protected void flowRepeaterList_ItemDataBound(object sender, RepeaterItemEventArgs e)
{
DataFlow dataFlow = e.Item.DataItem as DataFlow;
DropDownList flowRoleCtrl = e.Item.FindControl("flowRoleCtrl") as DropDownList;
Label flowRoleLabel = e.Item.FindControl("flowRoleLabel") as Label;
HiddenField flowIsProtected = e.Item.FindControl("flowIsProtected") as HiddenField;
FlowRoleType flowRole = FlowRoleType.None;
if (_editUserAccount != null)
{
flowRole = GetFlowRole(_editUserAccount.Policies, dataFlow.FlowName);
}
List <string> possibleRoles = null;
SystemRoleType selectedRole = SelectedRole;
bool flowRoleCtrlEnabled = true;
if (dataFlow.IsProtected)
{
flowIsProtected.Value = true.ToString();
if (selectedRole == SystemRoleType.Authed)
{
possibleRoles = CollectionUtils.CreateList(EnumUtils.ToDescription(FlowRoleType.None),
EnumUtils.ToDescription(FlowRoleType.Endpoint));
}
else
{
possibleRoles = CollectionUtils.CreateList(EnumUtils.GetAllDescriptions <FlowRoleType>());
}
}
else
{
if (selectedRole == SystemRoleType.Authed)
{
flowRoleCtrlEnabled = false;
}
else
{
possibleRoles = CollectionUtils.CreateList(EnumUtils.ToDescription(FlowRoleType.Endpoint),
EnumUtils.ToDescription(FlowRoleType.View),
EnumUtils.ToDescription(FlowRoleType.Modify));
}
}
if (flowRoleCtrlEnabled)
{
flowRoleCtrl.DataSource = possibleRoles;
flowRoleCtrl.DataBind();
flowRoleCtrl.SelectedIndex = 0;
flowRoleLabel.Visible = false;
if (flowRole != FlowRoleType.None)
{
flowRoleCtrl.SelectedValue = EnumUtils.ToDescription(flowRole);
}
}
else
{
flowRoleCtrl.Visible = false;
flowRoleLabel.Text = EnumUtils.ToDescription(FlowRoleType.Endpoint);
}
}
public UserAccessPolicy(string userAccountId, ServiceRequestAuthorizationType type,
string qualifier, FlowRoleType flowRoleType)
{
_accountId = userAccountId;
_policyType = type;
_typeQualifier = qualifier;
_flowRoleType = flowRoleType;
}
public UserAccessPolicy CreatePolicy(SystemRoleType userRole, string userId,
string flowName, FlowRoleType flowRoleType)
{
if ((flowRoleType == FlowRoleType.None) ||
!IsFlowRoleTypePermittedForUserRole(userRole, flowRoleType))
{
throw new ArgumentException(string.Format("Invalid user role (\"{0}\") specified for flow role (\"{0}\")",
EnumUtils.ToDescription(userRole), EnumUtils.ToDescription(flowRoleType)));
}
return(new UserAccessPolicy(userId, ServiceRequestAuthorizationType.Flow,
flowName, flowRoleType));
}
protected bool IsFlowRoleTypePermittedForUserRole(SystemRoleType userRole, FlowRoleType flowRole)
{
switch (userRole)
{
case SystemRoleType.Admin:
return(true);
case SystemRoleType.Program:
return((flowRole == FlowRoleType.Endpoint) || (flowRole == FlowRoleType.View) ||
(flowRole == FlowRoleType.Modify));
case SystemRoleType.Authed:
return(flowRole == FlowRoleType.Endpoint);
default:
return(false);
}
}
private bool IsFlowPermitted(IList <UserAccessPolicy> policies,
string flowName, string flowId,
FlowRoleType flowRole)
{
if ((flowRole != FlowRoleType.None) && !CollectionUtils.IsNullOrEmpty(policies))
{
if (string.IsNullOrEmpty(flowName))
{
ExceptionUtils.ThrowIfEmptyString(flowId, "flowId");
flowName = GetFlowNameFromId(flowId);
if (flowName == null)
{
return(false);
}
}
foreach (UserAccessPolicy policy in policies)
{
if ((policy.PolicyType == ServiceRequestAuthorizationType.Flow) &&
string.Equals(policy.TypeQualifier, flowName, StringComparison.InvariantCultureIgnoreCase))
{
switch (flowRole)
{
case FlowRoleType.Endpoint:
return((policy.FlowRoleType == FlowRoleType.Endpoint) ||
(policy.FlowRoleType == FlowRoleType.View) ||
(policy.FlowRoleType == FlowRoleType.Modify));
case FlowRoleType.View:
return((policy.FlowRoleType == FlowRoleType.View) ||
(policy.FlowRoleType == FlowRoleType.Modify));
case FlowRoleType.Modify:
return((policy.FlowRoleType == FlowRoleType.Modify));
default:
DebugUtils.CheckDebuggerBreak();
return(false);
}
}
}
}
return(false);
}
public IList <string> GetAuthorizedUsernamesForFlow(string flowName, FlowRoleType roleType)
{
if (roleType == FlowRoleType.None)
{
return(null);
}
List <string> usernames = null;
DoSimpleQueryWithRowCallbackDelegate(
TABLE_NAME, "SystemRole;IsActive;IsDeleted",
new object[] { SystemRoleType.Admin.ToString(), DbUtils.ToDbBool(true), DbUtils.ToDbBool(false) },
null, "NAASAccount",
delegate(IDataReader reader)
{
CollectionUtils.Add(reader.GetString(0), ref usernames);
});
string isAllowedQuery;
switch (roleType)
{
case FlowRoleType.Modify:
isAllowedQuery = "(p.IsAllowed = 'M')";
break;
case FlowRoleType.View:
isAllowedQuery = "(p.IsAllowed = 'M' OR p.IsAllowed = 'V')";
break;
default:
isAllowedQuery = "(p.IsAllowed = 'M' OR p.IsAllowed = 'V' OR p.IsAllowed = 'Y')";
break;
}
isAllowedQuery = string.Format("(UPPER(a.SystemRole) != UPPER('{0}') AND {1})", SystemRoleType.Admin.ToString(), isAllowedQuery);
DoSimpleQueryWithRowCallbackDelegate(
POLICY_TABLE_NAME + " p;" + TABLE_NAME + " a", "p.Qualifier;a.IsActive;a.IsDeleted;" + isAllowedQuery + ";p.Type = 'Flow';p.AccountId = a.Id",
new object[] { flowName, DbUtils.ToDbBool(true), DbUtils.ToDbBool(false) }, null, "DISTINCT a.NAASAccount",
delegate(IDataReader reader)
{
CollectionUtils.Add(reader.GetString(0), ref usernames);
});
return(usernames);
}
private bool IsFlowPermitted(string flowName, string flowId, FlowRoleType flowRole)
{
switch (Account.Role)
{
case SystemRoleType.Admin:
return(true);
case SystemRoleType.Program:
break; // Do IsFlowPermitted() check below
case SystemRoleType.Authed:
if ((flowRole == FlowRoleType.View) || (flowRole == FlowRoleType.Modify))
{
return(false);
}
break; // Do IsFlowPermitted() check below
default:
return(false);
}
return(IsFlowPermitted(Account.Policies, flowName, flowId, flowRole));
}
protected ICollection <FlowNameAndRole> GetPermissionedFlows()
{
SystemRoleType role = EnumUtils.FromDescription <SystemRoleType>(roleCtrl.SelectedValue);
if (role == SystemRoleType.Admin)
{
return(null); // Everything is allowed
}
Repeater repeater = flowRepeaterList;
List <FlowNameAndRole> permissionedFlows = null;
foreach (RepeaterItem item in repeater.Items)
{
DropDownList flowRoleCtrl = item.FindControl("flowRoleCtrl") as DropDownList;
Label flowCodeLabel = item.FindControl("FlowCode") as Label;
HiddenField flowIsProtected = item.FindControl("flowIsProtected") as HiddenField;
FlowRoleType flowRole = FlowRoleType.None;
string flowName = null;
if ((flowRoleCtrl != null) && (flowCodeLabel != null) && (flowIsProtected != null) &&
flowRoleCtrl.Visible)
{
flowName = flowCodeLabel.Text;
flowRole = EnumUtils.FromDescription <FlowRoleType>(flowRoleCtrl.SelectedValue);
if (flowRole != FlowRoleType.None)
{
bool flowIsProtectedValue = flowIsProtected.Value == true.ToString();
if (flowIsProtectedValue || ((flowRole == FlowRoleType.View) || (flowRole == FlowRoleType.Modify)))
{
FlowNameAndRole flowNameAndRole = new FlowNameAndRole(flowName, flowRole);
CollectionUtils.Add(flowNameAndRole, ref permissionedFlows);
}
}
}
}
return(permissionedFlows);
}
public bool IsFlowPermittedById(string flowId, FlowRoleType flowRole)
{
return(IsFlowPermitted(null, flowId, flowRole));
}
public bool IsFlowPermittedByName(string flowName, FlowRoleType flowRole)
{
return(IsFlowPermitted(flowName, null, flowRole));
}
public FlowNameAndRole(string flowName, FlowRoleType flowRole)
{
FlowName = flowName;
FlowRole = flowRole;
}
