protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// first try and authorize the user
if (httpContext == null)
{
throw new ArgumentNullException("httpContext");
}
IPrincipal user = httpContext.User;
if (user.Identity.IsAuthenticated)
{
// now check to see if the user in the doctor role
var context = new HVDbContext();
// check to see if the role exists
var roles = this.Roles.Split(',');
if (roles.Length > 0)
{
// find the roles in the database
foreach (var r in roles)
{
var role = context.Roles.Where(t => t.RoleName.Equals(r)).FirstOrDefault();
if (role != null)
{
var userdb = context.Users.Where(t => t.UserName.Equals(user.Identity.Name)).FirstOrDefault();
if (userdb != null)
{
// now find the role and user association
var ru = context.UserRoles.Where(t => t.RoleId.Equals(role.RoleId) && t.UserId.Equals(userdb.UserId)).FirstOrDefault();
if (ru != null)
{
// we found the association so we are good
return true;
}
}
}
}
}
}
// if we make it here user is not authenticated
return false;
}
public ActionResult GetUserList()
{
var ret = new { status = "ok" };
// get a list of users
var context = new HVDbContext();
var users = (from t in context.HealthVaultUsers
select new
{
t.Id,
t.RecordId,
t.Name,
}).ToList();
// compose the response
return Json(new
{
status = ret.status,
users = users.Select(a => new { a.Id, a.Name, imageUrl = HVUserImageHelper.Default.GetImageUrl(a.RecordId) }).ToList(),
}, JsonRequestBehavior.AllowGet);
}
private void SaveUser(PersonInfo personInfo, string token)
{
// create a new context
var context = new HVDbContext();
// check if the user already exists
var user = (from t in context.HealthVaultUsers
where t.PersonId.Equals(personInfo.PersonId)
select t).FirstOrDefault();
if (user == null)
{
// add user to collection
context.HealthVaultUsers.Add(new HealthVaultUser()
{
HealthRecordState = personInfo.SelectedRecord.State.ToString(),
Name = personInfo.SelectedRecord.Name,
PersonId = personInfo.PersonId,
RecordId = personInfo.SelectedRecord.Id,
WCToken = token,
PersonInfoObject = personInfo.GetXml()
});
}
else
{
// update the user
user.HealthRecordState = personInfo.SelectedRecord.State.ToString();
user.Name = personInfo.SelectedRecord.Name;
user.PersonId = personInfo.PersonId;
user.RecordId = personInfo.SelectedRecord.Id;
user.WCToken = token;
user.PersonInfoObject = personInfo.GetXml();
}
// save the record
context.SaveChanges();
}
public ActionResult GetUserData(int userId = -1)
{
// just do a basic check
if (userId == -1)
return Json(new { status = "error", msg = "userId not sent" }, JsonRequestBehavior.AllowGet);
// try to find the user
var context = new HVDbContext();
var user = (from t in context.HealthVaultUsers
where t.Id == userId
select t).FirstOrDefault();
// if no user is found return error
if (user == null)
return Json(new { status = "error", msg = "userId not found" }, JsonRequestBehavior.AllowGet);
// extract the token and make the request to health vault for all the data
var authToken = user.WCToken;
// register the type in the HV SDK
ItemTypeManager.RegisterTypeHandler(HVJournalEntry.TypeId, typeof(HVJournalEntry), true);
// create the appropriate objects for health vault
var appId = HealthApplicationConfiguration.Current.ApplicationId;
WebApplicationCredential cred = new WebApplicationCredential(
appId,
authToken,
HealthApplicationConfiguration.Current.ApplicationCertificate);
// setup the user
WebApplicationConnection connection = new WebApplicationConnection(appId, cred);
PersonInfo personInfo = null;
try
{
personInfo = HealthVaultPlatform.GetPersonInfo(connection);
}
catch
{
return Json(new { status = "error", msg = "Unable to connect to HealthVault service" }, JsonRequestBehavior.AllowGet);
}
// get the selected record
var authRecord = personInfo.SelectedRecord;
// make sure there is a record returned
if (authRecord == null)
return Json(new { status = "error", msg = "cannot get selected record" }, JsonRequestBehavior.AllowGet);
// before we add make sure we still have permission to read
var result = authRecord.QueryPermissionsByTypes(new List<Guid>() { HVJournalEntry.TypeId }).FirstOrDefault();
if (!result.Value.OnlineAccessPermissions.HasFlag(HealthRecordItemPermissions.Read))
return Json(new { status = "error", msg = "unable to create record as no permission is given from health vault" }, JsonRequestBehavior.AllowGet);
// search hv for the records
HealthRecordSearcher searcher = authRecord.CreateSearcher();
HealthRecordFilter filter = new HealthRecordFilter(HVJournalEntry.TypeId);
searcher.Filters.Add(filter);
HealthRecordItemCollection entries = searcher.GetMatchingItems()[0];
var ret = entries.Cast<HVJournalEntry>().ToList().Select(t => t.JournalEntry);
return Json(new { status = "ok", data = ret }, JsonRequestBehavior.AllowGet);
}
