public async Task <IActionResult> EditPermission(Models.Permission model) { string json = await PutAsync(model, _urlSettings.Permission.EditPermission); Response.StatusCode = JsonConvert.DeserializeObject <ResultModel>(json).Status; return(Content(json, "application/json", Encoding.UTF8)); }
public JsonResult GetTicket(int id) { using (var context = new Data.ApplicationDbContext()) { String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject); Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString().Equals(authUserId)); if (authUser == null) { return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" })); } Models.Ticket ticket = context.Tickets.AsNoTracking().FirstOrDefault(t => t.Id == id); if (ticket == null) { return(Json(new { status_code = 2, status = "Ticket '" + id + "' does not exist" })); } if (authUser.Level >= 4) { return(Json(new { status_code = 0, ticket })); } else { Models.Permission permission = context.Permissions.AsNoTracking().FirstOrDefault(p => p.UserId == authUser.Id && p.SiteId == id); if (permission == null || permission.Access == 0) { return(Json(new { status_code = 1, status = "User does not have permission to view this ticket" })); } return(Json(new { status_code = 0, ticket })); } } }
/// <summary>Sets a user's permission to view a site</summary> /// <param name="userId">The user to give/take permission from</param> /// <param name="siteId">The site to give/take permission from</param> /// <param name="hasAccess">Sets whether user has access to site or not</param> /// <returns>Json object with <code>status_code</code> of event (0 = success)</returns> private JsonResult SetPermission(int userId, int siteId, int?access) { using (var context = new Data.ApplicationDbContext()) { Models.User user = context.Users.AsNoTracking().FirstOrDefault(u => u.Id == userId); if (user == null) { return(Json(new { status_code = 2, status = "Cannot create permission for user '" + userId + "'; user doesn't exist" })); } Models.Permission permission = context.Permissions.FirstOrDefault(p => p.UserId == userId && p.SiteId == siteId); if (permission != null && (access.HasValue && access.Value == 0)) { context.Permissions.Remove(permission); } else if (permission == null && (access.HasValue && access.Value == 1)) { permission = new Models.Permission { UserId = userId, SiteId = siteId, Access = 1, }; context.Permissions.Add(permission); } context.SaveChanges(); return(Json(new { status_code = 0, permission })); } }
public JsonResult GetSite(int siteId) { using (var context = new Data.ApplicationDbContext()) { String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject); Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString().Equals(authUserId)); if (authUser == null) { return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" })); } if (Helpers.PermissionChecker.IsTechOrAdmin(authUser) || Helpers.PermissionChecker.IsBillingDepartment(authUser)) { return(SiteInfo(siteId)); } else { Models.Permission permission = context.Permissions.AsNoTracking().FirstOrDefault(p => p.UserId == authUser.Id && p.SiteId == siteId); if (permission != null) { return(SiteInfo(siteId)); } return(Json(new { status_code = 1, status = "User does not have permission to view site '" + siteId + "'" })); } } }
public async Task <IActionResult> EditPermission(long id) { ResultModel model = await GetAsync <ResultModel>("?id=" + id, _urlSettings.Permission.GetPermissionById); if (model.Status != 200) { return(Redirect("/Home/ErrorView")); } Models.Permission permission = JsonConvert.DeserializeObject <Models.Permission>(model.Data.ToString()); return(View(permission)); }
public JsonResult Update([FromBody] Models.Site site) { using (var context = new Data.ApplicationDbContext()) { String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject); Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString().Equals(authUserId)); if (authUser == null) { return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" })); } if (!Helpers.PermissionChecker.CanModifySite(authUser) && authUser.Id != site.SiteDistributor) { return(Json(new { status_code = 1, status = "User '" + authUser.UserName + "' does not have permission to edit site" })); } Models.Permission permission = context.Permissions.AsNoTracking().FirstOrDefault(p => p.UserId == authUser.Id && p.SiteId == site.SiteId); if (permission != null || Helpers.PermissionChecker.CanModifySite(authUser)) { Models.Site dbSite = context.Sites.FirstOrDefault(s => s.SiteId == site.SiteId); if (dbSite == null) { return(Json(new { status_code = 2, status = "Site '" + site.SiteId + "' does not exist" })); } List <Models.Log.Variance> variances = dbSite.Compare(site); if (variances.Count == 0) { return(Json(new { status_code = 0, status = "No changes made (given object same as database row)" })); } dbSite.Copy(site, true); String changes = ""; foreach (Models.Log.Variance var in variances) { changes += "[(" + var.Property + "=" + (var.New != null ? var.New.ToString() : "null") + ")]"; if (var.Property.Equals("SiteEnabled")) { dbSite.Comment = authUser.UserName + " " + ((bool)var.New ? "enabled" : "disabled") + " site last at " + DateTime.UtcNow.ToString("M/dd h:mm tt"); } } context.SaveChanges(); Helpers.LogHelper.LogAction(Models.Log.ActionType.ModifySite, authUser.Id, dbSite.SiteId, String.Format("{0} (id: {1}) modified site '{2}' (site number: {3})", authUser.UserName, authUser.Id, dbSite.SiteName, dbSite.SiteNumber), changes); return(Json(new { status_code = 0, site = dbSite })); } return(Json(new { status_code = 1, status = "User does not have permission to update site '" + site.SiteId + "'" })); } }
public async Task <IActionResult> OnGetAsync(int id) { Permission = await _context.Permision .Include(x => x.PermissionType) .FirstOrDefaultAsync(x => x.Id == id); if (Permission is null) { return(NotFound()); } return(Page()); }
public JsonResult LopHoc(Guid?id_lop) { string r = ""; IEnumerable <CoursesJournalObjects> data; if (id_lop.HasValue) { data = new CoursesJournalBCL().GetJoin().Where(q => q.CoursesJoin.CoId == id_lop.Value).OrderByDescending(m => m.DayOf.Value); } else { data = new CoursesJournalBCL().GetJoin().OrderByDescending(m => m.DayOf.Value); } var per = new Models.Permission(); foreach (var item in data) { r += string.Format(@" <tr> <td> {2} </td> <td> {0} - {1} </td> <td> {3} </td> <td> {4} </td> <td> {5} {6} {7} </td> </tr> ", item.CoursesJoin.CourseId , item.CoursesJoin.CourseName , item.DayOf.Value.ToString("dd/MM/YYYY") , item.Contents , item.Description , per.IsAllow(eAction.Search, eFea.QLCTHV) ? "<a href='" + @Url.Action("Index", "CoursesStudentDetailt", new { ID = item.CJId }) + "' class='btn btn-info'>DSHV Vắng</a>" : "" , per.IsAllow(eAction.Edit, eFea.QLNKGD) ? "<a href=" + Url.Action("Edit", "CoursesJournal", new { ID = item.CJId }) + " class='btn btn-default'>Sửa</a>" : "" , per.IsAllow(eAction.Delete, eFea.QLNKGD) ? "<span class='btn btn-warning btn-delete' data-value='" + item.CJId + "'>Xóa</span>" : "" ); } r += @"<div class='modal fade' id='myModal' role='dialog'> <div class='modal-dialog'> <!-- Modal content--> <div class='modal-content'> <div class='modal-header'> <button type='button' class='close' data-dismiss='modal'>×</button> <h4 class='modal-title'><i class='fa fa-warning'>Chú ý</i></h4> </div> <div class='modal-body'> <div class='modal-body-contents'> </div> </div> <div class='modal-footer'> <button type='button' class='btn btn-warning btn-ajax'>Xác nhận</button> <button type='button' class='btn btn-default' data-dismiss='modal'>Hủy</button> </div> </div> </div> </div> <script> $('.btn-delete').click(function () { if(confirm('Bạn có chắc chắn xóa?')!=true) return; let elementDelete = $(this); myAjax('Delete', { ID: $('this'.data('value')) }, function (d, xhr, r) { if(d){ if (elementDelete) { $(elementDelete).parents('tr').first().hide(); elementDelete = undefined; } else{ alert('Xảy ra lỗi, Trang sẽ được tải lại') } }else{ alert('Xóa thất bại'); } }, function (d) { alert('Xảy ra lỗi, Trang sẽ được tải lại') window.location.reload(); }, function (d) { }); }); </script>"; return(Json(r)); }
/// <summary> /// Gets a list of tickets. The list generated depends on the status given. /// /// 0 = All tickets /// 1 = All open tickets /// 2 = All tickets for a given site /// </summary> /// <param name="status">The status code to determine which list of tickets are returned</param> /// <param name="id">(Only needed for status = 2)The site to get all tickets from</param> /// <returns>A list of tickets</returns> private JsonResult GetAllTickets(int status, int id, Models.User authUser) { using (var context = new Data.ApplicationDbContext()) { if (status == 0) { // Get ALL tickets // Get list of sites user has permission to view, then return list of tickets from those sites List <object> report = new List <object>(); #if LOCAL using (MySqlConnection conn = new MySqlConnection(Startup.Configuration.GetConnectionString("LocalDatabase"))) { #else using (MySqlConnection conn = new MySqlConnection(Startup.Configuration.GetConnectionString("Database"))) { #endif conn.Open(); string command = (authUser.Level >= 4 ? "SELECT * FROM `tickets` as t " + "JOIN(SELECT user_id as u_user_id, user_name as u_user_name, contact_fname as u_contact_fname, contact_lname as u_contact_lname FROM `user`) as u " + "ON u_user_id = t.created_by " + "LEFT JOIN(SELECT user_id as a_user_id, user_name as a_user_name, contact_fname as a_contact_fname, contact_lname as a_contact_lname FROM `user`) as a " + "ON a_user_id = t.assigned_to " + "JOIN(SELECT site_name, site_id FROM `sites`) as s " + "ON t.site_id = s.site_id;" : String.Format( "SELECT * FROM `tickets` as t " + "JOIN " + " (SELECT " + " user_id as u_user_id, user_name as u_user_name, contact_fname as u_contact_fname, contact_lname as u_contact_lname "+ " FROM `user`) as u " + "ON u_user_id = t.created_by " + "LEFT JOIN " + " (SELECT " + " user_id as a_user_id, user_name as a_user_name, contact_fname as a_contact_fname, contact_lname as a_contact_lname "+ " FROM `user`) as a " + "ON a_user_id = t.assigned_to " + "JOIN " + " (SELECT " + " s.site_id, s.site_name "+ " FROM `sites` as s " + " JOIN " + " (SELECT * FROM `permission` "+ " WHERE `user_id` = {0}) as p "+ " ON s.site_id = p.site_id) as sp " + "ON sp.site_id = t.site_id;", authUser.Id)); MySqlCommand ticketCmd = new MySqlCommand(command, conn); using (var reader = ticketCmd.ExecuteReader()) while (reader.Read()) { Models.Ticket.PriortiyLevel priority; Models.Ticket.TicketStatus tStatus; Models.Ticket.TicketCategory tCategory; int ticketId, ticketSiteId; string ticketSubject, ticketComments; ticketId = DBNull.Value.Equals(reader["id"]) ? -1 : Convert.ToInt32(reader["id"]); ticketSiteId = DBNull.Value.Equals(reader["site_id"]) ? -1 : Convert.ToInt32(reader["site_id"]); ticketSubject = DBNull.Value.Equals(reader["subject"]) ? "" : Convert.ToString(reader["subject"]); ticketComments = DBNull.Value.Equals(reader["comments"]) ? "" : Convert.ToString(reader["comments"]); // Something is wrong with this ticket, so ignore it & don't add it to list if (ticketId == -1 || ticketSiteId == -1 || ticketSubject.Length == 0 || ticketComments.Length == 0) { continue; } if (!DBNull.Value.Equals(reader["priority"]) && Convert.ToInt32(reader["priority"]) >= 0 && Convert.ToInt32(reader["priority"]) <= 3) { priority = (Models.Ticket.PriortiyLevel)Convert.ToInt32(reader["priority"]); } else { priority = Models.Ticket.PriortiyLevel.LOW; } if (!DBNull.Value.Equals(reader["status"]) && Convert.ToInt32(reader["status"]) >= 0 && Convert.ToInt32(reader["status"]) <= 4) { tStatus = (Models.Ticket.TicketStatus)Convert.ToInt32(reader["status"]); } else { tStatus = Models.Ticket.TicketStatus.NEW; } if (!DBNull.Value.Equals(reader["category"]) && Convert.ToInt32(reader["category"]) >= 0 && Convert.ToInt32(reader["category"]) <= 6) { tCategory = (Models.Ticket.TicketCategory)Convert.ToInt32(reader["category"]); } else { tCategory = Models.Ticket.TicketCategory.SOFTWARE; } var ticket = new { Id = ticketId, SiteId = ticketSiteId, Subject = ticketSubject, Comments = ticketComments, Priority = (int)priority, PriorityName = priority.ToString(), Status = (int)tStatus, StatusName = tStatus.ToString(), Category = (int)tCategory, CategoryName = tCategory.ToString().Replace('_', ' '), SiteName = DBNull.Value.Equals(reader["site_name"]) ? "" : Convert.ToString(reader["site_name"]), AssignedTo = DBNull.Value.Equals(reader["assigned_to"]) ? -1 : Convert.ToInt32(reader["assigned_to"]), CreatedBy = DBNull.Value.Equals(reader["created_by"]) ? -1 : Convert.ToInt32(reader["created_by"]), CreatedDate = DBNull.Value.Equals(reader["created_date"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["created_date"]), Creator = new { UserName = DBNull.Value.Equals(reader["u_user_name"]) ? "" : Convert.ToString(reader["u_user_name"]), FName = DBNull.Value.Equals(reader["u_contact_fname"]) ? "" : Convert.ToString(reader["u_contact_fname"]), LName = DBNull.Value.Equals(reader["u_contact_lname"]) ? "" : Convert.ToString(reader["u_contact_lname"]) }, Assignee = new { UserName = DBNull.Value.Equals(reader["a_user_name"]) ? "" : Convert.ToString(reader["a_user_name"]), FName = DBNull.Value.Equals(reader["a_contact_fname"]) ? "" : Convert.ToString(reader["a_contact_fname"]), LName = DBNull.Value.Equals(reader["a_contact_lname"]) ? "" : Convert.ToString(reader["a_contact_lname"]) }, DueDate = DBNull.Value.Equals(reader["due_date"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["due_date"]), LastUpdated = DBNull.Value.Equals(reader["last_updated"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["last_updated"]) }; report.Add(ticket); } return(Json(new { status_code = 0, report })); } } else if (status == 1) { // Get all open tickets if (authUser.Level >= 4) { return(Json(new { status_code = 0, report = context.Tickets.AsNoTracking().Where(t => t.Status != Models.Ticket.TicketStatus.CLOSED).ToList() })); } else { // Get list of sites user has permission to view, then return list of open tickets from those sites List <object> report = new List <object>(); MySqlCommand ticketCmd = new MySqlCommand( String.Format("SELECT * " + "FROM " + " `tickets` as t " + " JOIN " + " (SELECT "+ " s.site_id, s.site_name "+ " FROM "+ " `sites` as s "+ " JOIN "+ " (SELECT "+ " * "+ " FROM "+ " `permission` "+ " WHERE "+ " `user_id` = {0}) "+ " as p "+ " ON s.site_id = p.site_id) "+ " as sp "+ " ON sp.site_id = t.site_id AND t.status != 4; ", authUser.Id)); using (var reader = ticketCmd.ExecuteReader()) while (reader.Read()) { Models.Ticket.PriortiyLevel priority; Models.Ticket.TicketStatus tStatus; Models.Ticket.TicketCategory tCategory; int ticketId, ticketSiteId; string ticketSubject, ticketComments; ticketId = DBNull.Value.Equals(reader["id"]) ? -1 : Convert.ToInt32(reader["id"]); ticketSiteId = DBNull.Value.Equals(reader["site_id"]) ? -1 : Convert.ToInt32(reader["site_id"]); ticketSubject = DBNull.Value.Equals(reader["subject"]) ? "" : Convert.ToString(reader["subject"]); ticketComments = DBNull.Value.Equals(reader["comments"]) ? "" : Convert.ToString(reader["comments"]); // Something is wrong with this ticket, so ignore it & don't add it to list if (ticketId == -1 || ticketSiteId == -1 || ticketSubject.Length == 0 || ticketComments.Length == 0) { continue; } if (!DBNull.Value.Equals(reader["priority"]) && Convert.ToInt32(reader["priority"]) >= 0 && Convert.ToInt32(reader["priority"]) <= 3) { priority = (Models.Ticket.PriortiyLevel)Convert.ToInt32(reader["priority"]); } else { priority = Models.Ticket.PriortiyLevel.LOW; } if (!DBNull.Value.Equals(reader["status"]) && Convert.ToInt32(reader["status"]) >= 0 && Convert.ToInt32(reader["status"]) <= 4) { tStatus = (Models.Ticket.TicketStatus)Convert.ToInt32(reader["status"]); } else { tStatus = Models.Ticket.TicketStatus.NEW; } if (!DBNull.Value.Equals(reader["category"]) && Convert.ToInt32(reader["category"]) >= 0 && Convert.ToInt32(reader["category"]) <= 6) { tCategory = (Models.Ticket.TicketCategory)Convert.ToInt32(reader["category"]); } else { tCategory = Models.Ticket.TicketCategory.SOFTWARE; } var ticket = new { Id = ticketId, SiteId = ticketSiteId, Subject = ticketSubject, Comments = ticketComments, Priority = (int)priority, PriorityName = priority.ToString(), Category = (int)tCategory, CategoryName = tCategory.ToString().Replace('_', ' '), Status = (int)tStatus, StatusName = tStatus.ToString(), SiteName = DBNull.Value.Equals(reader["site_name"]) ? "" : Convert.ToString(reader["site_name"]), AssignedTo = DBNull.Value.Equals(reader["assigned_to"]) ? -1 : Convert.ToInt32(reader["assigned_to"]), CreatedBy = DBNull.Value.Equals(reader["created_by"]) ? -1 : Convert.ToInt32(reader["created_by"]), CreatedDate = DBNull.Value.Equals(reader["created_date"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["created_date"]), DueDate = DBNull.Value.Equals(reader["due_date"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["due_date"]), LastUpdated = DBNull.Value.Equals(reader["last_updated"]) ? new DateTime(2000, 1, 1) : Convert.ToDateTime(reader["last_updated"]) }; report.Add(ticket); } return(Json(new { status_code = 0, report })); } } else if (status == 2) { if (authUser.Level >= 4) { return(Json(new { status_code = 0, report = context.Tickets.AsNoTracking().Where(t => t.SiteId == id).ToList() })); } else { Models.Permission permission = context.Permissions.AsNoTracking().FirstOrDefault(p => p.UserId == authUser.Id && p.SiteId == id); if (permission == null || permission.Access == 0) { return(Json(new { status_code = 1, status = "User does not have permission to view this ticket" })); } return(Json(new { status_code = 0, report = context.Tickets.AsNoTracking().Where(t => t.SiteId == id).ToList() })); } } } // If this return statement is reached, request has invalid status type return(Json(new { status_code = 5, status = "Unknown status code: " + status })); }
public JsonResult Create([FromBody] Models.ActivationForm form, [RequiredFromQuery] int type) { if (type == 0) { // Create new site & activation using (var context = new Data.ApplicationDbContext()) { // Verify user exists & has permission String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject); Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString().Equals(authUserId)); if (authUser == null) { return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" })); } if (!Helpers.PermissionChecker.CanAddSite(authUser)) { return(Json(new { status_code = 3, status = "User '" + authUser.UserName + "' does not have permission to activate sites" })); } // Used to check if installer object and/or manager object need to be added to database bool InstallerCreated = false, ManagerCreated = false, OwnerCreated = false; // #1 - Check installer // // if Id is 0, create new installer. Otherwise, verify installer exists if (form.SiteInstaller.Id != 0) { Models.Installer installer = context.Installers.AsNoTracking().FirstOrDefault(i => i.Id == form.SiteInstaller.Id); if (installer == null) { return(Json(new { status_code = 5, status = "Installer '" + form.SiteInstaller.Id + "' does not exist" })); } } else { if (form.SiteInstaller.FName.Length == 0 && form.SiteInstaller.LName.Length == 0) { return(Json(new { status_code = 5, status = "Installer must have at least a first or last name" })); } else if (form.SiteInstaller.Phone.Length == 0) { return(Json(new { status_code = 5, status = "Installer must have a phone number" })); } context.Installers.Add(form.SiteInstaller); InstallerCreated = true; } // #2 - Check manager // // Same logic as installer (0 = new, otherwise use existing) if (form.SiteManager.Id != 0) { Models.Manager manager = context.Managers.AsNoTracking().FirstOrDefault(m => m.Id == form.SiteManager.Id); if (manager == null) { return(Json(new { status_code = 5, status = "Manager '" + form.SiteManager.Id + "' does not exist" })); } } else { if (form.SiteManager.FName.Length == 0 && form.SiteManager.LName.Length == 0) { return(Json(new { status_code = 5, status = "Manager must have at least a first or last name" })); } else if (form.SiteManager.Phone.Length == 0) { return(Json(new { status_code = 5, status = "Manager must have a phone number" })); } context.Managers.Add(form.SiteManager); ManagerCreated = true; } // #3 - Verify new owner info // if (form.NewOwner.Id == 0) { if (context.Users.AsNoTracking().FirstOrDefault(u => form.NewOwner.UserName != null && u.UserName != null && form.NewOwner.UserName.ToLower().Equals(u.UserName.ToLower())) != null) { return(Json(new { status_code = 3, status = "User '" + form.NewOwner.UserName + "' already exists" })); } if (String.IsNullOrWhiteSpace(form.NewOwner.UserName) || String.IsNullOrWhiteSpace(form.NewOwner.Password)) { return(Json(new { status_code = 4, status = "Invalid user creation body" })); } form.NewOwner.Active = true; form.NewOwner.Level = 2; // force user to be owner form.NewOwner.UserLastLogin = new DateTime(2000, 1, 1); OwnerCreated = true; } else { form.NewOwner = context.Users.AsNoTracking().FirstOrDefault(u => u.Id == form.NewOwner.Id); if (form.NewOwner == null) { return(Json(new { status_code = 2, status = "Owner '" + form.NewOwner.Id + "' does not exist" })); } } if (!form.PreApproved && (String.IsNullOrWhiteSpace(form.NewOwner.UserName) || String.IsNullOrWhiteSpace(form.NewOwner.Password))) { return(Json(new { status_code = 5, status = "Invalid user creation body" })); } // #4 - Create new site // // note: if site is pre-approved, new site will not be created // Verify site info Models.System system = context.Systems.AsNoTracking().FirstOrDefault(s => s.Id == form.NewSite.SystemId); if (system == null) { return(Json(new { status_code = 5, status = "Invalid system given", id = form.NewSite.SystemId })); } Models.User distrib = context.Users.AsNoTracking().FirstOrDefault(u => u.Id == form.NewSite.SiteDistributor); if (distrib == null) { return(Json(new { status_code = 5, status = "Invalid distributor given" })); } if (form.NewSite.SiteName.Length == 0) { return(Json(new { status_code = 5, status = "No site name given" })); } if (!form.NewSite.SiteInstallDate.HasValue) { return(Json(new { status_code = 5, status = "Invalid install date" })); } if (form.NewSite.SiteAddress.Length == 0 || form.NewSite.SiteCity.Length == 0 || form.NewSite.SiteState.Length == 0 || form.NewSite.SiteCountry.Length == 0 || form.NewSite.SiteZip.Length < 5 || form.NewSite.SiteZip.Length > 10) { return(Json(new { status_code = 5, status = "Invalid site address given" })); } if (form.NewSite.SiteOwnerName.Length == 0) { return(Json(new { status_code = 5, status = "No owner name given" })); } if (form.NewSite.SiteOwnerEmail.Length == 0 && form.NewSite.SiteOwnerPhone.Length == 0) { return(Json(new { status_code = 5, status = "Need at least one way to contact owner (none given)" })); } // Generate site info if not pre-approved if (!form.PreApproved) { List <Models.Site> sites = context.Sites.AsNoTracking().OrderByDescending(s => s.SiteNumber).ToList(); int maxSiteNum = -1; foreach (Models.Site s in sites) { if (s.SiteNumber.HasValue) { maxSiteNum = (int)s.SiteNumber; break; } } form.NewSite.SiteNumber = ++maxSiteNum; form.NewSite.SiteActive = true; form.NewSite.SiteEnabled = true; form.NewSite.SiteLastPing = new DateTime(2000, 1, 1); form.NewSite.SiteLastIp = "127.0.0.1"; } // #5 - New activation row // // Need to save these to database to generate any IDs (in case new installer/manager is used, and for new site/owner) if site isn't pre-approved if (!form.PreApproved) { if (form.NewOwner.Id == 0) { context.Users.Add(form.NewOwner); } context.Sites.Add(form.NewSite); context.SaveChanges(); } // Verify that distributor has access to site // (because users can create distributors when activating site) Models.Permission permission = context.Permissions.FirstOrDefault(p => form.NewSite.SiteDistributor.HasValue && p.UserId == form.NewSite.SiteDistributor && p.SiteId == form.NewSite.SiteId); if (permission == null) { permission = new Models.Permission { UserId = (int)form.NewSite.SiteDistributor, SiteId = form.NewSite.SiteId, Access = 1, }; context.Permissions.Add(permission); } else if (permission.Access.HasValue && (int)permission.Access != 1) { permission.Access = 1; } // Set some default values for newly created sites form.NewSite.LastCommunityDrop = new DateTime(1970, 1, 1, 0, 0, 0); form.NewSite.LastGrandDrop = new DateTime(1970, 1, 1, 0, 0, 0); // Activation form needs to save what was submitted, not reflect current information // therefore, activation table essentially acts as a merged version of multiple tables form.ActivationInfo.SiteId = form.NewSite.SiteId; form.ActivationInfo.RoomName = form.NewSite.SiteName; form.ActivationInfo.SystemId = system.Id; form.ActivationInfo.StorePhone = form.NewSite.StorePhone; form.ActivationInfo.InstallerId = form.SiteInstaller.Id; form.ActivationInfo.InstallerFName = form.SiteInstaller.FName; form.ActivationInfo.InstallerLName = form.SiteInstaller.LName; form.ActivationInfo.InstallerEmail = form.SiteInstaller.Email; form.ActivationInfo.InstallerPhone = form.SiteInstaller.Phone; form.ActivationInfo.ManagerId = form.SiteManager.Id; form.ActivationInfo.ManagerFName = form.SiteManager.FName; form.ActivationInfo.ManagerLName = form.SiteManager.LName; form.ActivationInfo.ManagerEmail = form.SiteManager.Email; form.ActivationInfo.ManagerPhone = form.SiteManager.Phone; form.ActivationInfo.OwnerId = form.NewOwner.Id; form.ActivationInfo.OwnerFName = form.NewOwner.FName; form.ActivationInfo.OwnerLName = form.NewOwner.LName; form.ActivationInfo.OwnerEmail = form.NewOwner.Email; form.ActivationInfo.OwnerPhone = form.NewOwner.Phone; form.ActivationInfo.OwnerUserName = form.NewOwner.UserName; form.ActivationInfo.DistributorId = distrib.Id; form.ActivationInfo.DistributorFName = distrib.FName; form.ActivationInfo.DistributorLName = distrib.LName; form.ActivationInfo.SiteAddress = form.NewSite.SiteAddress; form.ActivationInfo.SiteCity = form.NewSite.SiteCity; form.ActivationInfo.SiteState = form.NewSite.SiteState; form.ActivationInfo.SiteCountry = form.NewSite.SiteCountry; form.ActivationInfo.SiteZip = form.NewSite.SiteZip; form.ActivationInfo.SubmissionDate = DateTime.UtcNow; // #6 - Create permission for new site if (!form.PreApproved) { Models.Permission newSitePermission = new Models.Permission { Access = 1, SiteId = form.NewSite.SiteId, UserId = form.NewOwner.Id }; context.Permissions.Add(newSitePermission); } // Since these objects aren't being created through their respective controllers, need to manually log them if (InstallerCreated) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateInstaller, authUser.Id, form.SiteInstaller.Id, String.Format("{0} (id: {1}) created installer '{2}' (id: {3})", authUser.UserName, authUser.Id, form.SiteInstaller.FName + " " + form.SiteInstaller.LName, form.SiteInstaller.Id)); } if (ManagerCreated) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateManager, authUser.Id, form.SiteManager.Id, String.Format("{0} (id: {1}) created manager '{2}' (id: {3})", authUser.UserName, authUser.Id, form.SiteManager.FName + " " + form.SiteManager.LName, form.SiteManager.Id)); } if (!form.PreApproved) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateUser, authUser.Id, form.NewOwner.Id, String.Format("{0} (id: {1}) created user {2} (id: {3})", authUser.UserName, authUser.Id, form.NewOwner.UserName, form.NewOwner.Id)); Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateSite, authUser.Id, form.NewSite.SiteId, String.Format("{0} (id: {1}) created site '{2}' (site number: {3})", authUser.UserName, authUser.Id, form.NewSite.SiteName, form.NewSite.SiteNumber)); } // #7 - Save all final info to database (all information has been verified by this point) // context.Activations.Add(form.ActivationInfo); context.SaveChanges(); // #8 - Logging and alerting // log Helpers.LogHelper.LogAction(Models.Log.ActionType.ActivateSite, authUser.Id, form.NewSite.SiteId, String.Format("{0} (id: {1}) activated site '{2}' (site number: {3})", authUser.UserName, authUser.Id, form.NewSite.SiteName, form.NewSite.SiteNumber)); // send to Zapier to handle proper notification var json = new { SiteId = form.NewSite.SiteNumber, form.NewSite.SiteName, SystemName = system.Name, form.ActivationInfo.SystemId, form.NewSite.StorePhone, form.SiteInstaller, form.SiteManager, NewOwner = new { form.NewOwner.Active, form.NewOwner.Email, form.NewOwner.FName, form.NewOwner.LName, form.NewOwner.Phone, form.NewOwner.UserName }, SiteDistributor = new { distrib.Active, distrib.Email, distrib.FName, distrib.LName, distrib.Phone, distrib.UserName }, form.NewSite.SiteAddress, form.NewSite.SiteCity, form.NewSite.SiteState, form.NewSite.SiteCountry, form.NewSite.SiteZip, SubmissionDate = form.ActivationInfo.SubmissionDate.ToString("yyyy-MM-ddTHH:mm:ss.fffZ"), form.ActivationInfo.ActivationNotes }; Helpers.LogHelper.NotifyAction(Models.Log.ActionType.ActivateSite, json); } return(Json(new { status_code = 0, form.NewSite.SiteId })); } else if (type == 1) { // Just create new activation. Site was already approved through old report portal. using (var context = new Data.ApplicationDbContext()) { // Verify user exists & has permission String authUserId = User.GetClaim(OpenIdConnectConstants.Claims.Subject); Models.User authUser = context.Users.AsNoTracking().FirstOrDefault(u => u.Id.ToString().Equals(authUserId)); if (authUser == null) { return(Json(new { status_code = 2, status = "User '" + authUserId + "' does not exist" })); } if (!Helpers.PermissionChecker.CanAddSite(authUser)) { return(Json(new { status_code = 1, status = "User '" + authUser.UserName + "' does not have permission to activate sites" })); } bool InstallerCreated = false, ManagerCreated = false, OwnerCreated = false; // #1 - Check installer // // if Id is 0, create new installer. Otherwise, verify installer exists if (form.SiteInstaller.Id != 0) { Models.Installer installer = context.Installers.AsNoTracking().FirstOrDefault(i => i.Id == form.SiteInstaller.Id); if (installer == null) { return(Json(new { status_code = 2, status = "Installer '" + form.SiteInstaller.Id + "' does not exist" })); } } else { if (form.SiteInstaller.FName.Length == 0 && form.SiteInstaller.LName.Length == 0) { return(Json(new { status_code = 4, status = "Installer must have at least a first or last name" })); } else if (form.SiteInstaller.Phone.Length == 0) { return(Json(new { status_code = 4, status = "Installer must have a phone number" })); } context.Installers.Add(form.SiteInstaller); InstallerCreated = true; } // #2 - Check manager // // Same logic as installer (0 = new, otherwise use existing) if (form.SiteManager.Id != 0) { Models.Manager manager = context.Managers.AsNoTracking().FirstOrDefault(m => m.Id == form.SiteManager.Id); if (manager == null) { return(Json(new { status_code = 2, status = "Manager '" + form.SiteManager.Id + "' does not exist" })); } } else { if (form.SiteManager.FName.Length == 0 && form.SiteManager.LName.Length == 0) { return(Json(new { status_code = 4, status = "Manager must have at least a first or last name" })); } else if (form.SiteManager.Phone.Length == 0) { return(Json(new { status_code = 4, status = "Manager must have a phone number" })); } context.Managers.Add(form.SiteManager); ManagerCreated = true; } // #3 - Verify new owner info // if (form.NewOwner.Id == 0) { if (context.Users.AsNoTracking().FirstOrDefault(u => form.NewOwner.UserName != null && u.UserName != null && form.NewOwner.UserName.ToLower().Equals(u.UserName.ToLower())) != null) { return(Json(new { status_code = 3, status = "User '" + form.NewOwner.UserName + "' already exists" })); } if (String.IsNullOrWhiteSpace(form.NewOwner.UserName) || String.IsNullOrWhiteSpace(form.NewOwner.Password)) { return(Json(new { status_code = 4, status = "Invalid user creation body" })); } form.NewOwner.Active = true; form.NewOwner.Level = 2; // force user to be owner form.NewOwner.UserLastLogin = new DateTime(2000, 1, 1); OwnerCreated = true; } else { form.NewOwner = context.Users.AsNoTracking().FirstOrDefault(u => u.Id == form.NewOwner.Id); if (form.NewOwner == null) { return(Json(new { status_code = 2, status = "Owner '" + form.NewOwner.Id + "' does not exist" })); } } // #4 - Create new site // // Verify site info Models.System system = context.Systems.AsNoTracking().FirstOrDefault(s => s.Id == form.NewSite.SystemId); if (system == null) { return(Json(new { status_code = 4, status = "Invalid system given", id = form.NewSite.SystemId })); } Models.User distrib = context.Users.AsNoTracking().FirstOrDefault(u => u.Id == form.NewSite.SiteDistributor); if (distrib == null) { return(Json(new { status_code = 4, status = "Invalid distributor given" })); } if (form.NewSite.SiteName.Length == 0) { return(Json(new { status_code = 4, status = "No site name given" })); } if (!form.NewSite.SiteInstallDate.HasValue || form.NewSite.SiteInstallDate > DateTime.UtcNow) { return(Json(new { status_code = 4, status = "Invalid install date" })); } if (form.NewSite.SiteAddress.Length == 0 || form.NewSite.SiteCity.Length == 0 || form.NewSite.SiteState.Length == 0 || form.NewSite.SiteCountry.Length == 0 || form.NewSite.SiteZip.Length < 5 || form.NewSite.SiteZip.Length > 10) { return(Json(new { status_code = 4, status = "Invalid site address given" })); } if (form.NewSite.SiteOwnerName.Length == 0) { return(Json(new { status_code = 4, status = "No owner name given" })); } if (form.NewSite.SiteOwnerEmail.Length == 0 && form.NewSite.SiteOwnerPhone.Length == 0) { return(Json(new { status_code = 4, status = "Need at least one way to contact owner (none given)" })); } // Copy over any modified info if site is pre-approved if (form.PreApproved) { Models.Site currentSite = context.Sites.FirstOrDefault(s => s.SiteId == form.NewSite.SiteId); currentSite.Copy(form.NewSite, false); context.SaveChanges(); } // #5 - New activation row // // Need to save these to database to generate any IDs (in case new installer/manager is used, and for new site/owner) if (form.NewOwner.Id == 0) { context.Users.Add(form.NewOwner); context.SaveChanges(); } // Activation form needs to save what was submitted, not reflect current information // therefore, activation table essentially acts as a merged version of multiple tables form.ActivationInfo.SiteId = form.NewSite.SiteId; form.ActivationInfo.RoomName = form.NewSite.SiteName; form.ActivationInfo.SystemId = system.Id; form.ActivationInfo.StorePhone = form.NewSite.StorePhone; form.ActivationInfo.InstallerId = form.SiteInstaller.Id; form.ActivationInfo.InstallerFName = form.SiteInstaller.FName; form.ActivationInfo.InstallerLName = form.SiteInstaller.LName; form.ActivationInfo.InstallerEmail = form.SiteInstaller.Email; form.ActivationInfo.InstallerPhone = form.SiteInstaller.Phone; form.ActivationInfo.ManagerId = form.SiteManager.Id; form.ActivationInfo.ManagerFName = form.SiteManager.FName; form.ActivationInfo.ManagerLName = form.SiteManager.LName; form.ActivationInfo.ManagerEmail = form.SiteManager.Email; form.ActivationInfo.ManagerPhone = form.SiteManager.Phone; form.ActivationInfo.OwnerId = form.NewOwner.Id; form.ActivationInfo.OwnerFName = form.NewOwner.FName; form.ActivationInfo.OwnerLName = form.NewOwner.LName; form.ActivationInfo.OwnerEmail = form.NewOwner.Email; form.ActivationInfo.OwnerPhone = form.NewOwner.Phone; form.ActivationInfo.OwnerUserName = form.NewOwner.UserName; form.ActivationInfo.DistributorId = distrib.Id; form.ActivationInfo.DistributorFName = distrib.FName; form.ActivationInfo.DistributorLName = distrib.LName; form.ActivationInfo.SiteAddress = form.NewSite.SiteAddress; form.ActivationInfo.SiteCity = form.NewSite.SiteCity; form.ActivationInfo.SiteState = form.NewSite.SiteState; form.ActivationInfo.SiteCountry = form.NewSite.SiteCountry; form.ActivationInfo.SiteZip = form.NewSite.SiteZip; form.ActivationInfo.SubmissionDate = DateTime.UtcNow; // #6 - Create permission for new site Models.Permission sitePermission = context.Permissions.AsNoTracking().FirstOrDefault(p => p.UserId == form.NewOwner.Id && p.SiteId == form.NewSite.SiteId); if (sitePermission == null) { sitePermission = new Models.Permission { Access = 1, SiteId = form.NewSite.SiteId, UserId = form.NewOwner.Id }; context.Permissions.Add(sitePermission); } // Since these objects aren't being created through their respective controllers, need to manually log them if (InstallerCreated) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateInstaller, authUser.Id, form.SiteInstaller.Id, String.Format("{0} (id: {1}) created installer '{2}' (id: {3})", authUser.UserName, authUser.Id, form.SiteInstaller.FName + " " + form.SiteInstaller.LName, form.SiteInstaller.Id)); } if (ManagerCreated) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateManager, authUser.Id, form.SiteManager.Id, String.Format("{0} (id: {1}) created manager '{2}' (id: {3})", authUser.UserName, authUser.Id, form.SiteManager.FName + " " + form.SiteManager.LName, form.SiteManager.Id)); } if (OwnerCreated) { Helpers.LogHelper.LogAction(Models.Log.ActionType.CreateUser, authUser.Id, form.NewOwner.Id, String.Format("{0} (id: {1}) created user {2} (id: {3})", authUser.UserName, authUser.Id, form.NewOwner.UserName, form.NewOwner.Id)); } // #7 - Save all final info to database (all information has been verified by this point) // // check if form is pre-approved thru old RP if (form.PreApproved) { form.ActivationInfo.ApprovedBy = -1; form.ActivationInfo.ApprovalNotes = "This site was pre-approved through old report portal."; } context.Activations.Add(form.ActivationInfo); context.SaveChanges(); // #8 - Logging and alerting // log Helpers.LogHelper.LogAction(Models.Log.ActionType.ActivateSite, authUser.Id, form.NewSite.SiteId, String.Format("{0} (id: {1}) reactivated site '{2}' (site number: {3})", authUser.UserName, authUser.Id, form.NewSite.SiteName, form.NewSite.SiteNumber)); // send to Zapier to handle proper notification var json = new { SiteId = form.NewSite.SiteNumber, form.NewSite.SiteName, SystemName = system.Name, form.ActivationInfo.SystemId, form.NewSite.StorePhone, form.SiteInstaller, form.SiteManager, NewOwner = new { form.NewOwner.Active, form.NewOwner.Email, form.NewOwner.FName, form.NewOwner.LName, form.NewOwner.Phone, form.NewOwner.UserName }, SiteDistributor = new { distrib.Active, distrib.Email, distrib.FName, distrib.LName, distrib.Phone, distrib.UserName }, form.NewSite.SiteAddress, form.NewSite.SiteCity, form.NewSite.SiteState, form.NewSite.SiteCountry, form.NewSite.SiteZip, SubmissionDate = form.ActivationInfo.SubmissionDate.ToString("yyyy-MM-ddTHH:mm:ss.fffZ"), form.ActivationInfo.ActivationNotes }; Helpers.LogHelper.NotifyAction(Models.Log.ActionType.ActivateSite, json); } return(Json(new { status_code = 0 })); } else { return(Json(new { status_code = 5, status = "Unknown status code '" + type + "'" })); } }