protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool authorize = false;
string UserID = "";
// Wrote If User Is Already Logged In --Arsal;
if (httpContext.Session["UserID"] != null)
{
UserID = httpContext.Session["UserID"].ToString() ?? "";
string ValidSession = System.Web.HttpContext.Current.Cache["_LoginUsersID" + UserID].ToString() ?? "";
if ((ValidSession ?? "") != httpContext.Session.SessionID)
{
SerssionExpired = true; isLoggedIn = true;
return(authorize = false);
}
}
if (httpContext.Session.Keys.Count > 0)
{
isLoggedIn = true;
var routeData = ((MvcHandler)httpContext.CurrentHandler).RequestContext.RouteData;
var actionName = routeData.Values["action"].ToString();
var controllerName = routeData.Values["controller"].ToString();
try
{
ServiceRepository serviceObj = new ServiceRepository();
HttpResponseMessage response = serviceObj.PostResponse("/api/BlotterLogin/GetAllBlotterLoginById?id=" + UserID, null);
response.EnsureSuccessStatusCode();
List <Models.SP_SBPGetLoginInfo_Result> s = response.Content.ReadAsAsync <List <Models.SP_SBPGetLoginInfo_Result> >().Result;
foreach (var item in s)
{
if (item.UserExists == "Success")
{
httpContext.Session["UserID"] = item.ID;
httpContext.Session["UserName"] = item.UserName;
httpContext.Session["UserEmail"] = item.Email;
httpContext.Session["UserRole"] = item.RoleName;
httpContext.Session["BranchID"] = item.BranchID;
httpContext.Session["BranchName"] = item.BranchName;
httpContext.Session["Currencies"] = item.CurrencyID;
httpContext.Session["Pages"] = item.Pages;
httpContext.Session["ActiveController"] = controllerName;
if (item.ChangePassword)
{
CHangePassword = item.ChangePassword;
authorize = false;
return(authorize);
}
List <UserPageAccess> UPA = new List <UserPageAccess>();
foreach (var pg in item.Pages.Split(','))
{
UserPageAccess upaobj = new UserPageAccess();
var val = pg.Split('~');
upaobj.DisplayName = val[0];
upaobj.PageName = val[1];
upaobj.ControllerName = val[2];
upaobj.DateChaneAccess = (val[3] == "1") ? true : false;
upaobj.EditAccess = (val[4] == "1") ? true : false;
upaobj.DeleteAccess = (val[5] == "1") ? true : false;
UPA.Add(upaobj);
}
httpContext.Session["PagesAccess"] = UPA;
#region Added By Shakir
if (httpContext.Session["Currencies"] != null)
{
Models.SP_GetAllBlotterCurrencyById_Result objc = new SP_GetAllBlotterCurrencyById_Result();
objc = UtilityClass.GetCurrencies(Convert.ToInt32(httpContext.Session["UserID"]));
httpContext.Session["Currencies"] = objc.Currencies;
}
#endregion
}
}
}
catch (Exception ex) { }
List <UserPageAccess> permissionList = (List <UserPageAccess>)httpContext.Session["PagesAccess"];
foreach (UserPageAccess item in permissionList)
{
if (item.PageName == actionName)
{
httpContext.Session["CurrentPagesAccess"] = item.PageName + "~" + item.ControllerName + "~" + item.DateChaneAccess + "~" + item.EditAccess + "~" + item.DeleteAccess;
break;
}
}
if (actionName == "Default" || actionName == "Edit" || actionName == "Create" || actionName == "_Create" || actionName == "Update" || actionName == "Delete" || actionName == "Reset" || actionName == "FillBlotterManualData" || actionName == "FillSBPBlotterCRRReport" || actionName == "AddOpeningBalanceByBID" || actionName == "CreateOpnBal" || actionName == "EditOpeningBalance" || actionName == "UpdateOpeningBalance" || actionName == "UpdateUserPageRelation" || actionName == "GetAllBlotterbydate")
{
authorize = true;
}
else
{
authorize = permissionList.Any(item => item.PageName == actionName);
}
}
else
{
isLoggedIn = false;
}
return(authorize);
}
public void RefreshPageAccess(string UserName)
{
#region For Page Access
List <UserPageAccess> MasterPageList = new List <UserPageAccess>();
List <UserPageAccess> TransactionPageList = new List <UserPageAccess>();
SqlCommand cmdSql = new SqlCommand();
#region Masters Page Access
cmdSql.Connection = conn;
cmdSql.CommandTimeout = 0;
cmdSql.CommandType = CommandType.StoredProcedure;
cmdSql.CommandText = @"dbo.M_SP_PageandAccess";
cmdSql.Parameters.Clear();
cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = UserName;
cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Master";
cmdSql.CommandTimeout = 0;
conn.Open();
cmdSql.ExecuteNonQuery();
using (SqlDataReader rdr = cmdSql.ExecuteReader())
{
while (rdr.Read())
{
UserPageAccess getter = new UserPageAccess();
getter.PageIndex = rdr["PageIndex"].ToString();
getter.PageName = rdr["PageName"].ToString();
getter.PageModule = rdr["PageModule"].ToString();
getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false;
MasterPageList.Add(getter);
}
}
conn.Close();
#endregion
#region Transaction Page Access
cmdSql.Connection = conn;
cmdSql.CommandTimeout = 0;
cmdSql.CommandType = CommandType.StoredProcedure;
cmdSql.CommandText = @"dbo.M_SP_PageandAccess";
cmdSql.Parameters.Clear();
cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = UserName;
cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Transaction";
cmdSql.CommandTimeout = 0;
conn.Open();
cmdSql.ExecuteNonQuery();
using (SqlDataReader rdr = cmdSql.ExecuteReader())
{
while (rdr.Read())
{
UserPageAccess getter = new UserPageAccess();
getter.PageIndex = rdr["PageIndex"].ToString();
getter.PageName = rdr["PageName"].ToString();
getter.PageModule = rdr["PageModule"].ToString();
getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false;
TransactionPageList.Add(getter);
}
}
conn.Close();
#endregion
System.Web.HttpContext.Current.Session["MasterPageList"] = MasterPageList;
System.Web.HttpContext.Current.Session["WorkOrderApproval"] = TransactionPageList.Where(x => x.PageIndex == "WorkOrderApproval").ToList();
System.Web.HttpContext.Current.Session["WorkOrderRequest"] = TransactionPageList.Where(x => x.PageIndex == "Request").ToList();
#endregion
try
{
Response.Redirect("/Home/Index");
}
catch (Exception err) { }
}
public ActionResult Login(Classes.UserProfile collection)
{
try
{
if (ModelState.IsValid)
{
ServiceRepository serviceObj = new ServiceRepository();
HttpResponseMessage response = serviceObj.PostResponse("/api/BlotterLogin/GetAllBlotterLogin", collection);
response.EnsureSuccessStatusCode();
List <Models.SP_SBPGetLoginInfo_Result> s = response.Content.ReadAsAsync <List <Models.SP_SBPGetLoginInfo_Result> >().Result;
//var item = s.FirstOrDefault().ToString();
foreach (var item in s)
{
if (item.UserExists == "Success")
{
Session["UserID"] = item.ID;
Session["UserName"] = item.UserName;
Session["UserEmail"] = item.Email;
Session["UserRole"] = item.RoleName;
Session["BranchID"] = item.BranchID;
Session["BranchName"] = item.BranchName;
Session["BlotterType"] = item.BlotterType;
Session["Currencies"] = item.CurrencyID;
Session["BR"] = (item.isConventional)?"01":(item.isislamic)?"02":"00";
Session["Pages"] = item.Pages;
Session["ActiveController"] = "Login";
List <UserPageAccess> UPA = new List <UserPageAccess>();
foreach (var pg in item.Pages.Split(','))
{
UserPageAccess upaobj = new UserPageAccess();
var val = pg.Split('~');
upaobj.DisplayName = val[0];
upaobj.PageName = val[1];
upaobj.ControllerName = val[2];
upaobj.DateChaneAccess = (val[3] == "1")?true:false;
upaobj.EditAccess = (val[4] == "1") ? true : false;
upaobj.DeleteAccess = (val[5] == "1") ? true : false;
UPA.Add(upaobj);
}
Session["PagesAccess"] = UPA;
#region Added By Shakir
if (Session["Currencies"] != null)
{
if (Session["Currencies"].ToString().Contains(','))
{
Session["SelectedCurrency"] = (Session["Currencies"].ToString().Split(',')[0]).Split('~')[0];
}
else
{
Session["SelectedCurrency"] = Session["Currencies"].ToString().Split('~')[0];
}
}
#endregion
int timeout = 525600; //objLogin.RememberMe ? 525600 : 525600; // 525600 min = 1 year
var ticket = new FormsAuthenticationTicket(item.UserName, true, timeout);
string encrypted = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrypted);
cookie.Expires = DateTime.Now.AddMinutes(timeout);
cookie.HttpOnly = true;
Response.Cookies.Add(cookie);
(new AuthAccessAttribute()).SetSessionStart(item.ID, Session.SessionID, Request.UserHostAddress, new Guid().ToString(), DateTime.Now, cookie.Expires);
HttpContext.Cache["_LoginUsersID" + item.ID] = Session.SessionID;
if (item.ChangePassword)
{
Response.Redirect(new Uri(Request.Url, Url.Action("ChangePassword", "ChangePassword")).ToString(), false);
}
else
{
if (item.DefaultPage != null)
{
Response.Redirect(new Uri(Request.Url, Url.Action(item.DefaultPage.Split('/')[1], item.DefaultPage.Split('/')[0])).ToString(), false);
}
else
{
Response.Redirect(new Uri(Request.Url, Url.Action("Default", "Home")).ToString(), false);
}
}
}
else if (item.UserExists == "User Does not Exists")
{
ViewBag.ErrorMessage = item.UserExists;
}
else
{
ViewBag.ErrorMessage = item.UserExists;
}
}
ViewData["SysCurrentDt"] = GetCurrentDT().ToString("dd-MMM-yyyy");
return(View("Login"));
}
}
catch (Exception ex)
{
//throw;
}
return(View(collection));
}
public ActionResult GetPageAccess(string EmployeeNo)
{
List <UserPageAccess> MasterPageList = new List <UserPageAccess>();
List <UserPageAccess> TransactionPageList = new List <UserPageAccess>();
SqlCommand cmdSql = new SqlCommand();
#region Master Page
cmdSql.Connection = conn;
cmdSql.CommandTimeout = 0;
cmdSql.CommandType = CommandType.StoredProcedure;
cmdSql.CommandText = @"dbo.M_SP_PageandAccess";
cmdSql.Parameters.Clear();
cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = EmployeeNo;
cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Master";
cmdSql.CommandTimeout = 0;
conn.Open();
//cmdSql.ExecuteNonQuery();
using (SqlDataReader rdr = cmdSql.ExecuteReader())
{
while (rdr.Read())
{
UserPageAccess getter = new UserPageAccess();
getter.ID = Convert.ToInt64(rdr["ID"]);
getter.PageIndex = rdr["PageIndex"].ToString();
getter.PageName = rdr["PageName"].ToString();
getter.PageModule = rdr["PageModule"].ToString();
getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false;
MasterPageList.Add(getter);
}
}
conn.Close();
#endregion
#region Transaction Page
cmdSql.Connection = conn;
cmdSql.CommandTimeout = 0;
cmdSql.CommandType = CommandType.StoredProcedure;
cmdSql.CommandText = @"dbo.M_SP_PageandAccess";
cmdSql.Parameters.Clear();
cmdSql.Parameters.Add("@EmployeeNo", SqlDbType.NVarChar).Value = EmployeeNo;
cmdSql.Parameters.Add("@PageModule", SqlDbType.NVarChar).Value = "Transaction";
cmdSql.CommandTimeout = 0;
conn.Open();
//cmdSql.ExecuteNonQuery();
using (SqlDataReader rdr = cmdSql.ExecuteReader())
{
while (rdr.Read())
{
UserPageAccess getter = new UserPageAccess();
getter.ID = Convert.ToInt64(rdr["ID"]);
getter.PageIndex = rdr["PageIndex"].ToString();
getter.PageName = rdr["PageName"].ToString();
getter.PageModule = rdr["PageModule"].ToString();
getter.AccessType = (rdr["AccessType"] != null) ? Convert.ToBoolean(rdr["AccessType"]) : false;
TransactionPageList.Add(getter);
}
}
conn.Close();
#endregion
int MasterGoodcount = MasterPageList.Where(x => x.AccessType == true).Count();
int TransactionGoodcount = TransactionPageList.Where(x => x.AccessType == true).Count();
return(Json(new
{
MasterPageList = MasterPageList,
TransactionPageList = TransactionPageList
}, JsonRequestBehavior.AllowGet));
}
