public bool IsInRole(string role)
{
using (CuponeraEntities db = new CuponeraEntities())
{
var _user = db.UserProfile.FirstOrDefault(u => u.UserName.ToLower() == this.Identity.Name);
return(_user.webpages_Roles.Where(r => r.RoleName.Equals(role)).Count() > 0);
}
}
public static void SendNewUserNotificationToAdministrators(RegisterModel model)
{
Dictionary <string, string> emailList = new Dictionary <string, string>();
using (CuponeraEntities db = new CuponeraEntities())
{
bool emailSentToCompanyAdmins = false;
var companies = db.company.Where(c => c.Name.ToLower().Contains(model.Company.ToLower()));
if (companies.Count() > 0)
{
foreach (var company in companies)
{
foreach (var usercompany in company.userCompany)
{
if (usercompany.IsAdmin)
{
emailSentToCompanyAdmins = true;
if (!emailList.ContainsKey(usercompany.UserProfile.UserName))
{
emailList.Add(usercompany.UserProfile.UserName, usercompany.UserProfile.Email);
}
}
}
}
}
if (!emailSentToCompanyAdmins)//Send the email to BO admins
{
foreach (var user in db.webpages_Roles.Where(r => r.RoleName.Equals("admin")).Select(r => r.UserProfile))
{
foreach (var u in user)
{
if (!emailList.ContainsKey(u.UserName))
{
emailList.Add(u.UserName, u.Email);
}
}
}
}
foreach (var email in emailList)
{
SendSafeEmail(email.Value, PrepareBody(email.Key, string.Format("Hay un nuevo usuario: {0}, esperando la asignación a la compañia con el siguiente nombre sugerido: {1} ", model.Email, model.Company)));
}
}
}
public CuponeraIdentity(IIdentity baseIdentity)
{
IsAuthenticated = baseIdentity.IsAuthenticated;
AuthenticationType = baseIdentity.AuthenticationType;
Name = baseIdentity.Name;
if (HttpContext.Current.Session != null)
{
HttpContext.Current.Session.RemoveAll();
using (CuponeraEntities db = new CuponeraEntities())
{
var _user = db.UserProfile.FirstOrDefault(u => u.UserName.ToLower() == Name.ToLower());
if (_user == null)
{
LogoutMethod();
return;
}
HttpContext.Current.Session["userId"] = _user.UserId;
HttpContext.Current.Session["userActive"] = _user.Active;
if (_user.Active != null && (bool)_user.Active)
{
var stores = db.userCompany.Where(uc => uc.IdUser.Equals(CuponeraIdentity.CurrentUserId) && !uc.DeletionDatetime.HasValue).Select(s => s.IdStore).ToList();
HttpContext.Current.Session["AvailableStores"] = stores;
//Is Admin
var userCompany = db.userCompany.Where(uc => uc.IdUser.Equals(CuponeraIdentity.CurrentUserId) && uc.IsAdmin).FirstOrDefault();
if (userCompany != null && userCompany.IsAdmin)
{
HttpContext.Current.Session["AdminCompany"] = userCompany.IdCompany;
}
}
}
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return(false);
}
//Override Principal for IsInRole Validation
//TODO: figure out why, when a session already exist, this fails because simplemembership is not initialized
//if (httpContext.User.IsInRole("admin")) return true;
if (new CuponeraPrincipal(new CuponeraIdentity(httpContext.User.Identity)).IsInRole("admin"))
{
return(true);
}
else
{
if (MustBeAdmin)
{
return(false);
}
}
//Define Entity and Id of entity
string entity = httpContext.Request.Url.Segments[1].Replace("/", string.Empty);
//Only applies to operation on specific resources, not for Index
if (httpContext.Request.Url.Segments.Count() > 3)
{
int idEntity = Convert.ToInt32(httpContext.Request.Url.Segments[3].Replace("/", string.Empty));
List <int> stores = new List <int>();
using (CuponeraEntities db = new CuponeraEntities())
{
var userId = db.UserProfile.Where(u => u.UserName.Equals(httpContext.User.Identity.Name)).Select(u => u.UserId).FirstOrDefault();
switch (entity)
{
case "offer":
stores.Add(db.offer.Where(o => o.IdOffer.Equals(idEntity)).FirstOrDefault().product.store.IdStore);
break;
case "product":
stores.Add(db.product.Where(p => p.IdProduct.Equals(idEntity)).FirstOrDefault().store.IdStore);
break;
case "company":
stores.AddRange(db.company.Where(c => c.IdCompany.Equals(idEntity)).FirstOrDefault().store.Select(s => s.IdStore));
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdCompany.Equals(idEntity) && uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
break;
case "store":
stores.Add(idEntity);
break;
case "userCompany":
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
else
{
return(true);
}
break;
}
}
//Otherwise, I need to check if he can admin over the selected company/store
return(CuponeraPrincipal.CanAdminStores(stores));
}
else
{
using (CuponeraEntities db = new CuponeraEntities())
{
var userId = db.UserProfile.Where(u => u.UserName.Equals(httpContext.User.Identity.Name)).Select(u => u.UserId).FirstOrDefault();
switch (entity)
{
case "store":
case "company":
if (MustBeCompanyAdmin)
{
if (CuponeraIdentity.AdminCompany > 0)
{
return(true);
}
else
{
return(false);
}
}
break;
case "userCompany":
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
else
{
return(true);
}
break;
}
}
return(true);
}
}