protected override bool AuthorizeCore(HttpContextBase httpContext) { // first try and authorize the user if (httpContext == null) { throw new ArgumentNullException("httpContext"); } IPrincipal user = httpContext.User; if (user.Identity.IsAuthenticated) { // now check to see if the user in the doctor role var context = new HVDbContext(); // check to see if the role exists var roles = this.Roles.Split(','); if (roles.Length > 0) { // find the roles in the database foreach (var r in roles) { var role = context.Roles.Where(t => t.RoleName.Equals(r)).FirstOrDefault(); if (role != null) { var userdb = context.Users.Where(t => t.UserName.Equals(user.Identity.Name)).FirstOrDefault(); if (userdb != null) { // now find the role and user association var ru = context.UserRoles.Where(t => t.RoleId.Equals(role.RoleId) && t.UserId.Equals(userdb.UserId)).FirstOrDefault(); if (ru != null) { // we found the association so we are good return true; } } } } } } // if we make it here user is not authenticated return false; }
public ActionResult GetUserList() { var ret = new { status = "ok" }; // get a list of users var context = new HVDbContext(); var users = (from t in context.HealthVaultUsers select new { t.Id, t.RecordId, t.Name, }).ToList(); // compose the response return Json(new { status = ret.status, users = users.Select(a => new { a.Id, a.Name, imageUrl = HVUserImageHelper.Default.GetImageUrl(a.RecordId) }).ToList(), }, JsonRequestBehavior.AllowGet); }
private void SaveUser(PersonInfo personInfo, string token) { // create a new context var context = new HVDbContext(); // check if the user already exists var user = (from t in context.HealthVaultUsers where t.PersonId.Equals(personInfo.PersonId) select t).FirstOrDefault(); if (user == null) { // add user to collection context.HealthVaultUsers.Add(new HealthVaultUser() { HealthRecordState = personInfo.SelectedRecord.State.ToString(), Name = personInfo.SelectedRecord.Name, PersonId = personInfo.PersonId, RecordId = personInfo.SelectedRecord.Id, WCToken = token, PersonInfoObject = personInfo.GetXml() }); } else { // update the user user.HealthRecordState = personInfo.SelectedRecord.State.ToString(); user.Name = personInfo.SelectedRecord.Name; user.PersonId = personInfo.PersonId; user.RecordId = personInfo.SelectedRecord.Id; user.WCToken = token; user.PersonInfoObject = personInfo.GetXml(); } // save the record context.SaveChanges(); }
public ActionResult GetUserData(int userId = -1) { // just do a basic check if (userId == -1) return Json(new { status = "error", msg = "userId not sent" }, JsonRequestBehavior.AllowGet); // try to find the user var context = new HVDbContext(); var user = (from t in context.HealthVaultUsers where t.Id == userId select t).FirstOrDefault(); // if no user is found return error if (user == null) return Json(new { status = "error", msg = "userId not found" }, JsonRequestBehavior.AllowGet); // extract the token and make the request to health vault for all the data var authToken = user.WCToken; // register the type in the HV SDK ItemTypeManager.RegisterTypeHandler(HVJournalEntry.TypeId, typeof(HVJournalEntry), true); // create the appropriate objects for health vault var appId = HealthApplicationConfiguration.Current.ApplicationId; WebApplicationCredential cred = new WebApplicationCredential( appId, authToken, HealthApplicationConfiguration.Current.ApplicationCertificate); // setup the user WebApplicationConnection connection = new WebApplicationConnection(appId, cred); PersonInfo personInfo = null; try { personInfo = HealthVaultPlatform.GetPersonInfo(connection); } catch { return Json(new { status = "error", msg = "Unable to connect to HealthVault service" }, JsonRequestBehavior.AllowGet); } // get the selected record var authRecord = personInfo.SelectedRecord; // make sure there is a record returned if (authRecord == null) return Json(new { status = "error", msg = "cannot get selected record" }, JsonRequestBehavior.AllowGet); // before we add make sure we still have permission to read var result = authRecord.QueryPermissionsByTypes(new List<Guid>() { HVJournalEntry.TypeId }).FirstOrDefault(); if (!result.Value.OnlineAccessPermissions.HasFlag(HealthRecordItemPermissions.Read)) return Json(new { status = "error", msg = "unable to create record as no permission is given from health vault" }, JsonRequestBehavior.AllowGet); // search hv for the records HealthRecordSearcher searcher = authRecord.CreateSearcher(); HealthRecordFilter filter = new HealthRecordFilter(HVJournalEntry.TypeId); searcher.Filters.Add(filter); HealthRecordItemCollection entries = searcher.GetMatchingItems()[0]; var ret = entries.Cast<HVJournalEntry>().ToList().Select(t => t.JournalEntry); return Json(new { status = "ok", data = ret }, JsonRequestBehavior.AllowGet); }