public List <Tuple <string, string, DateTime, int> > getListOfMemberMessages(string forumName, string memberName,
string requestingUser)
{
List <string> input = new List <string>()
{
forumName, memberName, requestingUser
};
if (!Constants.isValidInput(input))
{
return(null);
}
permission p = _um.getUserPermissionsForForum(forumName, requestingUser);
if (p < permission.ADMIN)
{
return(null);
}
List <Tuple <string, string, DateTime, int> > list = new List <Tuple <string, string, DateTime, int> >();
Forum f = getForum(forumName);
if (f == null)
{
return(list);
}
return(f.getListOfMemberMessages(list, memberName));
}
public string deletePost(string forumName, string subForumName, int postNo, string requestingUser)
{
List <string> input = new List <string>()
{
forumName, subForumName, requestingUser
};
if (!Constants.isValidInput(input))
{
return(Constants.INVALID_INPUT);
}
Forum f = getForum(forumName);
if (f == null)
{
return(Constants.forumDoesntExist(forumName));
}
postDeletionPermission pdp = f.getPostDeletionPermissions();
if (pdp == postDeletionPermission.INVALID)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
permission p = _um.getUserPermissionsForSubForum(forumName, subForumName, requestingUser);
if (p == permission.INVALID)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
return(f.deletePost(subForumName, postNo, pdp, p, requestingUser));
}
public int getNumOfPostsInSubForum(string forumName, string subForumName, string requestingUser)
{
List <string> input = new List <string>()
{
forumName, subForumName, requestingUser
};
if (!Constants.isValidInput(input))
{
return(-1);
}
Forum f = getForum(forumName);
if (f == null)
{
return(-1);
}
permission p = _um.getUserPermissionsForForum(forumName, requestingUser);
if (p < permission.ADMIN)
{
return(-1);
}
return(f.getNumOfPostsInSubForum(subForumName));
}
private void logoutBtn_Click(object sender, RoutedEventArgs e)
{
this.userName = "******";
loggedInTxt.Text = "Welcome, Guest ";
userNameLbl.Visibility = Visibility.Visible;
passwordLbl.Visibility = Visibility.Visible;
passwordTxt.Visibility = Visibility.Visible;
userNameTxt.Visibility = Visibility.Visible;
loginBtn.Visibility = Visibility.Visible;
registerBtn.Visibility = Visibility.Visible;
if (permission == permission.ADMIN)
{
logoutBtn.Visibility = Visibility.Hidden;
sendPrivateMessageBtn.Visibility = Visibility.Hidden;
addSubForumBtn.Visibility = Visibility.Hidden;
}
else if (permission == permission.MEMBER)
{
logoutBtn.Visibility = Visibility.Hidden;
sendPrivateMessageBtn.Visibility = Visibility.Hidden;
}
this.permission = permission.GUEST;
}
protected override IDbDataParameter[] CreateSelectParameters(EntityBase anEntity)
{
permission theEntity = (permission)anEntity;
List <IDbDataParameter> cmdParams = new List <IDbDataParameter>();
if (!string.IsNullOrEmpty(theEntity.PERM_ID))
{
cmdParams.Add(DataAccessFactory.CreateDataParameter("PERM_ID", theEntity.PERM_ID));
}
if (!string.IsNullOrEmpty(theEntity.GROUP_ID))
{
cmdParams.Add(DataAccessFactory.CreateDataParameter("GROUP_ID", theEntity.GROUP_ID));
}
if (!string.IsNullOrEmpty(theEntity.PERMISSION_SUB))
{
cmdParams.Add(DataAccessFactory.CreateDataParameter("PERMISSION_SUB", theEntity.PERMISSION_SUB));
}
if (!string.IsNullOrEmpty(theEntity.PageID))
{
cmdParams.Add(DataAccessFactory.CreateDataParameter("Page_ID", theEntity.PageID));
}
cmdParams.Add(DataAccessFactory.CreateDataParameter("Result", ""));
return(cmdParams.ToArray());
}
public void RevokePermission(operation mOperation, objectRbac mObject, role mRole)
{
role TempRole = Mapping(mRole);
if (TempRole == null)
{
throw new Exception("Role Does not exist in system.");
}
objectRbac tempObject = Mapping(mObject);
operation tempOperation = Mapping(mOperation);
if (tempOperation == null || tempObject == null)
{
return;
}
//Grant permission
string hsql = "from permission per where per.ObjectRBAC = :ObjectRBAC AND per.Operation = :Operation ";
List <permission> _lst = PermissionSrv.GetbyHQuery(hsql, new SQLParam("ObjectRBAC", tempObject), new SQLParam("ObjectRBAC", tempOperation));
permission TempPermission = (_lst == null || _lst.Count == 0) ? null : _lst[0];
if (TempPermission != null)
{
if (TempRole.Permissions.Contains(TempPermission))
{
TempRole.Permissions.Remove(TempPermission);
RoleSrv.CommitChanges();
}
}
}
public string deletePost(string forumName, string subForumName, int postNo, string requestingUser)
{
List <string> input = new List <string>()
{
forumName, subForumName, requestingUser
};
if (Constants.isValidInput(input))
{
lock (o)
{
postDeletionPermission pdp = _fm.getForumPostDeletionPermission(forumName);
if (pdp == postDeletionPermission.INVALID)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
permission p = _um.getUserPermissionsForSubForum(forumName, subForumName, requestingUser);
if (p == permission.INVALID)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
return(_fm.deletePost(forumName, subForumName, postNo, pdp, p, requestingUser));
}
}
return(Constants.INVALID_INPUT);
}
public string editPost(int postNo, string requestingUser, permission p, string content)
{
Post post = searchPost(_threads, postNo);
if (post == null)
{
return(Constants.INVALID_INPUT);
}
if (!ForumSystem._testFlag)
{
if (!ForumSystem._db.changeForumPost(post.getTitle(), content, _forumName, _name, postNo))
{
return(Constants.DB_ERROR);
}
}
if (p < permission.MODERATOR && !post.getWriter().Equals(requestingUser))
{
return(Constants.UNAUTHORIZED);
}
post.setContent(content);
if (content.Equals(post.getContent()))
{
ForumSystem.notify("A post you are following has been changed.", post.getAllFollowers(), _forumName);
ForumSystem.notify("A post in a thread you are currently watching has been changed.", getAncestor(post).getInteractiveFollowers(), _forumName);
return(Constants.SUCCESS);
}
return("Could not edit post."); // cannot cover this case
}
public ActionResult Create(permission model)
{
if (string.IsNullOrEmpty(model.workNo))
{
ModelState.AddModelError("workNo", "請輸入工號");
}
var ctx = new ApplicationDbContext();
if (ctx.Users.Where(x => x.workNo == model.workNo && x.status == 1).Count() == 0)
{
ModelState.AddModelError("workNo", "無此工號");
}
if (!ModelState.IsValid)
{
return(View(model));
}
if (ctx.permList.Where(x => x.mod == model.mod && x.workNo == model.workNo).Count() == 0)
{
model.id = Guid.NewGuid().ToString();
ctx.permList.Add(model);
ctx.SaveChanges();
}
return(RedirectToAction("Index", new { mod = model.mod }));
}
public void GrantPermission(string mObject, string mOperation, string[] mRoles)
{
if (_App == null)
{
return;
}
string HQL = "from role r where r.AppID = :AppID AND r.name in ({0})";
string ParaStr = ":" + string.Join(",:", mRoles);
HQL = string.Format(HQL, ParaStr);
SQLParam[] paramList = new SQLParam[mRoles.Length + 1];
paramList[0] = new SQLParam("AppID", _App.AppID);
for (int i = 0; i < mRoles.Length; i++)
{
paramList[i + 1] = new SQLParam(mRoles[i], mRoles[i]);
}
List <role> RoleLst = RoleSrv.GetbyHQuery(HQL, paramList);
if (RoleLst == null || RoleLst.Count == 0)
{
return;
}
//Grant permission
permission TempPermission = PermissionSrv.GetPermission(mObject, mOperation, _App.AppID);
if (TempPermission == null)
{
objectRbac tempObject = ObjectSrv.GetByName(mObject, _App.AppID);
operation tempOperation = OperationSrv.GetByName(mOperation, _App.AppID);
if (tempObject == null || tempOperation == null)
{
return;
}
TempPermission = new permission();
TempPermission.AppID = _App.AppID;
TempPermission.name = tempObject.name + ":" + tempOperation.name;
TempPermission.ObjectRBAC = tempObject;
TempPermission.Operation = tempOperation;
TempPermission.Roles = new List <role>();
foreach (role r in RoleLst)
{
TempPermission.Roles.Add(r);
}
PermissionSrv.CreateNew(TempPermission);
PermissionSrv.CommitChanges();
}
else
{
foreach (role r in RoleLst)
{
if (!TempPermission.Roles.Contains(r))
{
TempPermission.Roles.Add(r);
}
}
PermissionSrv.CommitChanges();
}
}
/// <summary>
/// check if the user can play num code in his permission
/// </summary>
/// <param name="num">def.op of try action</param>
/// <param name="permiss">one user permission in his list</param>
/// <returns></returns>
public static bool acsessToFunc(int num, permission permiss)
{
bool x;
try { x = permiss.types[num]; }
catch (Exception e) { throw new Exception("maybe the op code don't in the objct??" + e); }
return(x);
}
public IActionResult DeletePermFromList(int id)
{
permission claimed = _context.permissions.SingleOrDefault(p => p.permissionid == id);
_context.permissions.Remove(claimed);
_context.SaveChanges();
return(RedirectToAction("PermissionDash"));
}
public ActionResult DoAddNewRole(string name, string RoleTypeId)
{
string results = "OK";
if (ModelState.IsValid && !string.IsNullOrEmpty(name) && !string.IsNullOrEmpty(RoleTypeId))
{
var checkExist = _iroleService.Query.FirstOrDefault(x => x.name.ToUpper() == name.ToUpper());
if (checkExist == null)
{
try
{
role p = new role();
p.AppID = 1;
p.name = name.Trim();
List <string> lstPmsChange = new List <string>();
if (Session["ArrayPms"] != null)
{
lstPmsChange = (List <string>)Session["ArrayPms"];
}
foreach (string word in lstPmsChange)
{
_permission = _ipmsService.GetByName(word, 1);
Listpermission.Add(_permission);
}
p.Permissions = Listpermission;
_iroleService.BeginTran();
_iroleService.CreateNew(p);
typeRole = new TYPE_ROLE {
ROLE_ID = p.roleid, TYPE = int.Parse(RoleTypeId)
};
_iTypeRoleService.CreateNew(typeRole);
_iLogSystemService.CreateNew(HttpContext.User.Identity.Name, "Thêm mới Phân quyền ", "Thực hiện chức năng thêm mới Phân quyền", Helper.GetIPAddress.GetVisitorIPAddress(), HttpContext.Request.Browser.Browser);
_iroleService.CommitTran();
}
catch (Exception e)
{
_iroleService.RolbackTran();
results = e.Message;
}
}
else
{
results = "ExistName";
}
}
else
{
results = "NotOK";
}
Session["ArrayPms"] = null;
Session["ChangeCheckBoxPms"] = null;
return(Content(results, "text/html"));
}
/// <summary>
/// remove all oldrole assign for the permission and assign new [mRoles] for the permission
/// </summary>
/// <param name="mObject"></param>
/// <param name="mOperation"></param>
/// <param name="mRoles"></param>
public void UpdatePermission(string mObject, string mOperation, string[] mRoles)
{
if (_App == null)
{
return;
}
IroleService RoleSrv = new roleService(SessionFactoryConfigPath);
string HQL = "from role r where r.AppID = :AppID AND r.name in ({0})";
string ParaStr = ":" + string.Join(",:", mRoles);
HQL = string.Format(HQL, ParaStr);
SQLParam[] paramList = new SQLParam[mRoles.Length + 1];
paramList[0] = new SQLParam("AppID", _App.AppID);
for (int i = 0; i < mRoles.Length; i++)
{
paramList[i + 1] = new SQLParam(mRoles[i], mRoles[i]);
}
//List<role> RoleLst = RoleSrv.GetbyHQuery(HQL, new SQLParam("rolenames", string.Join(",",mRoles)), new SQLParam("AppID", _App.AppID));
List <role> RoleLst = RoleSrv.GetbyHQuery(HQL, paramList);
if (RoleLst == null || RoleLst.Count == 0)
{
return;
}
//Grant permission
IpermissionService PermissionSrv = new permissionService(SessionFactoryConfigPath);
permission TempPermission = PermissionSrv.GetPermission(mObject, mOperation, _App.AppID);
if (TempPermission != null)
{
List <role> TmpRolseLst = new List <role>();
foreach (role r in TempPermission.Roles)
{
if (!RoleLst.Contains(r))
{
TmpRolseLst.Add(r);
}
}
foreach (role r in TmpRolseLst)
{
TempPermission.Roles.Remove(r);
}
foreach (role r in RoleLst)
{
if (!TempPermission.Roles.Contains(r))
{
TempPermission.Roles.Add(r);
}
}
PermissionSrv.CommitChanges();
}
}
public Boolean delete(Int32 id)
{
permission p = db.permissions.Single(x => x.id == id);
db.permissions.DeleteOnSubmit(p);
db.SubmitChanges();
return(true);
}
/// <summary>
/// check if user friend of interfaceacsess object.
/// </summary>
/// <param name="groups">interfaceacsess object gruop</param>
/// <param name="permiss">one user permission in his list</param>
/// <returns></returns>
public static bool permiitionOnListPermittion(List <string> groups, permission permiss)
{
foreach (string val in groups)
{
if (val == permiss.Name)
{
return(true);
}
}
return(false);
}
// POST: odata/permissions
public async Task <IHttpActionResult> Post(permission permission)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
db.permission.Add(permission);
await db.SaveChangesAsync();
return(Created(permission));
}
public Permission select(Int32 id)
{
permission pe = db.permissions.Single(x => x.id == id);
Permission p = new Permission();
p.event_id = pe.event_id;
p.permission_id = pe.permission_id;
p.id = pe.id;
return(p);
}
/// <summary>
/// Return All Role wich is assign permission for Action [Operation] on [Object]
/// </summary>
/// <param name="Operation"></param>
/// <param name="Object"></param>
/// <returns></returns>
public string[] GetRoleForOperation(string mOperation, string mObject)
{
permission _Per = PermissionSrv.GetPermission(mObject, mOperation, _App.AppID);
if (_Per != null && _Per.Roles != null)
{
return((from r in _Per.Roles select r.name).ToArray());
}
else
{
return new string[] { }
};
}
public Permission update(Permission p)
{
permission pe = db.permissions.Single(x => x.id == p.id);
pe.event_id = p.event_id;
pe.permission_id = p.permission_id;
pe.assigned_by = p.assigned_by;
pe.assigned_date = DateTime.Now;
db.SubmitChanges();
return(p);
}
// DELETE: odata/permissions(5)
public async Task <IHttpActionResult> Delete([FromODataUri] long key)
{
permission permission = await db.permission.FindAsync(key);
if (permission == null)
{
return(NotFound());
}
db.permission.Remove(permission);
await db.SaveChangesAsync();
return(StatusCode(HttpStatusCode.NoContent));
}
protected override EntityBase CreateAndBuildEntity(DataHelper.Framework.SafeDataReader dr)
{
permission theEntity = new permission();
theEntity.PERM_ID = !dr.IsDBNull(0) ? dr.GetValue(0).ToString() : string.Empty;
theEntity.GROUP_ID = !dr.IsDBNull(1) ? dr.GetValue(1).ToString() : string.Empty;
theEntity.PERMISSION_SUB = !dr.IsDBNull(2) ? dr.GetValue(2).ToString() : string.Empty;
theEntity.PageID = !dr.IsDBNull(3) ? dr.GetValue(3).ToString() : string.Empty;
return(theEntity);
}
/// <summary>
/// Return All Role wich is assign permission for Action [Operation] on [Object]
/// </summary>
/// <param name="Operation"></param>
/// <param name="Object"></param>
/// <returns></returns>
public string[] GetRoleForOperation(string mOperation, string mObject)
{
IpermissionService PermissionSrv = new permissionService(SessionFactoryConfigPath);
permission _Per = PermissionSrv.GetPermission(mObject, mOperation, _App.AppID);
if (_Per != null && _Per.Roles != null)
{
return((from r in _Per.Roles select r.name).ToArray());
}
else
{
return new string[] { }
};
}
public string editPost(int postNo, string requestingUser, permission p, string content)
{
Post post = searchPost(_threads, postNo);
if (post == null || (post.getTitle().Equals("") && content.Equals("")))
{
return(Constants.INVALID_INPUT);
}
post.setContent(content);
if (content.Equals(post.getContent()))
{
return(Constants.SUCCESS);
}
return("Could not edit post.");
}
// deletePost need to be synchronized
public string deletePost(int postNo, postDeletionPermission pdp, permission p, string requestingUser)
{
Post post = searchPost(_threads, postNo);
if (post == null)
{
return(Constants.SUCCESS);
}
switch (pdp)
{
case postDeletionPermission.WRITER:
if (p < permission.MODERATOR && !post.getWriter().Equals(requestingUser))
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
break;
case postDeletionPermission.MODERATOR:
if (p < permission.MODERATOR)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
break;
case postDeletionPermission.ADMIN:
if (p < permission.ADMIN)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
break;
case postDeletionPermission.SUPER_ADMIN:
if (p < permission.SUPER_ADMIN)
{
return(Constants.noPermissionToDeletePost(requestingUser));
}
break;
default:
return(Constants.noPermissionToDeletePost(requestingUser));
}
if (post.delete())
{
_numOfPosts--;
return(Constants.SUCCESS);
}
return("Could not delete post");
}
public string editPost(string forumName, string subForumName, int postNo, string requestingUser, string content)
{
List <string> input = new List <string>()
{
forumName, subForumName, requestingUser
};
if (Constants.isValidInput(input))
{
lock (o)
{
permission p = _um.getUserPermissionsForSubForum(forumName, subForumName, requestingUser);
return(_fm.editPost(forumName, subForumName, postNo, requestingUser, p, content));
}
}
return(Constants.INVALID_INPUT);
}
private void loginBtn_Click(object sender, RoutedEventArgs e)
{
string userNameInput = userNameTxt.Text;
string passwordInput = passwordTxt.Password;
loginStatus response = app.login(forumName, userNameInput, passwordInput);
if (response == loginStatus.FALSE)
{
GuiUtils.displayError("Incorrect Username or Password");
return;
}
this.userName = userNameInput;
userNameTxt.Text = "";
passwordTxt.Password = "";
userNameLbl.Visibility = Visibility.Hidden;
passwordLbl.Visibility = Visibility.Hidden;
passwordTxt.Visibility = Visibility.Hidden;
userNameTxt.Visibility = Visibility.Hidden;
loginBtn.Visibility = Visibility.Hidden;
registerBtn.Visibility = Visibility.Hidden;
this.permission = app.getUserPermissionsForForum(forumName, userName);
loggedInTxt.Text = "Logged in as " + userName;
if (permission == permission.ADMIN)
{
logoutBtn.Visibility = Visibility.Visible;
sendPrivateMessageBtn.Visibility = Visibility.Visible;
addSubForumBtn.Visibility = Visibility.Visible;
}
else if (permission == permission.MEMBER)
{
logoutBtn.Visibility = Visibility.Visible;
sendPrivateMessageBtn.Visibility = Visibility.Visible;
}
}
public Permission add(Permission p)
{
permission pe = new permission();
pe.assigned_by = p.assigned_by;
pe.assigned_date = DateTime.Now;
pe.event_id = p.event_id;
pe.permission_id = p.permission_id;
pe.user_id = p.user_id;
db.permissions.InsertOnSubmit(pe);
db.SubmitChanges();
p.id = pe.id;
return(p);
}
public List <Tuple <string, string, DateTime, string> > getListOfForumModerators(string forumName, string requestingUser)
{
List <string> input = new List <string>()
{
forumName, requestingUser
};
if (!Constants.isValidInput(input))
{
return(null);
}
permission p = _um.getUserPermissionsForForum(forumName, requestingUser);
if (p < permission.ADMIN)
{
return(null);
}
return(_um.getListOfForumModerators(forumName));
}
public void InsertPermission(permissionDB permiss)
{
using (DataAccesDataContext dbContext = new DataAccesDataContext())
{
// incrémenter code permission a partir du dernier code
List <permissionDB> lsperm = GetPermission();
int code_permission = lsperm.OrderBy(w => w.code).LastOrDefault().code + 1;
permission permission = new permission
{
code_permission = code_permission,
description = permiss.description
};
dbContext.permission.InsertOnSubmit(permission);
dbContext.SubmitChanges();
}
}
public void setPermissionsOnFolders(string userSearchPath, contentManagerService1 cmService, string sPath)
{
searchPathMultipleObject spMulti = new searchPathMultipleObject();
spMulti.Value = sPath;
folder pFolder = (folder)cmService.query(spMulti, new propEnum[]{propEnum.searchPath,propEnum.policies},new sort[]{},new queryOptions())[0];
bool found = false;
permission newPermission = new permission();
newPermission.name ="execute";
newPermission.access = accessEnum.deny;
for (int i = 0; i < pFolder.policies.value.Length && !found; i ++)
{
policy policy = pFolder.policies.value[i];
//If the security object already exists, update its permissions
if(policy.securityObject.searchPath.value.Equals(userSearchPath))
{
found = true;
permission[] newPerms = new permission[policy.permissions.Length + 1];
for(int j = 0; j < policy.permissions.Length; j ++)
{
newPerms[j] = policy.permissions[j];
}
newPerms[newPerms.Length - 1] = newPermission;
policy.permissions = newPerms;
}
}
//If the security object does not exist, create a new one
if(!found)
{
baseClass entry = null;
spMulti.Value = userSearchPath;
entry = cmService.query(spMulti, new propEnum[]{},new sort[]{},new queryOptions())[0];
policy newPolicy = new policy();
newPolicy.securityObject = entry;
permission[] permissions = new permission[1];
permissions[0] = newPermission;
newPolicy.permissions = permissions;
policyArrayProp existingPols = pFolder.policies ;
policy[] newPols = new policy[existingPols.value.Length + 1];
for(int j = 0; j < existingPols.value.Length; j ++)
{
newPols[j] = existingPols.value[j];
}
newPols[newPols.Length - 1] = newPolicy;
existingPols.value = newPols;
}
cmService.update(new baseClass[]{pFolder},new updateOptions() );
}
public qnx(OldUnityXml.qnx old)
{
env = new env(old.env);
author = old.author;
authorId = old.authorId;
id = old.id;
filename = old.filename;
name = old.name;
description = old.description;
publisher = old.publisher;
versionNumber = old.versionNumber;
int assetCount = 5, splashAssetCount = old.splashScreens.images != null ? old.splashScreens.images.Length : 0;
assets = new asset[assetCount + splashAssetCount];
assets[0] = new asset(old.icon.image, old.icon.image);
assets[1] = new asset("Data", null);
assets[2] = new asset("lib", null);
assets[3] = new asset("SLAwards.bundle", "scoreloop/SLAwards.bundle");
assets[4] = new asset("Release", null);
for (int i = 0; i != splashAssetCount; ++i)
{
assets[assetCount+i] = new asset(old.splashScreens.images[i], old.splashScreens.images[i]);
}
icon = new icon(old.icon);
splashScreens = new splashScreens(old.splashScreens);
initialWindow = new initialWindow(old.initialWindow);
configuration = new configuration(old);
category = old.category;
permissions = new permission[old.actions.Length];
for (int i = 0; i != permissions.Length; ++i)
{
permissions[i] = new permission(old.actions[i]);
}
}
public permission(permission old)
{
system = old.system;
content = old.content;
}
