/*
* METHOD : AuditEntry
* DESCRIPTION :
* When modifying a Posting, this method compares the two
* and records the differences. Specifically, the user attributes.
* PARAMETERS :
* int userId : user logged in
* Employee oldPost : Post being modified
* Employee newPost : "new" Post (being modified)
* int originInstitutionID : The Institution ID the old post belonged to
* RETURNS : N/A
*/
public static void AuditEntry(int userId, Posting oldPost, Posting newPost)
{
using (var context = new BookstoreContext())
{
if (oldPost != null && newPost != null)
{
// general post's attributes
if (oldPost.author != newPost.author)
{
AuditEntry(userId, newPost.PostingID, MODIFY, "AUTHOR", oldPost.author, newPost.author);
}
if (oldPost.BookTitle != newPost.BookTitle)
{
AuditEntry(userId, newPost.PostingID, MODIFY, "BOOK TITLE", oldPost.BookTitle, newPost.BookTitle);
}
if (oldPost.PostTitle!= newPost.PostTitle)
{
AuditEntry(userId, newPost.PostingID, MODIFY, "POST TILTE", oldPost.PostTitle, newPost.PostTitle);
}
if (oldPost.PostDescription != newPost.PostDescription)
{
AuditEntry(userId, newPost.PostingID, MODIFY, "POST DESCRIPTION", oldPost.PostDescription, newPost.PostDescription);
}
if (oldPost.price != newPost.price)
{
AuditEntry(userId, newPost.PostingID, MODIFY, "PRICE", oldPost.price.ToString(), newPost.price.ToString());
}
}
}
}
public ActionResult Delete(int id = 0)
{
BookstoreContext db = new BookstoreContext();
Posting post = db.Postings.Find(id);
if (post == null)
{
post = new Posting();
}
try
{
OfficialPosting opost = db.OfficialPostings.Find(id);
if (opost != null)
{
db.OfficialPostings.Remove(opost);
}
db.Postings.Remove(post);
db.SaveChanges();
}
catch (Exception e)
{
}
//Add Audit
var userIds = WebSecurity.GetUserId(User.Identity.Name);
var postId = id;
AuditController.AuditEntry(userIds, postId, AuditController.REMOVEOFFICIAL);
return RedirectToAction("Manage", "manage");
}
void MvcApplication_AuthorizeRequest(object sender, EventArgs e)
{
IIdentity id = Context.User.Identity;
if (id.IsAuthenticated)
{
string role = new BookstoreContext().GetSecurityLevel(id.Name);
Context.User = new GenericPrincipal(id, new string[] { role });
}
}
/*
* METHOD : AuditEntry
* DESCRIPTION :
* This method begins an entry into the audit table starting from inactivity
* PARAMETERS :
* int userId : logged in user's ID
* int PostID : ID of post being created
* string action : create/modify/delete
* RETURNS :
* Audit auditEntry.ID : the ID integer of the entry being recorded
*/
public static int AuditEntry(int userId, int PostID, string action)
{
using (var context = new BookstoreContext())
{
var auditEntry = new Audits
{
ActionTime = DateTime.Now,
User_ID = userId,
Posting_ID = PostID,
Action = action,
};
context.Audit.Add(auditEntry);
context.SaveChanges();
SaveDBcontext(context);
return auditEntry.ID;
}
}
/*
* METHOD : ToViewModel
* DESCRIPTION :
* Changes a posting type into a view model. Regardless of the posting
* type, it can be made into a model. Once an posting is converted,
* the view model is returned.
* PARAMETERS :
* this Posting posting : The posting to transform.
* RETURNS :
* postingViewModel : Depends on class; is an PostingViewModel.
*/
public static PostingsViewModel ToOfficialPostingViewModel(this Posting post)
{
BookstoreContext db = new BookstoreContext();
var PostingsViewModel = new PostingsViewModel();
PostingsViewModel.postings = (Posting)post;
OfficialPosting offPost = (from ec in db.OfficialPostings
where ec.PostingID == post.PostingID
select ec).FirstOrDefault();
if (offPost != null)
{
PostingsViewModel.PostingType = "OFFICIAL";
}
else
{
PostingsViewModel.PostingType = "NORMAL";
}
// bookViewModel.ItemSeletList = BookController.GetDropDown(); //// add back the reasonForLeave drop-down
PostingsViewModel.Opostings = (OfficialPosting)offPost;
string tmpInstitutionName = "";
foreach (Institution x in db.Institutions)
{
if (post.Institution_ID == x.Institution_ID)
{
tmpInstitutionName = x.Name;
break;
}
}
PostingsViewModel.institution = tmpInstitutionName;
return PostingsViewModel;
}
public SimpleMembershipInitializer()
{
Database.SetInitializer<BookstoreContext>(new BookStoreInitializer());
try
{
using (var context = new BookstoreContext())
{
if (!context.Database.Exists())
{
// Create the SimpleMembership database without Entity Framework migration schema
((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
}
}
WebSecurity.InitializeDatabaseConnection("BookStoreContext", "Users", "userID", "Email", autoCreateTables: true);
var roles = (SimpleRoleProvider)System.Web.Security.Roles.Provider;
var membership = (SimpleMembershipProvider)Membership.Provider;
if (!roles.RoleExists("admin"))
{
roles.CreateRole("admin");
}
if (!roles.RoleExists("general"))
{
roles.CreateRole("general");
}
}
catch (Exception ex)
{
throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
}
}
/*
* METHOD : SaveDBcontext
* DESCRIPTION :
* Audit was successful, modification/change was valid, now save
* this information into the database
* PARAMETERS :
* EmployeeDBContext context : stores the employee information
* RETURNS : N/A
*/
private static void SaveDBcontext(BookstoreContext context)
{
try
{
context.SaveChanges();
}
catch (DbEntityValidationException ex)
{
// Retrieve the error messages as a list of strings.
var errorMessages = ex.EntityValidationErrors
.SelectMany(x => x.ValidationErrors)
.Select(x => x.ErrorMessage);
// Join the list to a single string.
var fullErrorMessage = string.Join("; ", errorMessages);
// Combine the original exception message with the new one.
var exceptionMessage = string.Concat(ex.Message, " The validation errors are: ", fullErrorMessage);
//// Throw a new DbEntityValidationException with the improved exception message.
//throw new DbEntityValidationException(exceptionMessage, ex.EntityValidationErrors);
}
}
/*
* METHOD : AuditEntry
* DESCRIPTION :
* The end of the audit entry, add it into the audit table.
* PARAMETERS :
* int userId : user logged in
* int PostID : Post ID (Post modified)
* string action : one of static private strings above, denoting which action performed
* string attr : attribute that was changed
* string oldValue : attribute's old value
* string newValue : attribute's new value
* RETURNS :
* int auditEntry.ID : The new audit entry's traceable ID
*/
public static int AuditEntry(int userId, int PostID, string action, string attr, string oldValue, string newValue)
{
using (var context = new BookstoreContext())
{
var auditEntry = new Audits
{
ActionTime = DateTime.Now,
User_ID = userId,
Posting_ID = PostID,
Action = action,
Attribute_Name = attr,
Old_value = oldValue,
New_Value = newValue
};
context.Audit.Add(auditEntry);
context.SaveChanges();
return auditEntry.ID;
}
}
public ActionResult UNOfficialBook(ManageViewModel mine, int id = 0)
{
BookstoreContext dba = new BookstoreContext();
OfficialPosting tmp = (from ec in dba.OfficialPostings
where ec.PostingID == id
select ec).FirstOrDefault();
try
{
if (tmp != null)
{
dba.OfficialPostings.Remove(tmp);
}
dba.SaveChanges();
}
catch (Exception e)
{
}
//Add Audit
var userIds = WebSecurity.GetUserId(User.Identity.Name);
var postId = id;
AuditController.AuditEntry(userIds, postId, AuditController.REMOVEOFFICIAL);
return RedirectToAction("Index", "manage", mine);
}
public ActionResult OfficialBook(ManageViewModel mine, int id = 0)
{
BookstoreContext dba = new BookstoreContext();
if (ModelState.IsValid)
{
try
{
if (mine.isOfficial)
{
mine.Officialpostings.PostingID = id;
dba.OfficialPostings.Add(mine.Officialpostings);
}
dba.SaveChanges();
}
catch (DbEntityValidationException e)
{
//display all the validation error on the postingview model
foreach (var eve in e.EntityValidationErrors)
{
Console.WriteLine("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
eve.Entry.Entity.GetType().Name, eve.Entry.State);
foreach (var ve in eve.ValidationErrors)
{
Console.WriteLine("- Property: \"{0}\", Error: \"{1}\"",
ve.PropertyName, ve.ErrorMessage);
}
}
}
//Add Audit
var userIds = WebSecurity.GetUserId(User.Identity.Name);
var postId = id;
AuditController.AuditEntry(userIds, postId, AuditController.CREATEOFFICIAL);
return RedirectToAction("Index", "manage", mine );
}
return View(mine.postings.ToPostingViewModel());
}
public ActionResult OfficialBook(int id = 0)
{
BookstoreContext dba = new BookstoreContext();
Posting post = dba.Postings.Find(id);
if (post == null)
{
post = new Posting();
}
var manageViewModel = new ManageViewModel();
manageViewModel.postings = post;
return View(manageViewModel);
}
public ActionResult Manage(ManageViewModel mine)
{
BookstoreContext dba = new BookstoreContext();
//Get infor for posting adn set it
var userId = WebSecurity.GetUserId(User.Identity.Name);
mine.InstitutionID = GetInstituion(User.Identity.Name);
if (mine == null)
{
mine = new ManageViewModel();
}
List<Posting> postings = null;
postings = (from ec in dba.Postings
where ec.Institution_ID == mine.InstitutionID && ec.UserID == userId
select ec).ToList<Posting>();
if (postings == null)
{
postings = new List<Posting>();
}
//set the value foreach of the postings
foreach (Posting ec in postings)
{
ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;
ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;
ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;
ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;
ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;
}
var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
mine.AllPostings = postingViewModels;
return View(mine);
}
public ActionResult Index(string booktitle, string author, ManageViewModel mine)
{
BookstoreContext dba = new BookstoreContext();
//Get infor for posting adn set it
var userId = WebSecurity.GetUserId(User.Identity.Name);
//get institution from email.
mine.InstitutionID = UserController.GetInstituion(User.Identity.Name);
if (mine == null)
{
mine = new ManageViewModel();
}
List<Posting> postings = null;
//get list of all posting from an instituiton for the admin
if (User.IsInRole("admin"))
{
if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)) )
{
postings = (from ec in dba.Postings
where ec.author.Contains(author) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
}
if (postings == null)
{
postings = new List<Posting>();
}
//set the value foreach of the postings
foreach (Posting ec in postings)
{
ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;
ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;
ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;
ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;
ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;
}
var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
mine.AllPostings = postingViewModels;
// List<OfficialPosting> Opostings = null;
return View(mine);
}
/*
* Method : Index
* PURPOSE : The purpose is to direct the user to the search page where user can search items
* by Bootitle and author. It fills the viewmodel with the required or searchd
* book postings and send them to the user for display.
*/
public ActionResult Index( string booktitle, string author, SearchViewModel mine)
{
BookstoreContext dba = new BookstoreContext();
if (mine == null)
{
mine = new SearchViewModel();
}
List<Posting> postings = null;
// if no institution was chosen, get the postings for all institutions
if (string.IsNullOrEmpty(mine.chosenValue))
{
if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)) )
{
postings = (from ec in dba.Postings
where ec.author.Contains(author) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings where DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
}
else
{
//get the chosen instititution in the search page
int tmpinstitutionID = 0;
foreach(Institution x in dba.Institutions)
{
if (mine.chosenValue == x.Name)
{
tmpinstitutionID = x.Institution_ID;
break;
}
}
if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.author.Contains(author) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.BookTitle.Contains(booktitle) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
{
postings = (from ec in dba.Postings
where ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
select ec).ToList<Posting>();
}
}
if (postings == null)
{
postings = new List<Posting>();
}
//set the value foreach of the postings that macth the search
foreach (Posting ec in postings)
{
ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;
ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;
ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;
ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;
ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;
}
var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
mine.AllPostings = postingViewModels;
return View(mine);
}
public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
{
string provider = null;
string providerUserId = null;
if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
{
return RedirectToAction("Manage");
}
if (ModelState.IsValid)
{
// Insert a new user into the database
using (BookstoreContext db = new BookstoreContext())
{
User user = db.User.FirstOrDefault(u => u.Email.ToLower() == model.Email.ToLower());
// Check if user already exists
if (user == null)
{
// Insert name into the profile table
db.User.Add(new User { Email = model.Email });
db.SaveChanges();
OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.Email);
OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);
return RedirectToLocal(returnUrl);
}
else
{
ModelState.AddModelError("Email", "Email Address already exists. Please enter a different Email Address.");
}
}
}
ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
ViewBag.ReturnUrl = returnUrl;
return View(model);
}