public ActionResult Create(RoleModel roleModel)
{
if (RoleCheck(roleModel.Role))
{
ViewData["error"] = "The Role already exists.";
return(View(RolePage(null)));
}
try
{
tbl_role o_role = new tbl_role();
o_role.ID = Guid.NewGuid();
o_role.Name = roleModel.Role;
o_role.Status = true;
o_role.Createdby = "Admin";
o_role.Updatedby = "Admin";
o_role.CreateTS = DateTime.UtcNow;
o_role.UpdateTS = DateTime.UtcNow;
obj.tbl_role.Add(o_role);
foreach (var module in roleModel.lst_module)
{
if (module.Value)
{
tbl_role_module role_module = new tbl_role_module();
role_module.ID = Guid.NewGuid();
role_module.Role_ID = o_role.ID;
role_module.Module_ID = module.id;
role_module.Status = module.Value;
role_module.Createdby = "Admin";
role_module.Updatedby = "Admin";
role_module.CreateTS = DateTime.UtcNow;
role_module.UpdateTS = DateTime.UtcNow;
obj.tbl_role_module.Add(role_module);
}
}
obj.SaveChanges();
ViewData["success"] = "The Role is created successfully";
return(RedirectToAction("Index"));
}
catch (DbUpdateException ex)
{
SqlException innerException = ex.InnerException.InnerException as SqlException;
if (innerException != null && (innerException.Number == 2627 || innerException.Number == 2601))
{
ViewData["error"] = "Role already exists!";
return(View(RolePage(null)));
}
else
{
throw;
}
}
catch (Exception ex)
{
ViewData["error"] = "An error occured. Please try again!";
return(View(RolePage(null)));
}
}
public ActionResult DeleteConfirmed(int id)
{
tbl_role tbl_role = db.tbl_role.Find(id);
db.tbl_role.Remove(tbl_role);
db.SaveChanges();
return(RedirectToAction("Index"));
}
public void Insert(role _entity)
{
tbl_role entity = new tbl_role {
name = _entity.name, description = _entity.description
};
_uow.RoleRepository.Insert(entity);
_uow.Save();
}
public ActionResult Edit([Bind(Include = "r_id,r_type")] tbl_role tbl_role)
{
if (ModelState.IsValid)
{
db.Entry(tbl_role).State = EntityState.Modified;
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(tbl_role));
}
public role GetById(long id)
{
tbl_role _tbl_role = _uow.RoleRepository.GetById(id);
return(new role
{
id = _tbl_role.id,
name = _tbl_role.name,
description = _tbl_role.description
});
}
public ActionResult Create([Bind(Include = "r_id,r_type")] tbl_role tbl_role)
{
if (ModelState.IsValid)
{
db.tbl_role.Add(tbl_role);
db.SaveChanges();
return(RedirectToAction("Index"));
}
return(View(tbl_role));
}
// PUT: api/Roles/5
public bool Put(tbl_role r)
{
try
{
return(unitOfWork.RolesManager.UpdateEntity(r));
}
catch
{
return(false);
}
}
public void Delete(role _entity)
{
tbl_role _tbl_role = new tbl_role
{
id = _entity.id,
name = _entity.name,
description = _entity.description
};
_uow.RoleRepository.Delete(_tbl_role);
_uow.Save();
}
// POST: api/Roles
public bool Post(tbl_role r)
{
var id = unitOfWork.RolesManager.MaxId(r);
for (int i = 0; true; i++)
{
if (unitOfWork.RolesManager.GetByID(id) == null)
{
r.id = id;
return(unitOfWork.RolesManager.AddEntity(r));
}
id++;
}
}
// GET: tbl_role/Delete/5
public ActionResult Delete(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
tbl_role tbl_role = db.tbl_role.Find(id);
if (tbl_role == null)
{
return(HttpNotFound());
}
return(View(tbl_role));
}
// PUT: api/Roles/5
public bool Put(tbl_role r)
{
return(unitOfWork.RolesManager.UpdateEntity(r));
}
public ActionResult Edit(RoleModel roleModel)
{
tbl_role o_role = obj.tbl_role.Where(x => x.ID == roleModel.Role_ID).FirstOrDefault();
if (RoleCheck(roleModel.Role) == true && o_role.Name != roleModel.Role)
{
ViewData["error"] = "The Role already exists.";
return(View(RolePage(null)));
}
try
{
o_role.Name = roleModel.Role;
o_role.Status = true;
o_role.Updatedby = "Admin";
o_role.UpdateTS = DateTime.UtcNow;
obj.SaveChanges();
foreach (var module in roleModel.lst_module)
{
tbl_role_module role_module = obj.tbl_role_module.Where(x => x.Role_ID == roleModel.Role_ID && x.Module_ID == module.id).FirstOrDefault();
if (role_module == null && module.Value == true)
{
tbl_role_module new_role = new tbl_role_module();
new_role.ID = Guid.NewGuid();
new_role.Role_ID = o_role.ID;
new_role.Module_ID = module.id;
new_role.Status = module.Value;
new_role.Createdby = "Admin";
new_role.CreateTS = DateTime.UtcNow;
new_role.Updatedby = "Admin";
new_role.UpdateTS = DateTime.UtcNow;
obj.tbl_role_module.Add(new_role);
}
else if (role_module == null)
{
continue;
}
else
{
if (role_module.Status != module.Value)
{
role_module.Status = module.Value;
role_module.Updatedby = "Admin";
role_module.UpdateTS = DateTime.UtcNow;
}
}
obj.SaveChanges();
}
return(RedirectToAction("Index"));
}
//catch (DbUpdateException ex)
//{
// SqlException innerException = ex.InnerException.InnerException as SqlException;
// if (innerException != null && (innerException.Number == 2627 || innerException.Number == 2601))
// {
// ViewData["error"] = "Role already exists!";
// return View(RolePage(null));
// }
// else
// {
// throw;
// }
//}
catch (Exception ex)
{
ViewData["error"] = "An error occured. Please try again!";
return(View(RolePage(null)));
}
}
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
string ipaddress = "127.0.0.1";
if (context.Connection.RemoteIpAddress != null)
{
ipaddress = context.Connection.RemoteIpAddress.ToString();
}
_session.SetString("LoginUserID", "0");
_session.SetString("LoginRemoteIpAddress", ipaddress);
_session.SetString("LoginTypeParam", "1");
TokenData _tokenData = null;
var access_token = "";
var hdtoken = context.Request.Headers["Authorization"];
if (hdtoken.Count > 0)
{
access_token = hdtoken[0];
access_token = access_token.Replace("Bearer ", "");
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(access_token) as JwtSecurityToken;
_tokenData = Globalfunction.GetTokenData(tokenS);
}
else
{
//TODO for some
var pathstr = context.Request.Path.ToString();
string[] patharr = pathstr.Split('/');
//int prequest = Array.IndexOf(patharr, "public");
int prequest = Array.IndexOf(patharr, "api");
if (prequest > 0)
{
await next(context);
}
else
{
await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400);
}
}
// _objdb = DB;
if (!context.Request.Path.Equals(_options.Path, StringComparison.Ordinal))
{
// await next(context);
var methodName = context.Request.Path.ToString().Split("/")[3];
//Regenerate newtoken for not timeout at running
string newToken = "";
try
{
var pathstr = context.Request.Path.ToString();
string[] patharr = pathstr.Split('/');
int prequest = Array.IndexOf(patharr, "public");
int trequest = Array.IndexOf(patharr, "testapi");
int flowrequest = Array.IndexOf(patharr, "TLG");
int customerrequest = Array.IndexOf(patharr, "CutomerMobile");
if (prequest < 1 && trequest < 1 && flowrequest < 1 && customerrequest < 1)
{
var handler = new JwtSecurityTokenHandler();
var allow = false;
var tokenS = handler.ReadToken(access_token) as JwtSecurityToken;
//check userlevel permission
if (patharr[1].ToString() == "api")
{
var isadmin = false;
tbl_role objAdminLevel = null;
if (_tokenData.Userlevelid != "")
{
objAdminLevel = _repository.Role_Repository.GetRolebyid(int.Parse(_tokenData.Userlevelid));
}
else
{
isadmin = true;
}
//var objAdminLevel = _repository.AdminLevel.FindAdminLevel(int.Parse(_tokenData.Userlevelid));
if (objAdminLevel != null)
{
isadmin = objAdminLevel.role_is_admin;
}
if (isadmin)
{
allow = true;
}
else
{
// string ipaddress = context.Connection.RemoteIpAddress.ToString();
// allow = checkURLPermission(_tokenData, patharr[2], patharr[3], ipaddress);
string controllername = patharr[2];
string functionname = patharr[3];
string ServiceUrl = controllername + "/" + functionname;
}
}
if (patharr[1].ToString() == "mobile")
{
allow = true;
}
if (allow)
{
// check token expired
double expireTime = Convert.ToDouble(_options.Expiration.TotalMinutes);
DateTime issueDate = _tokenData.TicketExpireDate.AddMinutes(-expireTime);
DateTime NowDate = DateTime.UtcNow;
if (issueDate > NowDate || _tokenData.TicketExpireDate < NowDate)
{
// return "-2";
newToken = "-2";
}
// end of token expired check
var now = DateTime.UtcNow;
_tokenData.Jti = new DateTimeOffset(now).ToUniversalTime().ToUnixTimeSeconds().ToString();
_tokenData.Jti = await _options.NonceGenerator();
var claims = Globalfunction.GetClaims(_tokenData);
// Create the JWT and write it to a string
var jwt = new JwtSecurityToken(
issuer: _options.Issuer,
audience: _options.Audience,
claims: claims,
notBefore: now,
expires: now.Add(_options.Expiration),
signingCredentials: _options.SigningCredentials);
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
// return encodedJwt;
newToken = encodedJwt;
_session.SetString("LoginUserID", _tokenData.UserID);
_session.SetString("LoginRemoteIpAddress", ipaddress);
_session.SetString("LoginTypeParam", "1");
if (patharr[1].ToString() == "mobile")
{
_session.SetString("LoginUserID", _tokenData.UserID);
_session.SetString("LoginRemoteIpAddress", ipaddress);
_session.SetString("LoginTypeParam", "mobile");
}
}
else
{
//return "-1";
newToken = "-1";
}
}
else
{
// if request is public, let pass without token.
await next(context);
}
}
catch (Exception ex)
{
Globalfunction.WriteSystemLog(ex.Message);
}
if (newToken == "-1")
{
_repository.EventLog.Info("Not include Authorization Header, Access Denied");
context.Response.StatusCode = 400;
await ResponseMessage(new { status = "fail", message = "Access Denied" }, context, 400);
}
else if (newToken == "-2")
{
context.Response.StatusCode = 400;
await ResponseMessage(new { status = "fail", message = "The Token has expired" }, context, 400);
}
else if (newToken != "")
{
context.Response.Headers.Add("Access-Control-Expose-Headers", "newToken");
context.Response.Headers.Add("newToken", newToken);
await next(context);
}
}
else
{
// return GenerateToken(context);
await GenerateToken(context);
}
}
