public String userLogContent(CODE_USER codeUser)
{
String content = "";
content += StringUtil.toString(codeUser.USER_ID) + "|";
content += StringUtil.toString(codeUser.USER_UNIT) + "|";
content += StringUtil.toString(codeUser.IS_DISABLED) + "|";
content += StringUtil.toString(codeUser.IS_MAIL) + "|";
content += StringUtil.toString(codeUser.MEMO) + "|";
content += StringUtil.toString(codeUser.DATA_STATUS) + "|";
content += StringUtil.toString(codeUser.CREATE_UID) + "|";
content += codeUser.CREATE_DT == null ? "|" : codeUser.CREATE_DT + "|";
content += StringUtil.toString(codeUser.LAST_UPDATE_UID) + "|";
content += codeUser.LAST_UPDATE_DT == null ? "|" : codeUser.LAST_UPDATE_DT + "|";
content += StringUtil.toString(codeUser.APPR_UID) + "|";
content += codeUser.APPR_DT == null ? "|" : codeUser.APPR_DT + "|";
content += StringUtil.toString(codeUser.FREEZE_UID) + "|";
content += codeUser.FREEZE_DT == null ? "|" : codeUser.FREEZE_DT + "|";
content += codeUser.LAST_LOGIN_DT == null ? "|" : codeUser.LAST_LOGIN_DT + "|";
content += codeUser.LAST_LOGOUT_DT == null ? "|" : codeUser.LAST_LOGOUT_DT + "|";
return(content);
}
/// <summary>
/// 處理使用者角色異動
/// </summary>
/// <param name="roleId"></param>
/// <param name="aplyNO"></param>
/// <param name="conn"></param>
/// <param name="transaction"></param>
private void procUserRoleHis(CODE_USER cODEUSERO, string aplyNo, SqlConnection conn, SqlTransaction transaction)
{
CodeUserRoleHisDao codeUserRoleHisDao = new CodeUserRoleHisDao();
List <CodeUserRoleModel> cRoleList = codeUserRoleHisDao.qryByAplyNo(aplyNo);
if (cRoleList != null)
{
if (cRoleList.Count > 0)
{
CodeUserRoleDao codeUserRoleDao = new CodeUserRoleDao();
foreach (CodeUserRoleModel d in cRoleList)
{
CODE_USER_ROLE dRole = new CODE_USER_ROLE();
Log log = new Log();
switch (d.execAction)
{
case "A":
dRole.USER_ID = cODEUSERO.USER_ID;
dRole.ROLE_ID = d.roleId;
dRole.CREATE_UID = cODEUSERO.LAST_UPDATE_UID;
dRole.CREATE_DT = cODEUSERO.LAST_UPDATE_DT;
//新增資料
codeUserRoleDao.insert(dRole, conn, transaction);
//新增LOG
log.CFUNCTION = "使用者管理(角色授權)-新增";
log.CACTION = "A";
log.CCONTENT = codeUserRoleDao.logContent(dRole);
LogDao.Insert(log, Session["UserID"].ToString());
break;
case "D":
dRole = codeUserRoleDao.qryByKey(cODEUSERO.USER_ID, d.roleId);
//新增LOG
log.CFUNCTION = "使用者管理(角色授權)-刪除";
log.CACTION = "D";
log.CCONTENT = codeUserRoleDao.logContent(dRole);
LogDao.Insert(log, Session["UserID"].ToString());
//刪除資料
codeUserRoleDao.delete(dRole, conn, transaction);
break;
default:
break;
}
}
}
}
}
public int Update(CODE_USER user, SqlConnection conn, SqlTransaction transaction)
{
string sql = @"update [CODE_USER]
set USER_UNIT = @USER_UNIT
,IS_DISABLED = @IS_DISABLED
,IS_MAIL = @IS_MAIL
,MEMO = @MEMO
,DATA_STATUS = @DATA_STATUS
,CREATE_UID = @CREATE_UID
,CREATE_DT = @CREATE_DT
,LAST_UPDATE_UID = @LAST_UPDATE_UID
,LAST_UPDATE_DT = @LAST_UPDATE_DT
,APPR_UID = @APPR_UID
,APPR_DT = @APPR_DT
,FREEZE_UID = @FREEZE_UID
,FREEZE_DT = @FREEZE_DT
,LAST_LOGIN_DT = @LAST_LOGIN_DT
,LAST_LOGOUT_DT = @LAST_LOGOUT_DT
where USER_ID = @USER_ID
";
SqlCommand cmd = conn.CreateCommand();
cmd.Connection = conn;
cmd.Transaction = transaction;
try
{
cmd.CommandText = sql;
cmd.Parameters.AddWithValue("@USER_ID", StringUtil.toString(user.USER_ID));
cmd.Parameters.AddWithValue("@USER_UNIT", StringUtil.toString(user.USER_UNIT));
cmd.Parameters.AddWithValue("@IS_DISABLED", StringUtil.toString(user.IS_DISABLED));
cmd.Parameters.AddWithValue("@IS_MAIL", StringUtil.toString(user.IS_MAIL));
cmd.Parameters.AddWithValue("@MEMO", StringUtil.toString(user.MEMO));
cmd.Parameters.AddWithValue("@DATA_STATUS", StringUtil.toString(user.DATA_STATUS));
cmd.Parameters.AddWithValue("@CREATE_UID", StringUtil.toString(user.CREATE_UID));
cmd.Parameters.Add("@CREATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.CREATE_DT ?? System.DBNull.Value;
cmd.Parameters.AddWithValue("@LAST_UPDATE_UID", StringUtil.toString(user.LAST_UPDATE_UID));
cmd.Parameters.Add("@LAST_UPDATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_UPDATE_DT ?? System.DBNull.Value;
cmd.Parameters.AddWithValue("@APPR_UID", StringUtil.toString(user.APPR_UID));
cmd.Parameters.Add("@APPR_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.APPR_DT ?? System.DBNull.Value;
cmd.Parameters.AddWithValue("@FREEZE_UID", StringUtil.toString(user.FREEZE_UID));
cmd.Parameters.Add("@FREEZE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.FREEZE_DT ?? System.DBNull.Value;
cmd.Parameters.Add("@LAST_LOGIN_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_LOGIN_DT ?? System.DBNull.Value;
cmd.Parameters.Add("@LAST_LOGOUT_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_LOGOUT_DT ?? System.DBNull.Value;
int cnt = cmd.ExecuteNonQuery();
return(cnt);
}
catch (Exception e)
{
throw e;
}
}
public ActionResult Logout()
{
logger.Info("[AccountController][Logout]Session[UserID]:" + Session["UserID"]?.ToString());
try
{
CodeUserDao codeUserDao = new CodeUserDao();
CODE_USER codeUser = codeUserDao.qryUserByKey(Session["UserID"]?.ToString());
writeLog("O", true, Session["UserID"]?.ToString(), codeUser);
Session.Clear();
Session.Abandon();
//Response.Cookies["ASP.NET_SessionId"].Value = "";
//Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddDays(-30);
if (Request.Cookies["ASP.NET_SessionId"] != null)
{
Response.Cookies["ASP.NET_SessionId"].Value = string.Empty;
Response.Cookies["ASP.NET_SessionId"].Expires = DateTime.Now.AddMonths(-20);
}
if (Request.Cookies["adAuthCookie"] != null)
{
Response.Cookies["adAuthCookie"].Value = string.Empty;
Response.Cookies["adAuthCookie"].Expires = DateTime.Now.AddMonths(-20);
}
////建立一個同名的 Cookie 來覆蓋原本的 Cookie
//HttpCookie cookie1 = new HttpCookie(FormsAuthentication.FormsCookieName, "");
//cookie1.Expires = DateTime.Now.AddYears(-1);
//Response.Cookies.Add(cookie1);
////建立 ASP.NET 的 Session Cookie 同樣是為了覆蓋
//HttpCookie cookie2 = new HttpCookie("ASP.NET_SessionId", "");
//cookie2.Expires = DateTime.Now.AddYears(-1);
//Response.Cookies.Add(cookie2);
TempData["Logout"] = "true";
//Response.Cache.SetNoStore();
return(RedirectToAction("Login"));
}
catch (Exception e) {
return(RedirectToAction("Login"));
logger.Error("[AccountController][Logout]e:" + e.ToString());
}
}
/// <summary>
/// 以鍵項查詢使用者資料
/// </summary>
/// <param name="userId"></param>
/// <returns></returns>
public CODE_USER qryUserByKey(String userId)
{
using (new TransactionScope(
TransactionScopeOption.Required,
new TransactionOptions
{
IsolationLevel = System.Transactions.IsolationLevel.ReadUncommitted
}))
{
using (dbTreasuryEntities db = new dbTreasuryEntities())
{
CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault <CODE_USER>();
return(codeUser);
}
}
}
///// <summary>
///// 以userId為鍵項,查詢使用者資料
///// </summary>
///// <param name="userId"></param>
///// <returns></returns>
//public CODE_USER qryByKey(String userId) {
// using (dbTreasuryEntities db = new dbTreasuryEntities())
// {
// CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault<CODE_USER>();
// return codeUser;
// }
//}
/// <summary>
/// 異動user的login、logout時間
/// </summary>
/// <param name="userId"></param>
/// <param name="type"></param>
public void updateLogInOut(String userId, String type)
{
using (dbTreasuryEntities db = new dbTreasuryEntities())
{
CODE_USER codeUser = db.CODE_USER.Where(x => x.USER_ID == userId).FirstOrDefault <CODE_USER>();
if ("I".Equals(type))
{
codeUser.LAST_LOGIN_DT = DateUtil.getCurDateTime();
}
else
{
codeUser.LAST_LOGOUT_DT = DateUtil.getCurDateTime();
}
int cnt = db.SaveChanges();
}
}
/// <summary>
/// 新增稽核軌跡
/// </summary>
/// <param name="codeUserDao"></param>
/// <param name="codeUser"></param>
/// <param name="conn"></param>
/// <param name="transaction"></param>
public void procTrackLog(string type, CodeUserDao codeUserDao, CODE_USER codeUser, SqlConnection conn, SqlTransaction transaction)
{
PIA_LOG_MAIN piaLog = new PIA_LOG_MAIN();
piaLog.TRACKING_TYPE = "A";
piaLog.ACCESS_ACCOUNT = Session["UserID"].ToString();
piaLog.ACCOUNT_NAME = Session["UserName"].ToString();
piaLog.PROGFUN_NAME = "UserReview";
piaLog.ACCESSOBJ_NAME = "CodeUser";
piaLog.EXECUTION_TYPE = type;
piaLog.EXECUTION_CONTENT = codeUserDao.userLogContent(codeUser);
piaLog.AFFECT_ROWS = 1;
piaLog.PIA_OWNER1 = codeUser.USER_ID;
piaLog.PIA_OWNER2 = "";
piaLog.PIA_TYPE = "0100000000";
PiaLogMainDao piaLogMainDao = new PiaLogMainDao();
piaLogMainDao.Insert(piaLog, conn, transaction);
}
public JsonResult execReviewU(string aplyNo, string userId, string apprStatus)
{
string strConn = DbUtil.GetDBTreasuryConnStr();
using (SqlConnection conn = new SqlConnection(strConn))
{
conn.Open();
SqlTransaction transaction = conn.BeginTransaction("Transaction");
try
{
AuthApprDao AuthApprDao = new AuthApprDao();
AUTH_APPR authAppr = AuthApprDao.qryByKey(aplyNo);
if (StringUtil.toString(authAppr.CREATE_UID).Equals(Session["UserID"].ToString()))
{
return(Json(new { success = false, errors = "覆核人員與申請人員相同,不可執行覆核作業!!" }, JsonRequestBehavior.AllowGet));
}
//異動使用者資料檔
string cExecType = "";
CodeUserHisDao codeUserHisDao = new CodeUserHisDao();
CodeUserDao codeUserDao = new CodeUserDao();
CODE_USER cODEUSERO = new CODE_USER();
CODE_USER_HIS codeUserHis = codeUserHisDao.qryByAplyNo(aplyNo);
string execAction = "";
if (codeUserHis != null)
{
execAction = StringUtil.toString(codeUserHis.EXEC_ACTION);
}
if ("A".Equals(execAction)) //新增使用者
{
}
else
{ //異動角色
cODEUSERO = codeUserDao.qryUserByKey(userId);
}
if ("A".Equals(execAction))
{
if ("2".Equals(apprStatus))
{
cODEUSERO.USER_ID = StringUtil.toString(codeUserHis.USER_ID);
cODEUSERO.IS_DISABLED = codeUserHis.IS_DISABLED;
cODEUSERO.IS_MAIL = codeUserHis.IS_MAIL;
cODEUSERO.MEMO = codeUserHis.MEMO;
cODEUSERO.DATA_STATUS = "1";
cODEUSERO.CREATE_UID = authAppr.CREATE_UID;
cODEUSERO.CREATE_DT = authAppr.CREATE_DT;
cODEUSERO.LAST_UPDATE_UID = StringUtil.toString(authAppr.CREATE_UID);
cODEUSERO.LAST_UPDATE_DT = authAppr.CREATE_DT;
cODEUSERO.APPR_UID = Session["UserID"].ToString();
cODEUSERO.APPR_DT = DateTime.Now;
int cnt = codeUserDao.Create(cODEUSERO, conn, transaction);
//新增LOG
Log log = new Log();
log.CFUNCTION = "使用者管理-新增";
log.CACTION = "A";
log.CCONTENT = codeUserDao.userLogContent(cODEUSERO);
LogDao.Insert(log, Session["UserID"].ToString());
//新增稽核軌跡
procTrackLog("A", codeUserDao, cODEUSERO, conn, transaction);
}
}
else
{
//新增LOG
Log log = new Log();
log.CFUNCTION = "使用者管理-修改";
log.CACTION = "U";
log.CCONTENT = codeUserDao.userLogContent(cODEUSERO);
LogDao.Insert(log, Session["UserID"].ToString());
cODEUSERO.DATA_STATUS = "1";
cODEUSERO.LAST_UPDATE_UID = StringUtil.toString(authAppr.CREATE_UID);
cODEUSERO.LAST_UPDATE_DT = authAppr.CREATE_DT;
cODEUSERO.APPR_UID = Session["UserID"].ToString();
cODEUSERO.APPR_DT = DateTime.Now;
cODEUSERO.FREEZE_DT = null;
cODEUSERO.FREEZE_UID = "";
if ("U".Equals(execAction) && "2".Equals(apprStatus))
{
cODEUSERO.IS_DISABLED = codeUserHis.IS_DISABLED;
cODEUSERO.IS_MAIL = StringUtil.toString(codeUserHis.IS_MAIL);
cODEUSERO.MEMO = StringUtil.toString(codeUserHis.MEMO);
}
int cnt = codeUserDao.Update(cODEUSERO, conn, transaction);
//20190418 201904160117-00 Bianco 修改稽核軌跡
procTrackLog("E", codeUserDao, cODEUSERO, conn, transaction);
}
//覆核狀態=核可時
if ("2".Equals(apprStatus))
{
procUserRoleHis(cODEUSERO, aplyNo, conn, transaction); //異動使用者角色
}
//異動覆核資料檔
procAuthAppr(aplyNo, apprStatus, conn, transaction);
transaction.Commit();
return(Json(new { success = true }));
}
catch (Exception e)
{
transaction.Rollback();
logger.Error("[execReviewR]其它錯誤:" + e.ToString());
return(Json(new { success = false, errors = "其它錯誤,請洽系統管理員!!" }, JsonRequestBehavior.AllowGet));
}
}
}
///// <summary>
///// 開啟使用者修改明細畫面
///// </summary>
///// <param name="aplyNo"></param>
///// <returns></returns>
//public ActionResult detailUser(string cReviewSeq)
//{
// try
// {
// using (DbAccountEntities db = new DbAccountEntities())
// {
// CodeUserHisDao codeUserHisDao = new CodeUserHisDao();
// AuthReviewUserModel userData = codeUserHisDao.qryByNowHis(cReviewSeq, db);
// string[] cDateTime = userData.cCrtDateTime.Split(' ');
// userData.cCrtDateTime = DateUtil.formatDateTimeDbToSc(cDateTime[0] + " " + cDateTime[1], "DT");
// ViewBag.bHaveData = "Y";
// ViewBag.cReviewSeq = cReviewSeq;
// return View(userData);
// }
// }
// catch (Exception e)
// {
// ViewBag.bHaveData = "N";
// return View();
// }
//}
/// <summary>
/// 開啟使用者修改明細畫面
/// </summary>
/// <param name="aplyNo"></param>
/// <returns></returns>
public ActionResult detailUser(string aplyNo, string userId)
{
try
{
string execAction = "";
AuthApprDao AuthApprDao = new AuthApprDao();
AUTH_APPR authAppr = new AUTH_APPR();
if (!"".Equals(StringUtil.toString(aplyNo)))
{
authAppr = AuthApprDao.qryByKey(aplyNo);
ViewBag.bView = "N";
}
else
{
authAppr = AuthApprDao.qryByFreeRole(userId);
if (authAppr != null)
{
aplyNo = StringUtil.toString(authAppr.APLY_NO);
}
ViewBag.bView = "Y";
}
AuthReviewUserModel userData = new AuthReviewUserModel();
userData.aplyNo = aplyNo;
userData.userId = authAppr.APPR_MAPPING_KEY;
userData.createUid = authAppr.CREATE_UID;
OaEmpDao oaEmpDao = new OaEmpDao();
using (DB_INTRAEntities dbIntra = new DB_INTRAEntities())
{
try
{
userData.createUid = userData.createUid == null ? "" : StringUtil.toString(oaEmpDao.qryByUsrId(userData.createUid, dbIntra).EMP_NAME);
userData.userName = userData.userId == null ? "" : StringUtil.toString(oaEmpDao.qryByUsrId(userData.userId, dbIntra).EMP_NAME);
}
catch (Exception e)
{
}
}
userData.createDt = authAppr.CREATE_DT.ToString();
SysCodeDao sysCodeDao = new SysCodeDao();
Dictionary <string, string> dicExecAction = sysCodeDao.qryByTypeDic("EXEC_ACTION");
Dictionary <string, string> dicYNFlag = sysCodeDao.qryByTypeDic("YN_FLAG");
CodeUserHisDao codeUserHisDao = new CodeUserHisDao();
CODE_USER_HIS codeUserHis = codeUserHisDao.qryByAplyNo(aplyNo);
if (codeUserHis != null)
{
execAction = StringUtil.toString(codeUserHis.EXEC_ACTION);
}
if ("".Equals(execAction))
{
CodeUserDao codeUserDao = new CodeUserDao();
CODE_USER codeUser = new CODE_USER();
codeUser = codeUserDao.qryUserByKey(authAppr.APPR_MAPPING_KEY);
userData.isMailB = StringUtil.toString(codeUser.IS_MAIL);
userData.isDisabledB = StringUtil.toString(codeUser.IS_DISABLED);
userData.memoB = StringUtil.toString(codeUser.MEMO);
}
else
{
if ("A".Equals(execAction))
{
userData.isMail = StringUtil.toString(codeUserHis.IS_MAIL);
userData.isDisabled = StringUtil.toString(codeUserHis.IS_DISABLED);
userData.memo = StringUtil.toString(codeUserHis.MEMO);
}
else
{
userData.isMail = StringUtil.toString(codeUserHis.IS_MAIL);
userData.isDisabled = StringUtil.toString(codeUserHis.IS_MAIL);
userData.memo = StringUtil.toString(codeUserHis.MEMO);
userData.isMailB = StringUtil.toString(codeUserHis.IS_MAIL_B);
userData.isDisabledB = StringUtil.toString(codeUserHis.IS_DISABLED_B);
userData.memoB = StringUtil.toString(codeUserHis.MEMO_B);
}
}
userData.execAction = execAction;
userData.execActionDesc = dicExecAction.ContainsKey(userData.execAction) ? dicExecAction[userData.execAction] : userData.execAction;
userData.isDisabledDesc = dicYNFlag.ContainsKey(userData.isDisabled) ? dicYNFlag[userData.isDisabled] : userData.isDisabled;
userData.isDisabledDescB = dicYNFlag.ContainsKey(userData.isDisabledB) ? dicYNFlag[userData.isDisabledB] : userData.isDisabledB;
userData.isMailDesc = dicYNFlag.ContainsKey(userData.isMail) ? dicYNFlag[userData.isMail] : userData.isMail;
userData.isMailDescB = dicYNFlag.ContainsKey(userData.isMailB) ? dicYNFlag[userData.isMailB] : userData.isMailB;
ViewBag.bHaveData = "Y";
ViewBag.aplyNo = aplyNo;
return(View(userData));
}
catch (Exception e)
{
ViewBag.bHaveData = "N";
return(View());
}
}
/// <summary>
/// 異動使用者資訊
/// </summary>
/// <param name="userMgrModel"></param>
/// <returns></returns>
public JsonResult updateUser(UserMgrModel userMgrModel, List <CodeUserRoleModel> roleData, string execAction)
{
bool bUserChg = false;
bool bRoleChg = false;
CodeUserDao codeUserDao = new CodeUserDao();
CODE_USER userO = codeUserDao.qryUserByKey(userMgrModel.cUserID);
if ("A".Equals(execAction))
{
if (userO != null)
{
if (!"".Equals(StringUtil.toString(userO.USER_ID)))
{
return(Json(new { success = false, err = "使用者已存在系統,不可新增!!" }, JsonRequestBehavior.AllowGet));
}
}
bUserChg = true;
}
else
{
if (userO == null)
{
return(Json(new { success = false, err = "該使用者不存在系統!!" }, JsonRequestBehavior.AllowGet));
}
else
{
if (StringUtil.toString(userMgrModel.isDisabled).Equals(StringUtil.toString(userO.IS_DISABLED)) &&
StringUtil.toString(userMgrModel.isMail).Equals(StringUtil.toString(userO.IS_MAIL)) &&
StringUtil.toString(userMgrModel.vMemo).Equals(StringUtil.toString(userO.MEMO))
)
{
bUserChg = false;
}
else
{
bUserChg = true;
}
}
}
//比對是否有異動"角色授權"
CodeUserRoleDao codeUserRoleDao = new CodeUserRoleDao();
List <CodeUserRoleModel> roleDataO = codeUserRoleDao.qryByUserID(userMgrModel.cUserID);
List <CodeUserRoleModel> roleList = new List <CodeUserRoleModel>();
if (roleData != null)
{
foreach (CodeUserRoleModel role in roleData)
{
CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel();
codeUserRoleModel.userId = StringUtil.toString(userMgrModel.cUserID);
codeUserRoleModel.roleId = StringUtil.toString(role.roleId);
if (roleDataO.Exists(x => x.roleId == role.roleId))
{
codeUserRoleModel.execAction = "";
}
else
{
bRoleChg = true;
codeUserRoleModel.execAction = "A";
}
roleList.Add(codeUserRoleModel);
}
}
foreach (CodeUserRoleModel oRole in roleDataO)
{
if (roleList != null)
{
if (!roleList.Exists(x => x.roleId == oRole.roleId))
{
bRoleChg = true;
CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel();
codeUserRoleModel.userId = StringUtil.toString(userMgrModel.cUserID);
codeUserRoleModel.roleId = StringUtil.toString(oRole.roleId);
codeUserRoleModel.execAction = "D";
roleList.Add(codeUserRoleModel);
}
}
else
{
bRoleChg = true;
CodeUserRoleModel codeUserRoleModel = new CodeUserRoleModel();
codeUserRoleModel.userId = StringUtil.toString(oRole.userId);
codeUserRoleModel.roleId = StringUtil.toString(oRole.roleId);
codeUserRoleModel.execAction = "D";
roleList.Add(codeUserRoleModel);
}
}
if (bUserChg == false && bRoleChg == false)
{
return(Json(new { success = false, errors = "未異動畫面資料,將不進行修改覆核作業!!" }, JsonRequestBehavior.AllowGet));
}
/*------------------ DB處理 begin------------------*/
string strConn = DbUtil.GetDBTreasuryConnStr();
using (SqlConnection conn = new SqlConnection(strConn))
{
conn.Open();
SqlTransaction transaction = conn.BeginTransaction("Transaction");
try
{
AuthApprDao authApprDao = new AuthApprDao();
AUTH_APPR authAppr = new AUTH_APPR();
authAppr.AUTH_APLY_TYPE = "U";
authAppr.APPR_STATUS = "1";
authAppr.APPR_MAPPING_KEY = userMgrModel.cUserID;
authAppr.CREATE_UID = Session["UserID"].ToString();
//新增"覆核資料檔"
string aplyNo = authApprDao.insert(authAppr, conn, transaction);
// 異動"使用者資料檔"資料狀態
if (!"A".Equals(execAction))
{
Log log = new Log();
log.CFUNCTION = "使用者管理-修改";
log.CACTION = "U";
log.CCONTENT = codeUserDao.userLogContent(userO);
LogDao.Insert(log, Session["UserID"].ToString());
userO.DATA_STATUS = "2";
userO.LAST_UPDATE_UID = Session["UserID"].ToString();
userO.LAST_UPDATE_DT = DateTime.Now;
userO.FREEZE_UID = Session["UserID"].ToString();
userO.FREEZE_DT = DateTime.Now;
int cnt = codeUserDao.Update(userO, conn, transaction);
}
//處理使用者資料檔的異動
if (bUserChg)
{
CodeUserHisDao codeUserHisDao = new CodeUserHisDao();
CODE_USER_HIS userHis = new CODE_USER_HIS();
userHis.APLY_NO = aplyNo;
userHis.USER_ID = userMgrModel.cUserID;
userHis.IS_DISABLED = userMgrModel.isDisabled;
userHis.IS_MAIL = userMgrModel.isMail;
userHis.MEMO = userMgrModel.vMemo;
if (!"A".Equals(execAction))
{
userHis.IS_DISABLED_B = userO.IS_DISABLED;
userHis.IS_MAIL_B = userO.IS_MAIL;
userHis.MEMO_B = userO.MEMO;
userHis.EXEC_ACTION = "U";
}
else
{
userHis.EXEC_ACTION = "A";
}
codeUserHisDao.insert(userHis, conn, transaction);
}
//處理角色金庫設備資料檔的異動
if (bRoleChg)
{
CodeUserRoleHisDao codeUserRoleHisDao = new CodeUserRoleHisDao();
foreach (CodeUserRoleModel role in roleList)
{
codeUserRoleHisDao.insert(aplyNo, role, conn, transaction);
//if (!"".Equals(role.execAction))
//{
// codeUserRoleHisDao.insert(aplyNo, role, conn, transaction);
//}
}
}
transaction.Commit();
/*------------------ DB處理 end------------------*/
return(Json(new { success = true, aplyNo = aplyNo }));
}
catch (Exception e)
{
transaction.Rollback();
logger.Error("[updateUser]其它錯誤:" + e.ToString());
return(Json(new { success = false, err = "其它錯誤,請洽系統管理員!!" }, JsonRequestBehavior.AllowGet));
}
}
}
public ActionResult Login(LoginModel loginModel)
{
logger.Info("[AccountController][Login]UserId:" + loginModel.UserId);
bool hasuser = System.Web.HttpContext.Current.User != null;
bool isAuthenticated = hasuser && System.Web.HttpContext.Current.User.Identity.IsAuthenticated;
if (ModelState.IsValid)
//if (isAuthenticated)
{
logger.Info("[AccountController][Login]IsValid");
this.HttpContext.Response.RemoveOutputCacheItem(Url.Action("MenuByUser", "NavigationController"));
string ADPath = System.Configuration.ConfigurationManager.AppSettings.Get("ADPath");
loginModel.UserId = loginModel.UserId.ToUpper();
DirectoryEntry entry = new DirectoryEntry(ADPath, loginModel.UserId, loginModel.Password);
try
{
string objectSid = (new SecurityIdentifier((byte[])entry.Properties["objectSid"].Value, 0).Value);
//AD驗證成功,檢查該user是否有系統權限
CodeUserDao codeUserDao = new CodeUserDao();
CODE_USER codeUser = codeUserDao.qryUserByKey(loginModel.UserId);
if (codeUser != null)
{
if ("N".Equals(codeUser.IS_DISABLED))
{
Session["UserID"] = loginModel.UserId;
//Session["UserID"] = "A8272";
//Session["UserID"] = "A7040";
//Session["UserID"] = "A0190";
//Session["AgentID"] = codeUser.CAGENTID;
//Session["UserName"] = "";
//Session["UserUnit"] = "";
OaEmpDao oaEmpDao = new OaEmpDao();
try
{
using (DB_INTRAEntities dbIntra = new DB_INTRAEntities())
{
V_EMPLY2 emp = oaEmpDao.qryByUsrId(loginModel.UserId, dbIntra);
if (emp != null)
{
Session["UserName"] = StringUtil.toString(emp.EMP_NAME);
Session["UserUnit"] = StringUtil.toString(emp.DPT_CD);
//Session["UserUnit"] = "VE303";
}
}
}
catch (Exception e)
{
}
writeLog("I", true, loginModel.UserId, codeUser);
LoginProcess(loginModel.UserId, false);
//System.Web.HttpContext context = System.Web.HttpContext.Current;
//SessionIDManager smgr = new SessionIDManager();
//string newId = smgr.CreateSessionID(context);
//string oldId = context.Session.SessionID;
//bool redirected = false;
//bool isAdded = false;
//smgr.SaveSessionID(context, newId, out redirected, out isAdded);
//string guid = Guid.NewGuid().ToString();
//string guid2 = Guid.NewGuid().ToString();
//Session["ASP.NET_SessionId"] = guid;
//// now create a new cookie with this guid value
//Response.Cookies["ASP.NET_SessionId"].Value = guid;
//Response.Cookies["adAuthCookie"].Value = guid2;
//Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", guid));
//Response.Cookies.Add(new HttpCookie("adAuthCookie", guid2));
return(RedirectToAction("Index", "Home"));
}
}
writeLog("I", false, loginModel.UserId, null);
ModelState.AddModelError("", "找不到這個使用者或登入帳號密碼失敗!");
return(View(loginModel));
}
catch (Exception e)
{
logger.Error("[Login]其它錯誤:" + e.ToString());
writeLog("I", false, loginModel.UserId, null);
//驗證失敗
ModelState.AddModelError("", "找不到這個使用者或登入帳號密碼失敗!");
return(View(loginModel));
}
finally
{
logger.Info("[Login]finally:" + loginModel.UserId);
//entry.Dispose();
}
}
else
{
logger.Info("[Login](ModelState.IsValid=false):" + loginModel.UserId);
return(View(loginModel));
}
}
private void writeLog(String type, bool bSuccess, String userId, CODE_USER codeUser)
{
CommonUtil commonUtil = new CommonUtil();
//logModel
Log log = new Log();
log.CFUNCTION = "I".Equals(type) ? "登入作業" : "登出作業";
log.CACTION = "L";
log.CCONTENT = "UserId:" + userId + "| UserName:" + commonUtil.GetIPAddress() + "|" + ("I".Equals(type) ? "登入成功" : "登出成功");
//PiaLogMainModel
PIA_LOG_MAIN piaLogMain = new PIA_LOG_MAIN();
piaLogMain.TRACKING_TYPE = "B";
piaLogMain.ACCESS_ACCOUNT = userId;
piaLogMain.ACCOUNT_NAME = "";
piaLogMain.PROGFUN_NAME = "AccountController";
piaLogMain.EXECUTION_CONTENT = userId;
piaLogMain.AFFECT_ROWS = 0;
piaLogMain.PIA_TYPE = "0000000000";
if (bSuccess)
{
CodeUserDao codeUserDao = new CodeUserDao();
//更新login/logout日期時間
if ("I".Equals(type))
{
codeUserDao.updateLogInOut(userId, "I");
}
//codeUser.cLoginDateTime = DateTime.Now;
else
{
codeUserDao.updateLogInOut(userId, "O");
}
//codeUser.cLogoutDateTime = DateTime.Now;
//寫入系統LOG
LogDao.Insert(log, userId);
//寫入稽核軌跡
//piaLogMain.ACCOUNT_NAME = codeUser.CUSERNAME;
piaLogMain.EXECUTION_TYPE = "I".Equals(type) ? "LS" : "LO";
piaLogMain.ACCESSOBJ_NAME = "CodeUser";
PiaLogMainDao piaLogMainDao = new PiaLogMainDao();
piaLogMainDao.Insert(piaLogMain);
}
else
{
//寫入系統LOG
log.CCONTENT = "UserId:" + userId + "| UserName:" + commonUtil.GetIPAddress() + "|" + "登入失敗";
LogDao.Insert(log, userId);
//寫入稽核軌跡
piaLogMain.EXECUTION_TYPE = "LF";
piaLogMain.ACCESSOBJ_NAME = "AD";
PiaLogMainDao piaLogMainDao = new PiaLogMainDao();
piaLogMainDao.Insert(piaLogMain);
}
}
/// <summary>
/// 新增使用者
/// </summary>
/// <param name="user"></param>
/// <param name="conn"></param>
/// <param name="transaction"></param>
/// <returns></returns>
public int Create(CODE_USER user, SqlConnection conn, SqlTransaction transaction)
{
using (DB_INTRAEntities db = new DB_INTRAEntities())
{
OaEmpDao oaEmpDao = new OaEmpDao();
V_EMPLY2 emp = new V_EMPLY2();
try
{
emp = oaEmpDao.qryByUsrId(user.USER_ID, db);
if (emp != null)
{
user.USER_UNIT = StringUtil.toString(emp.DPT_CD);
}
}
catch (Exception e)
{
throw e;
}
}
string sql = @"
INSERT INTO [dbo].[CODE_USER]
([USER_ID]
,[USER_UNIT]
,[IS_DISABLED]
,[IS_MAIL]
,[MEMO]
,[DATA_STATUS]
,[CREATE_UID]
,[CREATE_DT]
,[LAST_UPDATE_UID]
,[LAST_UPDATE_DT]
,[APPR_UID]
,[APPR_DT]
)
VALUES
(
@USER_ID
,@USER_UNIT
,@IS_DISABLED
,@IS_MAIL
,@MEMO
,@DATA_STATUS
,@CREATE_UID
,@CREATE_DT
,@LAST_UPDATE_UID
,@LAST_UPDATE_DT
,@APPR_UID
,@APPR_DT
)
";
SqlCommand command = conn.CreateCommand();
command.Connection = conn;
command.Transaction = transaction;
try
{
command.CommandText = sql;
command.Parameters.AddWithValue("@USER_ID", StringUtil.toString(user.USER_ID));
command.Parameters.AddWithValue("@USER_UNIT", StringUtil.toString(user.USER_UNIT));
command.Parameters.AddWithValue("@IS_DISABLED", StringUtil.toString(user.IS_DISABLED));
command.Parameters.AddWithValue("@IS_MAIL", StringUtil.toString(user.IS_MAIL));
command.Parameters.AddWithValue("@MEMO", StringUtil.toString(user.MEMO));
command.Parameters.AddWithValue("@DATA_STATUS", StringUtil.toString(user.DATA_STATUS));
command.Parameters.AddWithValue("@CREATE_UID", StringUtil.toString(user.CREATE_UID));
command.Parameters.Add("@CREATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.CREATE_DT ?? System.DBNull.Value;
command.Parameters.AddWithValue("@LAST_UPDATE_UID", StringUtil.toString(user.LAST_UPDATE_UID));
command.Parameters.Add("@LAST_UPDATE_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.LAST_UPDATE_DT ?? System.DBNull.Value;
command.Parameters.AddWithValue("@APPR_UID", StringUtil.toString(user.APPR_UID));
command.Parameters.Add("@APPR_DT", System.Data.SqlDbType.DateTime).Value = (System.Object)user.APPR_DT ?? System.DBNull.Value;
int cnt = command.ExecuteNonQuery();
return(cnt);
}
catch (Exception e)
{
throw e;
}
}
