public ActionResult Login(LoginModel loginModel) { Char charRange = '/'; //STEP1: GOI HAM LOGIN TOI CSDL ***************************************************** this.SetConnectionDB(); BI_Project.Services.User.UserServices userServices = new UserServices(this.DBConnection); BI_Project.Services.Departments.DepartmentServices departmentServices = new DepartmentServices(this.DBConnection); EntityUserModel entityUser = userServices.CheckLogin(loginModel); EntityDepartmentModel entityDepartment = departmentServices.GetEntityById(entityUser.DeptId); SetDefaultPageService setDefault = new SetDefaultPageService(DBConnection); if (entityUser.UserName != null) { Session["UserName"] = entityUser.UserName; Session["FullName"] = entityUser.FullName; Session[this.SESSION_NAME_USER_NAME] = entityUser.UserName; Session[this.SESSION_NAME_USERID] = entityUser.UserId; Session["DepartIdUserLogin"] = entityUser.DeptId; Session["IsAdmin"] = entityUser.IsAdmin; Session["IsSuperAdmin"] = entityUser.IsSuperAdmin; Session["CodeIsAdmin"] = entityDepartment.Code; Session["Filter01IsAdmin"] = entityDepartment.Filter01; List <EntityUserMenuModel> entityUserMenuModel = setDefault.GetListDefaultPage(entityUser.UserId); foreach (EntityUserMenuModel item in entityUserMenuModel) { if (item.IsDefaultPage == true) { var _path = item.Path; string _controller = _path.Split(charRange)[0]; string _action = _path.Split(charRange)[1]; int _menuId = item.MenuId; return(RedirectToAction(_action + "/" + _menuId, _controller)); } } return(RedirectToAction("Index")); } if (userServices.ERROR != null) { Session["msgcode"] = MessageType.ServerError; FileHelper.SaveFile(userServices.ERROR, this.LOG_FOLDER + "/ERROR_" + this.GetType().ToString() + BI_Project.Helpers.Utility.APIStringHelper.GenerateFileId() + ".txt"); } else { Session["msgcode"] = MessageType.BusinessError; } this.GetLanguage(); ViewData["VIEWDATA_LANGUAGE"] = this.LANGUAGE_OBJECT; return(View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/login.cshtml", loginModel)); //STEP2: NEU DANG NHAP KHONG THANH CONG }
public List <EntityUserModel> GetList(int?depId = null) { List <EntityUserModel> output = new List <EntityUserModel>(); this.DBConnection.OpenDBConnect(); //Write log if (this.DBConnection.ERROR != null) { throw new Exception("Can't connect to db"); } try { this.DBConnection.command.CommandText = USP_GET_ALL_USERS; this.DBConnection.command.CommandType = CommandType.StoredProcedure; DBConnection.command.Parameters.AddWithValue("@deptId", (object)depId ?? DBNull.Value); using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { EntityUserModel entity = new EntityUserModel(); entity.UserId = reader.GetInt32(reader.GetOrdinal("UserId")); entity.UserName = reader.GetString(reader.GetOrdinal("UserName")); entity.Password = reader.GetString(reader.GetOrdinal("Password")); entity.Salt = reader.GetString(reader.GetOrdinal("Salt")); entity.Phone = reader.GetString(reader.GetOrdinal("Phone")); entity.FullName = reader.IsDBNull(reader.GetOrdinal("FullName")) ? null : reader.GetString(reader.GetOrdinal("FullName")); entity.Email = reader.GetString(reader.GetOrdinal("Email")); entity.DeptId = reader.GetInt32(reader.GetOrdinal("deptID")); entity.DepartName = reader.IsDBNull(reader.GetOrdinal("Name")) ? null : reader.GetString(reader.GetOrdinal("Name")); entity.Code = reader.IsDBNull(reader.GetOrdinal("Code")) ? null : reader.GetString(reader.GetOrdinal("Code")); entity.IsAdmin = reader.GetBoolean(reader.GetOrdinal("IsAdmin")); output.Add(entity); } } } } catch (Exception ex) { this.ERROR = ex.ToString(); } finally { this.DBConnection.CloseDBConnect(); } return(depId == null ? output : output.ToList()); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { string connectString = WebConfigurationManager.AppSettings["CONNECT_STRING"]; DBConnection dBConnection = new DBConnection(connectString); var IDSession = filterContext.HttpContext.Session["session_userid"]; bool isAdmin = false; int id = (IDSession != null) ? (int)IDSession : 0; UserServices userServices = new UserServices(dBConnection); try { isAdmin = (bool)filterContext.HttpContext.Session["isAdmin"]; } catch (Exception) { isAdmin = false; } try { EntityUserModel currentUser = userServices.FindById(id); List <EntityMenuModel> userMenu = userServices.GetAllowedMenuAndRoles(currentUser.UserId); string _path = filterContext.HttpContext.Request.RawUrl; bool hasPermission = false; if (isAdmin == true) { hasPermission = true; } else { foreach (EntityMenuModel menu in userMenu) { if (menu.Path == _path) { hasPermission = true; } } } if (!hasPermission) { throw new Exception(); } } catch { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary(new { controller = "Home", action = "Logout" }) ); } }
//public void SetConnectionOracleDB() //{ // oracleConnection = new Services.ConnectOracleDB(CONNECT_STRING_STAGING); //} /// <summary> /// GET THE DATA USE FOR COMMON TARGET AS MENUS,.... /// </summary> public void SetCommonData() { //this.SetConnectionDB(); //BI_Project.Services.User.UserServices userServices = new UserServices(this.DBConnection); //ViewData["block_menu_left_data"] = userServices.GetListMenus((int)Session[this.SESSION_NAME_USERID], (bool) Session["IsAdmin"]); this.SetConnectionDB(); UserServices userServices = new UserServices(DBConnection); EntityUserModel currentUser = userServices.GetEntityById((int)Session[SESSION_NAME_USERID]); ViewData["block_menu_left_data"] = userServices.GetListMenus(currentUser); var it = ViewData["block_menu_left_data"]; MenuServices menuServices = new MenuServices(DBConnection); var menuData = menuServices.GetMenusByDepId(currentUser.UserId, currentUser.DeptId); ViewData["MenuHeaderData"] = menuData; }
public EntityUserModel FindById(int userId) { EntityUserModel _user = null; this.DBConnection.OpenDBConnect(); try { string sql = " select * from Users where UserId = @UserId"; this.DBConnection.command.Parameters.Clear(); this.DBConnection.command.CommandText = sql; DBConnection.command.Parameters.AddWithValue("@UserID", userId); using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { _user = new EntityUserModel() { UserId = reader.GetInt32(reader.GetOrdinal("UserId")), UserName = reader.GetString(reader.GetOrdinal("UserName")), Phone = reader.GetString(reader.GetOrdinal("Phone")), Email = reader.GetString(reader.GetOrdinal("Email")) }; } } } } catch (Exception ex) { this.ERROR = ex.ToString(); } finally { this.DBConnection.CloseDBConnect(); } return(_user); }
public BlockDataMenuLeftModel GetListMenus(int userId, bool isAdmin) { BlockDataMenuLeftModel output = new BlockDataMenuLeftModel(); try { EntityUserModel entityUser = new EntityUserModel(); entityUser.UserId = userId; entityUser.IsAdmin = isAdmin; output = this.GetListMenus(entityUser); } catch (Exception ex) { this.ERROR = ex.ToString(); this.DBConnection.CloseDBConnect(); } return(output); }
public ActionResult Create(BlockDataUserCreateModel model) { Logging.WriteToLog(this.GetType().ToString() + "-create()", LogType.Access); if (null == Session[this.SESSION_NAME_USERID]) { return(RedirectToAction("Login", "Home")); } if (Session["IsAdmin"] == null || (bool)Session["IsAdmin"] == false) { return(RedirectToAction("Logout", "Home")); } ViewData["data_form"] = TempData["data"]; // get language this.GetLanguage(); // validate du lieu if (!string.IsNullOrEmpty(model.Email)) { string emailRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" + @"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" + @".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$"; Regex re = new Regex(emailRegex); if (!re.IsMatch(model.Email)) { ModelState.AddModelError("Email", "Email is not valid"); Session["msg_code"] = -1; Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_email"); TempData["data"] = model; return(RedirectToAction("Create")); } } if (model.Password != model.ConfirmPassword) { Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_password"); TempData["data"] = model; return(RedirectToAction("Create")); } if (!string.IsNullOrEmpty(model.Phone)) { string phoneRegex = @"^(\(?\+?[0-9]*\)?)?[0-9_\- \(\)]*$"; Regex re = new Regex(phoneRegex); if (!re.IsMatch(model.Phone)) { ModelState.AddModelError("Phone", "Phone is not valid"); Session["msg_code"] = -1; Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_phone"); TempData["data"] = model; return(RedirectToAction("Create")); } } //if (model.LstSelectedRole.Count() == 0) //{ // ModelState.AddModelError("ListRoles", "Role is not valid"); // Session["msg_code"] = -1; // Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_Role"); // TempData["data"] = model; // return RedirectToAction("Create"); //} //**************** DATABASE PROCESS******************************************************* this.SetConnectionDB(); UserServices services = new UserServices(this.DBConnection); // check tài khoản đã tồn tại trong hệ thống hay chưa var checkUser = services.GetList(); EntityUserModel Usercheck = new EntityUserModel(); if (model.IsSuperAdmin == true) { var User = checkUser.FirstOrDefault(x => x.UserName == model.UserName && x.UserId != model.UserId); Usercheck = User; } else { var CodeUser = services.GetCodeByDeptId(model.DeptId); var User = checkUser.FirstOrDefault(x => x.UserName == model.UserName && x.UserId != model.UserId && (x.DeptId == model.DeptId || x.Code == CodeUser)); Usercheck = User; } if (Usercheck != null) { Session["msg_code"] = -1; Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_User"); TempData["data"] = model; return(RedirectToAction("Create")); } int result = services.Create(model); if (services.ERROR != null) { FileHelper.SaveFile(new { data = model, ERROR = services.ERROR }, this.LOG_FOLDER + "/ERROR_" + this.GetType().ToString() + APIStringHelper.GenerateFileId() + ".txt"); } //**************** GET LANGUAGE AND MESSAGE****************************************************************** //this.GetLanguage(); if (result > 0) { Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.success"); } else { Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_business_1"); } Session["msg_code"] = result; if (model.UserId > 0 && result > 1) { Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.success_edit"); } //***********************INSERT OR EDIT SUCCESSFULLY * ************************************************* if (result > 0) { return(RedirectToAction("List")); } TempData["data"] = model; //ViewBag.User = model; //this.SetCommonData(); //BlockLangUserCreateModel blockLang = new BlockLangUserCreateModel(); //BI_Project.Models.UI.BlockModel blockModel = new Models.UI.BlockModel("block_user_create", this.LANGUAGE_OBJECT, blockLang); //blockModel.DataModel = model; //ViewData["BlockData"] = blockModel; //ViewData["action_block"] = "Users/block_user_create"; return(RedirectToAction("Create")); //return View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/index.cshtml"); //************************************************************************* //BlockLangRoleCreateModel blockLang = new BlockLangRoleCreateModel(); //BI_Project.Models.UI.BlockModel blockModel = new Models.UI.BlockModel("block_role_create", this.LANGUAGE_OBJECT, blockLang); //blockModel.DataModel = model; //ViewData["BlockData"] = blockModel; //return View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/index.cshtml"); //return RedirectToAction("Create?roleid="+model.RoleId); }
public EntityUserModel GetUserDepartment(int userId) { EntityUserModel output = new EntityUserModel(); try { this.DBConnection.OpenDBConnect(); EntityUserModel entity = new EntityUserModel(); //Get DepartId string userRoleQuery = "SELECT u.UserId, u.Username, u.Phone, u.Email, u.deptID FROM Users u JOIN UserRole ur ON ur.UserId = u.UserId JOIN Role r ON r.RoleId = ur.RoleId WHERE u.UserId = @userId"; this.DBConnection.command.Parameters.Clear(); this.DBConnection.command.CommandText = userRoleQuery; this.DBConnection.command.Parameters.Add(new SqlParameter("@UserId", userId)); using (SqlDataReader reader = this.DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { entity.UserId = reader.GetInt32(reader.GetOrdinal("Userid")); entity.UserName = reader.GetString(reader.GetOrdinal("Username")); entity.Phone = reader.GetString(reader.GetOrdinal("Phone")); entity.Email = reader.GetString(reader.GetOrdinal("Email")); entity.DeptId = reader.GetInt32(reader.GetOrdinal("deptID")); } } } //get DepartmentName string userDepartQuery = "SELECT * FROM Department WHERE Id = @DepartId"; this.DBConnection.command.Parameters.Clear(); this.DBConnection.command.CommandText = userDepartQuery; this.DBConnection.command.Parameters.Add(new SqlParameter("@DepartId", entity.DeptId)); using (SqlDataReader dataReader = this.DBConnection.command.ExecuteReader()) { if (dataReader.HasRows) { while (dataReader.Read()) { output.DeptId = dataReader.GetInt32(dataReader.GetOrdinal("Id")); output.DepartName = dataReader.GetString(dataReader.GetOrdinal("Name")); } } } output.UserId = entity.UserId; output.UserName = entity.UserName; output.Phone = entity.Phone; output.Email = entity.Email; } catch (Exception ex) { this.ERROR = ex.ToString(); } finally { this.DBConnection.CloseDBConnect(); } return(output); }
public EntityUserModel CheckLogin(LoginModel loginModel) { EntityUserModel output = new EntityUserModel(); bool isNotLDAP = true; string sqlUserLdap = ""; try { string passwordHashed = ""; var _salt = string.Empty; sqlUserLdap = Utilities.IsAuthenticated(loginModel.UserName, loginModel.Password, loginModel.Department); if (sqlUserLdap == "") { isNotLDAP = false; } if (loginModel.Department == "P") { string sqlUserSalt = "Select Salt from Users Where UserName = @UserName and deptID = 0"; PasswordManager pwm = new PasswordManager(); DBConnection.OpenDBConnect(); if (this.DBConnection.ERROR != null) { throw new Exception("Can't connect to db"); } //STEP1: ***************************************************************/ //******************BAM MAT KHAU THEO SALT (CO TRONG CSDL) VA MAT KHAU DUOC NHAP VAO ***********/ DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName); DBConnection.command.CommandText = sqlUserSalt; _salt = DBConnection.command.ExecuteScalar() as string; passwordHashed = pwm.IsMatch(loginModel.Password, _salt); //STEP2: ***************************************************************/ DBConnection.command.Parameters.Clear(); DBConnection.command.CommandText = USP_CHECK_USER_LOG_IN_ADMIN; DBConnection.command.CommandType = CommandType.StoredProcedure; DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName); if (isNotLDAP) { DBConnection.command.Parameters.AddWithValue("@Password", passwordHashed); } else { DBConnection.command.Parameters.AddWithValue("@Password", DBNull.Value); } } else { string sqlUserSalt = "Select Salt from Users a , Department b Where a.UserName = @UserName and a.deptID = b.Id and b.Code = @Code"; PasswordManager pwm = new PasswordManager(); DBConnection.OpenDBConnect(); if (this.DBConnection.ERROR != null) { throw new Exception("Can't connect to db"); } //STEP1: ***************************************************************/ //******************BAM MAT KHAU THEO SALT (CO TRONG CSDL) VA MAT KHAU DUOC NHAP VAO ***********/ DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName); DBConnection.command.Parameters.AddWithValue("@Code", loginModel.Department); DBConnection.command.CommandText = sqlUserSalt; _salt = DBConnection.command.ExecuteScalar() as string; passwordHashed = pwm.IsMatch(loginModel.Password, _salt); //STEP2: ***************************************************************/ DBConnection.command.Parameters.Clear(); DBConnection.command.CommandText = USP_CHECK_USER_LOG_IN; DBConnection.command.CommandType = CommandType.StoredProcedure; DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName); if (loginModel.Department == "P") { DBConnection.command.Parameters.AddWithValue("@Code", DBNull.Value); } else { DBConnection.command.Parameters.AddWithValue("@Code", loginModel.Department); } if (isNotLDAP) { DBConnection.command.Parameters.AddWithValue("@Password", passwordHashed); } else { DBConnection.command.Parameters.AddWithValue("@Password", DBNull.Value); } } using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { output.UserId = reader.GetInt32(reader.GetOrdinal("UserId")); output.UserName = reader.IsDBNull(reader.GetOrdinal("UserName")) ? "" : reader.GetString(reader.GetOrdinal("UserName")); output.Salt = reader.IsDBNull(reader.GetOrdinal("Salt")) ? "" : reader.GetString(reader.GetOrdinal("Salt")); output.Email = reader.IsDBNull(reader.GetOrdinal("Email")) ? "" : reader.GetString(reader.GetOrdinal("Email")); output.Phone = reader.IsDBNull(reader.GetOrdinal("Phone")) ? "" : reader.GetString(reader.GetOrdinal("Phone")); output.IsAdmin = reader.GetBoolean(reader.GetOrdinal("IsAdmin")); output.DeptId = reader.GetInt32(reader.GetOrdinal("deptID")); output.FullName = reader.IsDBNull(reader.GetOrdinal("FullName")) ? "" : reader.GetString(reader.GetOrdinal("FullName")); } } } output.IsSuperAdmin = output.IsAdmin && (output.DeptId == 0); } catch (Exception ex) { this.ERROR = ex.ToString(); } finally { DBConnection.CloseDBConnect(); } return(output); }
public BlockDataMenuLeftModel GetListMenus(EntityUserModel entityUser) { BlockDataMenuLeftModel output = new BlockDataMenuLeftModel(); this.DBConnection.OpenDBConnect(); output.EntityUserModel = entityUser; try { //STEP1: GET ALLOWED MENUID FOR THE CURRENT USER string sqlUserMenuIds = " ", sqlRoleMenuIds = "", sqlMenus = ""; //sqlUserMenuIds = "select distinct * from UserMenu where userid=@userid"; sqlUserMenuIds = "select MenuId from UserMenu where userid=@userid"; this.DBConnection.command.Parameters.Clear(); this.DBConnection.command.CommandText = sqlUserMenuIds; this.DBConnection.command.Parameters.AddWithValue("@userid", entityUser.UserId); //entityUser.LstSelectedMenu.Clear(); using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { int menuid = reader.GetInt32(reader.GetOrdinal("MenuId")); if (!entityUser.LstSelectedMenu.Contains(menuid)) { entityUser.LstSelectedMenu.Add(menuid); } } } } //GET MENUID FROM ROLEMENU sqlRoleMenuIds = "select distinct rm.MenuId from Users as u, UserRole as ur, RoleMenu as rm where ( " + " u.UserId = @userid and u.UserId = ur.UserId and rm.RoleId = ur.RoleId )"; this.DBConnection.command.CommandText = sqlRoleMenuIds; using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { int menuid = reader.GetInt32(reader.GetOrdinal("MenuId")); if (!entityUser.LstSelectedMenu.Contains(menuid)) { entityUser.LstSelectedMenu.Add(menuid); } } } } //STEP2: GET ALL MENU ****************************************************** sqlMenus = "select * from Menu order by leveltree "; this.DBConnection.command.Parameters.Clear(); this.DBConnection.command.CommandText = sqlMenus; List <EntityMenuModel> lstMenuTemp = new List <EntityMenuModel>(); using (SqlDataReader reader = DBConnection.command.ExecuteReader()) { if (reader.HasRows) { while (reader.Read()) { EntityMenuModel entityMenuModel = new EntityMenuModel(); entityMenuModel.FilterCommand = reader.IsDBNull(reader.GetOrdinal("FilterCommand")) ? "" : reader.GetString(reader.GetOrdinal("FilterCommand")); entityMenuModel.FilterValue = reader.IsDBNull(reader.GetOrdinal("FilterValue")) ? "" : reader.GetString(reader.GetOrdinal("FilterValue")); entityMenuModel.LevelTree = reader.IsDBNull(reader.GetOrdinal("LevelTree")) ? "" : reader.GetString(reader.GetOrdinal("LevelTree")); entityMenuModel.MenuId = reader.IsDBNull(reader.GetOrdinal("MenuId")) ? 0 : reader.GetInt32(reader.GetOrdinal("MenuId")); entityMenuModel.MenuLevel = reader.IsDBNull(reader.GetOrdinal("MenuLevel")) ? "" : reader.GetString(reader.GetOrdinal("MenuLevel")); entityMenuModel.Name = reader.IsDBNull(reader.GetOrdinal("Name")) ? "" : reader.GetString(reader.GetOrdinal("Name")); entityMenuModel.ParentId = reader.IsDBNull(reader.GetOrdinal("Name")) ? 0 : reader.GetInt32(reader.GetOrdinal("ParentId")); entityMenuModel.Path = reader.IsDBNull(reader.GetOrdinal("Path")) ? "" : reader.GetString(reader.GetOrdinal("Path")); entityMenuModel.Status = reader.IsDBNull(reader.GetOrdinal("Status")) ? false : reader.GetBoolean(reader.GetOrdinal("Status")); lstMenuTemp.Add(entityMenuModel); if (entityUser.IsAdmin == true) { entityUser.LstSelectedMenu.Add(entityMenuModel.MenuId); output.StrAllowedLeveltrees += entityMenuModel.LevelTree + ","; output.StrAllowedMenuIds += entityMenuModel.MenuId + ","; continue; } if (entityUser.LstSelectedMenu.Contains(entityMenuModel.MenuId)) { // output.LstAllowedMenus.Add(entityMenuModel.Clone()); output.StrAllowedLeveltrees += entityMenuModel.LevelTree + ","; output.StrAllowedMenuIds += entityMenuModel.MenuId + ","; } } } } output.StrAllowedMenuIds = "," + output.StrAllowedMenuIds; output.StrAllowedLeveltrees = "," + output.StrAllowedLeveltrees; foreach (EntityMenuModel entity in lstMenuTemp) { if (entityUser.LstSelectedMenu.Contains(entity.MenuId)) { //output.LstAllowedMenus.Add(entity.Clone()); //output.LstAllOfMenus.Add(entity.Clone()); continue; } //else //{ // string currentMenuLeveltree = entity.LevelTree + "@@@"; // bool added = false; // while (currentMenuLeveltree.Length > 0) // { // int pos = currentMenuLeveltree.LastIndexOf("@@@"); // if (pos < 0) break; // currentMenuLeveltree = currentMenuLeveltree.Substring(0, pos); // //DAY LA TRUONG HOP CO MENU CHA NAM TRONG SO DUOC PHAN QUYEN // //THI ADD MENU HIEN TAI VAO NHOM // if (output.StrAllowedLeveltrees.IndexOf("," + currentMenuLeveltree + ",") >= 0) // { // output.StrAllowedLeveltrees += entity.LevelTree + ","; // output.StrAllowedMenuIds += entity.MenuId.ToString() + ","; // entityUser.LstSelectedMenu.Add(entity.MenuId); // added = true; // break; // } // } //} } foreach (EntityMenuModel entity in lstMenuTemp) { if (entityUser.IsAdmin == true) { output.LstAllOfMenus.Add(entity.Clone()); continue; } if (entityUser.LstSelectedMenu.Contains(entity.MenuId)) { output.LstAllOfMenus.Add(entity.Clone()); } else { //KIEM TRA MENU HIEN TAI CO LA MENU CHA CUA 1 TRONG SO CAC MENU DA DUOC ADD KO if (output.StrAllowedLeveltrees.Contains("," + entity.LevelTree + "@")) { output.LstAllOfMenus.Add(entity.Clone()); } } } //STEP3: GET LIST OF ALLOWED MENU FOR THE CURRENT USER } catch (Exception ex) { this.ERROR = ex.ToString(); } finally { this.DBConnection.CloseDBConnect(); } return(output); }