public ActionResult EditUser(int id, UserFilterModel filter, FormCollection collection)
        {
            var user = EmployeeServices.GetUser(id);

            try
            {
                UpdateModel(user, "User");
                EmployeeServices.UpdateUser(user);

                return(RedirectToAction("UserListing", filter.GenerateUserAccessRoute()));
            }
            catch (Exception ex)
            {
                // Invalid - redisplay with errors
                Logger.Error(ex.ToString());
                ModelState.AddModelError(String.Empty, Constants.ServerError);
                var model = new UserDetailModel()
                {
                    Action = "EditUser",
                    User   = user,
                    Filter = filter,
                    Roles  = LookupServices.GetRoleOptions(user.RoleName)
                };

                ViewBag.Locations = LocationServices.GetLocationLookup(true, model.User.LocationId);
                return(View("UserDetail", model));
            }
        }
        public ActionResult NewUser(UserModel user, UserFilterModel filter)
        {
            try
            {
                if (ModelState.IsValid)
                {
                    EmployeeServices.CreateUser(user);
                    return(RedirectToAction("UserListing", filter.GenerateUserAccessRoute()));
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString());
                ModelState.AddModelError(String.Empty, Constants.ServerError);
            }

            // Invalid - redisplay with errors
            var model = new UserDetailModel()
            {
                Action = "NewUser",
                User   = user,
                Filter = filter,
                Roles  = LookupServices.GetRoleOptions(user.RoleName)
            };

            ViewBag.Locations = LocationServices.GetLocationLookup(true, -1);
            return(View("UserDetail", model));
        }
Esempio n. 3
0
        //TODO: exclude from token validation
        public ActionResult Index(string returnUrl)
        {
            var model = new LoginModel()
            {
                ReturnUrl = returnUrl
            };

            ViewBag.Locations = LocationServices.GetLocationLookup();
            return(View(model));
        }
        public ActionResult EditUser(int id, UserFilterModel filter)
        {
            var user = EmployeeServices.GetUser(id);

            var model = new UserDetailModel()
            {
                Action = "EditUser",
                User   = user,
                Filter = filter,
                Roles  = LookupServices.GetRoleOptions(user.RoleName)
            };

            ViewBag.Locations = LocationServices.GetLocationLookup(true, model.User.LocationId);
            return(View("UserDetail", model));
        }
        public ActionResult NewUser(UserFilterModel filter)
        {
            var model = new UserDetailModel()
            {
                Action = "NewUser",
                User   = new UserModel(),
                Filter = filter,
                Roles  = LookupServices.GetRoleOptions("Employee")
            };

            model.User.PasswordString = PasswordGenerator.GeneratePassword();

            ViewBag.Locations = LocationServices.GetLocationLookup(true, -1);
            return(View("UserDetail", model));
        }
        // TODO: test?
        public ActionResult InvoiceDetail(InvoiceFilterModel filter)
        {
            var detail = AdministrationServices.GetInvoiceAdministrationDetail(filter);

            ViewBag.Filter    = "InvoiceDetail";
            ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
            ViewBag.Paid      = LookupServices.GetPaidOptions(filter.HasBeenPaid, true);

            if (detail.InvoiceList.Count == 0)
            {
                return(View("InvoiceDetailNoData", detail));
            }
            else
            {
                return(View("InvoiceDetail", detail));
            }
        }
        public ActionResult SecurityLog(SecurityLogFilterModel filter)
        {
            var listing = SecurityServices.GetSecurityLog(filter);

            ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
            ViewBag.Result    = LookupServices.GetLoginResultOptions(filter.ResultFlag, true);
            ViewBag.Size      = LookupServices.GetSizeOptions(filter.Size);

            if (listing.SecurityLog.Count == 0)
            {
                return(View("SecurityLogNoData", listing));
            }
            else
            {
                return(View("SecurityLog", listing));
            }
        }
        // TODO: test?
        public ActionResult InvoiceListing(InvoiceFilterModel filter)
        {
            var listing = AdministrationServices.GetInvoiceListing(filter);

            ViewBag.Filter    = "InvoiceListing";
            ViewBag.Locations = LocationServices.GetLocationLookup(true, filter.LocationId);
            ViewBag.Paid      = LookupServices.GetPaidOptions(filter.HasBeenPaid, true);
            ViewBag.Size      = LookupServices.GetSizeOptions(filter.Size);

            if (listing.InvoiceList.Count == 0)
            {
                return(View("InvoiceListingNoData", listing));
            }
            else
            {
                return(View("InvoiceListing", listing));
            }
        }
Esempio n. 9
0
        public ActionResult ValidateLogin(LoginModel login)
        {
            try
            {
                if (ModelState.IsValid)
                {
                    var user = SecurityServices.ValidateUser(login.Name, login.Password);
                    if (user == null)
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid credentials: {0} - {1}", login.Name, login.Password));
                        ModelState.AddModelError(String.Empty, "The login name or password is invalid.");
                    }
                    if (user != null && !user.CanLogin)
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "User login disabled");
                        ModelState.AddModelError(String.Empty, "Access denied.");
                    }
                    if (user != null && !IsIpValid(user.RoleName, login.LocationId))
                    {
                        SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, "Invalid IP address");
                        ModelState.AddModelError(String.Empty, "Access denied.");
                    }

                    if (ModelState.IsValid)
                    {
                        if (login.DowngradeRole)
                        {
                            user.RoleName = "Employee";
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, "Downgraded to Employee role");
                        }
                        else if (user.RoleName == "Manager" && login.LocationId != user.LocationId)
                        {
                            user.RoleName = "Employee";
                            var message = string.Format("Manager downgraded to Employee role");
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress, message);
                        }
                        else
                        {
                            SecurityServices.RecordSuccessfulLoginAttempt(login, HttpContext.Request.UserHostAddress);
                        }

                        var token = CreateToken(user.Id, user.RoleName, login.LocationId);
                        var auth  = TokenSerializer.GetCookieFromToken(token);
                        if (HttpContext.Request.IsLocal) //local development overrides
                        {
                            auth.Domain = null;
                            auth.Secure = false;
                        }
                        HttpContext.Response.Cookies.Add(auth);

                        if (Url.IsLocalUrl(login.ReturnUrl) && user.RoleName == "Administrator")
                        {
                            return(Redirect(login.ReturnUrl));
                        }
                        else
                        {
                            return(RedirectToAction("Index", "ShopFloor"));
                        }
                    }
                }
                else
                {
                    SecurityServices.RecordFailedLoginAttempt(login, HttpContext.Request.UserHostAddress, string.Format("Invalid model state: {0}", ModelState.ToString()));
                }
            }
            catch (Exception ex)
            {
                Logger.Error(ex.ToString());
                ModelState.AddModelError(String.Empty, Constants.ServerError);
            }

            // Invalid - redisplay with errors
            ViewBag.Locations = LocationServices.GetLocationLookup();
            return(View("Index", login));
        }