public static bool CanDo(long userId, string moduleId, string code)
{
//Load user for roles
var user = BlUser.LoadSingle(userId);
if (user == null)
{
throw new BusinessException("UserNotFound");
}
var roles = BlRole.LoadParents(userId, user.Roles.ToList());
//Exit if full permission case of roles system administrator
if (roles.Select(r => r.Id).Contains(Constants.FullAdminRole))
{
return(true);
}
//Load permissions for user roles
var blPermission = new BlPermission();
var permissions = blPermission.LoadByModuleAndRole(user.Id, moduleId, roles.ToList(), true).ToList();
//Return permission existance
return(permissions.Where(p => p.Code == code).Any());
}
public string LoadAllForTree(long userId)
{
var predicate = PredicateBuilder.True <Role>();
//Exclude full admin
predicate = predicate.And(e => e.Id != 1);
var roleTree = LoadSearch(userId, predicate);
//Get security permissions
var allowView = BlPermission.CanDo(userId, Module, "View");
var allowAdd = BlPermission.CanDo(userId, Module, "Add");
var allowEdit = BlPermission.CanDo(userId, Module, "Edit");
var allowDelete = BlPermission.CanDo(userId, Module, "Delete");
//Create return object
var toRet = new List <TreeItemVm>();
//Create root node
var rootNode = new Role {
Id = 0
};
//Add root node
toRet.AddRange(ConstructTreeNode(userId, rootNode.SingleItemAsEnumerable(), false, allowAdd, false, false));
//Add menus
toRet.AddRange(ConstructTreeNode(userId, roleTree.ToList(), allowView, allowAdd, allowEdit, allowDelete));
return(new JavaScriptSerializer().Serialize(toRet));
}
private string GetRolePermissions(long userId, long roleId)
{
var blModule = new BlModule();
var modules = blModule.LoadAll(userId).ToList();
var toRetModules = (from m in modules
select new TreeItemVm
{
id = "M_" + m.Id,
parent = "#",
text = m.Id,
icon = "fa fa-folder colorMain ",
state = "{\"opened\": \"true\"}",
li_attr = "{\"class\" : \"form-control-label\"}",
a_attr = "{\"class\": \"no_checkbox\"}"
}).ToList();
//Get all modules permissions and set is active for assigned ones
var blPermission = new BlPermission();
var permissions = blPermission.LoadAll(userId).ToList();
permissions.ForEach(p => p.IsActive = p.Roles.Where(r => r.Id == roleId).Any());
//Get is active from parent and set them as disabled
var parentRolesIds = LoadParents(userId, LoadSingle(userId, roleId).SingleItemAsList()).Where(role => role.Id != roleId).Select(parentRole => parentRole.Id);
permissions.ForEach(p => p.IsActiveInherited = p.Roles.Where(r => parentRolesIds.Contains(r.Id)).Any());
var toRetPermissions = (from p in permissions
select new TreeItemVm
{
id = p.Id.ToString(),
parent = "M_" + p.Module.Id,
text = p.Code,
icon = "fa fa-gear " + (p.IsActive ? "colorGreen" : "colorRed"),
state = "{\"selected\": \"" + (p.IsActive || p.IsActiveInherited ? "true" : "false") + "\", \"disabled\": \"" + (p.IsActiveInherited ? "true" : "false") + "\"}",
li_attr = "{\"class\" : \"form-control-label " + (p.IsActiveInherited ? "jstree-disabled" : "") + "\"}"
}).ToList();
toRetModules.AddRange(toRetPermissions);
var toRet = new JavaScriptSerializer().Serialize(toRetModules);
return(toRet);
}
public IEnumerable <Role> LoadForPermission(long userId, string moduleId, string permissionCode, long?roleId = 0)
{
//Load all roles
var toRet = LoadAll(userId).ToList();
//Load all selected permission roles
var blPermission = new BlPermission();
var permission = blPermission.LoadByModuleAndCode(userId, moduleId, permissionCode);
foreach (var role in permission.Roles)
{
if (toRet.Where(r => r.Id == role.Id).Any())
{
toRet.Where(r => r.Id == role.Id).SingleOrDefault().IsActive = true;
}
}
return(toRet.ToList());
}
public LoginVm Authenticate(LoginVm model)
{
var hashedPass = Cryptography.ComputeToHash(model.Password);
if (hashedPass == null)
{
throw new BusinessException("InvalidLogin");
}
var userRepository = new UserRepository();
var predicate = PredicateBuilder.True <User>();
predicate = predicate.And(u => u.UserName == model.Username);
var users = userRepository.LoadSearch(predicate);
//Check if any user have same password
IStructuralEquatable eqa1 = hashedPass;
var user = users.FirstOrDefault(u => eqa1.Equals(u.Password, StructuralComparisons.StructuralEqualityComparer));
if (user == null)
{
throw new BusinessException("InvalidLogin");
}
//Check if user is active
if (user.IsBlocked)
{
throw new BusinessException("UserInactive");
}
UpdateTicketValidity(user.Id);
model.SecurityToken = Cryptography.Encrypt(JsonConvert.SerializeObject(user.Id), true);
model.Password = null;
model.Language = BlCode.LoadSingle(user.Id, "Language", user.LanguageId.ToUiString()).Value1;
model.BranchId = user.BranchId;
model.BranchName = BlBranch.GetBranchName(user.Id);
model.CrossBranches = BlPermission.CanDo(user.Id, "BRANCH", "CrossBranches");
model.PageSize = user.PageSize;
BlLog.Log(user.Id, Module, "LogIn", "UserSuccessfulLogin", new object[] { user.UserName });
return(model);
}
public string LoadUserMenu(long userId, bool forEdit)
{
var user = BlUser.LoadSingle(userId);
//Load all active menu items per company
var predicate = PredicateBuilder.True <Menu>();
predicate = predicate.And(p => p.Status);
//Query all entries without a branch or specific for a branch
var predicate2 = PredicateBuilder.False <Menu>();
predicate2 = predicate2.Or(p => p.BranchId == user.BranchId);
predicate2 = predicate2.Or(p => p.BranchId == null);
predicate = predicate.And(predicate2);
var lMenu = LoadSearch(userId, predicate).ToList();
//Vaidate if all modules exist in permissions
var lDeniedMenu = new List <Menu>();
foreach (var menuItem in lMenu.ToList())
{
if (menuItem.Module != null)
{
if (!BlPermission.CanDo(userId, menuItem.Module.Id, "Access"))
{
//Build the denied menu list
lDeniedMenu.Add(menuItem);
}
}
}
//Remove unauthorized and broken menu items
lMenu = (from m in lMenu
where !(from dm in lDeniedMenu select dm.Id).Contains(m.Id)
select m).ToList();
//Iterate all sub menu items and clear broken entries
foreach (var menuItem in lMenu.ToList())
{
//Remove each node that does not have a module nor children
if (menuItem.Module == null)
{
if (menuItem.Parent != null && menuItem.DescriptionCode != null)
{
if (!lMenu.Where(m => m.Id == menuItem.Parent.Id && m.Module != null && m.DescriptionCode != null).Any())
{
//Check if any children have this item as parent
if (!lMenu.Where(m => m.Parent != null).Where(m => m.Parent.Id == menuItem.Id && m.Module != null && m.DescriptionCode != null).Any())
{
lDeniedMenu.Add(menuItem);
}
}
}
}
}
//Remove unauthorized and broken menu entries
lMenu = (from m in lMenu
where !(from dm in lDeniedMenu select dm.Id).Contains(m.Id)
select m).ToList();
//Iterate all top menu items and clear broken entries
foreach (var menuItem in lMenu.Where(m => m.Parent == null).ToList())
{
if (menuItem.Module == null)
{
//Remove each node that does not have a module nor children
if (!lMenu.Where(m => m.Parent != null).Where(m => m.Parent.Id == menuItem.Id && m.DescriptionCode != null).Any())
{
lDeniedMenu.Add(menuItem);
}
}
}
//Remove unauthorized and broken menu items
lMenu = (from m in lMenu
where !(from dm in lDeniedMenu select dm.Id).Contains(m.Id)
select m).ToList();
var menu = BuildMenuChildren(user, lMenu, null, forEdit);
return(menu);
}
public Role Edit(long userId, Role toEdit, string roleUsers = "", string rolePermissions = "")
{
using (var tran = new TransactionScope())
{
var oldImage = LoadSingle(userId, toEdit.Id, true);
oldImage.ParentRole = toEdit.ParentRole;
oldImage.Code = toEdit.Code;
var toRet = _repository.Edit(oldImage);
//Adjust role users
var arRoleUsers = roleUsers.Split(',');
var blUser = new BlUser();
var allUsers = blUser.LoadAll(userId);
foreach (var user in allUsers)
{
if (user.Roles.Where(r => r.Id == toRet.Id).Any() && !arRoleUsers.Contains(user.Id.ToUiString()))
{
user.Roles.Remove(user.Roles.Where(ur => ur.Id == toRet.Id).First());
blUser.Edit(userId, user);
}
if (!user.Roles.Where(r => r.Id == toRet.Id).Any() && arRoleUsers.Contains(user.Id.ToUiString()))
{
user.Roles.Add(LoadSingle(userId, toRet.Id));
blUser.Edit(userId, user);
}
}
//Adjust role permissions
var arRolePermissions = rolePermissions.Split(',');
var blPermission = new BlPermission();
var allPermissions = blPermission.LoadAll(userId);
foreach (var permission in allPermissions)
{
if (permission.Roles.Where(r => r.Id == toRet.Id).Any() && !arRolePermissions.Contains(permission.Id.ToUiString()))
{
permission.Roles.Remove(permission.Roles.Where(rp => rp.Id == toRet.Id).First());
blPermission.Edit(userId, permission);
}
if (!permission.Roles.Where(r => r.Id == toRet.Id).Any() && arRolePermissions.Contains(permission.Id.ToUiString()))
{
permission.Roles.Add(LoadSingle(userId, toRet.Id));
blPermission.Edit(userId, permission);
}
}
//if (toRet.Users == null)
//{toRet.Users = new List<User>();}
//toRet.Users = toRet.Users.ToList();
//foreach (var permissionUser in toRet.Users)
//{
// var user = BlUser.LoadSingle(Convert.ToInt64(permissionUser.Id));
// if (!toRet.Users.Where(u => roleUsers.Split(',').Contains(u.Id.ToUiString())).Any())
// {
// user.Roles.Remove(user.Roles.Where(ur => ur.Id == toRet.Id).First());
// blUser.Edit(userId, user);
// }
//}
//foreach (var roleUserId in arRoleUser)
//{
// var user = BlUser.LoadSingle(Convert.ToInt64(roleUserId));
// if (!toRet.Users.Where(u => u.Id == userId).Any())
// {
// user.Roles.Remove(user.Roles.Where(r => r.Id == toRet.Id).First());
// blUser.Edit(userId, user);
// }
// else
// {
// user.Roles.Add(LoadSingle(userId, toRet.Id));
// blUser.Edit(userId, user);
// }
//}
//}
BlLog.Log(userId, Module, "Edit role", "RoleModified", new object[] { toEdit.Code });
tran.Complete();
return(toRet);
}
}
public string GetSecurityString(long userId, string path)
{
//CLean path url
path = path.ToUpper().Replace("../STOCK/APP/", "");
path = path.ToUpper().Replace("/STOCK/APP/", "");
var toRetList = new ArrayList();
//Load the module by path
var predicate = PredicateBuilder.True <Module>();
predicate = predicate.And(p => p.Path == path);
var module = LoadSearch(userId, predicate).FirstOrDefault();
//Create module if does not exist
if (module == null)
{
using (var tran = new TransactionScope())
{
var systemUser = BlUser.LoadSingle(Constants.SystemUser);
var newModule = new Module
{
Id = path.Split('/')[path.Split('/').Length - 1].ToUpper().Replace(".HTML", ""),
Path = path,
Description = "N/A",
Author = Constants.SystemUser,
Status = "A"
};
newModule = Create(userId, newModule);
//Create first access permission and assign to system admin
var newPermission = new Permission
{
Module = newModule,
Code = "Access",
Status = "A",
Roles =
BlRole.LoadSingle(userId, Constants.FullAdminRole).
SingleItemAsEnumerable().ToList()
};
var blPermission = new BlPermission();
blPermission.Create(userId, newPermission);
tran.Complete();
}
}
//Get module permissions if exists
if (module != null)
{
var blPermission = new BlPermission();
var permissions = blPermission.LoadByModule(userId, module.Id, true);
//Check each permission status
foreach (var permission in permissions)
{
if (BlPermission.CanDo(userId, module.Id, permission.Code))
{
toRetList.Add(permission.Code);
}
}
}
return(string.Join(":", toRetList.ToArray()));
}