public ActionResult Create(DX_FILES dx_files)
{
long newFileId = -1;
try
{
if (Request.Files[0].InputStream.Length != 0)
{
if (Request.Files[0].InputStream.Length < MAX_FILE_SIZE)
{
HttpPostedFileBase file = Request.Files[0];
System.IO.Stream stream = file.InputStream;
byte[] fileData = new byte[stream.Length];
stream.Read(fileData, 0, fileData.Length);
string userid = SessionKeyMgmt.UserId;
//Setting properties of the file object
string description = Request.Params.Get("description");
if (description.Length != 0 || description.Length > 75)
{
dx_files.ownerid = userid;
dx_files.isarchived = false;
dx_files.islocked = false;
// Get the filename and its extension
string filetype = System.IO.Path.GetExtension(file.FileName);
string filename = System.IO.Path.GetFileName(file.FileName);
dx_files.type = filetype;
dx_files.filename = filename;
if (supportedFileTypes.Contains(filetype))
{
// Find if there are any files with the same filename
var existingFiles = from filesTable in db.DX_FILES
where filesTable.ownerid == userid && filesTable.filename == filename
select filesTable;
// If there already existed a document by this name
// increment the verison number
if (existingFiles.Count() != 0)
{
DX_FILES existingFile = existingFiles.First();
if (existingFile.isarchived == true)
{
ModelState.AddModelError("", "A file with the same name exists in your archived docs. Cannot upload");
return View();
}
else
{
ModelState.AddModelError("", "A file with same name exists in My Docs. Please update the corresponding file");
return View();
}
}
else
{
// Creating a new file
dx_files.latestversion = 1;
dx_files.creationdate = System.DateTime.Now;
DX_USER user = db.DX_USER.Single(d => d.userid == userid);
string accesslevel = user.accesslevel;
if(accesslevel !="employee" && accesslevel!="manager" && accesslevel!="vp" && accesslevel!="ceo")
{
ModelState.AddModelError("", "You are not authorized to upload a file");
return View();
}
//Based on the role, the file should be shared with managers
// Create a new file version object
DX_FILEVERSION fileversion = new DX_FILEVERSION();
fileversion.isencrypted = false;
// Encrypt the file data if requested
string encrypted = Request.Params.Get("encrypted");
if (encrypted == "true")
{
// Read the encrytion key
if (Request.Files[1].InputStream.Length != 0)
{
HttpPostedFileBase keyFile = Request.Files[1];
System.IO.Stream keyStream = keyFile.InputStream;
byte[] keyData = new byte[keyStream.Length];
keyStream.Read(keyData, 0, (int)keyStream.Length);
fileversion.isencrypted = true;
RijndaelManaged Crypto = new RijndaelManaged();
Crypto.BlockSize = 128;
Crypto.KeySize = 256;
Crypto.Mode = CipherMode.CBC;
Crypto.Padding = PaddingMode.PKCS7;
Crypto.Key = keyData;
// Convert the ivString to a byte array
byte[] ivArray = new byte[16];
System.Buffer.BlockCopy(ivStringConstant.ToCharArray(), 0,
ivArray, 0, ivArray.Length);
Crypto.IV = ivArray;
ICryptoTransform Encryptor = Crypto.CreateEncryptor(Crypto.Key, Crypto.IV);
byte[] cipherText = Encryptor.TransformFinalBlock(fileData, 0, fileData.Length);
// Copy the encrypted data to the file data buffer
Array.Clear(fileData, 0, fileData.Length);
Array.Resize(ref fileData, cipherText.Length);
Array.Copy(cipherText, fileData, cipherText.Length);
}
else
{
ModelState.AddModelError("", "Please enter a valid keyfile");
return View();
}
}
var allFiles = from fileversions in db.DX_FILEVERSION
select fileversions;
double totalSize;
if (allFiles.Count() != 0)
{
totalSize = allFiles.Sum(w => w.size);
}
else
totalSize=0;
totalSize /= (1024 * 1024);
long maxSize = long.Parse(System.Configuration.ConfigurationManager.AppSettings["filestreamMaxSize"]);
if ((totalSize + (fileData.Length / (1024 * 1024)) > maxSize))
{
ModelState.AddModelError("", "Disk space exceeded. Please contact admin");
return View();
}
// Save changes for the DX_FILES object so the new fileid is
// auto generated.
db.DX_FILES.AddObject(dx_files);
db.SaveChanges();
newFileId = dx_files.fileid;
fileversion.versionnumber = (int)dx_files.latestversion;
fileversion.updatedate = System.DateTime.Now;
fileversion.description = description;
fileversion.updatedby = userid;
// Add information about the file version to database
fileversion.filedata = fileData;
fileversion.size = fileData.Length;
fileversion.fileid = dx_files.fileid;
fileversion.versionid = Guid.NewGuid();
db.DX_FILEVERSION.AddObject(fileversion);
//Share with the owner
DX_PRIVILEGE empPriv = new DX_PRIVILEGE();
empPriv.userid = userid;
empPriv.read = true;
empPriv.update = true;
empPriv.reason = "owner";
empPriv.check = true;
empPriv.delete = true;
empPriv.fileid = dx_files.fileid;
db.DX_PRIVILEGE.AddObject(empPriv);
if (accesslevel == "employee")
{
//Getting the dept id of employee
DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid);
int deptid = userdept.deptid;
//Getting the user id of manager
var managers = from usersTable in db.DX_USER
join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid
where usersTable.accesslevel == "manager" && userdepts.deptid == deptid
select usersTable;
if (managers.Count() != 0)
{
DX_PRIVILEGE mgrPriv = new DX_PRIVILEGE();
foreach (DX_USER managerUser in managers)
{
//Providing manager the respective rights
string managerId = managerUser.userid;
mgrPriv.userid = managerId;
mgrPriv.read = true;
mgrPriv.check = true;
mgrPriv.update = true;
mgrPriv.reason = "inherit";
mgrPriv.delete = true;
mgrPriv.fileid = dx_files.fileid;
db.DX_PRIVILEGE.AddObject(mgrPriv);
}
}
}
if (accesslevel == "manager" || accesslevel == "employee")
{
//Getting the dept id of employee
DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid);
int deptid = userdept.deptid;
var vp = from usersTable in db.DX_USER
join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid
where usersTable.accesslevel == "vp" && userdepts.deptid == deptid
select usersTable;
if (vp.Count() != 0)
{
foreach (DX_USER vpUser in vp)
{
DX_PRIVILEGE vpPriv = new DX_PRIVILEGE();
string vpId = vpUser.userid;
vpPriv.userid = vpId;
vpPriv.read = true;
vpPriv.check = true;
vpPriv.update = true;
vpPriv.reason = "inherit";
vpPriv.delete = true;
vpPriv.fileid = dx_files.fileid;
db.DX_PRIVILEGE.AddObject(vpPriv);
}
}
}
if (accesslevel == "vp" || accesslevel == "manager" || accesslevel == "employee")
{
var ceo = from usersTable in db.DX_USER
where usersTable.accesslevel == "ceo"
select usersTable;
if (ceo.Count() != 0)
{
foreach (DX_USER ceoUser in ceo)
{
DX_PRIVILEGE ceoPriv = new DX_PRIVILEGE();
string ceoId = ceoUser.userid;
ceoPriv.userid = ceoId;
ceoPriv.read = true;
ceoPriv.check = true;
ceoPriv.update = true;
ceoPriv.reason = "inherit";
ceoPriv.delete = true;
ceoPriv.fileid = dx_files.fileid;
db.DX_PRIVILEGE.AddObject(ceoPriv);
}
}
}
db.SaveChanges();
// Show the document list
return RedirectToAction("ListDocuments");
}
}
else
{
ModelState.AddModelError("","Invalid file type. Accepted file types are PDF, Word, Excel, PowerPoint, Text and Image Files");
}
}
else
{
ModelState.AddModelError("","Please enter a valid description");
}
}
else
{
ModelState.AddModelError("", "File size exceeded 5 MB Limit");
return View();
}
}
else
{
ModelState.AddModelError("","Please select the file to be uploaded");
}
}
catch (Exception)
{
ModelState.AddModelError("","Error uploading the document ");
// Check if a document information has been uploaded to DX_FILES
// and delete it
if (newFileId != -1)
{
db.DX_FILES.DeleteObject(dx_files);
db.SaveChanges();
}
}
return View();
}
public ActionResult ShareFiles(ShareDocuments files)
{
if (files != null && files.shareWithUsers != null)
{
files.Files = SessionKeyMgmt.SharedFiles;
try
{
List<Int64> fileIdList = new List<Int64>();
foreach (DX_FILES file in files.Files)
{
fileIdList.Add(Convert.ToInt64(file.fileid));
}
foreach (string user in files.shareWithUsers)
{
foreach (Int64 fileId in fileIdList)
{
var listofsharedfiles = from privilegetable in db.DX_PRIVILEGE where privilegetable.fileid == fileId && privilegetable.userid == user select privilegetable;
if (listofsharedfiles.ToList().Count > 0)
{
foreach (DX_PRIVILEGE existingfile in listofsharedfiles)
{
if (existingfile.reason != "inherit" && existingfile.reason != "owner")
{
existingfile.read = true;
existingfile.delete = false;
existingfile.update = files.update;
existingfile.check = files.check;
}
}
}
else
{
DX_PRIVILEGE sharedfile = new DX_PRIVILEGE();
sharedfile.fileid = fileId;
sharedfile.userid = user;
sharedfile.read = true;
sharedfile.delete = false;
sharedfile.update = files.update;
sharedfile.check = files.check;
sharedfile.reason = "shared";
db.DX_PRIVILEGE.AddObject(sharedfile);
}
}
}
db.SaveChanges();
}
catch
{
ModelState.AddModelError("", "Some Error occured. Try again after sometime!");
}
SessionKeyMgmt.SharedFiles = new List<DX_FILES>();
}
else
{
ModelState.AddModelError("", "Please select users!!");
}
return RedirectToAction("ListDocuments");
}
/// <summary>
/// Deprecated Method for adding a new object to the DX_PRIVILEGE EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead.
/// </summary>
public void AddToDX_PRIVILEGE(DX_PRIVILEGE dX_PRIVILEGE)
{
base.AddObject("DX_PRIVILEGE", dX_PRIVILEGE);
}
/// <summary>
/// Create a new DX_PRIVILEGE object.
/// </summary>
/// <param name="privilegeid">Initial value of the privilegeid property.</param>
/// <param name="fileid">Initial value of the fileid property.</param>
/// <param name="userid">Initial value of the userid property.</param>
/// <param name="read">Initial value of the read property.</param>
/// <param name="delete">Initial value of the delete property.</param>
/// <param name="update">Initial value of the update property.</param>
/// <param name="check">Initial value of the check property.</param>
/// <param name="reason">Initial value of the reason property.</param>
public static DX_PRIVILEGE CreateDX_PRIVILEGE(global::System.Int64 privilegeid, global::System.Int64 fileid, global::System.String userid, global::System.Boolean read, global::System.Boolean delete, global::System.Boolean update, global::System.Boolean check, global::System.String reason)
{
DX_PRIVILEGE dX_PRIVILEGE = new DX_PRIVILEGE();
dX_PRIVILEGE.privilegeid = privilegeid;
dX_PRIVILEGE.fileid = fileid;
dX_PRIVILEGE.userid = userid;
dX_PRIVILEGE.read = read;
dX_PRIVILEGE.delete = delete;
dX_PRIVILEGE.update = update;
dX_PRIVILEGE.check = check;
dX_PRIVILEGE.reason = reason;
return dX_PRIVILEGE;
}
public ActionResult AssignAccessLevel(string id)
{
try
{
if (id != null)
{
var allusers = from usertabel in database.DX_USER where usertabel.userid == id select usertabel;
if (allusers != null && allusers.ToList().Count == 1)
{
DX_USER user = allusers.ToList().First();
switch (user.role)
{
case "ceo": user.accesslevel = Constants.CEO_USER_ACCESS;
break;
case "manager": user.accesslevel = Constants.MANAGER_USER_ACCESS;
break;
case "employee": user.accesslevel = Constants.EMPLOYEE_USER_ACCESS;
break;
case "vp": user.accesslevel = Constants.VP_USER_ACCESS;
break;
default:
break;
}
database.ObjectStateManager.ChangeObjectState(user, EntityState.Modified);
if (user.accesslevel != Constants.EMPLOYEE_USER_ACCESS) {
var userdept = from userdepttable in database.DX_USERDEPT
where userdepttable.userid == id
select userdepttable;
if (userdept == null) { throw new Exception("error while retrieving user department"); }
List<string> usersList = new List<string>();
foreach (DX_USERDEPT dept in userdept) {
var deptmembers = from userdepttable in database.DX_USERDEPT
where userdepttable.deptid == dept.deptid && userdepttable.userid!=id
select userdepttable;
if (deptmembers != null)
{
foreach (DX_USERDEPT deptuser in deptmembers)
{
string deptUserid = deptuser.userid;
if (!usersList.Contains(deptUserid))
usersList.Add(deptUserid);
else
continue;
var useraccess = database.DX_USER.SingleOrDefault(x => x.userid == deptuser.userid);
switch (user.accesslevel)
{
case "manager":
{
if (useraccess.accesslevel.Equals("ceo") || useraccess.accesslevel.Equals("vp"))
{
continue;
}
break;
}
case "vp":
{
if (useraccess.accesslevel.Equals("ceo")) { continue; }
break;
}
}
var employeeFiles = from files in database.DX_FILES
where files.ownerid == useraccess.userid
select files;
if (employeeFiles != null)
{
foreach (DX_FILES employeeFile in employeeFiles)
{
var file = from prev in database.DX_PRIVILEGE where prev.userid == id && prev.fileid == employeeFile.fileid select prev;
if (file != null && file.Count() < 1)
{
DX_PRIVILEGE filePriv = new DX_PRIVILEGE();
filePriv.fileid = employeeFile.fileid;
filePriv.userid = id;
filePriv.read = true;
filePriv.update = true;
filePriv.delete = true;
filePriv.check = true;
filePriv.reason = "inherit";
database.DX_PRIVILEGE.AddObject(filePriv);
}
}
}
}
}
}
}
int success = database.SaveChanges();
if (success > 0)
{
String message = Environment.NewLine + "Hi " + user.fname + "," + Environment.NewLine
+ "You request has been approved!" + Environment.NewLine
+ "You Can now login to your account to access your files" + Environment.NewLine
+ "- Docbox Team";
try
{
EmailMessaging.sendMessage(id, message, "Notification");
}
catch
{
ModelState.AddModelError("", "User approved, but notification not send");
return View("Error");
}
//FormsAuthentication.SetAuthCookie(id, false);
}
}
}
}
catch { ModelState.AddModelError("", "Error occured while assigning access level to the user"); }
return RedirectToAction("Index");
}