public ActionResult Login(LoginModel model)
{
var result = new Models.CustomJsonResult();
if (!ModelState.IsValid)
{
return(View());
}
try
{
var userId = _userService.Login(model.LoginUsername, model.LoginPassword);
if (userId > 0)
{
result.Result = userId;
Session[Constant.SessionUsername] = model.LoginUsername;
Lib.Business.Models.DBContext.UsTransport.tblStoreAccount storeOfUser = _storeService.SelectStoreByUserName(model.LoginUsername);
Session[Constant.SessionStoreID] = storeOfUser.id;
}
else
{
result.Result = 0;
result.Message = "Tài khoản không đúng hoặc chưa được kích hoạt, vui lòng liên hệ với administrator!";
}
}
catch (Exception ex)
{
result.Message = ex.Message;
}
return(Json(result, JsonRequestBehavior.AllowGet));
}
public Lib.Business.Models.DBContext.UsTransport.tblStoreAccount GetStoreAccountInfo()
{
if (Session[Constant.SessionStoreAccountInfo] == null)
{
Lib.Business.Models.DBContext.UsTransport.tblStoreAccount storeInfo = _storeService.SelectStoreByUserName(GetUserNameFromSession());
Session[Constant.SessionStoreAccountInfo] = storeInfo;
}
var info = (Lib.Business.Models.DBContext.UsTransport.tblStoreAccount)Session[Constant.SessionStoreAccountInfo];
if (info == null)
{
info = new Lib.Business.Models.DBContext.UsTransport.tblStoreAccount();
}
return(info);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!filterContext.IsChildAction)
{
string controller = filterContext.RouteData.Values["controller"].ToString().ToLower();
string action = filterContext.RouteData.Values["action"].ToString().ToLower();
string returnUrl = filterContext.RequestContext.HttpContext.Request.Url.AbsoluteUri;
if (!((controller.Equals("home") && _lstActionNoneCheck.Contains(action)) || _lstControllerNoneCheck.Contains(controller)))
{
var username = HttpContext.Current.Session[Constant.SessionUsername];
if (username == null)
{
// Redirect to Login Page
FormsAuthentication.SignOut();
HttpContext.Current.Session[Constant.SessionPreviousUrl] = filterContext.HttpContext.Request.Url;
filterContext.Result = new RedirectResult("~/Home/Login");
}
else //nếu đang còn session
{
var user = _userService.GetUserByUsername(username.ToString());
if (user != null && user.IsActive)
{
var isAllowAccess = false;
bool IsStore = false; //Kiem tra accout login co phai store ko
bool IsAdmin = false;
bool IsCSKH = false;
var lstRoleId = _userService.GetLstRoleIdByUserId(user.Id);
HttpContext.Current.Session[Constant.SessionUserRole] = string.Join(",", lstRoleId);
if (lstRoleId != null && lstRoleId.Any())
{
if (lstRoleId.Contains(RoleEnum.Admin))
{
IsAdmin = true;
isAllowAccess = true;
}
if (lstRoleId.Contains(RoleEnum.Store))
{
IsStore = true;
}
if (lstRoleId.Contains(RoleEnum.SupplierEmployee))
{
IsCSKH = true;
}
//
if (lstRoleId.Contains(RoleEnum.Root))
{
isAllowAccess = true;
IsAdmin = true;
}
else
{
var lstMenu = _menuService.GetLstMenuByLstRoleId(lstRoleId);
if (lstMenu != null && lstMenu.Any())
{
Lib.Business.Models.DBContext.UsTransport.tblMenu menu = null;
if (action == "index")
{
menu = lstMenu.FirstOrDefault(x => (!string.IsNullOrEmpty(x.Controller) &&
x.Controller.ToLower().Equals(controller)));
}
else
{
menu = lstMenu.FirstOrDefault(x => (!string.IsNullOrEmpty(x.Controller) && !string.IsNullOrEmpty(x.Action) &&
x.Controller.ToLower().Equals(controller) &&
x.Action.ToLower().Equals(action)));
}
if (menu != null && menu.IsActive)
{
isAllowAccess = true;
}
}
}
}
if (isAllowAccess)
{
HttpContext.Current.Session[Constant.SessionUsername] = username;
HttpContext.Current.Session[Constant.SessionUserID] = user.Id;
if (IsStore)
{
Lib.Business.Models.DBContext.UsTransport.tblStoreAccount storeOfUser = _storeServices.SelectStoreByUserName(username.ToString());
if (storeOfUser != null)
{
HttpContext.Current.Session[Constant.SessionStoreID] = storeOfUser.id;
HttpContext.Current.Session[Constant.SessionStoreName] = storeOfUser.StoreName;
}
}
HttpContext.Current.Session[Constant.SessionIsAdmin] = IsAdmin;
HttpContext.Current.Session[Constant.SessionIsCSKH] = IsCSKH;
}
else
{
filterContext.Result = new HttpStatusCodeResult(403);
throw new HttpException(403, "Access Denied");
}
}
else
{
filterContext.Result = new RedirectResult("~/Home/Login");
}
}
}
}
}
