public async Task <IActionResult> GetModuleRights(string id, string role)
{
var moduleRights = await _queryService.GetModules(role);
var modules = _mapper.Map <List <ModuleViewModel> >(moduleRights);
List <UserRightsViewModel> modelf = new List <UserRightsViewModel>();
if (modules != null)
{
foreach (var item in moduleRights)
{
var model = new UserRightsViewModel();
model.Id = item.Id;
model.ModuleName = item.Display;
var userRights = await _queryService.GetUserRights(id, item.Id);
if (userRights == null)
{
model.View = 0;
model.Add = 0;
model.Edit = 0;
}
else
{
model.View = userRights.View? 1 : 0;
model.Add = userRights.Add ? 1 : 0;
model.Edit = userRights.Edit ? 1 : 0;
}
if (!item.View)
{
model.View = 2;
}
if (!item.Add)
{
model.Add = 2;
}
if (!item.Edit)
{
model.Edit = 2;
}
modelf.Add(model);
}
}
return(Json(new
{
data = modelf
}));
}
public async Task<IActionResult> Login(LoginViewModel model, string returnUrl = null)
{
Result result = new Result();
try
{
//if the session USER_NAME is not null, it means that a user is currently logged in
//redirect the user to Dashboard page
if (HttpContext.Session.GetString(SessionHelper.USER_NAME) != null)
{
return RedirectToAction("Index", "Dashboard");
}
ViewData["ReturnUrl"] = returnUrl;
if (string.IsNullOrEmpty(model.UserName) || string.IsNullOrEmpty(model.Password))
{
ModelState.AddModelError(string.Empty, "Invalid Credentials");
result.Message = "Invalid username or password.";
result.Success = false;
return Json(result);
}
if (ModelState.IsValid)
{
var user = await _userManager.FindByNameAsync(model.UserName);
if (user != null)
{
var tempRole = await _userManager.GetRolesAsync(user);
ViewBag.userName = user.UserName;
var user2 = await _userManager.GetUserAsync(User);
if (!await _userManager.IsEmailConfirmedAsync(user))
{
// TODO: create a separate action for resending the confirmation token
// string callbackUrl = await SendEmailConfirmationTokenAsync(user.Id, "Confirm your account-Resend");
// Uncomment to debug locally
// ViewBag.Link = callbackUrl;
// ViewBag.errorMessage = "You must have a confirmed email to log on. "
// + "The confirmation token has been resent to your email account.";
ModelState.AddModelError(string.Empty, "You must have a confirmed email to log on.");
return View();
}
else
{
bool isSucceeded = false;
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, set lockoutOnFailure: true
var signIn = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, model.RememberMe, lockoutOnFailure: false);
isSucceeded = signIn.Succeeded;
if (isSucceeded)
{
var role = await _userManager.GetRolesAsync(user);
var modules = await _queryService.GetModules(role.First());
var userRole = role.First();
//if DPO or ADMIN is logged, add a 0 value to userDept.
string userDept = user.DepartmentId ?? "0";
string companyName = (await _queryService.GetCompanyInfo() == null) ? "" : (await _queryService.GetCompanyInfo()).Name ?? "";
//store in session the neccessary data
HttpContext.Session.SetString(SessionHelper.COMPANY_NAME, companyName);
HttpContext.Session.SetString(SessionHelper.USER_NAME, user.UserName);
HttpContext.Session.SetString(SessionHelper.USER_ID, user.Id.ToString());
HttpContext.Session.SetObjectAsJson(SessionHelper.USER, user);
HttpContext.Session.SetString(SessionHelper.USER_NAME, user.UserName);
HttpContext.Session.SetString(SessionHelper.ROLES, userRole);
HttpContext.Session.SetString(SessionHelper.USER_DEPT, userDept);
HttpContext.Session.SetObjectAsJson(SessionHelper.MODULES, modules);
HttpContext.Session.SetString(SessionHelper.DONE_SETUP, user.DoneSetUp.ToString());
//this session will be used for redirecting of the user, specifically for DPO and ADMIN.
if (tempRole.First() == "ADMINISTRATOR" || tempRole.First() == "DPO")
{
if (user.HasPasswordChanged == false)
{
HttpContext.Session.SetString(SessionHelper.HASPASSWORDCHANGED, "0");
}
else if (user.HasPasswordChanged == true)
{
HttpContext.Session.SetString(SessionHelper.HASPASSWORDCHANGED, "1");
}
//showmodal for user setup if DoneSetup=0
//ShowModal for Userguide if DoneSetup =1
if ((user.DoneSetUp == 0) || (user.DoneSetUp == 1))
{
HttpContext.Session.SetString(SessionHelper.SHOW_MODAL, "1");
}
}
else if (tempRole.First() == "USER" || tempRole.First() == "DEPTHEAD")
{
//showModal for userguide in Dashboard
if (user.DoneSetUp == 0)
{
HttpContext.Session.SetString(SessionHelper.DONE_SETUP, "1");
HttpContext.Session.SetString(SessionHelper.SHOW_MODAL, "1");
}
}
//Update user DoneSetup to 2 to disable force setup and userguide note
if (HttpContext.Session.GetString(SessionHelper.DONE_SETUP) == "1")
{
user.DoneSetUp = 2;
var updateUserSetup = await _userManager.UpdateAsync(user);
}
// userRights
var moduleRights = await _queryService.GetModules("ADMINISTRATOR");
List<UserRightsViewModel> rights = new List<UserRightsViewModel>();
// get the user rights per module.
// note: DPO and ADMIN rights can not be edited.
// also DPO and ADMIN are the only one who can edit other's(DEPTHEAD, and USER) rights.
foreach (var item in moduleRights)
{
var ur = await _queryService.GetUserRights(user.Id.ToString(), item.Id);
var ur_model = new UserRightsViewModel();
ur_model.ModuleId = item.Id;
ur_model.ModuleName = item.Name;
if (ur != null)
{
ur_model.View = ur.View ? 1 : 0;
ur_model.Add = ur.Add ? 1 : 0;
ur_model.Edit = ur.Edit ? 1 : 0;
}
else
{
ur_model.View = 0;
ur_model.Add = 0;
ur_model.Edit = 0;
}
rights.Add(ur_model);
}
ViewBag.rightsList = rights;
HttpContext.Session.SetObjectAsJson(SessionHelper.USER_RIGHTS, rights);
result.Message = "Logged in successfully.";
result.Success = true;
result.IsRedirect = true;
result.RedirectUrl = "Dashboard/Index";
return Json(result);
}
else if (!isSucceeded)
{
result.Message = "Invalid username or password.";
result.Success = false;
return Json(result);
}
}
}
else
{
result.Message = "Invalid username or password.";
result.Success = false;
return Json(result);
}
}
// if program reached here, something failed, redisplay form
return View();
}
catch (Exception e)
{
_logger.LogError("Error calling Login: {0}", e.Message);
throw;
}
}
