Esempio n. 1
0
        public ActionResult List()
        {
            IEnumerable<Form> forms = null;
            User user = new User();

            ExpenseEntities db = new ExpenseEntities();
                Guid userId = Guid.Parse(SessionManager.Get(SessionManager.Keys.UserId).ToString());

                //Admin can see all forms
                if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Administrator)
                {
                    forms = db.Forms.ToList();
                   
                }

                //Manager cans see the forms which ones manager is the current manager
                if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Manager)
                {
                    forms = db.Forms
                                .Where(f => (f.OwnerId == userId
                                            || f.User.ManagerId == userId) 
                                            && f.State.Name != "Paid")
                                            .ToList();
                }

                //User can see only current users forms
                if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.User)
                {
                    forms = db.Forms.Where(f => f.OwnerId == userId).ToList();
                }

                //Accountat can see only approved forms.
                if ((int)SessionManager.Get(SessionManager.Keys.AuthorizeLevel) == AuthorizeLevels.Accountant)
                {
                    forms = db.Forms
                                .Where(f => f.State.Name == "Approved")
                                .ToList();
                }
                                            
                


            return View(forms);
        }
Esempio n. 2
0
        public ActionResult Login(string username , string password)
        {
            ExpenseEntities db = new ExpenseEntities();
            User user = new User();
            user = (User)db.Users.Where(u=> u.Username.Equals(username)&& u.Password.Equals(password)).FirstOrDefault();
            if (user != null)
            {
                SessionManager.Register(SessionManager.Keys.UserId, user.Id);
                SessionManager.Register(SessionManager.Keys.FullName, user.FirstName + " " + user.LastName);
                SessionManager.Register(SessionManager.Keys.Username, user.Username);
                SessionManager.Register(SessionManager.Keys.RoleName, user.Role.Name);
                SessionManager.Register(SessionManager.Keys.LoggedIn, true);
                SessionManager.Register(SessionManager.Keys.AuthorizeLevel, user.Role.AuthorizeLevel);

                return RedirectToAction("Index","Home");
            }

            SessionManager.Register(SessionManager.Keys.LoggedIn, null);
            

            return View();
        }