Пример #1
0
        /*
         *  METHOD      : AuditEntry
         *  DESCRIPTION :
         *      When modifying a Posting, this method compares the two
         *      and records the differences.  Specifically, the user attributes.
         *  PARAMETERS  :
         *      int userId           : user logged in
         *      Employee oldPost : Post being modified
         *      Employee newPost : "new" Post (being modified)
         *      int originInstitutionID  : The Institution ID the old post belonged to
         *  RETURNS     : N/A
         */
        public static void AuditEntry(int userId, Posting oldPost, Posting newPost)
        {
            using (var context = new BookstoreContext())
            {

                if (oldPost != null && newPost != null)
                {
                    // general post's attributes
                    if (oldPost.author != newPost.author)
                    {
                        AuditEntry(userId, newPost.PostingID, MODIFY, "AUTHOR", oldPost.author, newPost.author);
                    }
                    if (oldPost.BookTitle != newPost.BookTitle)
                    {
                        AuditEntry(userId, newPost.PostingID, MODIFY, "BOOK TITLE", oldPost.BookTitle, newPost.BookTitle);
                    }
                    if (oldPost.PostTitle!= newPost.PostTitle)
                    {
                        AuditEntry(userId, newPost.PostingID, MODIFY, "POST TILTE", oldPost.PostTitle, newPost.PostTitle);
                    }
                    if (oldPost.PostDescription != newPost.PostDescription)
                    {
                        AuditEntry(userId, newPost.PostingID, MODIFY, "POST DESCRIPTION", oldPost.PostDescription, newPost.PostDescription);
                    }
                    if (oldPost.price != newPost.price)
                    {
                        AuditEntry(userId, newPost.PostingID, MODIFY, "PRICE", oldPost.price.ToString(), newPost.price.ToString());
                    }
                }

            }
        }
Пример #2
0
        public ActionResult Delete(int id = 0)
        {
            BookstoreContext db = new BookstoreContext();
               Posting post = db.Postings.Find(id);
               if (post == null)
               {
               post = new Posting();
               }
               try
               {
               OfficialPosting opost = db.OfficialPostings.Find(id);
               if (opost != null)
               {
                   db.OfficialPostings.Remove(opost);
               }

               db.Postings.Remove(post);
               db.SaveChanges();
               }
               catch (Exception e)
               {

               }
               //Add Audit
               var userIds = WebSecurity.GetUserId(User.Identity.Name);
               var postId = id;
               AuditController.AuditEntry(userIds, postId, AuditController.REMOVEOFFICIAL);
               return RedirectToAction("Manage", "manage");
        }
Пример #3
0
 void MvcApplication_AuthorizeRequest(object sender, EventArgs e)
 {
     IIdentity id = Context.User.Identity;
     if (id.IsAuthenticated)
     {
         string role = new BookstoreContext().GetSecurityLevel(id.Name);
         Context.User = new GenericPrincipal(id, new string[] { role });
     }
 }
Пример #4
0
        /*
         *  METHOD      : AuditEntry
         *  DESCRIPTION :
         *      This method begins an entry into the audit table starting from inactivity
         *  PARAMETERS  :
         *      int userId    : logged in user's ID
         *      int PostID     : ID of post being created
         *      string action : create/modify/delete
         *  RETURNS     :
         *      Audit auditEntry.ID : the ID integer of the entry being recorded
         */
        public static int AuditEntry(int userId, int PostID, string action)
        {
            using (var context = new BookstoreContext())
            {
                var auditEntry = new Audits
                {
                    ActionTime = DateTime.Now,
                    User_ID = userId,
                    Posting_ID = PostID,
                    Action = action,

                };
                context.Audit.Add(auditEntry);
                context.SaveChanges();
                SaveDBcontext(context);
                return auditEntry.ID;
            }
        }
Пример #5
0
        /*
         *  METHOD      : ToViewModel
         *  DESCRIPTION :
         *      Changes a posting type into a view model.  Regardless of the posting
         *      type, it can be made into a model.  Once an posting is converted,
         *      the view model is returned.
         *  PARAMETERS  :
         *      this Posting posting : The posting to transform.
         *  RETURNS     :
         *      postingViewModel : Depends on class; is an PostingViewModel.
         */
        public static PostingsViewModel ToOfficialPostingViewModel(this Posting post)
        {
            BookstoreContext db = new BookstoreContext();
            var PostingsViewModel = new PostingsViewModel();

            PostingsViewModel.postings = (Posting)post;

            OfficialPosting offPost = (from ec in db.OfficialPostings
                                   where ec.PostingID == post.PostingID
                                   select ec).FirstOrDefault();

            if (offPost != null)
            {
                 PostingsViewModel.PostingType = "OFFICIAL";
            }
            else
            {
                 PostingsViewModel.PostingType = "NORMAL";
            }
            // bookViewModel.ItemSeletList = BookController.GetDropDown();         //// add back the reasonForLeave drop-down
            PostingsViewModel.Opostings = (OfficialPosting)offPost;
            string tmpInstitutionName = "";

            foreach (Institution x in db.Institutions)
            {
                if (post.Institution_ID == x.Institution_ID)
                {
                    tmpInstitutionName = x.Name;
                    break;
                }
            }

            PostingsViewModel.institution = tmpInstitutionName;

            return PostingsViewModel;
        }
Пример #6
0
            public SimpleMembershipInitializer()
            {
                Database.SetInitializer<BookstoreContext>(new BookStoreInitializer());

                try
                {
                    using (var context = new BookstoreContext())
                    {
                        if (!context.Database.Exists())
                        {
                            // Create the SimpleMembership database without Entity Framework migration schema
                            ((IObjectContextAdapter)context).ObjectContext.CreateDatabase();
                        }
                    }

                     WebSecurity.InitializeDatabaseConnection("BookStoreContext", "Users", "userID", "Email", autoCreateTables: true);
                    var roles = (SimpleRoleProvider)System.Web.Security.Roles.Provider;
                    var membership = (SimpleMembershipProvider)Membership.Provider;

                    if (!roles.RoleExists("admin"))
                    {
                        roles.CreateRole("admin");
                    }
                    if (!roles.RoleExists("general"))
                    {
                        roles.CreateRole("general");
                    }
                }
                catch (Exception ex)
                {
                    throw new InvalidOperationException("The ASP.NET Simple Membership database could not be initialized. For more information, please see http://go.microsoft.com/fwlink/?LinkId=256588", ex);
                }
            }
Пример #7
0
        /*
         *  METHOD      : SaveDBcontext
         *  DESCRIPTION :
         *      Audit was successful, modification/change was valid, now save
         *      this information into the database
         *  PARAMETERS  :
         *      EmployeeDBContext context : stores the employee information
         *  RETURNS     : N/A
         */
        private static void SaveDBcontext(BookstoreContext context)
        {
            try
            {
                context.SaveChanges();
            }
            catch (DbEntityValidationException ex)
            {
                // Retrieve the error messages as a list of strings.
                var errorMessages = ex.EntityValidationErrors
                        .SelectMany(x => x.ValidationErrors)
                        .Select(x => x.ErrorMessage);

                // Join the list to a single string.
                var fullErrorMessage = string.Join("; ", errorMessages);

                // Combine the original exception message with the new one.
                var exceptionMessage = string.Concat(ex.Message, " The validation errors are: ", fullErrorMessage);

                //// Throw a new DbEntityValidationException with the improved exception message.
                //throw new DbEntityValidationException(exceptionMessage, ex.EntityValidationErrors);
            }
        }
Пример #8
0
        /*
         *  METHOD      : AuditEntry
         *  DESCRIPTION :
         *      The end of the audit entry, add it into the audit table.
         *  PARAMETERS  :
         *      int userId        : user logged in
         *      int PostID         : Post ID (Post modified)
         *      string action     : one of static private strings above, denoting which action performed
         *      string attr       : attribute that was changed
         *      string oldValue   : attribute's old value
         *      string newValue   : attribute's new value
         *  RETURNS     :
         *      int auditEntry.ID : The new audit entry's traceable ID
         */
        public static int AuditEntry(int userId, int PostID, string action, string attr, string oldValue, string newValue)
        {
            using (var context = new BookstoreContext())
            {

                var auditEntry = new Audits
                {
                    ActionTime = DateTime.Now,
                    User_ID = userId,
                    Posting_ID = PostID,
                    Action = action,
                    Attribute_Name = attr,
                    Old_value = oldValue,
                    New_Value = newValue
                };

                context.Audit.Add(auditEntry);
                context.SaveChanges();

                return auditEntry.ID;
            }
        }
Пример #9
0
        public ActionResult UNOfficialBook(ManageViewModel mine, int id = 0)
        {
            BookstoreContext dba = new BookstoreContext();
            OfficialPosting tmp = (from ec in dba.OfficialPostings
                                    where ec.PostingID == id
                                    select ec).FirstOrDefault();

            try
            {
                if (tmp != null)
                {
                    dba.OfficialPostings.Remove(tmp);
                }
                dba.SaveChanges();
            }
            catch (Exception e)
            {

            }
            //Add Audit
            var userIds = WebSecurity.GetUserId(User.Identity.Name);
            var postId = id;
            AuditController.AuditEntry(userIds, postId, AuditController.REMOVEOFFICIAL);
            return RedirectToAction("Index", "manage", mine);
        }
Пример #10
0
        public ActionResult OfficialBook(ManageViewModel mine, int id = 0)
        {
            BookstoreContext dba = new BookstoreContext();
            if (ModelState.IsValid)
            {
                try
                {
                    if (mine.isOfficial)
                    {
                        mine.Officialpostings.PostingID = id;
                        dba.OfficialPostings.Add(mine.Officialpostings);
                    }

                    dba.SaveChanges();

                }
                catch (DbEntityValidationException e)
                {
                    //display all the validation error on the postingview model
                    foreach (var eve in e.EntityValidationErrors)
                    {
                        Console.WriteLine("Entity of type \"{0}\" in state \"{1}\" has the following validation errors:",
                            eve.Entry.Entity.GetType().Name, eve.Entry.State);
                        foreach (var ve in eve.ValidationErrors)
                        {
                            Console.WriteLine("- Property: \"{0}\", Error: \"{1}\"",
                                ve.PropertyName, ve.ErrorMessage);
                        }
                    }
                }

                //Add Audit
                var userIds = WebSecurity.GetUserId(User.Identity.Name);
                var postId = id;
                AuditController.AuditEntry(userIds, postId, AuditController.CREATEOFFICIAL);
                return RedirectToAction("Index", "manage", mine );
            }
            return View(mine.postings.ToPostingViewModel());
        }
Пример #11
0
        public ActionResult OfficialBook(int id = 0)
        {
            BookstoreContext dba = new BookstoreContext();
            Posting post = dba.Postings.Find(id);
            if (post == null)
            {
                post = new Posting();
            }

            var manageViewModel = new ManageViewModel();
            manageViewModel.postings = post;
            return View(manageViewModel);
        }
Пример #12
0
        public ActionResult Manage(ManageViewModel mine)
        {
            BookstoreContext dba = new BookstoreContext();
               //Get infor for posting adn set it
               var userId = WebSecurity.GetUserId(User.Identity.Name);
               mine.InstitutionID = GetInstituion(User.Identity.Name);

               if (mine == null)
               {
               mine = new ManageViewModel();

               }

               List<Posting> postings = null;
            postings = (from ec in dba.Postings
                        where ec.Institution_ID == mine.InstitutionID && ec.UserID == userId
            select ec).ToList<Posting>();

               if (postings == null)
               {
               postings = new List<Posting>();
               }

               //set the value foreach of the postings
               foreach (Posting ec in postings)
               {
               ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
               ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
               ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;

               ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;

               ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
               ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;

               ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
               ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;

               ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;
               }

               var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
               mine.AllPostings = postingViewModels;
               return View(mine);
        }
Пример #13
0
        public ActionResult Index(string booktitle, string author, ManageViewModel mine)
        {
            BookstoreContext dba = new BookstoreContext();
            //Get infor for posting adn set it
            var userId = WebSecurity.GetUserId(User.Identity.Name);
            //get institution from email.
            mine.InstitutionID = UserController.GetInstituion(User.Identity.Name);

            if (mine == null)
            {
                mine = new ManageViewModel();

            }

            List<Posting> postings = null;

            //get list of all posting from an instituiton for the admin
            if (User.IsInRole("admin"))
            {

                if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)) )
                {
                    postings = (from ec in dba.Postings

                                where ec.author.Contains(author) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings

                                where ec.Institution_ID == mine.InstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
            }

            if (postings == null)
            {
                postings = new List<Posting>();
            }

            //set the value foreach of the postings
            foreach (Posting ec in postings)
            {
                ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
                ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
                ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;

                ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;

                ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
                ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;

                ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
                ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;

                ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;
            }

            var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
            mine.AllPostings = postingViewModels;

               // List<OfficialPosting> Opostings = null;

            return View(mine);
        }
Пример #14
0
        /*
        *  Method   : Index
        *  PURPOSE : The purpose is to direct the user to the search page where user can search items
        *            by Bootitle and author. It fills the viewmodel with the required or searchd
         *            book postings and send them to the user for display.
        */
        public ActionResult Index( string booktitle, string author, SearchViewModel mine)
        {
            BookstoreContext dba = new BookstoreContext();
            if (mine == null)
            {
                mine =  new SearchViewModel();

            }

            List<Posting> postings = null;

            // if no institution was chosen, get the postings for all institutions
            if (string.IsNullOrEmpty(mine.chosenValue))
            {
                if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)) )
                {
                    postings = (from ec in dba.Postings
                                where ec.author.Contains(author) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings where  DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
            }
            else
            {
                //get the chosen instititution in the search page
                int tmpinstitutionID = 0;

                foreach(Institution x in dba.Institutions)
                {
                    if (mine.chosenValue == x.Name)
                    {
                        tmpinstitutionID = x.Institution_ID;
                        break;
                    }
                }

                if ((!String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && ec.author.Contains(author) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (!String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.author.Contains(author) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((!String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.BookTitle.Contains(booktitle) && ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }
                else if ((String.IsNullOrEmpty(booktitle)) && (String.IsNullOrEmpty(author)))
                {
                    postings = (from ec in dba.Postings
                                where ec.Institution_ID == tmpinstitutionID && DateTime.Compare((DateTime)ec.ExpiryDate, DateTime.Today) > 0
                                select ec).ToList<Posting>();
                }

            }

            if (postings == null)
            {
                postings = new List<Posting>();
            }

            //set the value foreach of the postings that macth the search
            foreach (Posting ec in postings)
            {
                ec.UserID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().UserID;
                ec.PostTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostTitle;
                ec.PostDescription = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostDescription;

                ec.price = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().price;

                ec.author = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().author;
                ec.BookTitle = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().BookTitle;

                ec.PostingID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().PostingID;
                ec.Posting_Date = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Posting_Date;

                ec.Institution_ID = dba.Postings.Where(e => e.PostingID == ec.PostingID).FirstOrDefault().Institution_ID;

            }

            var postingViewModels = postings.Select(post => post.ToOfficialPostingViewModel()).ToList();
            mine.AllPostings = postingViewModels;

            return View(mine);
        }
Пример #15
0
        public ActionResult ExternalLoginConfirmation(RegisterExternalLoginModel model, string returnUrl)
        {
            string provider = null;
            string providerUserId = null;

            if (User.Identity.IsAuthenticated || !OAuthWebSecurity.TryDeserializeProviderUserId(model.ExternalLoginData, out provider, out providerUserId))
            {
                return RedirectToAction("Manage");
            }

            if (ModelState.IsValid)
            {
                // Insert a new user into the database
                using (BookstoreContext db = new BookstoreContext())
                {
                    User user = db.User.FirstOrDefault(u => u.Email.ToLower() == model.Email.ToLower());
                    // Check if user already exists
                    if (user == null)
                    {
                        // Insert name into the profile table
                        db.User.Add(new User { Email = model.Email });
                        db.SaveChanges();

                        OAuthWebSecurity.CreateOrUpdateAccount(provider, providerUserId, model.Email);
                        OAuthWebSecurity.Login(provider, providerUserId, createPersistentCookie: false);

                        return RedirectToLocal(returnUrl);
                    }
                    else
                    {
                        ModelState.AddModelError("Email", "Email Address already exists. Please enter a different Email Address.");
                    }
                }
            }

            ViewBag.ProviderDisplayName = OAuthWebSecurity.GetOAuthClientData(provider).DisplayName;
            ViewBag.ReturnUrl = returnUrl;
            return View(model);
        }