public ActionResult Login(LoginModel loginModel)
{
Char charRange = '/';
//STEP1: GOI HAM LOGIN TOI CSDL *****************************************************
this.SetConnectionDB();
BI_Project.Services.User.UserServices userServices = new UserServices(this.DBConnection);
BI_Project.Services.Departments.DepartmentServices departmentServices = new DepartmentServices(this.DBConnection);
EntityUserModel entityUser = userServices.CheckLogin(loginModel);
EntityDepartmentModel entityDepartment = departmentServices.GetEntityById(entityUser.DeptId);
SetDefaultPageService setDefault = new SetDefaultPageService(DBConnection);
if (entityUser.UserName != null)
{
Session["UserName"] = entityUser.UserName;
Session["FullName"] = entityUser.FullName;
Session[this.SESSION_NAME_USER_NAME] = entityUser.UserName;
Session[this.SESSION_NAME_USERID] = entityUser.UserId;
Session["DepartIdUserLogin"] = entityUser.DeptId;
Session["IsAdmin"] = entityUser.IsAdmin;
Session["IsSuperAdmin"] = entityUser.IsSuperAdmin;
Session["CodeIsAdmin"] = entityDepartment.Code;
Session["Filter01IsAdmin"] = entityDepartment.Filter01;
List <EntityUserMenuModel> entityUserMenuModel = setDefault.GetListDefaultPage(entityUser.UserId);
foreach (EntityUserMenuModel item in entityUserMenuModel)
{
if (item.IsDefaultPage == true)
{
var _path = item.Path;
string _controller = _path.Split(charRange)[0];
string _action = _path.Split(charRange)[1];
int _menuId = item.MenuId;
return(RedirectToAction(_action + "/" + _menuId, _controller));
}
}
return(RedirectToAction("Index"));
}
if (userServices.ERROR != null)
{
Session["msgcode"] = MessageType.ServerError;
FileHelper.SaveFile(userServices.ERROR, this.LOG_FOLDER + "/ERROR_" + this.GetType().ToString() + BI_Project.Helpers.Utility.APIStringHelper.GenerateFileId() + ".txt");
}
else
{
Session["msgcode"] = MessageType.BusinessError;
}
this.GetLanguage();
ViewData["VIEWDATA_LANGUAGE"] = this.LANGUAGE_OBJECT;
return(View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/login.cshtml", loginModel));
//STEP2: NEU DANG NHAP KHONG THANH CONG
}
public List <EntityUserModel> GetList(int?depId = null)
{
List <EntityUserModel> output = new List <EntityUserModel>();
this.DBConnection.OpenDBConnect();
//Write log
if (this.DBConnection.ERROR != null)
{
throw new Exception("Can't connect to db");
}
try
{
this.DBConnection.command.CommandText = USP_GET_ALL_USERS;
this.DBConnection.command.CommandType = CommandType.StoredProcedure;
DBConnection.command.Parameters.AddWithValue("@deptId", (object)depId ?? DBNull.Value);
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
EntityUserModel entity = new EntityUserModel();
entity.UserId = reader.GetInt32(reader.GetOrdinal("UserId"));
entity.UserName = reader.GetString(reader.GetOrdinal("UserName"));
entity.Password = reader.GetString(reader.GetOrdinal("Password"));
entity.Salt = reader.GetString(reader.GetOrdinal("Salt"));
entity.Phone = reader.GetString(reader.GetOrdinal("Phone"));
entity.FullName = reader.IsDBNull(reader.GetOrdinal("FullName")) ? null : reader.GetString(reader.GetOrdinal("FullName"));
entity.Email = reader.GetString(reader.GetOrdinal("Email"));
entity.DeptId = reader.GetInt32(reader.GetOrdinal("deptID"));
entity.DepartName = reader.IsDBNull(reader.GetOrdinal("Name")) ? null : reader.GetString(reader.GetOrdinal("Name"));
entity.Code = reader.IsDBNull(reader.GetOrdinal("Code")) ? null : reader.GetString(reader.GetOrdinal("Code"));
entity.IsAdmin = reader.GetBoolean(reader.GetOrdinal("IsAdmin"));
output.Add(entity);
}
}
}
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
}
finally
{
this.DBConnection.CloseDBConnect();
}
return(depId == null ? output : output.ToList());
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
string connectString = WebConfigurationManager.AppSettings["CONNECT_STRING"];
DBConnection dBConnection = new DBConnection(connectString);
var IDSession = filterContext.HttpContext.Session["session_userid"];
bool isAdmin = false;
int id = (IDSession != null) ? (int)IDSession : 0;
UserServices userServices = new UserServices(dBConnection);
try
{
isAdmin = (bool)filterContext.HttpContext.Session["isAdmin"];
}
catch (Exception)
{
isAdmin = false;
}
try
{
EntityUserModel currentUser = userServices.FindById(id);
List <EntityMenuModel> userMenu = userServices.GetAllowedMenuAndRoles(currentUser.UserId);
string _path = filterContext.HttpContext.Request.RawUrl;
bool hasPermission = false;
if (isAdmin == true)
{
hasPermission = true;
}
else
{
foreach (EntityMenuModel menu in userMenu)
{
if (menu.Path == _path)
{
hasPermission = true;
}
}
}
if (!hasPermission)
{
throw new Exception();
}
}
catch
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(new { controller = "Home", action = "Logout" })
);
}
}
//public void SetConnectionOracleDB()
//{
// oracleConnection = new Services.ConnectOracleDB(CONNECT_STRING_STAGING);
//}
/// <summary>
/// GET THE DATA USE FOR COMMON TARGET AS MENUS,....
/// </summary>
public void SetCommonData()
{
//this.SetConnectionDB();
//BI_Project.Services.User.UserServices userServices = new UserServices(this.DBConnection);
//ViewData["block_menu_left_data"] = userServices.GetListMenus((int)Session[this.SESSION_NAME_USERID], (bool) Session["IsAdmin"]);
this.SetConnectionDB();
UserServices userServices = new UserServices(DBConnection);
EntityUserModel currentUser = userServices.GetEntityById((int)Session[SESSION_NAME_USERID]);
ViewData["block_menu_left_data"] = userServices.GetListMenus(currentUser);
var it = ViewData["block_menu_left_data"];
MenuServices menuServices = new MenuServices(DBConnection);
var menuData = menuServices.GetMenusByDepId(currentUser.UserId, currentUser.DeptId);
ViewData["MenuHeaderData"] = menuData;
}
public EntityUserModel FindById(int userId)
{
EntityUserModel _user = null;
this.DBConnection.OpenDBConnect();
try
{
string sql = " select * from Users where UserId = @UserId";
this.DBConnection.command.Parameters.Clear();
this.DBConnection.command.CommandText = sql;
DBConnection.command.Parameters.AddWithValue("@UserID", userId);
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
_user = new EntityUserModel()
{
UserId = reader.GetInt32(reader.GetOrdinal("UserId")),
UserName = reader.GetString(reader.GetOrdinal("UserName")),
Phone = reader.GetString(reader.GetOrdinal("Phone")),
Email = reader.GetString(reader.GetOrdinal("Email"))
};
}
}
}
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
}
finally
{
this.DBConnection.CloseDBConnect();
}
return(_user);
}
public BlockDataMenuLeftModel GetListMenus(int userId, bool isAdmin)
{
BlockDataMenuLeftModel output = new BlockDataMenuLeftModel();
try
{
EntityUserModel entityUser = new EntityUserModel();
entityUser.UserId = userId;
entityUser.IsAdmin = isAdmin;
output = this.GetListMenus(entityUser);
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
this.DBConnection.CloseDBConnect();
}
return(output);
}
public ActionResult Create(BlockDataUserCreateModel model)
{
Logging.WriteToLog(this.GetType().ToString() + "-create()", LogType.Access);
if (null == Session[this.SESSION_NAME_USERID])
{
return(RedirectToAction("Login", "Home"));
}
if (Session["IsAdmin"] == null || (bool)Session["IsAdmin"] == false)
{
return(RedirectToAction("Logout", "Home"));
}
ViewData["data_form"] = TempData["data"];
// get language
this.GetLanguage();
// validate du lieu
if (!string.IsNullOrEmpty(model.Email))
{
string emailRegex = @"^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}" +
@"\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\" +
@".)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$";
Regex re = new Regex(emailRegex);
if (!re.IsMatch(model.Email))
{
ModelState.AddModelError("Email", "Email is not valid");
Session["msg_code"] = -1;
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_email");
TempData["data"] = model;
return(RedirectToAction("Create"));
}
}
if (model.Password != model.ConfirmPassword)
{
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_password");
TempData["data"] = model;
return(RedirectToAction("Create"));
}
if (!string.IsNullOrEmpty(model.Phone))
{
string phoneRegex = @"^(\(?\+?[0-9]*\)?)?[0-9_\- \(\)]*$";
Regex re = new Regex(phoneRegex);
if (!re.IsMatch(model.Phone))
{
ModelState.AddModelError("Phone", "Phone is not valid");
Session["msg_code"] = -1;
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_phone");
TempData["data"] = model;
return(RedirectToAction("Create"));
}
}
//if (model.LstSelectedRole.Count() == 0)
//{
// ModelState.AddModelError("ListRoles", "Role is not valid");
// Session["msg_code"] = -1;
// Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_Role");
// TempData["data"] = model;
// return RedirectToAction("Create");
//}
//**************** DATABASE PROCESS*******************************************************
this.SetConnectionDB();
UserServices services = new UserServices(this.DBConnection);
// check tài khoản đã tồn tại trong hệ thống hay chưa
var checkUser = services.GetList();
EntityUserModel Usercheck = new EntityUserModel();
if (model.IsSuperAdmin == true)
{
var User = checkUser.FirstOrDefault(x => x.UserName == model.UserName && x.UserId != model.UserId);
Usercheck = User;
}
else
{
var CodeUser = services.GetCodeByDeptId(model.DeptId);
var User = checkUser.FirstOrDefault(x => x.UserName == model.UserName && x.UserId != model.UserId && (x.DeptId == model.DeptId || x.Code == CodeUser));
Usercheck = User;
}
if (Usercheck != null)
{
Session["msg_code"] = -1;
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_User");
TempData["data"] = model;
return(RedirectToAction("Create"));
}
int result = services.Create(model);
if (services.ERROR != null)
{
FileHelper.SaveFile(new { data = model, ERROR = services.ERROR }, this.LOG_FOLDER + "/ERROR_" + this.GetType().ToString() + APIStringHelper.GenerateFileId() + ".txt");
}
//**************** GET LANGUAGE AND MESSAGE******************************************************************
//this.GetLanguage();
if (result > 0)
{
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.success");
}
else
{
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.error_business_1");
}
Session["msg_code"] = result;
if (model.UserId > 0 && result > 1)
{
Session["msg_text"] = BlockLanguageModel.GetElementLang(this.LANGUAGE_OBJECT, "messages.block_user_create.success_edit");
}
//***********************INSERT OR EDIT SUCCESSFULLY * *************************************************
if (result > 0)
{
return(RedirectToAction("List"));
}
TempData["data"] = model;
//ViewBag.User = model;
//this.SetCommonData();
//BlockLangUserCreateModel blockLang = new BlockLangUserCreateModel();
//BI_Project.Models.UI.BlockModel blockModel = new Models.UI.BlockModel("block_user_create", this.LANGUAGE_OBJECT, blockLang);
//blockModel.DataModel = model;
//ViewData["BlockData"] = blockModel;
//ViewData["action_block"] = "Users/block_user_create";
return(RedirectToAction("Create"));
//return View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/index.cshtml");
//*************************************************************************
//BlockLangRoleCreateModel blockLang = new BlockLangRoleCreateModel();
//BI_Project.Models.UI.BlockModel blockModel = new Models.UI.BlockModel("block_role_create", this.LANGUAGE_OBJECT, blockLang);
//blockModel.DataModel = model;
//ViewData["BlockData"] = blockModel;
//return View("~/" + this.THEME_FOLDER + "/" + this.THEME_ACTIVE + "/index.cshtml");
//return RedirectToAction("Create?roleid="+model.RoleId);
}
public EntityUserModel GetUserDepartment(int userId)
{
EntityUserModel output = new EntityUserModel();
try
{
this.DBConnection.OpenDBConnect();
EntityUserModel entity = new EntityUserModel();
//Get DepartId
string userRoleQuery = "SELECT u.UserId, u.Username, u.Phone, u.Email, u.deptID FROM Users u JOIN UserRole ur ON ur.UserId = u.UserId JOIN Role r ON r.RoleId = ur.RoleId WHERE u.UserId = @userId";
this.DBConnection.command.Parameters.Clear();
this.DBConnection.command.CommandText = userRoleQuery;
this.DBConnection.command.Parameters.Add(new SqlParameter("@UserId", userId));
using (SqlDataReader reader = this.DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
entity.UserId = reader.GetInt32(reader.GetOrdinal("Userid"));
entity.UserName = reader.GetString(reader.GetOrdinal("Username"));
entity.Phone = reader.GetString(reader.GetOrdinal("Phone"));
entity.Email = reader.GetString(reader.GetOrdinal("Email"));
entity.DeptId = reader.GetInt32(reader.GetOrdinal("deptID"));
}
}
}
//get DepartmentName
string userDepartQuery = "SELECT * FROM Department WHERE Id = @DepartId";
this.DBConnection.command.Parameters.Clear();
this.DBConnection.command.CommandText = userDepartQuery;
this.DBConnection.command.Parameters.Add(new SqlParameter("@DepartId", entity.DeptId));
using (SqlDataReader dataReader = this.DBConnection.command.ExecuteReader())
{
if (dataReader.HasRows)
{
while (dataReader.Read())
{
output.DeptId = dataReader.GetInt32(dataReader.GetOrdinal("Id"));
output.DepartName = dataReader.GetString(dataReader.GetOrdinal("Name"));
}
}
}
output.UserId = entity.UserId;
output.UserName = entity.UserName;
output.Phone = entity.Phone;
output.Email = entity.Email;
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
}
finally
{
this.DBConnection.CloseDBConnect();
}
return(output);
}
public EntityUserModel CheckLogin(LoginModel loginModel)
{
EntityUserModel output = new EntityUserModel();
bool isNotLDAP = true;
string sqlUserLdap = "";
try
{
string passwordHashed = "";
var _salt = string.Empty;
sqlUserLdap = Utilities.IsAuthenticated(loginModel.UserName, loginModel.Password, loginModel.Department);
if (sqlUserLdap == "")
{
isNotLDAP = false;
}
if (loginModel.Department == "P")
{
string sqlUserSalt = "Select Salt from Users Where UserName = @UserName and deptID = 0";
PasswordManager pwm = new PasswordManager();
DBConnection.OpenDBConnect();
if (this.DBConnection.ERROR != null)
{
throw new Exception("Can't connect to db");
}
//STEP1: ***************************************************************/
//******************BAM MAT KHAU THEO SALT (CO TRONG CSDL) VA MAT KHAU DUOC NHAP VAO ***********/
DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName);
DBConnection.command.CommandText = sqlUserSalt;
_salt = DBConnection.command.ExecuteScalar() as string;
passwordHashed = pwm.IsMatch(loginModel.Password, _salt);
//STEP2: ***************************************************************/
DBConnection.command.Parameters.Clear();
DBConnection.command.CommandText = USP_CHECK_USER_LOG_IN_ADMIN;
DBConnection.command.CommandType = CommandType.StoredProcedure;
DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName);
if (isNotLDAP)
{
DBConnection.command.Parameters.AddWithValue("@Password", passwordHashed);
}
else
{
DBConnection.command.Parameters.AddWithValue("@Password", DBNull.Value);
}
}
else
{
string sqlUserSalt = "Select Salt from Users a , Department b Where a.UserName = @UserName and a.deptID = b.Id and b.Code = @Code";
PasswordManager pwm = new PasswordManager();
DBConnection.OpenDBConnect();
if (this.DBConnection.ERROR != null)
{
throw new Exception("Can't connect to db");
}
//STEP1: ***************************************************************/
//******************BAM MAT KHAU THEO SALT (CO TRONG CSDL) VA MAT KHAU DUOC NHAP VAO ***********/
DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName);
DBConnection.command.Parameters.AddWithValue("@Code", loginModel.Department);
DBConnection.command.CommandText = sqlUserSalt;
_salt = DBConnection.command.ExecuteScalar() as string;
passwordHashed = pwm.IsMatch(loginModel.Password, _salt);
//STEP2: ***************************************************************/
DBConnection.command.Parameters.Clear();
DBConnection.command.CommandText = USP_CHECK_USER_LOG_IN;
DBConnection.command.CommandType = CommandType.StoredProcedure;
DBConnection.command.Parameters.AddWithValue("@UserName", loginModel.UserName);
if (loginModel.Department == "P")
{
DBConnection.command.Parameters.AddWithValue("@Code", DBNull.Value);
}
else
{
DBConnection.command.Parameters.AddWithValue("@Code", loginModel.Department);
}
if (isNotLDAP)
{
DBConnection.command.Parameters.AddWithValue("@Password", passwordHashed);
}
else
{
DBConnection.command.Parameters.AddWithValue("@Password", DBNull.Value);
}
}
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
output.UserId = reader.GetInt32(reader.GetOrdinal("UserId"));
output.UserName = reader.IsDBNull(reader.GetOrdinal("UserName")) ? "" : reader.GetString(reader.GetOrdinal("UserName"));
output.Salt = reader.IsDBNull(reader.GetOrdinal("Salt")) ? "" : reader.GetString(reader.GetOrdinal("Salt"));
output.Email = reader.IsDBNull(reader.GetOrdinal("Email")) ? "" : reader.GetString(reader.GetOrdinal("Email"));
output.Phone = reader.IsDBNull(reader.GetOrdinal("Phone")) ? "" : reader.GetString(reader.GetOrdinal("Phone"));
output.IsAdmin = reader.GetBoolean(reader.GetOrdinal("IsAdmin"));
output.DeptId = reader.GetInt32(reader.GetOrdinal("deptID"));
output.FullName = reader.IsDBNull(reader.GetOrdinal("FullName")) ? "" : reader.GetString(reader.GetOrdinal("FullName"));
}
}
}
output.IsSuperAdmin = output.IsAdmin && (output.DeptId == 0);
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
}
finally
{
DBConnection.CloseDBConnect();
}
return(output);
}
public BlockDataMenuLeftModel GetListMenus(EntityUserModel entityUser)
{
BlockDataMenuLeftModel output = new BlockDataMenuLeftModel();
this.DBConnection.OpenDBConnect();
output.EntityUserModel = entityUser;
try
{
//STEP1: GET ALLOWED MENUID FOR THE CURRENT USER
string sqlUserMenuIds = " ", sqlRoleMenuIds = "", sqlMenus = "";
//sqlUserMenuIds = "select distinct * from UserMenu where userid=@userid";
sqlUserMenuIds = "select MenuId from UserMenu where userid=@userid";
this.DBConnection.command.Parameters.Clear();
this.DBConnection.command.CommandText = sqlUserMenuIds;
this.DBConnection.command.Parameters.AddWithValue("@userid", entityUser.UserId);
//entityUser.LstSelectedMenu.Clear();
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
int menuid = reader.GetInt32(reader.GetOrdinal("MenuId"));
if (!entityUser.LstSelectedMenu.Contains(menuid))
{
entityUser.LstSelectedMenu.Add(menuid);
}
}
}
}
//GET MENUID FROM ROLEMENU
sqlRoleMenuIds = "select distinct rm.MenuId from Users as u, UserRole as ur, RoleMenu as rm where ( " +
" u.UserId = @userid and u.UserId = ur.UserId and rm.RoleId = ur.RoleId )";
this.DBConnection.command.CommandText = sqlRoleMenuIds;
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
int menuid = reader.GetInt32(reader.GetOrdinal("MenuId"));
if (!entityUser.LstSelectedMenu.Contains(menuid))
{
entityUser.LstSelectedMenu.Add(menuid);
}
}
}
}
//STEP2: GET ALL MENU ******************************************************
sqlMenus = "select * from Menu order by leveltree ";
this.DBConnection.command.Parameters.Clear();
this.DBConnection.command.CommandText = sqlMenus;
List <EntityMenuModel> lstMenuTemp = new List <EntityMenuModel>();
using (SqlDataReader reader = DBConnection.command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
EntityMenuModel entityMenuModel = new EntityMenuModel();
entityMenuModel.FilterCommand = reader.IsDBNull(reader.GetOrdinal("FilterCommand")) ? "" : reader.GetString(reader.GetOrdinal("FilterCommand"));
entityMenuModel.FilterValue = reader.IsDBNull(reader.GetOrdinal("FilterValue")) ? "" : reader.GetString(reader.GetOrdinal("FilterValue"));
entityMenuModel.LevelTree = reader.IsDBNull(reader.GetOrdinal("LevelTree")) ? "" : reader.GetString(reader.GetOrdinal("LevelTree"));
entityMenuModel.MenuId = reader.IsDBNull(reader.GetOrdinal("MenuId")) ? 0 : reader.GetInt32(reader.GetOrdinal("MenuId"));
entityMenuModel.MenuLevel = reader.IsDBNull(reader.GetOrdinal("MenuLevel")) ? "" : reader.GetString(reader.GetOrdinal("MenuLevel"));
entityMenuModel.Name = reader.IsDBNull(reader.GetOrdinal("Name")) ? "" : reader.GetString(reader.GetOrdinal("Name"));
entityMenuModel.ParentId = reader.IsDBNull(reader.GetOrdinal("Name")) ? 0 : reader.GetInt32(reader.GetOrdinal("ParentId"));
entityMenuModel.Path = reader.IsDBNull(reader.GetOrdinal("Path")) ? "" : reader.GetString(reader.GetOrdinal("Path"));
entityMenuModel.Status = reader.IsDBNull(reader.GetOrdinal("Status")) ? false : reader.GetBoolean(reader.GetOrdinal("Status"));
lstMenuTemp.Add(entityMenuModel);
if (entityUser.IsAdmin == true)
{
entityUser.LstSelectedMenu.Add(entityMenuModel.MenuId);
output.StrAllowedLeveltrees += entityMenuModel.LevelTree + ",";
output.StrAllowedMenuIds += entityMenuModel.MenuId + ",";
continue;
}
if (entityUser.LstSelectedMenu.Contains(entityMenuModel.MenuId))
{
// output.LstAllowedMenus.Add(entityMenuModel.Clone());
output.StrAllowedLeveltrees += entityMenuModel.LevelTree + ",";
output.StrAllowedMenuIds += entityMenuModel.MenuId + ",";
}
}
}
}
output.StrAllowedMenuIds = "," + output.StrAllowedMenuIds;
output.StrAllowedLeveltrees = "," + output.StrAllowedLeveltrees;
foreach (EntityMenuModel entity in lstMenuTemp)
{
if (entityUser.LstSelectedMenu.Contains(entity.MenuId))
{
//output.LstAllowedMenus.Add(entity.Clone());
//output.LstAllOfMenus.Add(entity.Clone());
continue;
}
//else
//{
// string currentMenuLeveltree = entity.LevelTree + "@@@";
// bool added = false;
// while (currentMenuLeveltree.Length > 0)
// {
// int pos = currentMenuLeveltree.LastIndexOf("@@@");
// if (pos < 0) break;
// currentMenuLeveltree = currentMenuLeveltree.Substring(0, pos);
// //DAY LA TRUONG HOP CO MENU CHA NAM TRONG SO DUOC PHAN QUYEN
// //THI ADD MENU HIEN TAI VAO NHOM
// if (output.StrAllowedLeveltrees.IndexOf("," + currentMenuLeveltree + ",") >= 0)
// {
// output.StrAllowedLeveltrees += entity.LevelTree + ",";
// output.StrAllowedMenuIds += entity.MenuId.ToString() + ",";
// entityUser.LstSelectedMenu.Add(entity.MenuId);
// added = true;
// break;
// }
// }
//}
}
foreach (EntityMenuModel entity in lstMenuTemp)
{
if (entityUser.IsAdmin == true)
{
output.LstAllOfMenus.Add(entity.Clone());
continue;
}
if (entityUser.LstSelectedMenu.Contains(entity.MenuId))
{
output.LstAllOfMenus.Add(entity.Clone());
}
else
{
//KIEM TRA MENU HIEN TAI CO LA MENU CHA CUA 1 TRONG SO CAC MENU DA DUOC ADD KO
if (output.StrAllowedLeveltrees.Contains("," + entity.LevelTree + "@"))
{
output.LstAllOfMenus.Add(entity.Clone());
}
}
}
//STEP3: GET LIST OF ALLOWED MENU FOR THE CURRENT USER
}
catch (Exception ex)
{
this.ERROR = ex.ToString();
}
finally
{
this.DBConnection.CloseDBConnect();
}
return(output);
}
