public async Task <IActionResult> GetModuleRights(string id, string role) { var moduleRights = await _queryService.GetModules(role); var modules = _mapper.Map <List <ModuleViewModel> >(moduleRights); List <UserRightsViewModel> modelf = new List <UserRightsViewModel>(); if (modules != null) { foreach (var item in moduleRights) { var model = new UserRightsViewModel(); model.Id = item.Id; model.ModuleName = item.Display; var userRights = await _queryService.GetUserRights(id, item.Id); if (userRights == null) { model.View = 0; model.Add = 0; model.Edit = 0; } else { model.View = userRights.View? 1 : 0; model.Add = userRights.Add ? 1 : 0; model.Edit = userRights.Edit ? 1 : 0; } if (!item.View) { model.View = 2; } if (!item.Add) { model.Add = 2; } if (!item.Edit) { model.Edit = 2; } modelf.Add(model); } } return(Json(new { data = modelf })); }
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null) { Result result = new Result(); try { //if the session USER_NAME is not null, it means that a user is currently logged in //redirect the user to Dashboard page if (HttpContext.Session.GetString(SessionHelper.USER_NAME) != null) { return RedirectToAction("Index", "Dashboard"); } ViewData["ReturnUrl"] = returnUrl; if (string.IsNullOrEmpty(model.UserName) || string.IsNullOrEmpty(model.Password)) { ModelState.AddModelError(string.Empty, "Invalid Credentials"); result.Message = "Invalid username or password."; result.Success = false; return Json(result); } if (ModelState.IsValid) { var user = await _userManager.FindByNameAsync(model.UserName); if (user != null) { var tempRole = await _userManager.GetRolesAsync(user); ViewBag.userName = user.UserName; var user2 = await _userManager.GetUserAsync(User); if (!await _userManager.IsEmailConfirmedAsync(user)) { // TODO: create a separate action for resending the confirmation token // string callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, "Confirm your account-Resend"); // Uncomment to debug locally // ViewBag.Link = callbackUrl; // ViewBag.errorMessage = "You must have a confirmed email to log on. " // + "The confirmation token has been resent to your email account."; ModelState.AddModelError(string.Empty, "You must have a confirmed email to log on."); return View(); } else { bool isSucceeded = false; // This doesn't count login failures towards account lockout // To enable password failures to trigger account lockout, set lockoutOnFailure: true var signIn = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, lockoutOnFailure: false); isSucceeded = signIn.Succeeded; if (isSucceeded) { var role = await _userManager.GetRolesAsync(user); var modules = await _queryService.GetModules(role.First()); var userRole = role.First(); //if DPO or ADMIN is logged, add a 0 value to userDept. string userDept = user.DepartmentId ?? "0"; string companyName = (await _queryService.GetCompanyInfo() == null) ? "" : (await _queryService.GetCompanyInfo()).Name ?? ""; //store in session the neccessary data HttpContext.Session.SetString(SessionHelper.COMPANY_NAME, companyName); HttpContext.Session.SetString(SessionHelper.USER_NAME, user.UserName); HttpContext.Session.SetString(SessionHelper.USER_ID, user.Id.ToString()); HttpContext.Session.SetObjectAsJson(SessionHelper.USER, user); HttpContext.Session.SetString(SessionHelper.USER_NAME, user.UserName); HttpContext.Session.SetString(SessionHelper.ROLES, userRole); HttpContext.Session.SetString(SessionHelper.USER_DEPT, userDept); HttpContext.Session.SetObjectAsJson(SessionHelper.MODULES, modules); HttpContext.Session.SetString(SessionHelper.DONE_SETUP, user.DoneSetUp.ToString()); //this session will be used for redirecting of the user, specifically for DPO and ADMIN. if (tempRole.First() == "ADMINISTRATOR" || tempRole.First() == "DPO") { if (user.HasPasswordChanged == false) { HttpContext.Session.SetString(SessionHelper.HASPASSWORDCHANGED, "0"); } else if (user.HasPasswordChanged == true) { HttpContext.Session.SetString(SessionHelper.HASPASSWORDCHANGED, "1"); } //showmodal for user setup if DoneSetup=0 //ShowModal for Userguide if DoneSetup =1 if ((user.DoneSetUp == 0) || (user.DoneSetUp == 1)) { HttpContext.Session.SetString(SessionHelper.SHOW_MODAL, "1"); } } else if (tempRole.First() == "USER" || tempRole.First() == "DEPTHEAD") { //showModal for userguide in Dashboard if (user.DoneSetUp == 0) { HttpContext.Session.SetString(SessionHelper.DONE_SETUP, "1"); HttpContext.Session.SetString(SessionHelper.SHOW_MODAL, "1"); } } //Update user DoneSetup to 2 to disable force setup and userguide note if (HttpContext.Session.GetString(SessionHelper.DONE_SETUP) == "1") { user.DoneSetUp = 2; var updateUserSetup = await _userManager.UpdateAsync(user); } // userRights var moduleRights = await _queryService.GetModules("ADMINISTRATOR"); List<UserRightsViewModel> rights = new List<UserRightsViewModel>(); // get the user rights per module. // note: DPO and ADMIN rights can not be edited. // also DPO and ADMIN are the only one who can edit other's(DEPTHEAD, and USER) rights. foreach (var item in moduleRights) { var ur = await _queryService.GetUserRights(user.Id.ToString(), item.Id); var ur_model = new UserRightsViewModel(); ur_model.ModuleId = item.Id; ur_model.ModuleName = item.Name; if (ur != null) { ur_model.View = ur.View ? 1 : 0; ur_model.Add = ur.Add ? 1 : 0; ur_model.Edit = ur.Edit ? 1 : 0; } else { ur_model.View = 0; ur_model.Add = 0; ur_model.Edit = 0; } rights.Add(ur_model); } ViewBag.rightsList = rights; HttpContext.Session.SetObjectAsJson(SessionHelper.USER_RIGHTS, rights); result.Message = "Logged in successfully."; result.Success = true; result.IsRedirect = true; result.RedirectUrl = "Dashboard/Index"; return Json(result); } else if (!isSucceeded) { result.Message = "Invalid username or password."; result.Success = false; return Json(result); } } } else { result.Message = "Invalid username or password."; result.Success = false; return Json(result); } } // if program reached here, something failed, redisplay form return View(); } catch (Exception e) { _logger.LogError("Error calling Login: {0}", e.Message); throw; } }