Esempio n. 1
0
        public JsonResult GetAllUser()
        {
            POS_MiniMartEntities db = new POS_MiniMartEntities();
            var dataList            = db.Users.Where(x => x.Status == 1).ToList();

            return(Json(dataList, JsonRequestBehavior.AllowGet));
        }
Esempio n. 2
0
        public JsonResult CheckLogin(string username, string password)
        {
            POS_MiniMartEntities db = new POS_MiniMartEntities();

            var  dataItem = db.Users.Where(x => x.Username == username && x.Password == password).SingleOrDefault();
            bool isLogged = true;

            if (dataItem != null)
            {
                Session["Username"] = dataItem.Username;
                Session["Role"]     = dataItem.Role;
                isLogged            = true;
            }
            else
            {
                isLogged = false;
            }
            return(Json(isLogged, JsonRequestBehavior.AllowGet));
        }
Esempio n. 3
0
        public JsonResult SaveUser(User user)
        {
            POS_MiniMartEntities db = new POS_MiniMartEntities();
            bool isSuccess          = true;

            try
            {
                user.Status = 1;
                db.Users.Add(user);
                db.SaveChanges();
            }
            catch (Exception)
            {
                isSuccess = false;
            }


            return(Json(isSuccess, JsonRequestBehavior.AllowGet));
        }
Esempio n. 4
0
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            POS_MiniMartEntities db = new POS_MiniMartEntities();
            string username         = Convert.ToString(System.Web.HttpContext.Current.Session["Username"]);
            string role             = Convert.ToString(System.Web.HttpContext.Current.Session["Role"]);
            string actionName       = filterContext.ActionDescriptor.ActionName;
            string controllerName   = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string tag = controllerName + actionName;

            if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) ||
                filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
            {
                // Don't check for authorization as AllowAnonymous filter is applied to the action or controller
                return;
            }

            // Check for authorization
            if (System.Web.HttpContext.Current.Session["Username"] == null)
            {
                filterContext.Result = new HttpUnauthorizedResult();
            }

            if (username != null && username != "")
            {
                bool isPermitted    = false;
                var  viewPermission = db.RolePermissions.Where(x => x.Role == role && x.Tag == tag).SingleOrDefault();
                if (viewPermission != null)
                {
                    isPermitted = true;
                }
                if (isPermitted == false)
                {
                    filterContext.Result = new RedirectToRouteResult(
                        new RouteValueDictionary
                    {
                        { "controller", "Home" },
                        { "action", "AccessDenied" }
                    });
                }
            }
        }