public JsonResult GetAllUser() { POS_MiniMartEntities db = new POS_MiniMartEntities(); var dataList = db.Users.Where(x => x.Status == 1).ToList(); return(Json(dataList, JsonRequestBehavior.AllowGet)); }
public JsonResult CheckLogin(string username, string password) { POS_MiniMartEntities db = new POS_MiniMartEntities(); var dataItem = db.Users.Where(x => x.Username == username && x.Password == password).SingleOrDefault(); bool isLogged = true; if (dataItem != null) { Session["Username"] = dataItem.Username; Session["Role"] = dataItem.Role; isLogged = true; } else { isLogged = false; } return(Json(isLogged, JsonRequestBehavior.AllowGet)); }
public JsonResult SaveUser(User user) { POS_MiniMartEntities db = new POS_MiniMartEntities(); bool isSuccess = true; try { user.Status = 1; db.Users.Add(user); db.SaveChanges(); } catch (Exception) { isSuccess = false; } return(Json(isSuccess, JsonRequestBehavior.AllowGet)); }
public void OnAuthorization(AuthorizationContext filterContext) { POS_MiniMartEntities db = new POS_MiniMartEntities(); string username = Convert.ToString(System.Web.HttpContext.Current.Session["Username"]); string role = Convert.ToString(System.Web.HttpContext.Current.Session["Role"]); string actionName = filterContext.ActionDescriptor.ActionName; string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; string tag = controllerName + actionName; if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true) || filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true)) { // Don't check for authorization as AllowAnonymous filter is applied to the action or controller return; } // Check for authorization if (System.Web.HttpContext.Current.Session["Username"] == null) { filterContext.Result = new HttpUnauthorizedResult(); } if (username != null && username != "") { bool isPermitted = false; var viewPermission = db.RolePermissions.Where(x => x.Role == role && x.Tag == tag).SingleOrDefault(); if (viewPermission != null) { isPermitted = true; } if (isPermitted == false) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "Home" }, { "action", "AccessDenied" } }); } } }