public ActionResult ActionNotification(int regulatorCode)
{
//Authenticate
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeaderForRegulator(regulatorCode, EDTEndpoint.RegulatorFacilitySubmittalActionNotification, PermissionRole.EDTFacilitySubmittalActionNotification);
if (authResult.IsAuthenticatedAndAuthorized)
{
XElement xmlResult = null;
//Begin Transaction
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorFacilitySubmittalActionNotification, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
RegulatorFacilitySubmittalActionNotificationAdapter processor = new RegulatorFacilitySubmittalActionNotificationAdapter(transScope);
xmlResult = processor.Process(Request.InputStream, regulatorCode);
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred.", ex);
transScope.WriteMessage("Exception OCcurred. " + ex.Format(), EDTTransactionMessageType.Error);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Format()));
}
}
return(XmlElement(xmlResult));
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
/// <summary>
/// Method processes a instance of CMESubmittal XML passed through the Request.InputStream
/// and returns a CMESubmittalResponse. This is the CMESubmittal "Submit" End Point.
/// </summary>
/// <param name="regulatorCode"></param>
/// <returns></returns>
public ActionResult Submit(int regulatorCode)
{
// Authenticate
// TODO: For Authenticating CMESubmittal Rights, is having UPAInspector Rights for the specified Regulator Sufficient?
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeaderForRegulator(regulatorCode, EDTEndpoint.RegulatorCMESubmit, PermissionRole.EDTCMESubmittalSubmit);
if (authResult.IsAuthenticatedAndAuthorized)
{
XElement xmlResult = null;
//Begin Transaction
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorCMESubmit, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
RegulatorCMESubmitAdapter processor = new RegulatorCMESubmitAdapter(transScope);
xmlResult = processor.Process(Request.InputStream, null);
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred.", ex);
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Format()));
}
}
return(XmlElement(xmlResult));
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
public ActionResult ViolationLibrary(string violationTypeNumber = "")
{
Server.ScriptTimeout = 600;
//No role based authentication needed, just make sure they have a valid credential for Library services.
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeader();
if (authResult.Result.Status == AuthenticationStatus.Success)
{
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.ViolationLibraryQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
var xmlResult = transScope.Repository.ViolationTypes.Search(typeNumber: violationTypeNumber).ToXml();
transScope.WriteActivity("Generated XML Package Successfully");
return(XmlElement(xmlResult));
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred", ex);
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.ErrorProcessing);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Message));
}
}
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
private void SetUserPermissions(int organizationID)
{
//Get the contact of this Account(user)
Contact contact = Repository.OrganizationContacts.GetByAccount(CurrentAccountID);
//Set the permissions for this user as -Admin
Services.Security.AddContactToGroup(contact, organizationID, Context.Organization, permissionGroups: BuiltInPermissionGroup.OrgAdmins);
//Refresh the session with the new role(s).
CERSSecurityManager.ReloadCurrentUserRoles();
}
public ActionResult Authenticate(int regulatorCode)
{
//No role based authentication needed, just make sure they have a valid credential for Library services.
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeaderForRegulator(regulatorCode, EDTEndpoint.RegulatorAuthenticationTest, PermissionRole.EDTLibraryServices);
if (authResult.Result.Status == AuthenticationStatus.Success)
{
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorAuthenticationTest, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
//return Content("<Result><Status>Succeeded</status><Message>Authentication Succeeded - " + authResult.Account.DisplayName + "</Message></Result>");
return(HttpStatusCodeResult(System.Net.HttpStatusCode.OK, "Authentication Succeeded"));
}
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
public ActionResult QueryXml(int regulatorCode)
{
//Authenticate
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeaderForRegulator(regulatorCode, EDTEndpoint.RegulatorFacilitySubmittalQuery, PermissionRole.EDTFacilitySubmittalQuery);
if (authResult.IsAuthenticatedAndAuthorized)
{
XElement xmlResult = null;
//Begin Transaction
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorFacilitySubmittalQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
//build of the argument bag.
var args = new RegulatorFacilitySubmittalQueryArguments(Request.QueryString);
args.RegulatorCode = regulatorCode;
//intialize the processor to handle this EDT transaction for this Data Flow.
var processor = new RegulatorFacilitySubmittalQueryAdapter(transScope);
//get the XML back.
xmlResult = processor.Process(args);
//write log
transScope.WriteActivity("Successfully Generated XML Package");
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred.", ex);
transScope.WriteMessage("Exception OCcurred. " + ex.Format(), EDTTransactionMessageType.Error);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Format()));
}
}
return(XmlElement(xmlResult));
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
public ActionResult DataDictionaryLibrary(DataRegistryDataSourceType dictionary, string identifier)
{
Server.ScriptTimeout = 600;
//No role based authentication needed, just make sure they have a valid credential for Library services.
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeader();
if (authResult.Result.Status == AuthenticationStatus.Success)
{
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.DataDictionaryQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
if (!string.IsNullOrWhiteSpace(identifier))
{
transScope.WriteActivity("Finding DataElement by Specific Identifier: \"" + identifier + "\".");
}
else
{
transScope.WriteActivity("Get All DataElements.");
}
var elements = DataRegistry.GetDataElements(dictionary, identifier);
transScope.WriteActivity("Fetched " + elements.Count + " Data Elements");
var xmlResult = elements.ToXml();
transScope.WriteActivity("Generated XML Package Successfully");
return(XmlElement(xmlResult));
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred", ex);
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.ErrorProcessing);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Message));
}
}
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
public int CreateNewBusiness(string organizationName, string headquarters, OrganizationOrigin origin)
{
int result = 0;
var org = Repository.Organizations.Create(organizationName, headquarters, origin);
OrganizationContact orgContact = new OrganizationContact();
Contact contact = Repository.DataModel.Contacts.SingleOrDefault(p => p.AccountID == CurrentAccount.ID);
orgContact.Organization = org;
orgContact.Contact = contact;
Repository.OrganizationContacts.Save(orgContact);
Repository.OrganizationContactPermissionGroups.Update(orgContact, "14"); //OrgAdmin
Services.Events.CreateOrganizationAdded(org, contact, CurrentAccount);
CERSSecurityManager.ReloadCurrentUserRoles();
result = org.ID;
return(result);
}
public ActionResult FacilityTransferQuery(int regulatorCode)
{
//Authenticate
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeaderForRegulator(regulatorCode, EDTEndpoint.RegulatorFacilityTransferQuery, PermissionRole.EDTFacilityTransferQuery);
if (authResult.IsAuthenticatedAndAuthorized)
{
XElement xmlResult = null;
//Begin Transaction
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorFacilityTransferQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
//build of the argument bag.
var args = new RegulatorFacilityTransferQueryArguments(Request.QueryString);
args.RegulatorCode = regulatorCode;
RegulatorFacilityTransferQueryAdapter adapter = new RegulatorFacilityTransferQueryAdapter(transScope);
xmlResult = adapter.Process(args);
}
catch (Exception ex)
{
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.ErrorProcessing);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Format()));
}
}
return(XmlElement(xmlResult));
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
public ActionResult Document(Guid uniqueKey)
{
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeader();
if (authResult.IsAuthenticatedAndAuthorized)
{
byte[] docData = null;
bool docNotFound = false;
bool docUniqueKeyNotFound = false;
bool docPhysicallyNotFound = false;
//Begin Transaction
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.RegulatorFacilitySubmittalDocumentQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
var dataModel = transScope.Repository.DataModel;
var doc = dataModel.FacilitySubmittalElementDocuments.SingleOrDefault(p => p.Key == uniqueKey && !p.Voided);
if (doc != null)
{
transScope.WriteActivity(string.Format("FacilitySubmittalElementDocument CERSUniqueKey {0} metadata found.", uniqueKey));
var edtAuthorizationResult = CERSSecurityManager.EDTAuthorize(authResult.Account, doc.FacilitySubmittalElementResourceDocument.Resource.FacilitySubmittalElement.CERSID, PermissionRole.EDTFacilitySubmittalQuery);
transScope.Connect(edtAuthorizationResult.RegulatorID);
if (edtAuthorizationResult.Authorized)
{
if (doc.Document != null)
{
transScope.WriteActivity("Document metadata found.");
docData = DocumentStorage.GetBytes(doc.Document.Location);
if (docData != null)
{
transScope.WriteActivity(string.Format("Document physically found in storage file size {0}kb.", doc.FileSize));
transScope.Complete(EDTTransactionStatus.Accepted);
}
else
{
docPhysicallyNotFound = true;
transScope.WriteMessage("Document NOT physically found in storage.", EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.Rejected);
}
}
else
{
transScope.WriteMessage("Document metadata not found.", EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.Rejected);
docNotFound = true;
}
}
else
{
string errorMessage = "Account is not authorized to download this document. The account is not affiliated with any regulators associated with this Facility, or the account does not have sufficient rights.";
transScope.SetStatus(EDTTransactionStatus.Rejected);
transScope.WriteActivity(errorMessage);
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, errorMessage));
}
}
else
{
transScope.WriteActivity("Document Unique Key Not Found");
transScope.Complete(EDTTransactionStatus.Rejected);
docUniqueKeyNotFound = true;
}
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred.", ex);
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Format()));
}
}
if (docNotFound)
{
return(HttpStatusCodeResult(HttpStatusCode.NotFound, "Document for UniqueKey '" + uniqueKey + "' was not found."));
}
else if (docUniqueKeyNotFound)
{
return(HttpStatusCodeResult(HttpStatusCode.NotFound, "A Document does not exists with the UniqueKey '" + uniqueKey + "'."));
}
else if (docPhysicallyNotFound)
{
return(HttpStatusCodeResult(HttpStatusCode.NotFound, "The document's metadata exists, but the physical document (filesystem) was not found."));
}
else
{
return(File(docData, "application/octet-stream"));
}
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
//this method is special, doesn't use the standard entity filter authorization because it be a main "sink" to catch all requests...
//the method body defines code to handle security.
public ActionResult Home(int?organizationId)
{
//We need to refresh the Roles because if a new Org was created by user using Admin portal, and he jumps to org portal he sees the org but the authorization below will fail if we dont refresh roles.
CERSSecurityManager.ReloadCurrentUserRoles();
if (organizationId == null)
{
return(RedirectToOrganizationPortalSwitchboard());
}
if (!IsAuthorized(Context.Organization, "organizationId", PermissionRole.OrgViewer))
{
return(this.HandleUnauthorizedRequest());
}
var orgGridView = Repository.Organizations.GetGridViewByID(organizationId.Value);
int facilityCount = 0;
if (orgGridView != null)
{
facilityCount = orgGridView.FacilityCount;
}
var org = Repository.Organizations.GetByID(organizationId.Value, true);
OrganizationViewModel viewModel = new OrganizationViewModel
{
//Entity = Repository.Organizations.GetByID(organizationId.Value),
//FacilityCount = facilityCount
};
//need to catch non existance direct hyperlink (from old email, etc.)
if (org == null)
{
viewModel.Entity = new CERS.Model.Organization()
{
ID = organizationId.Value, Name = string.Format("There has never been a valid organization record for Organization ID {0}", organizationId), Headquarters = "Organization Not Found"
};
}
else if (org.Voided)
{
viewModel.Entity = new CERS.Model.Organization()
{
ID = organizationId.Value, Name = string.Format("The organization record for organization ID {0} has been deleted", organizationId), Headquarters = "Organization Not Found"
};
}
else
{
viewModel.Entity = org;
viewModel.FacilityCount = facilityCount;
var facilities = Repository.Facilities.BusinessHomeFacilityListing(organizationID: organizationId.Value, includeNonRegulatedFacilities: true);
viewModel.HasNonRegulatedFacility = facilities.Where(f => !(f.IsRegulated ?? false)).Any();
if (facilityCount > 1)
{
viewModel.StartFacilitySubmittalURL = Url.RouteUrl(OrganizationFacility.SearchStartSubmittal, new { organizationId = organizationId });
}
else
{
var facility = Repository.Facilities.GridSearch(organizationID: organizationId).FirstOrDefault();
if (facility != null)
{
viewModel.StartFacilitySubmittalURL = Url.RouteUrl(OrganizationFacility.Home, new { organizationId = organizationId, CERSID = facility.CERSID });
}
}
var currentAccount = CurrentAccount;
}
return(View(viewModel));
}
public ActionResult ChemicalLibrary(string identifier)
{
Server.ScriptTimeout = 600;
//No role based authentication needed, just make sure they have a valid credential for Library services.
var authResult = CERSSecurityManager.AuthenticateHttpAuthorizationHeader();
if (authResult.Result.Status == AuthenticationStatus.Success)
{
using (EDTTransactionScope transScope = new EDTTransactionScope(authResult.Account, EDTEndpoint.ChemicalLibraryQuery, Request.UserHostAddress, authenticationRequestID: authResult.EDTAuthenticationRequestID))
{
try
{
if (!string.IsNullOrWhiteSpace(identifier))
{
List <Chemical> chemicals = new List <Chemical>();
Chemical chemical = null;
//1.) Check one. Check cerskey
//Guid key = new Guid(identifier);
chemical = transScope.Repository.Chemicals.GetByCCLID(identifier);
//2.) Check two. Check CAS
if (chemical == null)
{
chemical = transScope.Repository.Chemicals.GetByCAS(identifier);
if (chemical == null)
{
//3.) Check 3. Check USEpaSRSNumber
chemical = transScope.Repository.Chemicals.GetByUSEPASRSNumber(identifier);
}
}
if (chemical != null)
{
chemicals.Add(chemical);
}
var xmlResult = chemicals.ToXml();
transScope.WriteActivity("Generated XML Package Successfully");
return(XmlElement(xmlResult));
}
else
{
var xmlResult = transScope.Repository.Chemicals.Search().ToXml();
transScope.WriteActivity("Generated XML Package Successfully");
return(XmlElement(xmlResult));
}
}
catch (Exception ex)
{
transScope.WriteActivity("Exception Occurred", ex);
transScope.WriteMessage("Exception Occurred. " + ex.Format(), EDTTransactionMessageType.Error);
transScope.Complete(EDTTransactionStatus.ErrorProcessing);
return(HttpStatusCodeResult(HttpStatusCode.InternalServerError, ex.Message));
}
}
}
else
{
return(HttpStatusCodeResult(HttpStatusCode.Unauthorized, authResult));
}
}
