Beispiel #1
0
        public virtual JObject GetFormStateInfo(HttpContext context)
        {
            YZRequest request   = new YZRequest(context);
            string    app       = request.GetString("app");
            string    key       = request.GetString("key", null);
            string    formstate = request.GetString("formstate", null);

            FormApplication formApplication;
            FormState       formState;

            using (BPMConnection cn = new BPMConnection())
            {
                cn.WebOpen();

                formApplication = FormApplication.Open(cn, app);
                formState       = FormService.GetFormStateBasicInfo(cn, app, formstate);
            }

            JObject rv = new JObject();

            rv[YZJsonProperty.success] = true;
            rv["appShortName"]         = formApplication.Name;
            rv["formstate"]            = formState.Name;
            rv["token"]           = YZSecurityHelper.GenFormApplicationToken(app, key, formState.Name);
            rv["showSaveButton"]  = formState.ShowSaveButton;
            rv["validationGroup"] = formState.ValidationGroup;
            rv["url"]             = YZUtility.GetFormRedirectUrl(formApplication.Form).ToString();
            return(rv);
        }
Beispiel #2
0
        public virtual JObject GetFileUploadAccessParams(HttpContext context)
        {
            JObject rv = new JObject();

            rv["UploadAuthorAccount"] = YZAuthHelper.LoginUserAccount;
            rv["UploadAuthorToken"]   = YZSecurityHelper.GenFileUploadToken();
            return(rv);
        }
Beispiel #3
0
        public virtual JObject GetReadFormToken(HttpContext context)
        {
            YZRequest request = new YZRequest(context);
            int       taskid  = request.GetInt32("TaskID");
            string    token   = YZSecurityHelper.GenReadFormToken(taskid);

            JObject rv = new JObject();

            rv["token"] = token;
            return(rv);
        }
Beispiel #4
0
        public virtual JObject GetReadToken(HttpContext context)
        {
            YZRequest request = new YZRequest(context);
            int       taskid  = request.GetInt32("TaskID");
            string    token   = YZSecurityHelper.GenTaskAccessToken(taskid);

            JObject rv = new JObject();

            rv[YZJsonProperty.success] = true;
            rv["token"] = token;
            return(rv);
        }
Beispiel #5
0
        protected virtual JObject CheckPermision(PostInfo postInfo, string permString)
        {
            JObject rv = new JObject();

            NodePermision[] perms = YZSecurityHelper.ParseNodePermisions(permString);

            for (int i = 0; i < perms.Length; i++)
            {
                NodePermision perm = perms[i];
                rv[perm.ToString()] = (postInfo.NodePermision & perm) == perm;
            }

            return(rv);
        }
Beispiel #6
0
        public virtual JObject GetFormApplicationToken(HttpContext context)
        {
            YZRequest request   = new YZRequest(context);
            string    app       = request.GetString("app");
            string    key       = request.GetString("key");
            string    formstate = request.GetString("formstate", null);
            string    token     = YZSecurityHelper.GenFormApplicationToken(app, key, formstate);

            JObject rv = new JObject();

            rv[YZJsonProperty.success] = true;
            rv["token"] = token;
            return(rv);
        }
Beispiel #7
0
        protected virtual JObject CheckPermision(BPMConnection cn, int taskid, int stepid, string permString)
        {
            JObject rv = new JObject();

            NodePermision[] perms = YZSecurityHelper.ParseNodePermisions(permString);

            bool[] allows = BPMTask.TaskOptPermCheckExt(cn, taskid, stepid, perms);

            for (int i = 0; i < perms.Length; i++)
            {
                rv[perms[i].ToString()] = allows[i];
            }

            return(rv);
        }
Beispiel #8
0
        public virtual JObject GetPublicKey(HttpContext context)
        {
            RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024);
            string publicKey  = rsaProvider.ToXmlString(false);
            string privateKey = rsaProvider.ToXmlString(true);

            string keystore      = YZTempStorageManager.CurrentStore.Save(privateKey);
            string publicKeyPKCS = YZSecurityHelper.RSAPublicKeyDotNet2PCKS(publicKey);

            JObject rv = new JObject();

            rv["success"]   = true;
            rv["publicKey"] = publicKeyPKCS;
            rv["keystore"]  = keystore;
            return(rv);
        }
Beispiel #9
0
        public virtual JObject GetStoreObjectPerms(HttpContext context)
        {
            YZRequest               request  = new YZRequest(context);
            StoreZoneType           zone     = request.GetEnum <StoreZoneType>("zone");
            string                  path     = request.GetString("path", null);
            string                  strPerms = request.GetString("perms", null);
            BPMObjectNameCollection ids      = BPMObjectNameCollection.FromStringList(request.GetString("ids", ""), ',');;

            BPMPermision[] bpmPerms = YZSecurityHelper.ParsePermisions(strPerms);

            JObject rv    = new JObject();
            JObject perms = new JObject();

            rv["perms"] = perms;

            using (BPMConnection cn = new BPMConnection())
            {
                cn.WebOpen();

                foreach (string id in ids)
                {
                    string fullName;
                    if (String.IsNullOrEmpty(path))
                    {
                        fullName = id;
                    }
                    else
                    {
                        fullName = path + "/" + id;
                    }

                    ACL acl = SecurityManager.GetACL(cn, zone.ToString() + "://" + fullName);

                    JObject jPerm = new JObject();
                    perms[id] = jPerm;

                    foreach (BPMPermision perm in bpmPerms)
                    {
                        jPerm[perm.ToString()] = acl.HasPermision(cn.Token, perm);
                    }
                }
            }

            rv[YZJsonProperty.success] = true;
            return(rv);
        }
Beispiel #10
0
    public virtual void GetPublicKey()
    {
        RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024);
        string publicKey  = rsaProvider.ToXmlString(false);
        string privateKey = rsaProvider.ToXmlString(true);

        string keystore      = YZTempStorageManager.CurrentStore.Save(privateKey);
        string publicKeyPKCS = YZSecurityHelper.RSAPublicKeyDotNet2PCKS(publicKey);

        JObject rv = new JObject();

        rv["success"]   = true;
        rv["publicKey"] = publicKeyPKCS;
        rv["keystore"]  = keystore;
        this.Response.Write(rv.ToString(Formatting.Indented, YZJsonHelper.Converters));
        this.Response.End();
    }
Beispiel #11
0
    public static string GenFormAccessHash()
    {
        Page page = HttpContext.Current.Handler as Page;

        List <string> values = new List <string>();

        values.Add(String.Format("tid={0}", page.Request.QueryString["tid"]));
        values.Add(String.Format("pid={0}", page.Request.QueryString["pid"]));
        values.Add(String.Format("var={0}", page.Request.QueryString["var"]));
        values.Add(String.Format("share={0}", page.Request.QueryString["share"]));
        values.Add(String.Format("pn={0}", page.Request.QueryString["pn"]));
        values.Add(String.Format("app={0}", page.Request.QueryString["app"]));
        values.Add(String.Format("state={0}", page.Request.QueryString["state"]));
        values.Add(String.Format("key={0}", page.Request.QueryString["key"]));
        values.Add(String.Format("account={0}", YZAuthHelper.LoginUserAccount));

        return(YZSecurityHelper.GenHash(values, YZSecurityHelper.SecurityKey));
    }
Beispiel #12
0
        public override void ProcessRequest(HttpContext context)
        {
            YZRequest request = new YZRequest(context);

            try
            {
                if (!YZAuthHelper.IsAuthenticated)
                {
                    string account     = request.GetString("UploadAuthorAccount", null);
                    string uploadToken = request.GetString("UploadAuthorToken", null);

                    if (!String.IsNullOrEmpty(account) && !String.IsNullOrEmpty(uploadToken))
                    {
                        if (YZSecurityHelper.CheckUploadToken(account, uploadToken))
                        {
                            YZAuthHelper.SetAuthCookie(account);
                        }
                    }
                }

                if (!YZAuthHelper.IsAuthenticated)
                {
                    JObject rv = new JObject();
                    rv["success"]      = false;
                    rv["errorMessage"] = Resources.YZStrings.Aspx_Upload_NoAuth;
                    context.Response.Write(rv.ToString());
                    return;
                }

                HttpFileCollection files = context.Request.Files;
                if (files.Count > 0 && files[0].ContentLength > 0)
                {
                    HttpPostedFile file     = files[0];
                    string         fileName = System.IO.Path.GetFileName(file.FileName);
                    long           fileSize = file.ContentLength;
                    string         fileExt  = System.IO.Path.GetExtension(fileName).ToLower();
                    string         method   = request.GetString("Method", "SaveAttachment");

                    if (!YZNameChecker.IsValidMethodName(method))
                    {
                        throw new Exception("Invalid method name");
                    }

                    Type type = this.GetType();
                    System.Reflection.MethodInfo methodcall = type.GetMethod(method, System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Public);
                    if (methodcall == null)
                    {
                        throw new Exception(String.Format(Resources.YZStrings.Aspx_UnknowCommand, method));
                    }

                    object rv;
                    try
                    {
                        rv = methodcall.Invoke(this, new object[] { context, file, fileName, fileSize, fileExt });
                    }
                    catch (Exception exp)
                    {
                        throw exp.InnerException;
                    }

                    JToken jToken;
                    if (rv == null)
                    {
                        jToken            = new JObject();
                        jToken["success"] = true;
                    }
                    else if (rv is JToken)
                    {
                        jToken = rv as JToken;
                    }
                    else
                    {
                        if (rv is string)
                        {
                            jToken = JValue.FromObject(rv);
                        }
                        else if (rv is IEnumerable)
                        {
                            jToken = JArray.FromObject(rv);
                        }
                        else
                        {
                            jToken = JValue.FromObject(rv);
                        }
                    }

                    context.Response.Write(jToken.ToString(Formatting.Indented, request.Converters));
                }
                else
                {
                    JObject rv = new JObject();
                    rv[YZJsonProperty.success]      = false;
                    rv[YZJsonProperty.errorMessage] = Resources.YZStrings.Aspx_Invalid_File;
                    context.Response.Write(rv.ToString(Formatting.Indented, request.Converters));
                }
            }
            catch (Exception exp)
            {
                JObject rv = new JObject();
                rv[YZJsonProperty.success]      = false;
                rv[YZJsonProperty.errorMessage] = HttpUtility.HtmlEncode(exp.Message) /* + exp.StackTrace*/;
                context.Response.Write(rv.ToString(Formatting.Indented, request.Converters));
            }
        }
Beispiel #13
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!YZAuthHelper.IsAuthenticated)
        {
            string token = this.Request.QueryString["Token"];
            if (!String.IsNullOrEmpty(token))
            {
                using (SqlConnection cn = new SqlConnection())
                {
                    cn.ConnectionString = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["BPMDB"].ConnectionString;
                    cn.Open();

                    using (SqlCommand cmd = new SqlCommand())
                    {
                        cmd.Connection  = cn;
                        cmd.CommandText = "SELECT StepID,Account,hash FROM BPMInstProcessToken WHERE Token=@Token";
                        cmd.Parameters.Add("@Token", SqlDbType.NVarChar).Value = token;

                        using (DBReader reader = new DBReader(cmd.ExecuteReader()))
                        {
                            if (reader.Read())
                            {
                                int    stepid      = Int32.Parse(this.Request.QueryString["pid"]);
                                int    stepidSaved = reader.ReadInt32(0);
                                string account     = reader.ReadString(1);
                                string hash        = reader.ReadString(2);

                                if (stepid == stepidSaved)
                                {
                                    List <string> values = new List <string>();
                                    values.Add(token);
                                    values.Add(stepid.ToString());
                                    values.Add(account);

                                    if (YZSecurityHelper.CheckHash(values, hash, YZSecurityHelper.SecurityKey))
                                    {
                                        YZAuthHelper.SetAuthCookie(account);
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }

        if (!YZAuthHelper.IsAuthenticated)
        {
            FormsAuthentication.RedirectToLoginPage();
            return;
        }

        int pid = Int32.Parse(this.Request["pid"]);

        BPM.Client.ProcessInfo processInfo;

        using (BPMConnection cn = new BPMConnection())
        {
            cn.WebOpen();

            //如果是共享任务,表单打开时直接获取共享任务
            //BPMProcStep step = BPMProcStep.Load(cn,pid);
            //if (step.Share)
            //    BPMProcStep.PickupShareStep(cn, pid);

            processInfo = BPMProcess.GetProcessInfo(cn, pid);
        }

        if (String.IsNullOrEmpty(processInfo.FormFile))
        {
            throw new Exception(Resources.YZStrings.Aspx_Process_MissForm);
        }
        else
        {
            YZUrlBuilder urlBuilder = YZUtility.GetFormRedirectUrl(this.Page, processInfo.FormFile);
            this.Response.Redirect(urlBuilder.ToString(), true);
        }
    }
Beispiel #14
0
        public virtual JObject GetReportData(HttpContext context)
        {
            YZRequest request    = new YZRequest(context);
            string    path       = request.GetString("path");
            string    viewName   = request.GetString("viewName", null);
            string    outputType = request.GetString("outputType", "");
            YZClientParamCollection runtimeParams = JArray.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(request.GetString("params", YZJsonHelper.Base64EmptyJArray)))).ToObject <YZClientParamCollection>();

            //获得数据
            Report     report;
            ReportView view;
            DataTable  dataTable;
            int        rowcount;

            using (BPMConnection cn = new BPMConnection())
            {
                cn.WebOpen();

                //获得报表定义
                report = Report.Open(cn, path);
                if (String.IsNullOrEmpty(viewName))
                {
                    view = report.DefaultView;
                }
                else
                {
                    view = report.Views.TryGetItem(viewName);
                }

                string srcdata = request.GetString("srcdata", null);
                if (String.IsNullOrEmpty(srcdata))
                {
                    BPMDBParameterCollection selectParameters = report.QueryParameters.CreateNullDBParameters();

                    //应用查询条件
                    foreach (BPMDBParameter selectParam in selectParameters)
                    {
                        YZClientParam clientParam = runtimeParams.TryGetItem(selectParam.Name);
                        if (clientParam != null && clientParam.value != null)
                        {
                            selectParam.Value = clientParam.value;
                        }
                    }

                    cn.RequestParams["sortstring"] = request.GetSortString("");
                    cn.UpdateRequestParams();

                    //获得数据
                    FlowDataTable ftable = new FlowDataTable();
                    ftable.Load(cn, BPMCommandType.Report, path, selectParameters, report.ClientCursor, request.Start, request.Limit, out rowcount);
                    dataTable = ftable.ToDataTable();
                }
                else
                {
                    dataTable = JArray.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(srcdata))).ToObject <DataTable>();
                    rowcount  = request.GetInt32("total");
                }
            }

            //将数据转化为Json集合
            JObject rv = new JObject();

            rv[YZJsonProperty.total] = rowcount;
            rv["srcdata"]            = Convert.ToBase64String(Encoding.UTF8.GetBytes(JArray.FromObject(dataTable).ToString(Formatting.None, YZJsonHelper.Converters)));

            JArray children = new JArray();

            rv.Add("children", children);

            //不管是什么view都要给数据
            foreach (DataRow row in dataTable.Rows)
            {
                JObject item = new JObject();
                children.Add(item);

                foreach (DataColumn column in dataTable.Columns)
                {
                    object value = row[column.ColumnName];
                    item[column.ColumnName] = JToken.FromObject(value);

                    if (NameCompare.EquName(column.ColumnName, "TaskID") && (value is int))
                    {
                        item["Token"] = YZSecurityHelper.GenTaskAccessToken((int)value);
                    }

                    //为任务链接生成Token
                    ReportColumnInfo colInfo = report.ReportColumnInfos.TryGetItem(column.ColumnName);
                    if (colInfo != null && colInfo.LinkType == ReportLinkType.Task)
                    {
                        ParameterFill paramFill = colInfo.ParametersFill.TryGetItem("@TaskID");
                        if (paramFill != null)
                        {
                            int linktoTaskID;
                            if (Int32.TryParse(Convert.ToString(row[paramFill.FillWith]), out linktoTaskID))
                            {
                                item[column.ColumnName + "Token"] = YZSecurityHelper.GenTaskAccessToken((int)linktoTaskID);
                            }
                        }
                    }
                }
            }

            if (String.Compare(outputType, "Export", true) != 0)
            {
                if (view is ReportMSChartView)
                {
                    this.ApplyMSChartData(request, rv, view as ReportMSChartView, dataTable);
                }

                if (view is ReportExcelView)
                {
                    this.ApplyExcelData(request, rv, view as ReportExcelView, dataTable, runtimeParams);
                }
            }

            return(rv);
        }