Esempio n. 1
0
    public IActionResult /*AdminViewData*/ Create()
    {
        var session       = HttpContext.Get <LoggableEntities>(_context);
        var current_Admin = session == null ? null : session.Admin;


        if (_context.Admin.Any(u => u.Username == null || u.Email == null || u.Username == "" || u.Email == ""))
        {
            return(Unauthorized());
        }
        // throw new Exception("Unauthorized create attempt");
        var can_create_by_token = ApiTokenValid || true;

        if (!can_create_by_token)
        {
            return(Unauthorized());
        }
        // throw new Exception("Unauthorized create attempt");
        var item = new Admin()
        {
            CreatedDate = DateTime.Now,
        };

        _context.Admin.Add(PowerBIPoC.Models.Admin.FilterViewableAttributesLocal(current_Admin)(item));
        _context.SaveChanges();
        item = PowerBIPoC.Models.Admin.WithoutImages(item);
        return(Ok(AdminViewData.FromAdmin(item)));
    }
Esempio n. 2
0
        public IActionResult Index()
        {
            ApplicationContext appContext = new ApplicationContext(this.Cache);

            AdminViewData adminViewModel = new AdminViewData(this.Cache);

            int disciplineId = appContext.Disciplines.Where(x => x.Enabled).Select(x => x.Id).First();

            if (TempData.ContainsKey("AdminData"))
            {
                //Existing Admin Data (Edit Validation)
                adminViewModel = (AdminViewData)TempData["AdminData"];
            }
            else
            {
                adminViewModel.ListName                  = Utility.StringValue(Enumerations.ReferenceType.Project);
                adminViewModel.EditReferenceType         = (int)Enumerations.ReferenceType.Project;
                adminViewModel.EditingReferenceValueList = appContext.Projects;
                adminViewModel.ReferenceValueEnabled     = appContext.Projects.Where(x => x.Enabled).Select(x => x.Name).ToList();
                adminViewModel.ReferenceValueDisabled    = appContext.Projects.Where(x => !x.Enabled).Select(x => x.Name).ToList();

                adminViewModel.EditingDisciplineUsersReferenceValue = disciplineId;
                adminViewModel.PrimaryDisciplineUser = appContext.DisciplineUsers.Where(x => x.DisciplineId == disciplineId && x.Primary).Select(x => x.Sid).FirstOrDefault();
                adminViewModel.PrimaryAdminUser      = appContext.Admins.Where(x => x.Primary).Select(x => x.Sid).FirstOrDefault();
            }

            adminViewModel.DisciplineUsers = appContext.DisciplineUsers.Where(x => x.DisciplineId == disciplineId).Select(x => x.Sid).ToList();

            return(View("Index", adminViewModel));
        }
Esempio n. 3
0
    public AdminViewData Register([FromBody] RegistrationData registration_data)
    {
        string username           = registration_data.Username,
               email              = registration_data.Email,
               email_confirmation = registration_data.EmailConfirmation;

        if (username != null && username != "" && email != null && email != "" && email == email_confirmation)
        {
            var item = _context.Admin.FirstOrDefault(t => t.Username == username || t.Email == email);
            if (item == null)
            {
                var new_password_text = PasswordHasher.RandomPassword;
                var new_password      = PasswordHasher.Hash(new_password_text);
                item = new Admin()
                {
                    Id = _context.Admin.Max(i => i.Id) + 1, Username = username, Email = email, PasswordHash = new_password.PasswordHash, PasswordSalt = new_password.PasswordSalt
                };
                var apiKey           = StaticMailer._mailOptions.MailApiToken;
                var client           = new SendGridClient(apiKey);
                var from             = new EmailAddress(StaticMailer._mailOptions.MailFrom);
                var subject          = "Admin account created with temporary password.";
                var to               = new EmailAddress(item.Email);
                var plainTextContent = $"Your Admin temporary password has set. Your username and password combination is \n\nUsername: {item.Username}\nPassword: {new_password_text}\n";
                var htmlContent      = $"Your Admin temporary password has set. Your username and password combination is <br />Username: {item.Username}<br />Password: {new_password_text}<br />";
                var msg              = MailHelper.CreateSingleEmail(from, to, subject, plainTextContent, htmlContent);
                var response         = client.SendEmailAsync(msg).Result;

                _context.Admin.Add(item);
                _context.SaveChanges();

                return(AdminViewData.FromAdmin(item));
            }
        }
        throw new Exception("Cannot register.");
    }
Esempio n. 4
0
    public IActionResult UpdateWithPictures([FromBody] AdminViewData item)
    {
        var session       = HttpContext.Get <LoggableEntities>(_context);
        var current_Admin = session == null ? null : session.Admin;

        var allowed_items = ApiTokenValid ? _context.Admin : _context.Admin;

        if (!allowed_items.Any(i => i.Id == item.Id))
        {
            return(Unauthorized());
        }
        var new_item = AdminViewData.FromAdminViewData(item, _context);

        if (current_Admin != null && new_item.Id == current_Admin.Id)
        {
            HttpContext.Set <LoggableEntities>(_context, new LoggableEntities()
            {
                Admin = new_item
            });
        }
        var can_edit_by_token = ApiTokenValid || true;

        if (item == null || !can_edit_by_token)
        {
            return(Unauthorized());
        }
        // throw new Exception("Unauthorized edit attempt");
        _context.Update(new_item);
        _context.Entry(new_item).Property(x => x.Username).IsModified    = false;
        _context.Entry(new_item).Property(x => x.Email).IsModified       = false;
        _context.Entry(new_item).Property(x => x.CreatedDate).IsModified = false;
        _context.SaveChanges();
        return(Ok());
    }
Esempio n. 5
0
        /**
         *  Returns the Admin view
         *
         *  @return the AdminViewData
         */
        public IActionResult Index()
        {
            ViewData["Message"] = "Admin page.";

            //Check if User is logged in, if not, make the url forbidden. This is useful if they attempt to type in the URL.
            if (HttpContext.Session.GetInt32(SessionKeyRoleId) == null)
            {
                return(StatusCode(403));
            }

            //Check if they are an admin, if not, send them to the forbidden page.
            int Roleid = (int)HttpContext.Session.GetInt32(SessionKeyRoleId);

            if (Roleid != 0)
            {
                return(StatusCode(403));
            }

            UserContext context = HttpContext.RequestServices.GetService(typeof(UserContext)) as UserContext;

            // Creates the AdminViewData to be returned
            AdminViewData data = new AdminViewData
            {
                Users    = context.GetAllUsers(),
                Managers = context.GetAllManagers()
            };

            if (!string.IsNullOrEmpty(HttpContext.Session.GetString(SessionKeyName)))
            {
                data.CurrentUser = context.retrieveUserDetails((int)HttpContext.Session.GetInt32(SessionKeyId));
            }

            return(View(data));
        }
Esempio n. 6
0
    public IActionResult /*AdminViewData*/ Login([FromBody] LoginData login_data)
    {
        var item = _context.Admin.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);

        if (item != null)
        {
            var last_login_attempt = item.LastLoginAttempt;
            item.LastLoginAttempt = DateTime.Now;
            _context.Update(item);
            _context.SaveChanges();
            if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3))
            {
                if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
                {
                    PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
                }))
                {
                    HttpContext.Login <LoggableEntities, Admin>(env, _context, "Admin", item, new LoggableEntities()
                    {
                        Admin = item
                    });

                    return(Ok(AdminViewData.FromAdmin(item)));
                }
            }
        }
        return(Unauthorized());
    }
Esempio n. 7
0
        public IActionResult EditBpoUsers(int disciplineId)
        {
            ApplicationContext appContext = new ApplicationContext(this.Cache);

            var model = new AdminViewData(this.Cache)
            {
                EditingDisciplineUsersReferenceValue = disciplineId,
                DisciplineUsers       = appContext.DisciplineUsers.Where(x => x.DisciplineId == disciplineId).Select(x => x.Sid).ToList(),
                PrimaryDisciplineUser = appContext.DisciplineUsers.Where(x => x.DisciplineId == disciplineId && x.Primary).Select(x => x.Sid).FirstOrDefault()
            };

            return(PartialView(model));
        }
Esempio n. 8
0
        public IActionResult SendNotifications(AdminViewData updatedModel)
        {
            ApplicationContext appContext = new ApplicationContext(this.Cache);

            if (ViewData.ModelState["NotificationDays"].Errors.Count == 0)
            {
                UserSessionContext userContext     = new UserSessionContext(this.HttpContext);
                LessonBusiness     businessManager = new LessonBusiness(DbContext);
                var notificationType = (Enumerations.NotificationEmailType)updatedModel.EmailNotificationType;

                List <Lesson> lessons = businessManager.GetLessonsForNotification(notificationType, updatedModel.NotificationDays);

                if (lessons != null && lessons.Count > 0)
                {
                    List <EmailInfo> emailList = new List <EmailInfo>();

                    foreach (var lesson in lessons)
                    {
                        //If this key exists in the web.config, re-direct all eamils to that address.
                        string overrideEmailAddress = Utility.SafeGetAppConfigSetting <string>("Debug_OverrideEmailAddress", null);

                        EmailTemplateViewData model = new EmailTemplateViewData(LessonViewModel.ToViewModel(this.HttpContext, lesson), notificationType, appContext, overrideEmailAddress);
                        string emailMessageBody     = Utils.RenderPartialViewToString(this, "EmailTemplate", model);

                        EmailInfo emailInfo = new EmailInfo
                        {
                            Body    = emailMessageBody,
                            MailTo  = model.Redirecting ? model.OverrideMailTo : model.MailTo,
                            Subject = model.Subject
                        };

                        emailList.Add(emailInfo);
                    }

                    businessManager.SendEmails(emailList);
                }

                this.SetEmailsSent();

                return(RedirectPermanent("Index"));
            }

            ModelState.Clear();

            AddError("X Days is invalid");

            return(Index());
        }
Esempio n. 9
0
        /**
         *  Function gets the details of the selected user and persists to the database
         *
         *  @return AdminViewData and a viewbag with a success or fail message
         */
        public IActionResult EditUser()
        {
            UserContext context = HttpContext.RequestServices.GetService(typeof(TevenStudiosBudgetTracker.Models.UserContext)) as UserContext;

            // Build user model
            User umodel = new User
            {
                ID           = Int32.Parse(HttpContext.Request.Form["editID"].ToString()),
                Name         = HttpContext.Request.Form["editName"].ToString(),
                Email        = HttpContext.Request.Form["editEmail"].ToString(),
                RoleId       = Int32.Parse(HttpContext.Request.Form["editRole"].ToString()),
                StartBudget  = Int32.Parse(HttpContext.Request.Form["editBudget"].ToString()),
                AnnualBudget = Int32.Parse(HttpContext.Request.Form["editAnnualBudget"].ToString())
            };

            try
            {
                umodel.ManagerId = Int32.Parse(HttpContext.Request.Form["editManager"].ToString());
            }
            catch (FormatException)
            {
                umodel.ManagerId = -1;
            }

            // Persists changes to the database, generates either success or fail message
            int result = context.EditUserSQL(umodel);

            if (result > 0)
            {
                ViewBag.Result    = umodel.Name + " was successfully edited";
                ViewBag.isSuccess = true;
            }
            else
            {
                ViewBag.Result    = "Something went wrong, please try again.";
                ViewBag.isSuccess = false;
            }

            // Reloads the data, needed to get the reloaded user
            AdminViewData data = new AdminViewData();

            data.Users    = context.GetAllUsers();
            data.Managers = context.GetAllManagers();

            return(Redirect("/Admin"));
        }
Esempio n. 10
0
    public IActionResult /*ItemWithEditable<AdminViewData>*/ GetByIdWithPictures(int id)
    {
        var session       = HttpContext.Get <LoggableEntities>(_context);
        var current_Admin = session == null ? null : session.Admin;

        var allowed_items  = ApiTokenValid ? _context.Admin : _context.Admin;
        var editable_items = ApiTokenValid ? _context.Admin : current_Admin != null ? _context.Admin : Enumerable.Empty <Admin>().AsQueryable();
        var item_full      = allowed_items.FirstOrDefault(e => e.Id == id);

        if (item_full == null)
        {
            return(NotFound());
        }
        var item = PowerBIPoC.Models.Admin.FilterViewableAttributesLocal(current_Admin)(item_full);

        return(Ok(new ItemWithEditable <AdminViewData>()
        {
            Item = AdminViewData.FromAdmin(item),
            Editable = editable_items.Any(e => e.Id == item.Id)
        }));
    }
Esempio n. 11
0
        public IActionResult GetDetails()
        {
            // Build user model
            User umodel = new User
            {
                Name         = HttpContext.Request.Form["name"].ToString(),
                Email        = HttpContext.Request.Form["email"].ToString(),
                ManagerId    = Int32.Parse(HttpContext.Request.Form["manager"].ToString()),
                RoleId       = Int32.Parse(HttpContext.Request.Form["role"].ToString()),
                StartBudget  = Int32.Parse(HttpContext.Request.Form["budget"].ToString()),
                AnnualBudget = Int32.Parse(HttpContext.Request.Form["annualBudget"].ToString())
            };

            // Get context
            UserContext context = HttpContext.RequestServices.GetService(typeof(TevenStudiosBudgetTracker.Models.UserContext)) as UserContext;

            //Save user to database, get result
            int result = context.SaveUserDetails(umodel);

            if (result > 0)
            {
                ViewBag.Result    = umodel.Name + " was successfully added";
                ViewBag.isSuccess = true;
            }
            else
            {
                ViewBag.Result    = "Something went wrong, please try again.";
                ViewBag.isSuccess = false;
            }

            // Reloads the data for admin, needed to get the new user
            AdminViewData data = new AdminViewData();

            data.Users    = context.GetAllUsers();
            data.Managers = context.GetAllManagers();

            return(Redirect("/Admin"));
        }
Esempio n. 12
0
        /**
         *  Sets the currents users index
         */
        public ActionResult SetCurrentUserIndex(int UserIndex)
        {
            UserContext   context = HttpContext.RequestServices.GetService(typeof(TevenStudiosBudgetTracker.Models.UserContext)) as UserContext;
            AdminViewData data    = new AdminViewData();

            data.Users            = context.GetAllUsers();
            data.Managers         = context.GetAllManagers();
            data.CurrentUserIndex = UserIndex;

            User umodel = new User
            {
                Name         = data.Users[UserIndex].Name,
                Email        = data.Users[UserIndex].Email,
                ManagerId    = data.Users[UserIndex].ManagerId,
                RoleId       = data.Users[UserIndex].RoleId,
                StartBudget  = data.Users[UserIndex].StartBudget,
                AnnualBudget = data.Users[UserIndex].AnnualBudget
            };

            data.currentEditUser = umodel;

            return(View("Admin", data));
        }
Esempio n. 13
0
        /**
         *  Delete user from database given their ID.
         *
         *  @param UserID id of the user to be deleted
         *  @return AdminViewData and a viewbag with a success or fail message
         */
        public IActionResult DeleteUser(int UserID)
        {
            // Gets the user from UsedID and deletes from the database, generates success or fail message
            UserContext context = HttpContext.RequestServices.GetService(typeof(TevenStudiosBudgetTracker.Models.UserContext)) as UserContext;
            int         result  = context.DeleteUserSQL(UserID);

            if (result > 0)
            {
                ViewBag.Result    = "Successfully deleted";
                ViewBag.isSuccess = true;
            }
            else
            {
                ViewBag.Result    = "Something went wrong, please try again.";
                ViewBag.isSuccess = false;
            }

            // Reloads data, needed to show user removed
            AdminViewData data = new AdminViewData();

            data.Users    = context.GetAllUsers();
            data.Managers = context.GetAllManagers();
            return(View("Index", data));
        }
Esempio n. 14
0
        public IActionResult EditReferenceValues(Enumerations.ReferenceType referenceType)
        {
            ApplicationContext appContext = new ApplicationContext(this.Cache);

            List <ReferenceValue> referenceList = new List <ReferenceValue>();

            switch (referenceType)
            {
            case Enumerations.ReferenceType.Project:
                referenceList = appContext.Projects;
                break;

            case Enumerations.ReferenceType.Phase:
                referenceList = appContext.Phases;
                break;

            case Enumerations.ReferenceType.Classification:
                referenceList = appContext.Classifications;
                break;

            case Enumerations.ReferenceType.Location:
                referenceList = appContext.Locations;
                break;

            case Enumerations.ReferenceType.ImpactBenefitRange:
                referenceList = appContext.ImpactBenefitRanges;
                break;

            case Enumerations.ReferenceType.CostImpact:
                referenceList = appContext.CostImpacts;
                break;

            case Enumerations.ReferenceType.RiskRanking:
                referenceList = appContext.RiskRankings;
                break;

            case Enumerations.ReferenceType.Discipline:
                referenceList = appContext.Disciplines;
                break;

            case Enumerations.ReferenceType.CredibilityChecklist:
                referenceList = appContext.CredibilityChecklists;
                break;

            case Enumerations.ReferenceType.LessonTypeValid:
                referenceList = appContext.LessonTypesValid;
                break;

            case Enumerations.ReferenceType.LessonTypeInvalid:
                referenceList = appContext.LessonTypesInvalid;
                break;

            case Enumerations.ReferenceType.Theme:
                referenceList = appContext.Themes;
                break;

            default:
                throw new ArgumentOutOfRangeException("referenceType");
            }

            var model = new AdminViewData(this.Cache)
            {
                ListName                  = Utility.StringValue(referenceType),
                EditReferenceType         = (int)referenceType,
                EditingReferenceValueList = referenceList,
                ReferenceValueEnabled     = referenceList.Where(x => x.Enabled).Select(x => x.Name).ToList(),
                ReferenceValueDisabled    = referenceList.Where(x => !x.Enabled).Select(x => x.Name).ToList()
            };

            return(PartialView(model));
        }
Esempio n. 15
0
    public IActionResult Login([FromBody] LoginData login_data)
    {
        var    item      = _context.Admin.FirstOrDefault(t => t.Username == login_data.Username || t.Email == login_data.Email);
        string currentIp = HttpContext.Request.Headers["X-Forwarded-For"];

        if (currentIp == null)
        {
            currentIp = HttpContext.Connection.RemoteIpAddress.ToString();
        }
        var attempt = _context.LoginAttempt.Where(a => a.IpAddress == currentIp && a.Email == login_data.Email).FirstOrDefault();

        if (attempt == null)
        {
            attempt = new LoginAttempt {
                Email = login_data.Email, IpAddress = currentIp, Attempts = 0, LastAttempt = DateTime.Now
            };
            _context.Add(attempt);
        }

        if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) > 0)
        {
            return(StatusCode(403, new { message = "temporarily_blocked" }));
        }
        else if (attempt.Attempts >= 5 && attempt.LastAttempt.AddSeconds(30).CompareTo(DateTime.Now) < 0)
        {
            attempt.Attempts = 0;
        }

        if (item != null)
        {
            var last_login_attempt = item.LastLoginAttempt;
            item.LastLoginAttempt = DateTime.Now;
            _context.Update(item);
            _context.SaveChanges();

            if (login_data.Password != null && (last_login_attempt != null || (DateTime.Now - last_login_attempt).TotalSeconds > 3) && item.EmailConfirmed)
            {
                if (PasswordHasher.CheckHash(login_data.Password, new PasswordAndSalt()
                {
                    PasswordHash = item.PasswordHash, PasswordSalt = item.PasswordSalt
                }))
                {
                    // Remove this IP from the attempts table since the login is successfull
                    _context.LoginAttempt.Remove(attempt);
                    _context.LoginAttempt.RemoveRange(_context.LoginAttempt.Where(a => a.LastAttempt.AddDays(1).CompareTo(DateTime.Now) < 0));
                    _context.SaveChanges();

                    HttpContext.Login <LoggableEntities, Admin>(env, _context, "Admin", item, new LoggableEntities()
                    {
                        Admin = item
                    });

                    return(Ok(AdminViewData.FromAdmin(item)));
                }
            }
        }

        // The login is unsuccesfull, update the attempts for this IP
        attempt.Attempts    = attempt.Attempts + 1;
        attempt.LastAttempt = DateTime.Now;
        _context.SaveChanges();

        return(StatusCode(401, new { message = "login_failed" }));
    }
Esempio n. 16
0
    public Page <AdminViewData> GetAll([FromQuery] int page_index, [FromQuery] int page_size = 25)
    {
        var session       = HttpContext.Get <LoggableEntities>(_context);
        var current_Admin = session == null ? null : session.Admin;

        var allowed_items       = ApiTokenValid ? _context.Admin : _context.Admin;
        var editable_items      = ApiTokenValid ? _context.Admin : current_Admin != null ? _context.Admin : Enumerable.Empty <Admin>().AsQueryable();
        var can_edit_by_token   = ApiTokenValid || true;
        var can_create_by_token = ApiTokenValid || true;
        var can_delete_by_token = ApiTokenValid || true;
        var items = allowed_items.Distinct().OrderBy(i => i.CreatedDate);

        return(items
               .Select(PowerBIPoC.Models.Admin.FilterViewableAttributes(current_Admin))
               .Select(s => Tuple.Create(s, can_edit_by_token && editable_items.Any(es => es.Id == s.Id)))
               .Paginate(can_create_by_token, can_delete_by_token, false, page_index, page_size, PowerBIPoC.Models.Admin.WithoutImages, item => AdminViewData.FromAdmin(item)));
    }
Esempio n. 17
0
        public IActionResult Save(AdminViewData updatedModel)
        {
            ApplicationContext appContext = new ApplicationContext(this.Cache);

            if (ModelState.IsValid)
            {
                UserSessionContext userContext     = new UserSessionContext(this.HttpContext);
                LessonBusiness     businessManager = new LessonBusiness(DbContext);

                businessManager.SaveReferenceList(updatedModel.ReferenceValueEnabled, updatedModel.ReferenceValueDisabled, (Enumerations.ReferenceType)updatedModel.EditReferenceType, userContext.CurrentUser);
                businessManager.SaveDisciplineUserList(updatedModel.DisciplineUsers, updatedModel.PrimaryDisciplineUser, updatedModel.EditingDisciplineUsersReferenceValue, userContext.CurrentUser);
                businessManager.SavePrimaryAdminUser(updatedModel.PrimaryAdminUser, userContext.CurrentUser);

                //Update the cache
                appContext.AllUsers           = businessManager.GetAllUsers();
                appContext.AllReferenceValues = businessManager.GetAllReferenceValues();

                this.SetSuccessfulSave();

                return(RedirectToActionPermanent("Index"));
            }

            switch ((Enumerations.ReferenceType)updatedModel.EditReferenceType)
            {
            case Enumerations.ReferenceType.Project:
                updatedModel.EditingReferenceValueList = appContext.Projects;
                break;

            case Enumerations.ReferenceType.Phase:
                updatedModel.EditingReferenceValueList = appContext.Phases;
                break;

            case Enumerations.ReferenceType.Classification:
                updatedModel.EditingReferenceValueList = appContext.Classifications;
                break;

            case Enumerations.ReferenceType.Location:
                updatedModel.EditingReferenceValueList = appContext.Locations;
                break;

            case Enumerations.ReferenceType.ImpactBenefitRange:
                updatedModel.EditingReferenceValueList = appContext.ImpactBenefitRanges;
                break;

            case Enumerations.ReferenceType.CostImpact:
                updatedModel.EditingReferenceValueList = appContext.CostImpacts;
                break;

            case Enumerations.ReferenceType.RiskRanking:
                updatedModel.EditingReferenceValueList = appContext.RiskRankings;
                break;

            case Enumerations.ReferenceType.Discipline:
                updatedModel.EditingReferenceValueList = appContext.Disciplines;
                break;

            case Enumerations.ReferenceType.CredibilityChecklist:
                updatedModel.EditingReferenceValueList = appContext.CredibilityChecklists;
                break;

            case Enumerations.ReferenceType.LessonTypeValid:
                updatedModel.EditingReferenceValueList = appContext.LessonTypesValid;
                break;

            case Enumerations.ReferenceType.LessonTypeInvalid:
                updatedModel.EditingReferenceValueList = appContext.LessonTypesInvalid;
                break;

            case Enumerations.ReferenceType.Theme:
                updatedModel.EditingReferenceValueList = appContext.Themes;
                break;

            default:
                throw new ArgumentOutOfRangeException();
            }

            TempData["AdminData"] = updatedModel;

            return(Index());
        }