public ActionResult ImportPayments(HttpPostedFileBase upload, UploadPaymentViewModel model) { if (upload != null) { FileUploader uploader = new FileUploader(); var payments = uploader.ExcelUpload(upload); foreach (var payment in payments) { payment.CreatedBy = model.CreatedBy; payment.CreatedDate = model.CreatedDate; } //send to api var client = new RestClient("http://localhost:4000/api/paymentsimport"); var request = new RestRequest(Method.POST); var settings = new JsonSerializerSettings() { DateFormatHandling = DateFormatHandling.MicrosoftDateFormat }; string body = JsonConvert.SerializeObject(payments, settings); request.AddParameter("Application/Json", body, ParameterType.RequestBody); var response = client.Execute(request); if (response.StatusCode == System.Net.HttpStatusCode.OK) { return(RedirectToAction("ImportPayments", "Payments")); } } else { TempData["message"] = "Sorry, but you did not upload a file."; } return(RedirectToAction("Index", "Home")); }
void IActionFilter.OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.ActionParameters["upload"] != null && filterContext.HttpContext.Session["token"] != null) { var model = filterContext.ActionParameters["upload"] as HttpPostedFileBase; string token = filterContext.HttpContext.Session["token"].ToString(); var clientT = new RestClient("http://localhost:4000/api/accounts/Validate"); var requestT = new RestRequest(Method.GET); requestT.AddParameter("encrypted", token); var responseT = clientT.Execute <Token>(requestT); JsonDeserializer deserialize = new JsonDeserializer(); Token deserialized = deserialize.Deserialize <Token>(responseT); bool validate = false; foreach (var permission in deserialized.Permissions) { if (permission == _permission) { validate = true; } } if (!validate) { filterContext.Controller.TempData.Add("message", "Sorry, but you do not have permission to do this action."); filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "home" }, { "action", "index" } }); } else { FileUploader uploader = new FileUploader(); IEnumerable <Payment> payments = uploader.ExcelUpload(model); var client = new RestClient("http://localhost:4000/api/profile"); var request = new RestRequest(Method.GET); request.AddParameter("userName", deserialized.User); var response = client.Execute(request); AccountProfile profile = deserialize.Deserialize <AccountProfile>(response); int count = 0; if (profile.Beneficiaries != null) { foreach (var ben in profile.Beneficiaries) { foreach (var payment in payments) { if (ben.Name == payment.Beneficiary.Name) { count++; validate = false; } } } } if (count != payments.Count()) { filterContext.Controller.TempData.Add("message", "Sorry, but you cannot add payments for beneficiaries not assigned to you."); filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "home" }, { "action", "index" } }); } } } else { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "accounts" }, { "action", "Login" } }); } }