rights);
}
}
}
return(details);
}
}
/// <summary>
/// Returns default rights for admin
/// </summary>
/// <param name="applicationModel">Model of application the rights belongs to</param>
/// <param name="applicationDescriptor">Descriptor of the application</param>
/// <returns>Admin RightsModel</returns>
public RightsModel GetAdminRights(ApplicationModel applicationModel, ApplicationDescriptor applicationDescriptor)
{
var rights = new RightsModel();
rights.Application = applicationModel;
rights.Name = "admin";
// Full CRUD rights for all datasets
Dictionary <long, RightsEnum> rightsDict = new Dictionary <long, RightsEnum>();
rightsDict[(long)SystemDatasetsEnum.Users] = RightsEnum.CRUD;
rightsDict[(long)SystemDatasetsEnum.Rights] = RightsEnum.CRUD;
foreach (var dataset in applicationDescriptor.Datasets)
{
rightsDict[dataset.Id] = RightsEnum.CRUD;
}
// Serialize rights to JSON
rights.Data = JsonConvert.SerializeObject(rightsDict);
return(rights);
}
public static int SavetblRight(RightsModel model)
{
try
{
string query = "SavetblRight";
DbParameter[] ObjParam = new DbParameter[24];
ObjParam[0] = new DbParameter("@ID", DbParameter.DbType.Int, 0, model.ID);
ObjParam[1] = new DbParameter("@ParentRightId", DbParameter.DbType.NVarChar, 0, model.ParentRightId);
ObjParam[2] = new DbParameter("@ApplicationID", DbParameter.DbType.Int, 0, model.ApplicationID);
ObjParam[3] = new DbParameter("@Formkey", DbParameter.DbType.NVarChar, 0, model.Formkey);
ObjParam[4] = new DbParameter("@RoleId", DbParameter.DbType.NVarChar, 0, model.RoleId);
ObjParam[5] = new DbParameter("@MenuName", DbParameter.DbType.NVarChar, 0, model.MenuName);
ObjParam[6] = new DbParameter("@IconClassName", DbParameter.DbType.NVarChar, 0, model.IconClassName);
ObjParam[7] = new DbParameter("@MenuURL", DbParameter.DbType.NVarChar, 0, model.MenuURL);
ObjParam[8] = new DbParameter("@MenuLevel", DbParameter.DbType.Int, 0, model.MenuLevel);
ObjParam[9] = new DbParameter("@MenuOrder", DbParameter.DbType.Int, 0, model.MenuOrder);
ObjParam[10] = new DbParameter("@InMenu", DbParameter.DbType.Bit, 0, model.InMenu);
ObjParam[11] = new DbParameter("@IsForm", DbParameter.DbType.Bit, 0, model.IsForm);
ObjParam[12] = new DbParameter("@IsCreate", DbParameter.DbType.Bit, 0, model.IsCreate);
ObjParam[13] = new DbParameter("@IsRead", DbParameter.DbType.Bit, 0, model.IsRead);
ObjParam[14] = new DbParameter("@IsUpdate", DbParameter.DbType.Bit, 0, model.IsUpdate);
ObjParam[15] = new DbParameter("@IsDelete", DbParameter.DbType.Bit, 0, model.IsDelete);
ObjParam[16] = new DbParameter("@IsOthers", DbParameter.DbType.Bit, 0, model.IsOthers);
ObjParam[17] = new DbParameter("@CreatedDate", DbParameter.DbType.DateTime, 0, model.CreatedDate);
ObjParam[18] = new DbParameter("@CreateBy", DbParameter.DbType.NVarChar, 0, model.CreateBy);
ObjParam[19] = new DbParameter("@UpdateDate", DbParameter.DbType.DateTime, 0, model.UpdateDate);
ObjParam[20] = new DbParameter("@UpdateBy", DbParameter.DbType.NVarChar, 0, model.UpdateBy);
ObjParam[21] = new DbParameter("@FormName", DbParameter.DbType.NVarChar, 0, model.FormName);
ObjParam[22] = new DbParameter("@Description", DbParameter.DbType.NVarChar, 0, model.Description);
ObjParam[23] = new DbParameter("@IsMenu", DbParameter.DbType.Bit, 0, model.IsMenu);
return(Convert.ToInt32(DbConnection.GetScalarValue(CommandType.StoredProcedure, query, ObjParam)));
}
catch (Exception ex)
{
throw ex;
}
}
public bool AddRights(RightsModel rights)
{
using (var db = new HospitalTransparencyEntities())
{
var pageData = new RightsMaster();
{
pageData.RoleId = rights.RoleId;
pageData.MenuId = rights.MenuId;
pageData.Add = Convert.ToBoolean(rights.Add);
pageData.Edit = Convert.ToBoolean(rights.Edit);
pageData.Delete = Convert.ToBoolean(rights.Delete);
pageData.Display = Convert.ToBoolean(rights.Display);
pageData.CreatedBy = Convert.ToInt32(HttpContext.Current.Session["UserId"].ToString());
pageData.CreatedDate = DateTime.Now;
pageData.ModifiedBy = Convert.ToInt32(HttpContext.Current.Session["UserId"].ToString());
pageData.ModifiedDate = DateTime.Now;
db.RightsMasters.Add(pageData);
db.SaveChanges();
}
}
return(true);
}
public JsonResult AccessRights(RightsModel model)
{
var returnValue = new JSONReturnValue();
try
{
using (var dbContext = new DatabaseContext())
{
int userId = model.rights[0].UserId;
var userRights = dbContext.UserRights.Where(u => u.UserId == userId).ToList();
dbContext.UserRights.RemoveRange(userRights);
foreach (var item in model.rights)
{
var userRight = new UserRights();
userRight.UserId = item.UserId;
userRight.RightsId = item.RightsId;
userRight.Read = item.Read;
userRight.Write = item.Write;
userRight.CreatedDateTime = System.DateTime.Now;
userRight.CreatedBy = 1;
dbContext.UserRights.Add(userRight);
}
dbContext.SaveChanges();
}
returnValue.Status = true;
return(Json(returnValue));
}
catch (Exception ex)
{
Helper.Helper.LogFile(ex, Server.MapPath("~/Error"));
returnValue.Status = false;
returnValue.Message = ex.Message;
return(Json(returnValue));
}
}
public void BindDataForUpdate(int id)
{
RightsModel RightsModels = client.SelecttblRightById(id);
ddlapplication.SelectedValue = RightsModels.ApplicationID.ToString();
chkInmenu.Checked = RightsModels.InMenu;
txtMenuName.Text = RightsModels.MenuName;
txtMenuURL.Text = RightsModels.MenuURL;
ddlmenulevel.SelectedValue = RightsModels.MenuLevel.ToString();
ddlParentRole.SelectedValue = RightsModels.RoleId.ToString();
chkIsMenu.Checked = RightsModels.IsMenu;
chkIsOthers.Checked = RightsModels.IsOthers;
txtMenuOrder.Text = RightsModels.MenuOrder.ToString();
chkIsForm.Checked = RightsModels.IsForm;
txtFormName.Text = RightsModels.FormName;
txtFormkey.Text = RightsModels.Formkey;
txtIconClassName.Text = RightsModels.IconClassName;
chkIsRead.Checked = RightsModels.IsRead;
chkIsCreate.Checked = RightsModels.IsCreate;
chkIsUpdate.Checked = RightsModels.IsUpdate;
chkIsDelete.Checked = RightsModels.IsDelete;
txtDescription.Text = RightsModels.Description;
hdfID.Value = RightsModels.ID.ToString();
}
public ActionResult RemoveWriteRights(RightsModel gr)
{
var acc = AccountDataMapper.GetAccountDataMapper().GetById(gr.Name);
if (acc == null)
{
ModelState.AddModelError("Name", "Não existe nenhum utilizador com esse username");
return(View(gr));
}
var board = BoardDataMapper.GetBoardDataMapper().GetById(gr.BoardId);
if (board == null)
{
ModelState.AddModelError("Name", "BoardId " + gr.BoardId);
return(View(gr));
}
if (!AccountDataMapper.GetAccountDataMapper().GetById(User.Identity.Name).CanWriteBoard(board.Id))
{
ModelState.AddModelError("BoardId", "Não possui permissões para efectuar essa acção");
return(View(gr));
}
acc.RemoveWriteBoard(board.Id);
return(RedirectToAction("GetLists", new { id = board.Id }));
}
public IActionResult Put([FromBody] RightsModel fromBodyRightsModel)
{
// List of messages to return to the client
var messages = new List <Message>();
// Authentication
var controllerHelper = new ControllerHelper(context);
var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity);
if (authUserModel == null)
{
return(Unauthorized());
}
// Authorization
if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Rights, RightsEnum.CRU))
{
return(Forbid());
}
#region VALIDATIONS
// Received rights ApplicationId must be the same as of authorized user
var sharedValidationHelper = new SharedValidationHelper();
messages = sharedValidationHelper.ValidateApplicationId(fromBodyRightsModel.ApplicationId, authUserModel.ApplicationId);
if (messages.Count != 0)
{
return(BadRequest(messages));
}
fromBodyRightsModel.Application = authUserModel.Application;
// Rights must already exist in the database
var rightsRepository = new RightsRepository(context);
var rightsModel = rightsRepository.GetById(authUserModel.ApplicationId, fromBodyRightsModel.Id);
if (rightsModel == null)
{
messages.Add(new Message(MessageTypeEnum.Error,
4003,
new List <string>()
{
fromBodyRightsModel.Application.LoginApplicationName,
fromBodyRightsModel.Id.ToString()
}));
Logger.LogMessagesToConsole(messages);
return(BadRequest(messages));
}
// If the rights name was changed, the new one must be unique
if (rightsModel.Name != fromBodyRightsModel.Name)
{
var sameNameRights = rightsRepository.GetByApplicationIdAndName(authUserModel.ApplicationId, fromBodyRightsModel.Name);
if (sameNameRights.Count() > 0)
{
messages.Add(new Message(MessageTypeEnum.Error,
4001,
new List <string>()
{
fromBodyRightsModel.Name
}));
return(BadRequest(messages));
}
}
// Rights data validity and logic validity
messages = sharedValidationHelper.ValidateRights(authUserModel.Application.ApplicationDescriptor,
fromBodyRightsModel.DataDictionary);
if (messages.Count != 0)
{
return(BadRequest(messages));
}
#endregion
rightsRepository.SetNameAndData(rightsModel, fromBodyRightsModel.Name, fromBodyRightsModel.DataDictionary);
messages.Add(new Message(MessageTypeEnum.Info,
4007,
new List <string>()
{
fromBodyRightsModel.Name
}));
return(Ok(messages));
}
public static int SavetblRight(RightsModel model)
{
return(RightsDAL.SavetblRight(model));
}
public IActionResult Create([FromBody] RightsModel fromBodyRightsModel)
{
// List of messages to return to the client
var messages = new List <Message>();
// Authentication
var controllerHelper = new ControllerHelper(context);
var authUserModel = controllerHelper.Authenticate(HttpContext.User.Identity as ClaimsIdentity);
if (authUserModel == null)
{
return(Unauthorized());
}
// Authorization
if (!AuthorizationHelper.IsAuthorized(authUserModel, (long)SystemDatasetsEnum.Rights, RightsEnum.CR))
{
return(Forbid());
}
#region VALIDATIONS
// New rights ApplicationId must be the same as of authorized user
var sharedValidationHelper = new SharedValidationHelper();
messages = sharedValidationHelper.ValidateApplicationId(fromBodyRightsModel.ApplicationId, authUserModel.ApplicationId);
if (messages.Count != 0)
{
return(BadRequest(messages));
}
fromBodyRightsModel.Application = authUserModel.Application;
// New rights must have a unique name
var rightsRepository = new RightsRepository(context);
var sameNameRights = rightsRepository.GetByApplicationIdAndName(authUserModel.ApplicationId, fromBodyRightsModel.Name);
if (sameNameRights.Count() > 0)
{
messages.Add(new Message(MessageTypeEnum.Error,
4001,
new List <string>()
{
fromBodyRightsModel.Name
}));
return(BadRequest(messages));
}
// Rights data validity and logic validity
messages = sharedValidationHelper.ValidateRights(authUserModel.Application.ApplicationDescriptor,
fromBodyRightsModel.DataDictionary);
if (messages.Count != 0)
{
return(BadRequest(messages));
}
#endregion
rightsRepository.Add(fromBodyRightsModel);
messages.Add(new Message(MessageTypeEnum.Info,
4002,
new List <string>()
{
fromBodyRightsModel.Name
}));
return(Ok(messages));
}