public ActionResult Create(DX_FILES dx_files) { long newFileId = -1; try { if (Request.Files[0].InputStream.Length != 0) { if (Request.Files[0].InputStream.Length < MAX_FILE_SIZE) { HttpPostedFileBase file = Request.Files[0]; System.IO.Stream stream = file.InputStream; byte[] fileData = new byte[stream.Length]; stream.Read(fileData, 0, fileData.Length); string userid = SessionKeyMgmt.UserId; //Setting properties of the file object string description = Request.Params.Get("description"); if (description.Length != 0 || description.Length > 75) { dx_files.ownerid = userid; dx_files.isarchived = false; dx_files.islocked = false; // Get the filename and its extension string filetype = System.IO.Path.GetExtension(file.FileName); string filename = System.IO.Path.GetFileName(file.FileName); dx_files.type = filetype; dx_files.filename = filename; if (supportedFileTypes.Contains(filetype)) { // Find if there are any files with the same filename var existingFiles = from filesTable in db.DX_FILES where filesTable.ownerid == userid && filesTable.filename == filename select filesTable; // If there already existed a document by this name // increment the verison number if (existingFiles.Count() != 0) { DX_FILES existingFile = existingFiles.First(); if (existingFile.isarchived == true) { ModelState.AddModelError("", "A file with the same name exists in your archived docs. Cannot upload"); return View(); } else { ModelState.AddModelError("", "A file with same name exists in My Docs. Please update the corresponding file"); return View(); } } else { // Creating a new file dx_files.latestversion = 1; dx_files.creationdate = System.DateTime.Now; DX_USER user = db.DX_USER.Single(d => d.userid == userid); string accesslevel = user.accesslevel; if(accesslevel !="employee" && accesslevel!="manager" && accesslevel!="vp" && accesslevel!="ceo") { ModelState.AddModelError("", "You are not authorized to upload a file"); return View(); } //Based on the role, the file should be shared with managers // Create a new file version object DX_FILEVERSION fileversion = new DX_FILEVERSION(); fileversion.isencrypted = false; // Encrypt the file data if requested string encrypted = Request.Params.Get("encrypted"); if (encrypted == "true") { // Read the encrytion key if (Request.Files[1].InputStream.Length != 0) { HttpPostedFileBase keyFile = Request.Files[1]; System.IO.Stream keyStream = keyFile.InputStream; byte[] keyData = new byte[keyStream.Length]; keyStream.Read(keyData, 0, (int)keyStream.Length); fileversion.isencrypted = true; RijndaelManaged Crypto = new RijndaelManaged(); Crypto.BlockSize = 128; Crypto.KeySize = 256; Crypto.Mode = CipherMode.CBC; Crypto.Padding = PaddingMode.PKCS7; Crypto.Key = keyData; // Convert the ivString to a byte array byte[] ivArray = new byte[16]; System.Buffer.BlockCopy(ivStringConstant.ToCharArray(), 0, ivArray, 0, ivArray.Length); Crypto.IV = ivArray; ICryptoTransform Encryptor = Crypto.CreateEncryptor(Crypto.Key, Crypto.IV); byte[] cipherText = Encryptor.TransformFinalBlock(fileData, 0, fileData.Length); // Copy the encrypted data to the file data buffer Array.Clear(fileData, 0, fileData.Length); Array.Resize(ref fileData, cipherText.Length); Array.Copy(cipherText, fileData, cipherText.Length); } else { ModelState.AddModelError("", "Please enter a valid keyfile"); return View(); } } var allFiles = from fileversions in db.DX_FILEVERSION select fileversions; double totalSize; if (allFiles.Count() != 0) { totalSize = allFiles.Sum(w => w.size); } else totalSize=0; totalSize /= (1024 * 1024); long maxSize = long.Parse(System.Configuration.ConfigurationManager.AppSettings["filestreamMaxSize"]); if ((totalSize + (fileData.Length / (1024 * 1024)) > maxSize)) { ModelState.AddModelError("", "Disk space exceeded. Please contact admin"); return View(); } // Save changes for the DX_FILES object so the new fileid is // auto generated. db.DX_FILES.AddObject(dx_files); db.SaveChanges(); newFileId = dx_files.fileid; fileversion.versionnumber = (int)dx_files.latestversion; fileversion.updatedate = System.DateTime.Now; fileversion.description = description; fileversion.updatedby = userid; // Add information about the file version to database fileversion.filedata = fileData; fileversion.size = fileData.Length; fileversion.fileid = dx_files.fileid; fileversion.versionid = Guid.NewGuid(); db.DX_FILEVERSION.AddObject(fileversion); //Share with the owner DX_PRIVILEGE empPriv = new DX_PRIVILEGE(); empPriv.userid = userid; empPriv.read = true; empPriv.update = true; empPriv.reason = "owner"; empPriv.check = true; empPriv.delete = true; empPriv.fileid = dx_files.fileid; db.DX_PRIVILEGE.AddObject(empPriv); if (accesslevel == "employee") { //Getting the dept id of employee DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid); int deptid = userdept.deptid; //Getting the user id of manager var managers = from usersTable in db.DX_USER join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid where usersTable.accesslevel == "manager" && userdepts.deptid == deptid select usersTable; if (managers.Count() != 0) { DX_PRIVILEGE mgrPriv = new DX_PRIVILEGE(); foreach (DX_USER managerUser in managers) { //Providing manager the respective rights string managerId = managerUser.userid; mgrPriv.userid = managerId; mgrPriv.read = true; mgrPriv.check = true; mgrPriv.update = true; mgrPriv.reason = "inherit"; mgrPriv.delete = true; mgrPriv.fileid = dx_files.fileid; db.DX_PRIVILEGE.AddObject(mgrPriv); } } } if (accesslevel == "manager" || accesslevel == "employee") { //Getting the dept id of employee DX_USERDEPT userdept = db.DX_USERDEPT.Single(d => d.userid == userid); int deptid = userdept.deptid; var vp = from usersTable in db.DX_USER join userdepts in db.DX_USERDEPT on usersTable.userid equals userdepts.userid where usersTable.accesslevel == "vp" && userdepts.deptid == deptid select usersTable; if (vp.Count() != 0) { foreach (DX_USER vpUser in vp) { DX_PRIVILEGE vpPriv = new DX_PRIVILEGE(); string vpId = vpUser.userid; vpPriv.userid = vpId; vpPriv.read = true; vpPriv.check = true; vpPriv.update = true; vpPriv.reason = "inherit"; vpPriv.delete = true; vpPriv.fileid = dx_files.fileid; db.DX_PRIVILEGE.AddObject(vpPriv); } } } if (accesslevel == "vp" || accesslevel == "manager" || accesslevel == "employee") { var ceo = from usersTable in db.DX_USER where usersTable.accesslevel == "ceo" select usersTable; if (ceo.Count() != 0) { foreach (DX_USER ceoUser in ceo) { DX_PRIVILEGE ceoPriv = new DX_PRIVILEGE(); string ceoId = ceoUser.userid; ceoPriv.userid = ceoId; ceoPriv.read = true; ceoPriv.check = true; ceoPriv.update = true; ceoPriv.reason = "inherit"; ceoPriv.delete = true; ceoPriv.fileid = dx_files.fileid; db.DX_PRIVILEGE.AddObject(ceoPriv); } } } db.SaveChanges(); // Show the document list return RedirectToAction("ListDocuments"); } } else { ModelState.AddModelError("","Invalid file type. Accepted file types are PDF, Word, Excel, PowerPoint, Text and Image Files"); } } else { ModelState.AddModelError("","Please enter a valid description"); } } else { ModelState.AddModelError("", "File size exceeded 5 MB Limit"); return View(); } } else { ModelState.AddModelError("","Please select the file to be uploaded"); } } catch (Exception) { ModelState.AddModelError("","Error uploading the document "); // Check if a document information has been uploaded to DX_FILES // and delete it if (newFileId != -1) { db.DX_FILES.DeleteObject(dx_files); db.SaveChanges(); } } return View(); }
public ActionResult ShareFiles(ShareDocuments files) { if (files != null && files.shareWithUsers != null) { files.Files = SessionKeyMgmt.SharedFiles; try { List<Int64> fileIdList = new List<Int64>(); foreach (DX_FILES file in files.Files) { fileIdList.Add(Convert.ToInt64(file.fileid)); } foreach (string user in files.shareWithUsers) { foreach (Int64 fileId in fileIdList) { var listofsharedfiles = from privilegetable in db.DX_PRIVILEGE where privilegetable.fileid == fileId && privilegetable.userid == user select privilegetable; if (listofsharedfiles.ToList().Count > 0) { foreach (DX_PRIVILEGE existingfile in listofsharedfiles) { if (existingfile.reason != "inherit" && existingfile.reason != "owner") { existingfile.read = true; existingfile.delete = false; existingfile.update = files.update; existingfile.check = files.check; } } } else { DX_PRIVILEGE sharedfile = new DX_PRIVILEGE(); sharedfile.fileid = fileId; sharedfile.userid = user; sharedfile.read = true; sharedfile.delete = false; sharedfile.update = files.update; sharedfile.check = files.check; sharedfile.reason = "shared"; db.DX_PRIVILEGE.AddObject(sharedfile); } } } db.SaveChanges(); } catch { ModelState.AddModelError("", "Some Error occured. Try again after sometime!"); } SessionKeyMgmt.SharedFiles = new List<DX_FILES>(); } else { ModelState.AddModelError("", "Please select users!!"); } return RedirectToAction("ListDocuments"); }
/// <summary> /// Deprecated Method for adding a new object to the DX_PRIVILEGE EntitySet. Consider using the .Add method of the associated ObjectSet<T> property instead. /// </summary> public void AddToDX_PRIVILEGE(DX_PRIVILEGE dX_PRIVILEGE) { base.AddObject("DX_PRIVILEGE", dX_PRIVILEGE); }
/// <summary> /// Create a new DX_PRIVILEGE object. /// </summary> /// <param name="privilegeid">Initial value of the privilegeid property.</param> /// <param name="fileid">Initial value of the fileid property.</param> /// <param name="userid">Initial value of the userid property.</param> /// <param name="read">Initial value of the read property.</param> /// <param name="delete">Initial value of the delete property.</param> /// <param name="update">Initial value of the update property.</param> /// <param name="check">Initial value of the check property.</param> /// <param name="reason">Initial value of the reason property.</param> public static DX_PRIVILEGE CreateDX_PRIVILEGE(global::System.Int64 privilegeid, global::System.Int64 fileid, global::System.String userid, global::System.Boolean read, global::System.Boolean delete, global::System.Boolean update, global::System.Boolean check, global::System.String reason) { DX_PRIVILEGE dX_PRIVILEGE = new DX_PRIVILEGE(); dX_PRIVILEGE.privilegeid = privilegeid; dX_PRIVILEGE.fileid = fileid; dX_PRIVILEGE.userid = userid; dX_PRIVILEGE.read = read; dX_PRIVILEGE.delete = delete; dX_PRIVILEGE.update = update; dX_PRIVILEGE.check = check; dX_PRIVILEGE.reason = reason; return dX_PRIVILEGE; }
public ActionResult AssignAccessLevel(string id) { try { if (id != null) { var allusers = from usertabel in database.DX_USER where usertabel.userid == id select usertabel; if (allusers != null && allusers.ToList().Count == 1) { DX_USER user = allusers.ToList().First(); switch (user.role) { case "ceo": user.accesslevel = Constants.CEO_USER_ACCESS; break; case "manager": user.accesslevel = Constants.MANAGER_USER_ACCESS; break; case "employee": user.accesslevel = Constants.EMPLOYEE_USER_ACCESS; break; case "vp": user.accesslevel = Constants.VP_USER_ACCESS; break; default: break; } database.ObjectStateManager.ChangeObjectState(user, EntityState.Modified); if (user.accesslevel != Constants.EMPLOYEE_USER_ACCESS) { var userdept = from userdepttable in database.DX_USERDEPT where userdepttable.userid == id select userdepttable; if (userdept == null) { throw new Exception("error while retrieving user department"); } List<string> usersList = new List<string>(); foreach (DX_USERDEPT dept in userdept) { var deptmembers = from userdepttable in database.DX_USERDEPT where userdepttable.deptid == dept.deptid && userdepttable.userid!=id select userdepttable; if (deptmembers != null) { foreach (DX_USERDEPT deptuser in deptmembers) { string deptUserid = deptuser.userid; if (!usersList.Contains(deptUserid)) usersList.Add(deptUserid); else continue; var useraccess = database.DX_USER.SingleOrDefault(x => x.userid == deptuser.userid); switch (user.accesslevel) { case "manager": { if (useraccess.accesslevel.Equals("ceo") || useraccess.accesslevel.Equals("vp")) { continue; } break; } case "vp": { if (useraccess.accesslevel.Equals("ceo")) { continue; } break; } } var employeeFiles = from files in database.DX_FILES where files.ownerid == useraccess.userid select files; if (employeeFiles != null) { foreach (DX_FILES employeeFile in employeeFiles) { var file = from prev in database.DX_PRIVILEGE where prev.userid == id && prev.fileid == employeeFile.fileid select prev; if (file != null && file.Count() < 1) { DX_PRIVILEGE filePriv = new DX_PRIVILEGE(); filePriv.fileid = employeeFile.fileid; filePriv.userid = id; filePriv.read = true; filePriv.update = true; filePriv.delete = true; filePriv.check = true; filePriv.reason = "inherit"; database.DX_PRIVILEGE.AddObject(filePriv); } } } } } } } int success = database.SaveChanges(); if (success > 0) { String message = Environment.NewLine + "Hi " + user.fname + "," + Environment.NewLine + "You request has been approved!" + Environment.NewLine + "You Can now login to your account to access your files" + Environment.NewLine + "- Docbox Team"; try { EmailMessaging.sendMessage(id, message, "Notification"); } catch { ModelState.AddModelError("", "User approved, but notification not send"); return View("Error"); } //FormsAuthentication.SetAuthCookie(id, false); } } } } catch { ModelState.AddModelError("", "Error occured while assigning access level to the user"); } return RedirectToAction("Index"); }