Beispiel #1
0
 public void ClearUserToken(int userId, int sessionId)
 {
     using (var scope = new QPConnectionScope())
     {
         CommonSecurity.ClearUserToken(scope.DbConnection, userId, sessionId);
     }
 }
Beispiel #2
0
        private static IEnumerable <ContentListItem> AggregatedContentListItems(Field classifier, string excludeValue, int permissionLevel)
        {
            var items = QPContext.EFContext.FieldSet
                        .Where(f => f.Id == classifier.Id)
                        .SelectMany(f => f.Aggregators)
                        .Select(a => new ContentListItem {
                Id = (int)a.Content.Id, Name = a.Content.Name, SiteId = a.Content.SiteId
            })
                        .Distinct()
                        .OrderBy(c => c.Name)
                        .ToArray();

            if (!QPContext.IsAdmin && classifier.UseTypeSecurity)
            {
                var ids       = items.Select(n => n.Id).ToArray();
                var siteId    = items.Select(n => (int)n.SiteId).First();
                var excludeId = Converter.ToInt32(excludeValue, 0);
                using (var scope = new QPConnectionScope())
                {
                    var result = CommonSecurity.CheckContentSecurity(scope.DbConnection, siteId, ids, QPContext.CurrentUserId, permissionLevel);
                    items = items.Where(n => result[n.Id] || n.Id == excludeId).ToArray();
                }
            }

            return(items);
        }
Beispiel #3
0
        /// <summary>
        /// Добавляет новый сайт
        /// </summary>
        /// <param name="site">информация о сайте</param>
        /// <returns>информация о сайте</returns>
        internal static Site Save(Site site)
        {
            using (var scope = new QPConnectionScope())
            {
                if (QPContext.DatabaseType == DatabaseType.SqlServer)
                {
                    ChangeInsertAccessTriggerState(false);
                    ChangeInsertDefaultTriggerState(false);
                    DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.Site, site);
                }

                var fieldValues = site.QpPluginFieldValues;
                var result      = DefaultRepository.Save <Site, SiteDAL>(site);

                CommonSecurity.CreateSiteAccess(scope.DbConnection, result.Id);
                CreateDefaultStatuses(result);
                CreateDefaultNotificationTemplate(result);
                CreateDefaultGroup(result);
                UpdatePluginValues(fieldValues, result.Id);

                if (QPContext.DatabaseType == DatabaseType.SqlServer)
                {
                    DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.Site);
                    ChangeInsertAccessTriggerState(true);
                    ChangeInsertDefaultTriggerState(true);
                }

                return(result);
            }
        }
Beispiel #4
0
 internal static bool IsEntityAccessibleForUserGroup(string entityTypeCode, int entityId, string actionTypeCode, int userGroupId)
 {
     using (new QPConnectionScope())
     {
         var requiredPermissionLevel = GetRequiredPermissionLevel(actionTypeCode);
         var actualLevel             = CommonSecurity.GetEntityAccessLevel(QPConnectionScope.Current.DbConnection, QPContext.EFContext, 0, userGroupId, entityTypeCode, entityId);
         return(actualLevel >= requiredPermissionLevel);
     }
 }
Beispiel #5
0
        internal static Workflow SaveProperties(Workflow workflow)
        {
            using (new QPConnectionScope())
            {
                var entities = QPContext.EFContext;
                UpdateRuleOrder(workflow);

                var forceIds = workflow.ForceRulesIds == null ? null : new Queue <int>(workflow.ForceRulesIds);
                workflow.LastModifiedBy = QPContext.CurrentUserId;
                workflow.Created        = Common.GetSqlDate(QPConnectionScope.Current.DbConnection);
                workflow.Modified       = workflow.Created;
                if (workflow.ForceId > 0)
                {
                    workflow.Id = workflow.ForceId;
                }


                var dal = MapperFacade.WorkflowMapper.GetDalObject(workflow);
                entities.Entry(dal).State = EntityState.Added;

                if (QPContext.DatabaseType == DatabaseType.SqlServer)
                {
                    DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.Workflow, workflow);
                    ChangeInsertAccessTriggerState(false);
                }

                entities.SaveChanges();
                workflow.Id = (int)dal.Id;

                CommonSecurity.CreateWorkflowAccess(QPConnectionScope.Current.DbConnection, workflow.Id);

                if (QPContext.DatabaseType == DatabaseType.SqlServer)
                {
                    DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.Workflow);
                    ChangeInsertAccessTriggerState(true);
                }

                foreach (var rule in workflow.WorkflowRules)
                {
                    rule.WorkflowId = workflow.Id;
                    if (forceIds != null)
                    {
                        rule.Id = forceIds.Dequeue();
                    }

                    var dalRule = MapperFacade.WorkFlowRuleMapper.GetDalObject(rule);
                    entities.Entry(dalRule).State = EntityState.Added;
                }

                DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.WorkflowRule);
                entities.SaveChanges();
                DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.WorkflowRule);

                return(MapperFacade.WorkflowMapper.GetBizObject(dal));
            }
        }
Beispiel #6
0
 /// <summary>
 /// Возвращает список статусов действий
 /// </summary>
 internal static IEnumerable <BackendActionStatus> GetStatusesList(string menuCode, int entityId)
 {
     using (var scope = new QPConnectionScope())
     {
         return(MapperFacade.BackendActionStatusMapper.GetBizList(
                    CommonSecurity.GetMenuStatusList(
                        scope.DbConnection, QPContext.EFContext, QPContext.CurrentUserId, QPContext.IsAdmin,
                        menuCode, entityId
                        ).ToList()));
     }
 }
Beispiel #7
0
        protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
        {
            string passwordTemp = CommonSecurity.SHA1MD5MD5(Login1.Password);

            using (Entity entity = new Entity())
            {
                User user = entity.User
                            .Where(o => o.Tel == Login1.UserName && o.PassWord == passwordTemp && (o.Type & 8) > 0 && o.State == 1).FirstOrDefault();

                if (user == null)
                {
                    Server.Transfer("default.aspx?login=error");
                }
                else
                {
                    Session["userID"] = user.UserID;
                    Server.Transfer("main.aspx");
                }
            }
        }
 internal static IEnumerable <BackendActionStatus> GetStatusesList(string actionCode, int entityId)
 {
     using (var scope = new QPConnectionScope())
     {
         var userId = QPContext.CurrentUserId;
         var action = BackendActionCache.Actions.FirstOrDefault(x => x.Code == actionCode);
         if (action == null)
         {
             throw new ApplicationException(string.Format(CustomActionStrings.ActionNotFoundByCode, actionCode));
         }
         var actionId     = action.Id;
         var entityCode   = EntityTypeRepository.GetById(action.EntityTypeId)?.Code;
         var statusesList = MapperFacade.BackendActionStatusMapper.GetBizList(
             CommonSecurity.GetActionStatusList(
                 QPContext.EFContext,
                 scope.DbConnection,
                 userId, actionCode, actionId, entityId, entityCode,
                 QPContext.IsAdmin
                 ).ToList()
             );
         return(statusesList);
     }
 }
        protected void DetailsView1_ItemInserting(object sender, DetailsViewInsertEventArgs e)
        {
            try
            {
                var user     = new User();
                var file_url = (HtmlInputHidden)DetailsView1.FindControl("file_url");
                if (!string.IsNullOrEmpty(file_url.Value))
                {
                    var img_url = (HtmlImage)DetailsView1.FindControl("img_url");
                    img_url.Src       = ConfigurationManager.AppSettings["UploadUrl"] + file_url.Value;
                    user.HeadPortrait = file_url.Value;
                }

                if (e.Values["Tel"] == null)
                {
                    throw new Exception("用户电话不能为空");
                }

                if (e.Values["PassWord"] == null)
                {
                    throw new Exception("密码不能为空");
                }
                user.Tel = (e.Values["Tel"]).ToString().Trim();

                user.PassWord = CommonSecurity.SHA1MD5MD5((e.Values["PassWord"]).ToString().Trim());
                string pattern = @"^(0|86|17951)?(1[234578])[0-9]{9}$";
                Regex  rgx     = new Regex(pattern);
                if (!rgx.IsMatch(user.Tel))
                {
                    throw new Exception("电话号不正确");
                }
                if (user.PassWord.Length < 6)
                {
                    throw new Exception("密码长度不能小于6");
                }
                if (e.Values["NickName"] == null)
                {
                    user.NickName = "分享玩家";
                }
                else
                {
                    user.NickName = (e.Values["NickName"]).ToString().Trim();
                }

                user.Gender  = ((RadioButtonList)DetailsView1.FindControl("RadioButtonList_Gender")).SelectedValue;
                user.Married = ((RadioButtonList)DetailsView1.FindControl("RadioButtonList_Married")).SelectedValue;

                var CheckBoxList_Type = ((CheckBoxList)DetailsView1.FindControl("CheckBoxList_Type"));
                if (CheckBoxList_Type.Items[0].Selected)
                {
                    user.Type = user.Type | 1;
                }
                if (CheckBoxList_Type.Items[1].Selected)
                {
                    user.Type = user.Type | 2;
                }
                if (CheckBoxList_Type.Items[2].Selected)
                {
                    user.Type = user.Type | 4;
                }
                if (CheckBoxList_Type.Items[3].Selected)
                {
                    user.Type = user.Type | 8;
                }
                user.State      = Convert.ToInt32(((RadioButtonList)DetailsView1.FindControl("RadioButtonList_State")).SelectedValue);
                user.CreatTime  = DateTime.Now;
                user.UpdateTime = DateTime.Now;
                user.UserExtend = new UserExtend();
                if (e.Values["UserExtend.ExperienceLevel"] != null)
                {
                    int temp;
                    if (!int.TryParse(e.Values["UserExtend.ExperienceLevel"].ToString(), out temp))
                    {
                        throw new Exception("经验等级必须是整数");
                    }
                    if (temp == 0)
                    {
                        temp = 1;
                    }
                    user.UserExtend.ExperienceLevel = temp;
                }

                using (Entity entity = new Entity())
                {
                    ExperienceLevel experienceLevel = entity.ExperienceLevel.Where(o => o.ExperienceLevelValue == user.UserExtend.ExperienceLevel).FirstOrDefault();
                    if (experienceLevel == null)
                    {
                        throw new Exception("经验等级和等级不对应");
                    }
                    user.UserExtend.ExperienceValue = experienceLevel.ExperienceValueMin;
                    if (user.Gender == "男")
                    {
                        user.UserExtend.ExperienceName = experienceLevel.NameMan;
                    }
                    else
                    {
                        user.UserExtend.ExperienceName = experienceLevel.NameWoman;
                    }

                    user.InitBeforeSave();
                    user.SetCounterfeit();
                    entity.User.Add(user);
                    entity.SaveChanges();
                }
                Response.Redirect("UserDetail.aspx?userID=" + user.UserID);
            }
            catch (Exception exception)
            {
                string error = exception.GetErrorMessage().Replace("'", "\\'").Replace("\"", "\\\"").Replace("\r\n", "\\r\\n");
                ClientScript.RegisterStartupScript(ClientScript.GetType(), "myscript", string.Format("<script>alert('{0}')</script>", error));
            }
        }