// GET: /Invoices/ public async Task <ActionResult> Index(string account, string time) { //only show your own invoices past 3 months, 90 days DateTime cutoffDate = DateTime.Now.Subtract(new TimeSpan(90, 0, 0, 0)); var invoices = db.Invoices.Where(i => i.customerID.ToLower() == User.Identity.Name.ToLower()).Include(i => i.PDFFile); if (string.IsNullOrWhiteSpace(time)) { //then use cutoff date invoices = invoices.Where(i => i.date > cutoffDate); } else { ViewBag.time = "all"; } if (LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name) || LDAPHelper.UserIsMemberOfGroupOC("Admins", User.Identity.Name)) { if (string.IsNullOrWhiteSpace(account)) { invoices = db.Invoices.Include(i => i.PDFFile); } else { invoices = db.Invoices.Where(i => i.customerID.ToLower() == account.ToLower()).Include(i => i.PDFFile); } } return(View(await invoices.ToListAsync())); }
// GET: /File/ public async Task <ActionResult> PDFFile(int id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Invoices invoices = await db.Invoices.FindAsync(id); if (invoices == null || invoices.PDFFileID == null) { return(HttpNotFound()); } if (LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name) || LDAPHelper.UserIsMemberOfGroupOC("Admins", User.Identity.Name) || invoices.customerID.ToLower() == User.Identity.Name.ToLower()) { var fileToRetrieve = db.PDFFiles.Find(invoices.PDFFileID); if (fileToRetrieve == null) { return(HttpNotFound()); } return(File(fileToRetrieve.Content, "application/pdf", "Computrex_Invoice" + invoices.name + ".pdf")); } else { return(HttpNotFound()); } }
public async Task <ActionResult> Create([Bind(Include = "userName,hashPassword,permissionGroup")] UserAccount useraccount) { if (ModelState.IsValid) { //check that the user has sufficient priveliges if (useraccount.permissionGroup == "Boss" || useraccount.permissionGroup == "Admins") { if (!LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name)) { RedirectToAction("Error", "ErrorPages"); } } else //auto generate a password for the customers { useraccount.hashPassword = System.Web.Security.Membership.GeneratePassword(9, 2); } //hash the password with the apps secret key useraccount.hashPassword = EncryptionHelper.Encrypt(useraccount.hashPassword); db.UserAccounts.Add(useraccount); await db.SaveChangesAsync(); return(RedirectToAction("Index")); } return(View(useraccount)); }
public async Task <ActionResult> DeleteConfirmed(string id) { UserAccount useraccount = await db.UserAccounts.FindAsync(id); if (useraccount.permissionGroup == "Boss" && !LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name)) { return(HttpNotFound()); } db.UserAccounts.Remove(useraccount); await db.SaveChangesAsync(); return(RedirectToAction("Index")); }
public async Task <ActionResult> Delete(string id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } UserAccount useraccount = await db.UserAccounts.FindAsync(id); if (useraccount == null) { return(HttpNotFound()); } if (useraccount.permissionGroup == "Boss" && !LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name)) { return(HttpNotFound()); } return(View(useraccount)); }
public async Task <ActionResult> Edit([Bind(Include = "userName,hashPassword,permissionGroup")] UserAccount useraccount) { if (ModelState.IsValid) { UserAccount acct = await db.UserAccounts.FindAsync(useraccount.userName); if (acct == null) { return(HttpNotFound()); } if (acct.permissionGroup == "Boss" && !LDAPHelper.UserIsMemberOfGroupOC("Boss", User.Identity.Name)) { return(HttpNotFound()); } //hash the password with the apps secret key useraccount.hashPassword = EncryptionHelper.Encrypt(useraccount.hashPassword); db.Entry(useraccount).State = EntityState.Modified; await db.SaveChangesAsync(); return(RedirectToAction("Index")); } return(View(useraccount)); }