public int GetCurrentPageAccessLevel(HRR.Core.Security.ISecurityContext securityContext)
{
//var pageUser = new PageRepository().getb(securityContext.CurrentPage.ID, securityContext.CurrentUser.ID);
//if there is page level security, return access level
//if (pageUser != null)
//{
// return pageUser.AccessLevel;
//}
////else, loop through the current user's module access and if user has access to the current page module, return access level
//foreach (var m in securityContext.CurrentUser.UserModules)
//{
// if (securityContext.CurrentPage.ModuleID == m.ModuleID)
// {
// return m.AccessLevel;
// }
//}
//otherwise no access.
return((int)AccessLevels.NOACCESS);
}
public AuthenticationResponse AuthenticateUser(string userName, string password, string url, HRR.Core.Security.ISecurityContext securityContext)
{
var u = new PersonServices().GetByEmailPassword(userName, SecurityUtils.GetMd5Hash(password));
var response = new AuthenticationResponse();
if (u != null)
{
if (!u.IsActive)
{
response.IsAuthenticated = false;
response.CurrentAccessLevel = AccessLevels.NOACCESS;
response.Message = "Your account has been marked as inactive.";
}
else
{
CreateAuthenticationTicket(u.Email, u.ID.ToString(), DateTime.Now.AddMinutes(480), url);
securityContext.CurrentUser = u;
securityContext.IsAuthenticated = true;
response.IsAuthenticated = true;
response.CurrentAccessLevel = AccessLevels.FULLACCESS;
//new UserRepository().SaveOrUpdate(u);
//UserServices.LoadUserPreferences(SecurityContextManager.Current.CurrentUser);
}
}
else
{
securityContext.IsAuthenticated = false;
response.IsAuthenticated = false;
securityContext.CurrentUser = null;
response.Message = "Invalid username or password. Please try again.";
}
return(response);
}
