public async Task Invoke(HttpContext context)
{
IDisposable dbCtx = DbContext.CreateContext(ErpSettings.ConnectionString);
IDisposable secCtx = null;
ErpUser user = AuthService.GetUser(context.User);
if (user != null)
{
secCtx = SecurityContext.OpenScope(user);
}
else
{
if (context.User.Identity.IsAuthenticated)
{
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
await next(context);
await Task.Run(() =>
{
if (dbCtx != null)
{
dbCtx.Dispose();
}
if (secCtx != null)
{
secCtx.Dispose();
}
});
}
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
else
{
string authToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedToken = Encoding.UTF8.GetString(Convert.FromBase64String(authToken));
if (!string.IsNullOrEmpty(decodedToken))
{
string[] paramters = decodedToken.Split(':');
if (paramters.Length == 2)
{
ErpUser obj = new ErpUser()
{
Username = paramters[0],
Token = Guid.Parse(paramters[1])
};
if (ErpUserRepo.IsValidToken(obj))
{
return;
}
}
}
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
public async Task Invoke(HttpContext context)
{
IDisposable dbCtx = DbContext.CreateContext(ErpSettings.ConnectionString);
IDisposable secCtx = null;
ErpUser user = AuthService.GetUser(context.User);
if (user != null)
{
secCtx = SecurityContext.OpenScope(user);
}
await next(context);
await Task.Run(() =>
{
if (dbCtx != null)
{
dbCtx.Dispose();
}
if (secCtx != null)
{
secCtx.Dispose();
}
});
}
public IActionResult OnPost([FromServices] AuthService authService)
{
if (!ModelState.IsValid)
{
throw new Exception("Antiforgery check failed.");
}
Init();
var globalHookInstances = HookManager.GetHookedInstances <IPageHook>(HookKey);
foreach (IPageHook inst in globalHookInstances)
{
var result = inst.OnPost(this);
if (result != null)
{
return(result);
}
}
var hookInstances = HookManager.GetHookedInstances <ILoginPageHook>(HookKey);
foreach (ILoginPageHook inst in hookInstances)
{
var result = inst.OnPostPreLogin(this);
if (result != null)
{
return(result);
}
}
ErpUser user = authService.Authenticate(Username, Password);
foreach (ILoginPageHook inst in hookInstances)
{
var result = inst.OnPostAfterLogin(user, this);
if (result != null)
{
return(result);
}
}
if (user == null)
{
Error = "Invalid username or password";
return(Page());
}
if (!string.IsNullOrWhiteSpace(ReturnUrl))
{
return(new LocalRedirectResult(ReturnUrl));
}
else
{
return(new LocalRedirectResult("/"));
}
}
public override Task OnConnectionUpAsync(Circuit circuit, CancellationToken cancellationToken)
{
IDisposable dbCtx = DbContext.CreateContext(ErpSettings.ConnectionString);
ErpUser user = AuthService.GetUser(authStateProvider.GetAuthenticationStateAsync().Result.User);
IDisposable secCtx = user != null?WebVella.Erp.Api.SecurityContext.OpenScope(user) : null;
contexts.Add(circuit, new Tuple <IDisposable, IDisposable>(dbCtx, secCtx));
return(Task.CompletedTask);
}
public IActionResult OnPost()
{
if (!ModelState.IsValid)
{
throw new Exception("Antiforgery check failed.");
}
var initResult = Init();
if (initResult != null)
{
return(initResult);
}
InitPage();
var appServ = new AppService();
try
{
var secMan = new SecurityManager();
var allRoles = secMan.GetAllRoles();
ErpUser newUser = new ErpUser();
newUser.Id = Guid.NewGuid();
newUser.Username = UserName;
newUser.FirstName = FirstName;
newUser.LastName = LastName;
newUser.Email = Email;
newUser.Password = Password;
newUser.Image = Image;
newUser.Enabled = Enabled;
newUser.Verified = Verified;
newUser.Preferences = new ErpUserPreferences();
foreach (var roleId in Roles)
{
var role = allRoles.Single(x => x.Id == new Guid(roleId));
newUser.Roles.Add(role);
}
secMan.SaveUser(newUser);
BeforeRender();
return(Redirect(ReturnUrl));
}
catch (ValidationException ex)
{
Validation.Message = ex.Message;
Validation.Errors = ex.Errors;
BeforeRender();
return(Page());
}
catch (Exception ex)
{
Validation.Message = ex.Message;
Validation.Errors.Add(new ValidationError("", ex.Message, isSystem: true));
BeforeRender();
return(Page());
}
}
private AuthToken(ErpUser user, DateTime expirationDate)
{
UserId = user.Id;
Email = user.Email;
FirstName = user.FirstName;
LastName = user.LastName;
LastModified = user.ModifiedOn;
ExpirationDate = expirationDate;
Roles = user.Roles;
Image = user.Image;
}
public EntityRecord GetPageHookLogic(BaseErpPageModel pageModel, EntityRecord record)
{
if (record == null)
{
record = new EntityRecord();
}
//Preselect owner
ErpUser currentUser = (ErpUser)pageModel.DataModel.GetProperty("CurrentUser");
if (currentUser != null)
{
record["owner_id"] = currentUser.Id;
}
//$project_nn_task.id
//Preselect project
if (pageModel.HttpContext.Request.Query.ContainsKey("projectId"))
{
var projectQueryId = pageModel.HttpContext.Request.Query["projectId"].ToString();
if (Guid.TryParse(projectQueryId, out Guid outGuid))
{
var projectIdList = new List <Guid>();
projectIdList.Add(outGuid);
record["$project_nn_task.id"] = projectIdList;
}
}
else
{
var eqlCommand = "SELECT created_on,type_id,$project_nn_task.id FROM task WHERE created_by = @currentUserId ORDER BY created_on DESC PAGE 1 PAGESIZE 1";
var eqlParams = new List <EqlParameter>()
{
new EqlParameter("currentUserId", currentUser.Id)
};
var eqlResult = new EqlCommand(eqlCommand, eqlParams).Execute();
if (eqlResult != null && eqlResult is EntityRecordList && eqlResult.Count > 0)
{
var relatedProjects = (List <EntityRecord>)eqlResult[0]["$project_nn_task"];
if (relatedProjects.Count > 0)
{
var projectIdList = new List <Guid>();
projectIdList.Add((Guid)relatedProjects[0]["id"]);
record["$project_nn_task.id"] = projectIdList;
}
record["type_id"] = (Guid?)eqlResult[0]["type_id"];
}
}
//Preset start date
record["start_time"] = DateTime.Now.Date.ClearKind();
record["end_time"] = DateTime.Now.Date.ClearKind().AddDays(1);
return(record);
}
static SecurityContext()
{
systemUser = new ErpUser();
systemUser.Id = SystemIds.SystemUserId;
systemUser.FirstName = "Local";
systemUser.LastName = "System";
systemUser.Username = "******";
systemUser.Email = "*****@*****.**";
systemUser.Enabled = true;
systemUser.Roles.Add(new ErpRole {
Id = SystemIds.AdministratorRoleId, Name = "administrator"
});
}
public static bool HasMetaPermission(ErpUser user = null)
{
if (user == null)
{
user = CurrentUser;
}
if (user == null)
{
return(false);
}
return(user.Roles.Any(x => x.Id == SystemIds.AdministratorRoleId));
}
internal static ErpIdentity CreateIdentity(Guid?userId)
{
SecurityManager secMan = new SecurityManager();
ErpUser user = secMan.GetUser(userId.Value);
if (user == null || !user.Enabled)
{
return(null);
}
return(new ErpIdentity {
User = user
});
}
public static IDisposable OpenScope(ErpUser user)
{
if (current == null)
{
current = new AsyncLocal <SecurityContext>();
current.Value = new SecurityContext();
}
if (current.Value == null)
{
current.Value = new SecurityContext();
}
current.Value.userStack.Push(user);
return(current.Value);
}
public static BaseErpPageModel CreatePageModelSimulation(
ErpRequestContext erpRequestContext,
ErpUser currentUser
)
{
var pageModel = new BaseErpPageModel();
pageModel.ErpRequestContext = erpRequestContext;
pageModel.currentUser = currentUser;
pageModel.AppName = erpRequestContext.App != null ? erpRequestContext.App.Name : "";
pageModel.AreaName = erpRequestContext.SitemapArea != null ? erpRequestContext.SitemapArea.Name : "";
pageModel.NodeName = erpRequestContext.SitemapNode != null ? erpRequestContext.SitemapNode.Name : "";
pageModel.PageName = erpRequestContext.Page != null ? erpRequestContext.Page.Name : "";
pageModel.RecordId = erpRequestContext.RecordId;
pageModel.DataModel = new PageDataModel(pageModel);
return(pageModel);
}
private static async ValueTask <(string, JwtSecurityToken)> BuildTokenAsync(ErpUser user)
{
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
claims.Add(new Claim(ClaimTypes.Email, user.Email));
user.Roles.ForEach(role => claims.Add(new Claim(ClaimTypes.Role.ToString(), role.Name)));
DateTime tokenRefreshAfterDateTime = DateTime.UtcNow.AddMinutes(JWT_TOKEN_FORCE_REFRESH_MINUTES);
claims.Add(new Claim(type: "token_refresh_after", value: tokenRefreshAfterDateTime.ToBinary().ToString()));
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ErpSettings.JwtKey));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature);
var tokenDescriptor = new JwtSecurityToken(ErpSettings.JwtIssuer, ErpSettings.JwtAudience, claims,
expires: DateTime.Now.AddMinutes(JWT_TOKEN_EXPIRY_DURATION_MINUTES), signingCredentials: credentials);
return(new JwtSecurityTokenHandler().WriteToken(tokenDescriptor), tokenDescriptor);
}
public ErpUser GetUser(string email, string password)
{
var query = EntityQuery.QueryAND(EntityQuery.QueryEQ("email", email), EntityQuery.QueryEQ("password", password));
var result = new RecordManager(true).Find(new EntityQuery("user", fieldsToQuery, query));
if (!result.Success)
{
throw new Exception(result.Message);
}
ErpUser user = null;
if (result.Object.Data != null && result.Object.Data.Any())
{
user = result.Object.Data[0].DynamicMapTo <ErpUser>();
}
return(user);
}
public static List <Guid> ProjectsUserCanAccess(ErpUser user)
{
var result = new List <Guid>();
QueryResponse queryResponse = new RecordManager().Find(new EntityQuery("wv_project", "id,$user_1_n_project_owner.id,$role_n_n_project_team.id,$role_n_n_project_customer.id"));
if (!queryResponse.Success)
{
throw new Exception(queryResponse.Message);
}
foreach (var record in queryResponse.Object.Data)
{
var userIsPM = false;
var userIsStaff = false;
var userIsCustomer = false;
foreach (var userRole in user.Roles)
{
if (!userIsPM)
{
userIsPM = ((List <EntityRecord>)record["$user_1_n_project_owner"]).Any(z => (Guid)z["id"] == user.Id);
}
if (!userIsStaff)
{
userIsStaff = ((List <EntityRecord>)record["$role_n_n_project_team"]).Any(z => (Guid)z["id"] == userRole.Id);
}
if (!userIsCustomer)
{
userIsCustomer = ((List <EntityRecord>)record["$role_n_n_project_customer"]).Any(z => (Guid)z["id"] == userRole.Id);
}
}
if (userIsPM || userIsStaff || userIsCustomer)
{
result.Add((Guid)record["id"]);
}
}
return(result);
}
public IActionResult OnGet(BaseErpPageModel pageModel)
{
var page = (ErpPage)pageModel.DataModel.GetProperty("Page");
if (page != null && page.Id == CREATE_TASK_PAGE_ID)
{
EntityRecord record = (EntityRecord)pageModel.DataModel.GetProperty("Record");
#region << Init fields >>
if (record == null)
{
record = new EntityRecord();
}
//Preselect owner
ErpUser currentUser = (ErpUser)pageModel.DataModel.GetProperty("CurrentUser");
if (currentUser != null)
{
record["owner_id"] = currentUser.Id;
}
//Preselect project
if (pageModel.HttpContext.Request.Query.ContainsKey("projectId"))
{
var projectQueryId = pageModel.HttpContext.Request.Query["projectId"].ToString();
if (Guid.TryParse(projectQueryId, out Guid outGuid))
{
record["project_id"] = outGuid;
}
}
#endregion
pageModel.DataModel.SetRecord(record);
}
return(null);
}
public IActionResult MyProjects(string listName = null, string entityName = null, int page = 0)
{
var response = new ResponseModel();
//var queryString = HttpContext.Request.QueryString;
#region << Can user read projects >>
//Get current user
ErpUser user = SecurityContext.CurrentUser;
//Get entity meta
var entity = entityManager.ReadEntity(entityName).Object;
//Get list meta
var list = entityManager.ReadRecordList(entity.Name, listName).Object;
//check if user role has permissions
var canRead = user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
var canCreate = user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
var canUpdate = user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
var canDelete = user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
if (!canRead)
{
response.Success = false;
response.Message = "You do not have permission to read the projects in this system";
response.Timestamp = DateTime.UtcNow;
return(Json(response)); //return empty object
}
#endregion
#region << Init fields >>
var requestedFields = "id,name,start_date,end_date," +
"x_milestones_opened,x_milestones_completed,x_tasks_not_started,x_tasks_in_progress,x_tasks_completed,x_bugs_opened,x_bugs_reopened,x_bugs_closed," +
"$user_1_n_project_owner.id,$user_1_n_project_owner.image,$user_1_n_project_owner.username," +
"$role_n_n_project_team.id,$role_n_n_project_customer.id";
#endregion
#region << Query builder >>
//QueryObject filterObj = EntityQuery.QueryEQ("id", recordId);
QueryObject filterObj = null;
EntityQuery resultQuery = new EntityQuery("wv_project", requestedFields, filterObj, null, null, null, null);
#endregion
#region << Sort >>
#endregion
#region << Execute >>
QueryResponse result = recMan.Find(resultQuery);
var resultRecordsList = new List <EntityRecord>();
if (!result.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = result.Message;
response.Object = null;
return(Json(response));
}
foreach (var record in result.Object.Data)
{
//Check if user can view the object
var userIsPM = false;
var userIsStaff = false;
var userIsCustomer = false;
#region << Check user roles >>
foreach (var userRole in user.Roles)
{
userIsPM = ((List <EntityRecord>)record["$user_1_n_project_owner"]).Any(z => (Guid)z["id"] == user.Id);
userIsStaff = ((List <EntityRecord>)record["$role_n_n_project_team"]).Any(z => (Guid)z["id"] == userRole.Id);
userIsCustomer = ((List <EntityRecord>)record["$role_n_n_project_customer"]).Any(z => (Guid)z["id"] == userRole.Id);
}
#endregion
if (userIsPM || userIsStaff || userIsCustomer)
{
var recordObj = new EntityRecord();
recordObj["id"] = record["id"];
recordObj["name"] = record["name"];
recordObj["start_date"] = record["start_date"];
recordObj["end_date"] = record["end_date"];
recordObj["owner_image"] = ((List <EntityRecord>)record["$user_1_n_project_owner"])[0]["image"];
recordObj["owner_username"] = ((List <EntityRecord>)record["$user_1_n_project_owner"])[0]["username"];
#region << milestones Count "opened" vs "completed" >>
var milestonesOpened = (decimal)record["x_milestones_opened"];
var milestonesCompleted = (decimal)record["x_milestones_completed"];
recordObj["milestones_opened_count"] = milestonesOpened;
recordObj["milestones_completed_count"] = milestonesCompleted;
if (milestonesOpened + milestonesCompleted > 0)
{
recordObj["milestones_opened_percentage"] = Math.Round((decimal)(milestonesOpened * 100) / (milestonesOpened + milestonesCompleted));
recordObj["milestones_completed_percentage"] = 100 - Math.Round((decimal)(milestonesOpened * 100) / (milestonesOpened + milestonesCompleted));
}
else
{
recordObj["milestones_opened_percentage"] = 0;
recordObj["milestones_completed_percentage"] = 0;
}
#endregion
#region << tasks Count "not started" vs "in progress" vs "completed" >>
var tasksNotStarted = (decimal)record["x_tasks_not_started"];
var tasksInProgress = (decimal)record["x_tasks_in_progress"];
var tasksCompleted = (decimal)record["x_tasks_completed"];
recordObj["tasks_not_started_count"] = tasksNotStarted;
recordObj["tasks_in_progress_count"] = tasksInProgress;
recordObj["tasks_completed_count"] = tasksCompleted;
if (tasksNotStarted + tasksInProgress + tasksCompleted > 0)
{
recordObj["tasks_not_started_percentage"] = Math.Round((decimal)(tasksNotStarted * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
recordObj["tasks_in_progress_percentage"] = Math.Round((decimal)(tasksInProgress * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
recordObj["tasks_completed_percentage"] = 100 - Math.Round((decimal)(tasksNotStarted * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted)) - Math.Round((decimal)(tasksInProgress * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
}
else
{
recordObj["tasks_not_started_percentage"] = 0;
recordObj["tasks_in_progress_percentage"] = 0;
recordObj["tasks_completed_percentage"] = 0;
}
#endregion
#region << bugs Count "opened" & "reopened" vs "closed" >>
var bugsOpened = (decimal)record["x_bugs_opened"];
var bugsReOpened = (decimal)record["x_bugs_reopened"];
var bugsClosed = (decimal)record["x_bugs_closed"];
recordObj["bugs_opened_count"] = bugsOpened;
recordObj["bugs_reopened_count"] = bugsReOpened;
recordObj["bugs_closed_count"] = bugsClosed;
if (bugsOpened + bugsReOpened + bugsClosed > 0)
{
recordObj["bugs_opened_percentage"] = Math.Round((decimal)(bugsOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
recordObj["bugs_reopened_percentage"] = Math.Round((decimal)(bugsReOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
recordObj["bugs_closed_percentage"] = 100 - Math.Round((decimal)(bugsOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed)) - Math.Round((decimal)(bugsReOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
}
else
{
recordObj["bugs_opened_percentage"] = 0;
recordObj["bugs_reopened_percentage"] = 0;
recordObj["bugs_closed_percentage"] = 0;
}
resultRecordsList.Add(recordObj);
#endregion
}
}
#endregion
var skipRecords = list.PageSize * (page - 1);
if (page != 0)
{
resultRecordsList = resultRecordsList.Skip(skipRecords).Take(page).ToList();
}
response.Success = true;
response.Timestamp = DateTime.UtcNow;
response.Message = "My projects successfully read";
response.Object = resultRecordsList;
return(Json(response));
}
public static AuthToken Create(ErpUser user, bool extendedExpiration)
{
return(new AuthToken(user, DateTime.UtcNow.AddDays(extendedExpiration
? WebSecurityUtil.AUTH_TOKEN_EXTENDED_EXPIRATION_DAYS
: WebSecurityUtil.AUTH_TOKEN_EXPIRATION_DAYS)));
}
internal static object GetCurrentUserPermissions(HttpContext context)
{
if (context == null)
{
throw new NullReferenceException("context");
}
ErpUser user = null;
if (context.User != null && context.User is ErpPrincipal)
{
var identity = (context.User as ErpPrincipal).Identity as ErpIdentity;
if (identity != null)
{
user = identity.User;
}
}
EntityManager entMan = new EntityManager();
var entities = entMan.ReadEntities().Object.Entities;
List <object> permissions = new List <object>();
foreach (var entity in entities)
{
bool canRead = false;
bool canCreate = false;
bool canUpdate = false;
bool canDelete = false;
if (user != null)
{
canRead = user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
canCreate = user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
canUpdate = user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
canDelete = user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
}
else
{
canRead = entity.RecordPermissions.CanRead.Any(z => z == SystemIds.GuestRoleId);
canCreate = entity.RecordPermissions.CanCreate.Any(z => z == SystemIds.GuestRoleId);
canUpdate = entity.RecordPermissions.CanUpdate.Any(z => z == SystemIds.GuestRoleId);
canDelete = entity.RecordPermissions.CanDelete.Any(z => z == SystemIds.GuestRoleId);
}
if (canRead || canCreate || canUpdate || canDelete)
{
permissions.Add(new
{
entityId = entity.Id,
entityName = entity.Name,
canRead = canRead,
canCreate = canCreate,
canUpdate = canUpdate,
canDelete = canDelete
});
}
}
return(permissions);
}
public IActionResult ProjectMilestones(string listName = null, string entityName = null, int page = 0)
{
var response = new ResponseModel();
#region << Can user read projects >>
//Get current user
ErpUser user = SecurityContext.CurrentUser;
//Get entity meta
var entity = entityManager.ReadEntity(entityName).Object;
//Get list meta
var list = entityManager.ReadRecordList(entity.Name, listName).Object;
//check if user role has permissions
var canRead = user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
var canCreate = user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
var canUpdate = user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
var canDelete = user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
if (!canRead)
{
response.Success = false;
response.Message = "You do not have permission to read the projects in this system";
response.Timestamp = DateTime.UtcNow;
return(Json(response)); //return empty object
}
#endregion
#region << Get the project id >>
var queryString = HttpContext.Request.QueryString.ToString();
var queryKeyValue = QueryHelpers.ParseQuery(queryString);
var projectId = new Guid();
if (queryKeyValue.ContainsKey("recordId") && Guid.TryParse(queryKeyValue["recordId"], out projectId))
{
}
else
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = "Project Id either not found or not a GUID";
response.Object = null;
}
#endregion
#region << Get milestone data >>
var requestedFields = "id,name,start_date,end_date,x_tasks_not_started,x_tasks_in_progress,x_tasks_completed,x_bugs_opened,x_bugs_reopened,x_bugs_closed";
QueryObject filterObj = EntityQuery.QueryEQ("project_id", projectId);
var sortList = new List <QuerySortObject>();
sortList.Add(new QuerySortObject("end_date", QuerySortType.Descending));
EntityQuery resultQuery = new EntityQuery("wv_milestone", requestedFields, filterObj, sortList.ToArray(), null, null, null);
QueryResponse result = recMan.Find(resultQuery);
if (!result.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = result.Message;
response.Object = null;
return(Json(response));
}
#endregion
var resultRecordsList = new List <EntityRecord>();
foreach (var record in result.Object.Data)
{
var recordObj = new EntityRecord();
recordObj["id"] = record["id"];
recordObj["name"] = record["name"];
recordObj["start_date"] = record["start_date"];
recordObj["end_date"] = record["end_date"];
#region << tasks Count "not started" vs "in progress" vs "completed" >>
var tasksNotStarted = (decimal)record["x_tasks_not_started"];
var tasksInProgress = (decimal)record["x_tasks_in_progress"];
var tasksCompleted = (decimal)record["x_tasks_completed"];
recordObj["tasks_not_started_count"] = tasksNotStarted;
recordObj["tasks_in_progress_count"] = tasksInProgress;
recordObj["tasks_completed_count"] = tasksCompleted;
if (tasksNotStarted + tasksInProgress + tasksCompleted > 0)
{
recordObj["tasks_not_started_percentage"] = Math.Round((decimal)(tasksNotStarted * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
recordObj["tasks_in_progress_percentage"] = Math.Round((decimal)(tasksInProgress * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
recordObj["tasks_completed_percentage"] = 100 - Math.Round((decimal)(tasksNotStarted * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted)) - Math.Round((decimal)(tasksInProgress * 100) / (tasksNotStarted + tasksInProgress + tasksCompleted));
}
else
{
recordObj["tasks_not_started_percentage"] = 0;
recordObj["tasks_in_progress_percentage"] = 0;
recordObj["tasks_completed_percentage"] = 0;
}
#endregion
#region << bugs Count "opened" & "reopened" vs "closed" >>
var bugsOpened = (decimal)record["x_bugs_opened"];
var bugsReOpened = (decimal)record["x_bugs_reopened"];
var bugsClosed = (decimal)record["x_bugs_closed"];
recordObj["bugs_opened_count"] = bugsOpened;
recordObj["bugs_reopened_count"] = bugsReOpened;
recordObj["bugs_closed_count"] = bugsClosed;
if (bugsOpened + bugsReOpened + bugsClosed > 0)
{
recordObj["bugs_opened_percentage"] = Math.Round((decimal)(bugsOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
recordObj["bugs_reopened_percentage"] = Math.Round((decimal)(bugsReOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
recordObj["bugs_closed_percentage"] = 100 - Math.Round((decimal)(bugsOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed)) - Math.Round((decimal)(bugsReOpened * 100) / (bugsOpened + bugsReOpened + bugsClosed));
}
else
{
recordObj["bugs_opened_percentage"] = 0;
recordObj["bugs_reopened_percentage"] = 0;
recordObj["bugs_closed_percentage"] = 0;
}
#endregion
resultRecordsList.Add(recordObj);
}
response.Success = true;
response.Timestamp = DateTime.UtcNow;
response.Message = "My projects successfully read";
response.Object = resultRecordsList;
return(Json(response));
}
public void SaveUser(ErpUser user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
RecordManager recMan = new RecordManager();
EntityRelationManager relMan = new EntityRelationManager();
EntityRecord record = new EntityRecord();
ErpUser existingUser = GetUser(user.Id);
ValidationException valEx = new ValidationException();
if (existingUser != null)
{
record["id"] = user.Id;
if (existingUser.Username != user.Username)
{
record["username"] = user.Username;
if (string.IsNullOrWhiteSpace(user.Username))
{
valEx.AddError("username", "Username is required.");
}
else if (GetUserByUsername(user.Username) != null)
{
valEx.AddError("username", "Username is already registered to another user. It must be unique.");
}
}
if (existingUser.Email != user.Email)
{
record["email"] = user.Email;
if (string.IsNullOrWhiteSpace(user.Email))
{
valEx.AddError("email", "Email is required.");
}
else if (GetUser(user.Email) != null)
{
valEx.AddError("email", "Email is already registered to another user. It must be unique.");
}
else if (!IsValidEmail(user.Email))
{
valEx.AddError("email", "Email is not valid.");
}
}
if (existingUser.Password != user.Password && !string.IsNullOrWhiteSpace(user.Password))
{
record["password"] = user.Password;
}
if (existingUser.Enabled != user.Enabled)
{
record["enabled"] = user.Enabled;
}
if (existingUser.Verified != user.Verified)
{
record["verified"] = user.Verified;
}
if (existingUser.FirstName != user.FirstName)
{
record["first_name"] = user.FirstName;
}
if (existingUser.LastName != user.LastName)
{
record["last_name"] = user.LastName;
}
if (existingUser.Image != user.Image)
{
record["image"] = user.Image;
}
record["$user_role.id"] = user.Roles.Select(x => x.Id).ToList();
valEx.CheckAndThrow();
var response = recMan.UpdateRecord("user", record);
if (!response.Success)
{
throw new Exception(response.Message);
}
}
else
{
record["id"] = user.Id;
record["email"] = user.Email;
record["username"] = user.Username;
record["first_name"] = user.FirstName;
record["last_name"] = user.LastName;
record["enabled"] = user.Enabled;
record["verified"] = user.Verified;
record["image"] = user.Image;
record["preferences"] = JsonConvert.SerializeObject(user.Preferences ?? new ErpUserPreferences());
if (string.IsNullOrWhiteSpace(user.Username))
{
valEx.AddError("username", "Username is required.");
}
else if (GetUserByUsername(user.Username) != null)
{
valEx.AddError("username", "Username is already registered to another user. It must be unique.");
}
if (string.IsNullOrWhiteSpace(user.Email))
{
valEx.AddError("email", "Email is required.");
}
else if (GetUser(user.Email) != null)
{
valEx.AddError("email", "Email is already registered to another user. It must be unique.");
}
else if (!IsValidEmail(user.Email))
{
valEx.AddError("email", "Email is not valid.");
}
if (string.IsNullOrWhiteSpace(user.Password))
{
valEx.AddError("password", "Password is required.");
}
else
{
record["password"] = user.Password;
}
record["$user_role.id"] = user.Roles.Select(x => x.Id).ToList();
valEx.CheckAndThrow();
var response = recMan.CreateRecord("user", record);
if (!response.Success)
{
throw new Exception(response.Message);
}
}
}
public bool isExists(ErpUser erpUser)
{
return(erpUserRepo.isExists(erpUser));
}
public ErpUser GetByLogin(ErpUser erpUser)
{
return(erpUserRepo.GetByLogin(erpUser));
}
public IActionResult OnPostAfterLogin(ErpUser user, LoginModel pageModel)
{
return(null);
}
public IActionResult MyMilestones()
{
var response = new ResponseModel();
var resultProjectIdList = new List <Guid>();
try {
#region << Get Project Ids >>
#region << Can user read projects >>
//Get current user
ErpUser user = SecurityContext.CurrentUser;
//Get entity meta
var entity = entMan.ReadEntity("wv_project").Object;
//check if user role has permissions
var canRead = user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
var canCreate = user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
var canUpdate = user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
var canDelete = user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
if (!canRead)
{
response.Success = false;
response.Message = "You do not have permission to read the projects in this system";
response.Timestamp = DateTime.UtcNow;
return(Json(response)); //return empty object
}
var milestone = entMan.ReadEntity("wv_milestone").Object;
//check if user role has permissions
var canReadMilestone = user.Roles.Any(x => milestone.RecordPermissions.CanRead.Any(z => z == x.Id));
var canCreateMilestone = user.Roles.Any(x => milestone.RecordPermissions.CanCreate.Any(z => z == x.Id));
var canUpdateMilestone = user.Roles.Any(x => milestone.RecordPermissions.CanUpdate.Any(z => z == x.Id));
var canDeleteMilestone = user.Roles.Any(x => milestone.RecordPermissions.CanDelete.Any(z => z == x.Id));
if (!canReadMilestone)
{
response.Success = false;
response.Message = "You do not have permission to read the milestones in this system";
response.Timestamp = DateTime.UtcNow;
return(Json(response)); //return empty object
}
#endregion
var requestedFields = "id," +
"$user_1_n_project_owner.id," +
"$role_n_n_project_team.id,$role_n_n_project_customer.id";
#region << Query builder >>
//QueryObject filterObj = EntityQuery.QueryEQ("id", recordId);
QueryObject filterObj = null;
EntityQuery resultQuery = new EntityQuery("wv_project", requestedFields, filterObj, null, null, null, null);
#endregion
#region << Execute >>
QueryResponse result = recMan.Find(resultQuery);
if (!result.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = result.Message;
response.Object = null;
return(Json(response));
}
foreach (var record in result.Object.Data)
{
//Check if user can view the object
var userIsPM = false;
var userIsStaff = false;
var userIsCustomer = false;
#region << Check user roles >>
foreach (var userRole in user.Roles)
{
userIsPM = ((List <EntityRecord>)record["$user_1_n_project_owner"]).Any(z => (Guid)z["id"] == user.Id);
userIsStaff = ((List <EntityRecord>)record["$role_n_n_project_team"]).Any(z => (Guid)z["id"] == userRole.Id);
userIsCustomer = ((List <EntityRecord>)record["$role_n_n_project_customer"]).Any(z => (Guid)z["id"] == userRole.Id);
}
#endregion
if (userIsPM || userIsStaff || userIsCustomer)
{
resultProjectIdList.Add((Guid)record["id"]);
}
}
#endregion
#endregion
if (resultProjectIdList.Count == 0)
{
response.Success = true;
response.Timestamp = DateTime.UtcNow;
response.Message = "You do not have access to any project or there are no projects yet";
response.Object = null;
return(Json(response));
}
#region << Get Milestones >>
var milestoneFields = "*";
QueryObject projectIdFilterSection = null;
#region << project id filters >>
var projectIdRulesList = new List <QueryObject>();
foreach (var projectId in resultProjectIdList)
{
var projectIdRule = EntityQuery.QueryEQ("project_id", projectId);
projectIdRulesList.Add(projectIdRule);
}
projectIdFilterSection = EntityQuery.QueryOR(projectIdRulesList.ToArray());
#endregion
var sortRulesList = new List <QuerySortObject>();
var defaultSortRule = new QuerySortObject("name", QuerySortType.Ascending);
sortRulesList.Add(defaultSortRule);
var milestoneQuery = new EntityQuery("wv_milestone", milestoneFields, projectIdFilterSection, sortRulesList.ToArray(), null, null, null);
var milestoneQueryResponse = recMan.Find(milestoneQuery);
if (!milestoneQueryResponse.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = milestoneQueryResponse.Message;
response.Object = null;
return(Json(response));
}
response.Success = true;
response.Timestamp = DateTime.UtcNow;
response.Message = "My milestones successfully read";
response.Object = milestoneQueryResponse.Object.Data;
return(Json(response));
#endregion
}
catch (Exception ex) {
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = "Error: " + ex.Message;
response.Object = null;
return(Json(response));
}
}
public static IDisposable OpenScope(ErpUser user)
{
Debug.WriteLine("SECURITY: OpenScope -> " + (user != null ? user.Id.ToString() : "none"));
GetStack().Push(user);
return(new Stopper());
}
public bool SubmitDetail(ErpUser erpUser)
{
return(erpUserRepo.SubmitDetail(erpUser));
}
public IActionResult AllTaskUserCanSee(string listName = null, string entityName = null, int page = 0)
{
var response = new ResponseModel();
try
{
//var queryString = HttpContext.Request.QueryString;
#region << Can user read tasks >>
//Get current user
ErpUser user = SecurityContext.CurrentUser;
//Get entity meta
var entity = entMan.ReadEntity("wv_task").Object;
//Get list meta
var list = entMan.ReadRecordList(entity.Name, listName).Object;
//check if user role has permissions
var canRead = user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
var canCreate = user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
var canUpdate = user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
var canDelete = user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
if (!canRead)
{
response.Success = false;
response.Message = "You do not have permission to read the projects in this system";
response.Timestamp = DateTime.UtcNow;
return(Json(response)); //return empty object
}
#endregion
var taskQueryResponse = new QueryResponse();
var userCanSeeProjectIds = new List <Guid>();
#region << Generate list of projects user can see >>
{
var requestedFields = "id,$user_1_n_project_owner.id,$role_n_n_project_team.id,$role_n_n_project_customer.id";
//QueryObject filterObj = EntityQuery.QueryEQ("id", recordId);
QueryObject filterObj = null;
EntityQuery resultQuery = new EntityQuery("wv_project", requestedFields, filterObj, null, null, null, null);
QueryResponse result = recMan.Find(resultQuery);
var resultRecordsList = new List <EntityRecord>();
if (!result.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = result.Message;
response.Object = null;
return(Json(response));
}
foreach (var record in result.Object.Data)
{
//Check if user can view the object
var userIsPM = false;
var userIsStaff = false;
var userIsCustomer = false;
#region << Check user roles >>
foreach (var userRole in user.Roles)
{
userIsPM = ((List <EntityRecord>)record["$user_1_n_project_owner"]).Any(z => (Guid)z["id"] == user.Id);
userIsStaff = ((List <EntityRecord>)record["$role_n_n_project_team"]).Any(z => (Guid)z["id"] == userRole.Id);
userIsCustomer = ((List <EntityRecord>)record["$role_n_n_project_customer"]).Any(z => (Guid)z["id"] == userRole.Id);
}
#endregion
if (userIsPM || userIsStaff || userIsCustomer)
{
userCanSeeProjectIds.Add((Guid)record["id"]);
}
}
}
#endregion
#region << Get tasks >>
{
var fields = "id,number,subject,start_date,end_date,status,priority,$user_1_n_task_owner.id,$user_1_n_task_owner.image";
QueryObject rootFilterSection = null;
QueryObject auxFilterSection = null;
QueryObject projectIdFilterSection = null;
#region << project id filters >>
var projectIdRulesList = new List <QueryObject>();
foreach (var projectId in userCanSeeProjectIds)
{
var projectIdRule = EntityQuery.QueryEQ("project_id", projectId);
projectIdRulesList.Add(projectIdRule);
}
projectIdFilterSection = EntityQuery.QueryOR(projectIdRulesList.ToArray());
#endregion
#region << Aux filters & Sort>>
var sortRulesList = new List <QuerySortObject>();
var queryString = HttpContext.Request.QueryString.ToString();
var queryKeyValueList = QueryHelpers.ParseQuery(queryString);
var auxRulesList = new List <QueryObject>();
var getListObject = entMan.ReadRecordList(entity.Name, listName).Object;
//Currently we will hardcode the query generation
//auxFilterSection = RecordListQuery.ConvertQuery(getListObject.Query);
QueryObject auxRule = new QueryObject();
foreach (var query in queryKeyValueList)
{
switch (query.Key.ToLowerInvariant())
{
case "number":
auxRule = new QueryObject();
decimal outDecimal = 0;
if (decimal.TryParse((string)query.Value, out outDecimal))
{
auxRule = EntityQuery.QueryEQ("number", outDecimal);
auxRulesList.Add(auxRule);
}
break;
case "subject":
auxRule = new QueryObject();
auxRule = EntityQuery.QueryContains("subject", (string)query.Value);
auxRulesList.Add(auxRule);
break;
case "status":
auxRule = new QueryObject();
auxRule = EntityQuery.QueryEQ("status", (string)query.Value);
auxRulesList.Add(auxRule);
break;
case "priority":
auxRule = new QueryObject();
auxRule = EntityQuery.QueryEQ("priority", (string)query.Value);
auxRulesList.Add(auxRule);
break;
case "sortby":
var sortRule = new QuerySortObject((string)query.Value, QuerySortType.Descending);
if (!queryKeyValueList.ContainsKey("sortOrder") || (string)queryKeyValueList["sortOrder"] == "ascending")
{
sortRule = new QuerySortObject((string)query.Value, QuerySortType.Ascending);
}
sortRulesList.Add(sortRule);
break;
}
}
auxFilterSection = EntityQuery.QueryAND(auxRulesList.ToArray());
//Add default sort by created_on
var defaultSortRule = new QuerySortObject("created_on", QuerySortType.Ascending);
sortRulesList.Add(defaultSortRule);
#endregion
rootFilterSection = EntityQuery.QueryAND(projectIdFilterSection, auxFilterSection);
//Calculate page
var pageSize = getListObject.PageSize;
var skipRecords = (page - 1) * pageSize;
var taskQuery = new EntityQuery("wv_task", fields, rootFilterSection, sortRulesList.ToArray(), skipRecords, pageSize, null);
taskQueryResponse = recMan.Find(taskQuery);
if (!taskQueryResponse.Success)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = taskQueryResponse.Message;
response.Object = null;
return(Json(response));
}
}
#endregion
var taskList = new List <EntityRecord>();
#region << Post-process >>
foreach (var task in taskQueryResponse.Object.Data)
{
var record = new EntityRecord();
record["id"] = (Guid)task["id"];
record["number"] = (decimal)task["number"];
record["subject"] = (string)task["subject"];
record["start_date"] = (DateTime)task["start_date"];
record["end_date"] = (DateTime)task["end_date"];
record["status"] = (string)task["status"];
record["priority"] = (string)task["priority"];
var taskOwnerIdList = new List <Guid>();
var taskOwnerImageList = new List <string>();
var taskOwnerId = (Guid)((List <EntityRecord>)task["$user_1_n_task_owner"])[0]["id"];
var taskOwnerImage = (string)((List <EntityRecord>)task["$user_1_n_task_owner"])[0]["image"];
taskOwnerIdList.Add(taskOwnerId);
taskOwnerImageList.Add(taskOwnerImage);
record["$field$user_1_n_task_owner$id"] = taskOwnerIdList;
record["$field$user_1_n_task_owner$image"] = taskOwnerImageList;
taskList.Add(record);
}
#endregion
response.Success = true;
response.Timestamp = DateTime.UtcNow;
response.Message = "Successful read";
response.Object = taskList;
return(Json(response));
}
catch (Exception ex)
{
response.Success = false;
response.Timestamp = DateTime.UtcNow;
response.Message = ex.Message;
response.Object = null;
return(Json(response));
}
}
public static bool HasEntityPermission(EntityPermission permission, Entity entity, ErpUser user = null)
{
if (entity == null)
{
throw new ArgumentNullException("entity");
}
if (user == null)
{
user = CurrentUser;
}
if (user != null)
{
//system user has unlimited permissions :)
if (user.Id == SystemIds.SystemUserId)
{
return(true);
}
switch (permission)
{
case EntityPermission.Read:
return(user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id)));
case EntityPermission.Create:
return(user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id)));
case EntityPermission.Update:
return(user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id)));
case EntityPermission.Delete:
return(user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id)));
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
else
{
switch (permission)
{
case EntityPermission.Read:
return(entity.RecordPermissions.CanRead.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Create:
return(entity.RecordPermissions.CanCreate.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Update:
return(entity.RecordPermissions.CanUpdate.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Delete:
return(entity.RecordPermissions.CanDelete.Any(z => z == SystemIds.GuestRoleId));
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
}
