public ActionResult List()
{
IEnumerable<Form> forms = null;
User user = new User();
ExpenseEntities db = new ExpenseEntities();
Guid userId = Guid.Parse(SessionManager.Get(SessionManager.Keys.UserId).ToString());
//Admin can see all forms
if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Administrator)
{
forms = db.Forms.ToList();
}
//Manager cans see the forms which ones manager is the current manager
if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Manager)
{
forms = db.Forms
.Where(f => (f.OwnerId == userId
|| f.User.ManagerId == userId)
&& f.State.Name != "Paid")
.ToList();
}
//User can see only current users forms
if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.User)
{
forms = db.Forms.Where(f => f.OwnerId == userId).ToList();
}
//Accountat can see only approved forms.
if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Accountant)
{
forms = db.Forms
.Where(f => f.State.Name == "Approved")
.ToList();
}
return View(forms);
}
public ActionResult Login(string username , string password)
{
ExpenseEntities db = new ExpenseEntities();
User user = new User();
user = (User)db.Users.Where(u=> u.Username.Equals(username)&& u.Password.Equals(password)).FirstOrDefault();
if (user != null)
{
SessionManager.Register(SessionManager.Keys.UserId, user.Id);
SessionManager.Register(SessionManager.Keys.FullName, user.FirstName + " " + user.LastName);
SessionManager.Register(SessionManager.Keys.Username, user.Username);
SessionManager.Register(SessionManager.Keys.RoleName, user.Role.Name);
SessionManager.Register(SessionManager.Keys.LoggedIn, true);
SessionManager.Register(SessionManager.Keys.AuthorizeLevel, user.Role.AuthorizeLevel);
return RedirectToAction("Index","Home");
}
SessionManager.Register(SessionManager.Keys.LoggedIn, null);
return View();
}