private static bool ValidateManagerData(Employee employee, EmployeeCreationVM employeeVM, bool allow)
{
var valid = allow || employee.ManagerId == employeeVM.ManagerId;
valid &= allow || (employee.EmploymentDate.Date.Equals(employeeVM.EmploymentDate));
return(valid);
}
private static bool ValidateContactData(Employee employee, EmployeeCreationVM employeeVM, bool allow)
{
bool valid = true;
valid &= allow || employee.PhoneNumber.Equals(employeeVM.PhoneNumber);
valid &= allow || employee.ContactMail.Equals(employeeVM.ContactMail);
valid &= employee.Email.Equals(employeeVM.Email);
return(valid);
}
private static bool ValidateProfileEdition(Employee consernedEmployee, EmployeeCreationVM employeeVM, bool allow)
{
bool valid = true;
valid &= allow || (consernedEmployee.Title?.Equals(employeeVM.Title) ?? false);
valid &= allow || (consernedEmployee.FirstName?.Equals(employeeVM.FirstName) ?? false);
valid &= allow || (consernedEmployee.LastName?.Equals(employeeVM.LastName) ?? false);
valid &= allow || (consernedEmployee.TaxRate?.Equals(employeeVM.TaxRate) ?? false);
valid &= allow || (consernedEmployee.DateOfBirth.Date.Equals(employeeVM.DateOfBirth));
return(valid);
}
private async Task <bool> ValidateInput(Employee consernedEmployee, EmployeeCreationVM employeeVM, EditionPermissions permission)
{
if (consernedEmployee == null || !permission.AllowEdition)
{
return(false);
}
bool inputValid = permission.AllowEdition;
bool rolesListValid = await ValidateRoles(consernedEmployee, employeeVM, permission.AllowEditAccess);
if (!rolesListValid)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to change the roles"]);
}
inputValid &= rolesListValid;
bool profileValid = ValidateProfileEdition(consernedEmployee, employeeVM, permission.AllowEditProfile);
if (!profileValid)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to edit profile data"]);
}
inputValid &= profileValid;
bool contactsValid = ValidateContactData(consernedEmployee, employeeVM, permission.AllowEditContacts);
if (!contactsValid)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to edit contacts data"]);
}
inputValid &= contactsValid;
bool managerValid = ValidateManagerData(consernedEmployee, employeeVM, permission.AllowChangeManager);
if (!managerValid)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to change your manager"]);
}
inputValid &= managerValid;
bool companyValid = await ValidateCompanyData(consernedEmployee, employeeVM, permission.AllowChangeCompany);
if (!companyValid)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to change your manager"]);
}
inputValid &= companyValid;
return(inputValid);
}
private async Task <bool> ValidateRoles(Employee employee, EmployeeCreationVM employeeVM, bool allow)
{
bool validRoles;
UserRoles employeeRoles = await _UserManager.GetUserRolesAsync(employee);
if (employeeVM.Roles == null || !employeeVM.RolesListEnabled)
{
return(true);
}
UserRoles employeeVmRoles = UserManagerExtensions.ToUserRoles(employeeVM.Roles);
validRoles = allow || (employeeRoles == employeeVmRoles);
if (validRoles)
{
validRoles |= allow && ((await ValidateAssignedRoles(employeeVmRoles, employee)) == employeeVmRoles);
}
return(validRoles);
}
public async Task <IActionResult> CreateEmployee()
{
ReturnUrl = HttpContext.Request.Headers["Referer"];
var currentCredentials = await GetCurrentUserData();
var editionPermissions = await GetEditionPermission(null);
if (!editionPermissions.AllowEdition)
{
ModelState.AddModelError("", _DataLocalizer["Action permitted only to administrators"]);
return(Forbid());
}
EmployeeCreationVM employeeCreationVM = new EmployeeCreationVM()
{
EmploymentDate = DateTime.Now,
AcceptContract = false,
ReturnUrl = Request.Headers["Referer"].ToString(),
RolesList = await GetListAllowedRoles(),
Roles = new List <string>()
};
//
if (currentCredentials.Item2?.CompanyId != null)
{
employeeCreationVM.CompanyId = currentCredentials.Item2.CompanyId;
if (currentCredentials.Item2?.Company != null)
{
employeeCreationVM.Company = currentCredentials.Item2.Company;
}
else
{
employeeCreationVM.Company = await _UnitOfWork.Companies.FindAsync(x => x.Id == (int)employeeCreationVM.CompanyId);
}
}
//Case when new employee created inside the company
employeeCreationVM = await SetEmployeeCompanyAndManagerState(employeeCreationVM, editionPermissions);
employeeCreationVM.RolesListEnabled = editionPermissions.AllowEditAccess;
employeeCreationVM.RolesList = await GetListAllowedRoles(currentCredentials.Item3, self : editionPermissions.IsSelfEdition);
ViewBag.Action = nameof(CreateEmployee);
return(View(RegisterEmployeeView, employeeCreationVM));
}
public async Task <ActionResult> Details(string userId)
{
string returnUrl = HttpContext.Request.Headers["Referer"];
var currentUserData = await GetCurrentUserData();
if (currentUserData?.Item1 == null)
{
return(NotFound());
}
if (String.IsNullOrWhiteSpace(userId))
{
userId = currentUserData.Item1.Id;
}
if (currentUserData.Item1.Id.Equals(userId) ||
await _UserManager.IsCompanyPrivelegedUser(currentUserData.Item3) ||
((currentUserData.Item3 & UserRoles.AppAdministrator) == UserRoles.AppAdministrator))
{
Employee consernedEmployee;
if (currentUserData.Item1.Id.Equals(userId))
{
consernedEmployee = currentUserData.Item2 ?? null;
}
else
{
consernedEmployee = await _UnitOfWork.Employees.FindAsync(predicate : x => x.Id.Equals(userId) && x.CompanyId == currentUserData.Item2.CompanyId,
includes : new System.Linq.Expressions.Expression <Func <Employee, object> >[] { x => x.Company, x => x.Manager });
}
if (consernedEmployee == null)
{
return(NotFound(_DataLocalizer["Employee with id {0} was not found in your area of visibility", userId]));
}
ViewData["ReturnUrl"] = returnUrl;
EmployeeCreationVM employeeCreationVM = _Mapper.Map <EmployeeCreationVM>(consernedEmployee);
return(View(employeeCreationVM));
}
else
{
return(Forbid(_DataLocalizer["You're not authorized to ask the details about id {0}", userId]));
}
}
private async Task <EmployeeCreationVM> PrepareEmployeeEditionViewModel(EmployeeCreationVM employeeCreationVM,
Employee concernedEmployee, UserRoles concernedEmployeesRoles,
EditionPermissions editionPermissions)
{
var currentUserData = await GetCurrentUserData();
if (editionPermissions == null)
{
editionPermissions = await GetEditionPermission(concernedEmployee);
}
employeeCreationVM = await SetEmployeeCompanyAndManagerState(employeeCreationVM, editionPermissions);
employeeCreationVM.ProfileDataEnabled = editionPermissions.AllowEditProfile;
employeeCreationVM.ContactDataEnabled = editionPermissions.AllowEditContacts;
employeeCreationVM.RolesListEnabled = editionPermissions.AllowEditAccess; //!concernedEmployee.Id.Equals(currentUserData.Item1.Id);
employeeCreationVM.RolesList = await GetListAllowedRoles(currentUserData.Item3);
employeeCreationVM.Roles = UserManagerExtensions.FromUserRoles(concernedEmployeesRoles).ToList();
employeeCreationVM.ManagerEnabled = editionPermissions.AllowChangeManager;
employeeCreationVM.CompanyEnabled = editionPermissions.AllowChangeCompany;
return(employeeCreationVM);
}
private async Task <bool> ValidateCompanyData(Employee consernedEmployee, EmployeeCreationVM employeeVM, bool allow)
{
bool result = allow || consernedEmployee.CompanyId == employeeVM.CompanyId;
UserRoles consernedEmployeeRoles;
if (employeeVM.Roles == null)
{
consernedEmployeeRoles = await _UserManager.GetUserRolesAsync(consernedEmployee);
}
else
{
consernedEmployeeRoles = UserManagerExtensions.ToUserRoles(employeeVM.Roles);
}
bool isAppAdministrator = (consernedEmployeeRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator;
if (!isAppAdministrator && employeeVM.CompanyId == default)
{
ModelState.AddModelError("", _DataLocalizer["Company is required for all employees who is not app administrator"]);
return(false);
}
return(result || isAppAdministrator);
}
public static string FormatEmployeeSNT(this EmployeeCreationVM employee)
{
return($"{employee.LastName.ToUpper()} {employee.FirstName}, {employee.Title}");
}
public async Task <IActionResult> UpdateEmployee(EmployeeCreationVM employeeCreationVM)
{
var consernedEmployee = await _UnitOfWork.Employees.FindAsync(x => x.Id.Equals(employeeCreationVM.Id),
includes : new System.Linq.Expressions.Expression <Func <Employee, object> >[] { x => x.Company, x => x.Manager }
);
if (consernedEmployee == null)
{
return(NotFound());
}
employeeCreationVM.UserName = consernedEmployee.UserName;
employeeCreationVM.Email = consernedEmployee.Email;
var currentUserData = await GetCurrentUserData();
bool reviewUserRoles = currentUserData.Item3 > UserRoles.Employee;
bool canEditUser = reviewUserRoles || employeeCreationVM.Id.Equals(currentUserData.Item1.Id);
if (!canEditUser)
{
ModelState.AddModelError("", _DataLocalizer["You not autorized to edit this profile"]);
}
var permissions = await GetEditionPermission(consernedEmployee);
bool validation = await ValidateInput(consernedEmployee, employeeCreationVM, permissions);
if (ModelState.ErrorCount == 0 && validation)
{
//Reappliying company which was not changed
if (!permissions.AllowChangeCompany)
{
employeeCreationVM.CompanyId = consernedEmployee.CompanyId;
employeeCreationVM.Company = consernedEmployee.Company;
}
if (!permissions.AllowChangeManager)
{
employeeCreationVM.ManagerId = consernedEmployee.ManagerId;
employeeCreationVM.Manager = _Mapper.Map <EmployeeCreationVM>(await _UnitOfWork.Employees.FindAsync(predicate: x => x.Id.Equals(employeeCreationVM.ManagerId)));
}
consernedEmployee = _Mapper.Map(employeeCreationVM, consernedEmployee);
bool result = await _UnitOfWork.Employees.UpdateAsync(consernedEmployee);
result &= await _UnitOfWork.Save();
if (!result)
{
ModelState.AddModelError("", _DataLocalizer["Unable to save user to repository"]);
}
else
{
result &= await UpdateUserRoles(consernedEmployee, employeeCreationVM.Roles);
}
if (currentUserData.Item3 <= UserRoles.Employee)
{
return(RedirectToAction("Index", "Home"));
}
else
{
return(RedirectToAction("Index"));
}
}
else
{
@ViewBag.Action = nameof(UpdateEmployee);
employeeCreationVM = await PrepareEmployeeEditionViewModel(employeeCreationVM : employeeCreationVM,
concernedEmployee : consernedEmployee,
concernedEmployeesRoles : await _UserManager.GetUserRolesAsync(consernedEmployee),
editionPermissions : permissions);
return(View(EditEmployeeView, employeeCreationVM));
}
}
/// <summary>
///
/// </summary>
/// <param name="employeeCreationVM"></param>
/// <param name="currentUserRoles"></param>
/// <remarks>
/// - Validate company - company must be enabled
/// V - Validate compare with original employee if exists - in this case operation will fail
/// V - Validate if editor who is not admin was unabled change the company, if company is not null
/// - Validate manager from same company
/// </remarks>
/// <returns></returns>
private async Task <bool> ValidateEmployeeCreationVMState(EmployeeCreationVM employeeCreationVM)
{
if (ModelState.ErrorCount > 0)
{
return(false);
}
var currentUserData = await GetCurrentUserData();
bool isCurrentUserIsAppAdmin = (currentUserData.Item3 & UserRoles.AppAdministrator) == UserRoles.AppAdministrator;
bool isCurrentUserIsCompanyAdmin = (currentUserData.Item3 & (UserRoles.CompanyAdministrator | UserRoles.HRManager)) > 0;
Employee potentialConsernedEmployee;
if (!String.IsNullOrWhiteSpace(employeeCreationVM?.Id))
{
potentialConsernedEmployee = await _UnitOfWork.Employees.FindAsync(x => x.Id.Equals(employeeCreationVM.Id));
}
else
{
potentialConsernedEmployee = null;
}
int?companyId = (employeeCreationVM.CompanyId != null && employeeCreationVM.CompanyId > 0) ? employeeCreationVM.CompanyId : null;
if (companyId != null)
{
if (!isCurrentUserIsAppAdmin && !(currentUserData.Item2?.CompanyId?.Equals(companyId) ?? false))
{
ModelState.AddModelError("", _DataLocalizer["Only app admin can assign employee not from his company"]);
}
var company = await _UnitOfWork.Companies.FindAsync(x => x.Id == (int)companyId);
if (!(company?.Active ?? false))
{
ModelState.AddModelError("", _DataLocalizer["Company inactive or not found"]);
}
}
if (!(isCurrentUserIsCompanyAdmin || isCurrentUserIsAppAdmin))
{
ModelState.AddModelError("", _DataLocalizer["Action forbidden to not priveleged Employee"]);
}
if (companyId != null)
{
if (!string.IsNullOrWhiteSpace(employeeCreationVM.ManagerId))
{
string managerId = employeeCreationVM.ManagerId;
Employee manager = await _UnitOfWork.Employees.FindAsync(x => x.Id.Equals(managerId));
if (!(isCurrentUserIsCompanyAdmin || isCurrentUserIsAppAdmin))
{
ModelState.AddModelError("", _DataLocalizer["You not allowed to assign manager"]);
}
if (manager == null)
{
ModelState.AddModelError("", _DataLocalizer["Manager not found"]);
}
else if (!manager.Id.Equals(managerId))
{
ModelState.AddModelError("", _DataLocalizer["Manager nust be from same company as employee"]);
}
}
}
return(ModelState.ErrorCount == 0);
}
//Todo: Review this section
private async Task <EmployeeCreationVM> SetEmployeeCompanyAndManagerState(EmployeeCreationVM employeeCreationVM, EditionPermissions editionPermissions)
{
//Case when employee created by app admin
var currentLoginData = await GetCurrentUserData();
var currentUserRoles = currentLoginData.Item3;
var currentEmployee = currentLoginData.Item2;
bool currentUserIsAppAdmin = (currentUserRoles & UserRoles.AppAdministrator) == UserRoles.AppAdministrator;
bool currentUserIsCompanyPriveleged = (currentUserRoles & (UserRoles.CompanyAdministrator | UserRoles.HRManager)) > 0;
employeeCreationVM.CompanyEnabled = editionPermissions.AllowChangeCompany;
if (editionPermissions.AllowChangeCompany)
{
var companiesList = (await _UnitOfWork.Companies.WhereAsync(x => x.Active))
.Select(x => new SelectListItem(x.CompanyName, x.Id.ToString(), x.Id.Equals(employeeCreationVM?.CompanyId))).ToList();
companiesList.Insert(0, new SelectListItem(_DataLocalizer["Please select the company"], "0", true, true));
companiesList.Insert(1, new SelectListItem(_DataLocalizer["None"], String.Empty, true, !currentUserIsAppAdmin));
employeeCreationVM.Companies = companiesList;
}
else
{
if (currentEmployee?.CompanyId != null)
{
if (employeeCreationVM.CompanyId == null)
{
employeeCreationVM.CompanyId = currentEmployee.CompanyId;
}
if (employeeCreationVM.CompanyId != null)
{
if (currentEmployee?.Company != null)
{
employeeCreationVM.Company = currentEmployee.Company;
}
else
{
employeeCreationVM.Company = await _UnitOfWork.Companies.FindAsync(x => x.Id == (int)employeeCreationVM.CompanyId);
}
employeeCreationVM.Companies = new SelectListItem[] { new SelectListItem(employeeCreationVM.Company.CompanyName,
employeeCreationVM.Company.Id.ToString(), true, true) };
}
}
}
employeeCreationVM.ManagerEnabled = editionPermissions.AllowChangeManager;
if (editionPermissions.AllowChangeManager)
{
var managers = await GetEmployeesByCompany(employeeCreationVM.CompanyId, employeeCreationVM.ManagerId);
managers.Insert(0, new SelectListItem(_DataLocalizer["None"], null));
employeeCreationVM.Managers = managers;
}
else
{
if (employeeCreationVM?.Manager != null)
{
employeeCreationVM.Managers = new SelectListItem[] { new SelectListItem(employeeCreationVM.Manager.FormatEmployeeSNT(), employeeCreationVM.ManagerId, true, true) }
}
;
}
return(employeeCreationVM);
}
public async Task <IActionResult> CreateEmployee(EmployeeCreationVM employeeCreationVM)
{
string referer = employeeCreationVM.ReturnUrl;
var currentPermissions = await GetEditionPermission(null);
var currentUserData = await GetCurrentUserData();
//Validating access
if (!ValidateCreationAccess(currentUserData.Item3))
{
return(Forbid());
}
//Validating duplicates
await ValidateDuplicateMail(employeeCreationVM.Email);
await ValidateDuplicateUserName(employeeCreationVM.UserName);
//Validating contract
ValidateContractAcceptence(employeeCreationVM.AcceptContract);
//Validating is company and manager correctly assigned
await ValidateEmployeeCreationVMState(employeeCreationVM);
UserRoles employeeRoles = await ValidateAssignedRoles(UserManagerExtensions.ToUserRoles(employeeCreationVM.Roles), null);
if (ModelState.ErrorCount > 0)
{
employeeCreationVM.RolesList = await GetListAllowedRoles(employeeRoles);
}
if (ModelState.ErrorCount == 0)
{
Employee employee = new Employee();
employeeCreationVM.Id = employee.Id;
employee = (Employee)_Mapper.Map(employeeCreationVM, typeof(EmployeeCreationVM), typeof(Employee));
string password = _PasswordGenerator.GeneratePassword();
employee.LockoutEnabled = false;
employee.EmailConfirmed = true;
bool result = await _UnitOfWork.Employees.RegisterEmployeeAsync(_UserManager, employee, password);
if (!result)
{
ModelState.AddModelError("", _DataLocalizer["Unabled to save employee into repository"]);
}
else
{
await SendMailWithCredentials(employee, password);
}
}
//Validating user roles
if (ModelState.ErrorCount == 0)
{
var employeeIdentityUser = await _UserManager.FindByEmailAsync(employeeCreationVM.Email);
var newRoles = UserManagerExtensions.FromUserRoles(employeeRoles).ToList();
foreach (var role in newRoles)
{
var identityResult = await _UserManager.AddToRoleAsync(employeeIdentityUser, role);
if (!identityResult.Succeeded)
{
ModelState.AddModelError("", _DataLocalizer["Unable to add this user to role {0}", role]);
}
}
;
}
if (ModelState.ErrorCount > 0)
{
employeeCreationVM = await SetEmployeeCompanyAndManagerState(employeeCreationVM, currentPermissions);
employeeCreationVM.RolesListEnabled = currentPermissions.AllowEditAccess;
employeeCreationVM.RolesList = await GetListAllowedRoles(currentUserData.Item3, self : currentPermissions.IsSelfEdition);
ViewData["Referer"] = referer;
ViewBag.Action = nameof(CreateEmployee);
return(View(RegisterEmployeeView, employeeCreationVM));
}
else
{
if (!String.IsNullOrEmpty(referer))
{
return(Redirect(referer));
}
else
{
return(RedirectToAction("Index", "Home"));
}
}
}
