protected void unset_confidentiality_level(Guid?objectId, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
bool isNode = objectId.HasValue && CNController.is_node(paramsContainer.Tenant.Id, objectId.Value);
bool isUser = !isNode;
bool accessDenied = false;
if (isUser)
{
accessDenied = !objectId.HasValue ||
!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID);
}
else
{
accessDenied = !objectId.HasValue || (
!PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value) &&
!CNController.is_service_admin(paramsContainer.Tenant.Id,
objectId.Value, paramsContainer.CurrentUserID.Value) &&
!CNController.is_node_admin(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID.Value, objectId.Value, null, null, null));
}
if (accessDenied)
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
if (objectId.HasValue)
{
_save_error_log(Modules.Log.Action.UnsetConfidentialityLevel_PermissionFailed, objectId);
}
return;
}
bool succeed = objectId.HasValue && PrivacyController.unset_confidentiality_level(paramsContainer.Tenant.Id,
objectId.Value, paramsContainer.CurrentUserID.Value);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.UnsetConfidentialityLevel,
SubjectID = objectId,
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void check_authority(List <string> permissions, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (permissions.Count == 0)
{
responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
return;
}
List <AccessRoleName> roles = new List <AccessRoleName>();
foreach (string str in permissions)
{
AccessRoleName rl = AccessRoleName.None;
if (Enum.TryParse <AccessRoleName>(str, out rl) && rl != AccessRoleName.None)
{
roles.Add(rl);
}
}
List <AccessRoleName> accessRoles = AuthorizationManager.has_right(roles, paramsContainer.CurrentUserID);
responseText = "{" + string.Join(",", roles.Select(
u => "\"" + u.ToString() + "\":" + accessRoles.Any(x => x == u).ToString().ToLower())) + "}";
}
protected void add_confidentiality_level(int?levelId, string title, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
_save_error_log(Modules.Log.Action.AddConfidentialityLevel_PermissionFailed, Guid.Empty);
return;
}
Guid id = Guid.NewGuid();
string errorMessage = string.Empty;
bool succeed = !levelId.HasValue ? false :
PrivacyController.add_confidentiality_level(paramsContainer.Tenant.Id, id, levelId.Value, title,
paramsContainer.CurrentUserID.Value, ref errorMessage);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"" +
",\"Level\":" + (new ConfidentialityLevel()
{
ID = id, LevelID = levelId, Title = title
}).toJson() + "}" :
"{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.AddConfidentialityLevel,
SubjectID = id,
Info = "{\"LevelID\":" + levelId.ToString() + ",\"Title\":\"" + Base64.encode(title) + "\"}",
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void remove_confidentiality_level(Guid?confidentialityId, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
_save_error_log(Modules.Log.Action.RemoveConfidentialityLevel_PermissionFailed, confidentialityId);
return;
}
string errorMessage = string.Empty;
bool succeed = !confidentialityId.HasValue ? false :
PrivacyController.remove_confidentiality_level(paramsContainer.Tenant.Id,
confidentialityId.Value, paramsContainer.CurrentUserID.Value);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.RemoveConfidentialityLevel,
SubjectID = confidentialityId,
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void handle_imported_file(DocFileInfo file, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.DataImport, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
return;
}
if (!file.exists(paramsContainer.Tenant.Id))
{
responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
return;
}
XmlDocument xmlDoc = new XmlDocument();
try
{
using (MemoryStream stream = new MemoryStream(file.toByteArray(paramsContainer.Tenant.Id)))
xmlDoc.Load(stream);
}
catch (Exception ex)
{
responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
return;
}
string docName = xmlDoc.DocumentElement.Name.ToLower();
bool result = false;
switch (docName)
{
case "nodes":
result = update_nodes(ref xmlDoc);
break;
case "nodeids":
result = update_node_ids(ref xmlDoc);
break;
case "removenodes":
result = remove_nodes(ref xmlDoc);
break;
case "users":
result = update_users(ref xmlDoc);
break;
case "members":
result = update_members(ref xmlDoc);
break;
case "experts":
result = update_experts(ref xmlDoc);
break;
case "relations":
result = update_relations(ref xmlDoc);
break;
case "authors":
result = update_authors(ref xmlDoc);
break;
case "userconfidentialities":
result = update_user_confidentialities(ref xmlDoc);
break;
case "permissions":
result = update_permissions(ref xmlDoc);
break;
}
responseText = result ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
}
protected bool check_object_type(List <Guid> objectIds, PrivacyObjectType objectType)
{
switch (objectType)
{
case PrivacyObjectType.None:
case PrivacyObjectType.Node:
case PrivacyObjectType.NodeType:
{
if (objectIds.Count != 1)
{
return(false);
}
bool isNodeType = objectType != PrivacyObjectType.Node &&
CNController.is_node_type(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count;
bool isNode = !isNodeType && objectType != PrivacyObjectType.NodeType &&
CNController.is_node(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count;
if (!isNodeType && !isNode)
{
return(false);
}
bool accessPermission =
AuthorizationManager.has_right(AccessRoleName.ManageOntology, paramsContainer.CurrentUserID);
if (!accessPermission)
{
accessPermission = CNController.is_service_admin(paramsContainer.Tenant.Id,
objectIds[0], paramsContainer.CurrentUserID.Value);
}
if (!accessPermission && isNode)
{
accessPermission = CNController.is_node_admin(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID.Value, objectIds[0], null, null, null) ||
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
objectIds[0], PrivacyObjectType.Node, PermissionType.Modify);
}
return(accessPermission);
}
case PrivacyObjectType.FAQCategory:
return(QAController.is_faq_category(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
(AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID) ||
QAController.is_workflow_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value, null)));
case PrivacyObjectType.QAWorkFlow:
return(QAController.is_workflow(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID));
case PrivacyObjectType.Poll:
return(FGController.is_poll(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManagePolls, paramsContainer.CurrentUserID));
case PrivacyObjectType.Report:
return(!objectIds.Any(u => !ReportUtilities.ReportIDs.Any(x => x.Value == u)) &&
PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value));
case PrivacyObjectType.FormElement:
return(FGController.is_form_element(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManageForms, paramsContainer.CurrentUserID));
}
return(false);
}
protected void get_report(ModuleIdentifier moduleIdentifier, string reportName, bool excel, bool rtl,
bool isPersian, ref Dictionary <string, string> dic, int pageNumber, int pageSize, ref string responseText,
List <ReportParameter> parameters, string password)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
bool isSystemAdmin =
PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value);
Guid?reportId = ReportUtilities.get_report_id(moduleIdentifier, reportName);
bool hasAccess = reportId.HasValue && (isSystemAdmin ||
AuthorizationManager.has_right(AccessRoleName.Reports, paramsContainer.CurrentUserID));
hasAccess = hasAccess && (isSystemAdmin ||
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
reportId.Value, PrivacyObjectType.Report, PermissionType.View));
if (!hasAccess)
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
return;
}
DataTable tbl = new DataTable();
string actions = string.Empty;
Dictionary <string, string> columnsDic = new Dictionary <string, string>();
ReportsController.get_report(paramsContainer.Tenant.Id,
moduleIdentifier, reportName, ref tbl, ref actions, ref columnsDic, parameters);
int firstRow = excel ? 0 : (pageSize * (pageNumber - 1));
int lastRow = (excel ? tbl.Rows.Count : Math.Min(firstRow + pageSize, tbl.Rows.Count)) - 1;
for (int c = 0; c < tbl.Columns.Count; ++c)
{
if (tbl.Columns[c].DataType != typeof(string) || tbl.Columns[c].ColumnName.IndexOf("_HTML") < 0)
{
continue;
}
tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_HTML", string.Empty);
for (int r = firstRow; r <= lastRow; ++r)
{
if (tbl.Rows[r][c] != DBNull.Value && !string.IsNullOrEmpty((string)tbl.Rows[r][c]))
{
//tbl.Rows[r][c] = PublicMethods.markup2plaintext(
//Expressions.replace((string)tbl.Rows[r][c], Expressions.Patterns.HTMLTag, " ")).Trim();
string str = (string)tbl.Rows[r][c];
str = Expressions.replace(str, Expressions.Patterns.HTMLTag, " ");
str = PublicMethods.markup2plaintext(paramsContainer.Tenant.Id, str).Trim();
tbl.Rows[r][c] = str;
}
}
}
if (excel)
{
try
{
Dictionary <string, bool> usedColNames = new Dictionary <string, bool>();
foreach (string n in dic.Values)
{
usedColNames[n] = true;
}
for (int c = 0; c < tbl.Columns.Count; ++c)
{
if (columnsDic.ContainsKey(tbl.Columns[c].ColumnName))
{
string colName = columnsDic[tbl.Columns[c].ColumnName];
int num = 1;
while (true)
{
string tmpName = colName + (num <= 1 ? string.Empty : " (" + num.ToString() + ")");
if (!usedColNames.ContainsKey(tmpName))
{
usedColNames[tmpName] = true;
colName = tmpName;
break;
}
else
{
++num;
}
}
tbl.Columns[c].ColumnName = colName;
}
bool isString = tbl.Columns[c].DataType == typeof(string);
bool isDic = tbl.Columns[c].ColumnName.IndexOf("_Dic") >= 0;
if (isString && isDic)
{
Dictionary <string, string> colDic = _get_dictionary(tbl.Columns[c].ColumnName);
for (int r = 0; r < tbl.Rows.Count; ++r)
{
bool isNull = tbl.Rows[r].ItemArray[c] == DBNull.Value || tbl.Rows[r].ItemArray[c] == null;
if (!isNull && colDic.ContainsKey((string)tbl.Rows[r].ItemArray[c]))
{
tbl.Rows[r][c] = colDic[(string)tbl.Rows[r].ItemArray[c]];
}
}
}
if (isDic)
{
tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_Dic", string.Empty);
}
}
//meta data for exported file
Privacy p = !reportId.HasValue ? null :
PrivacyController.get_settings(paramsContainer.Tenant.Id, reportId.Value);
string confidentiality = p == null ? null : p.Confidentiality.Title;
User currentUser = !paramsContainer.CurrentUserID.HasValue ? null :
UsersController.get_user(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value);
if (currentUser == null)
{
currentUser = new User();
}
DownloadedFileMeta meta = new DownloadedFileMeta(PublicMethods.get_client_ip(HttpContext.Current),
currentUser.UserName, currentUser.FirstName, currentUser.LastName, confidentiality);
//end of meta data for exported file
string reportFileName = "Reports_" + PublicMethods.get_random_number().ToString();
ExcelUtilities.ExportToExcel(reportFileName, tbl, rtl, dic, password, meta);
}
catch (Exception ex)
{
responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
LogController.save_error_log(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
"ExportReportToExcel", ex, ModuleIdentifier.RPT, LogLevel.Fatal);
}
return;
}
Dictionary <string, bool> isFloatDic = new Dictionary <string, bool>();
responseText = "{\"Columns\":[";
for (int i = 0, lnt = tbl.Columns.Count; i < lnt; ++i)
{
object obj = null;
for (int j = firstRow; j <= lastRow; ++j)
{
if (tbl.Rows[j][i] != DBNull.Value && tbl.Rows[j][i] != null && !string.IsNullOrEmpty(tbl.Rows[j][i].ToString()))
{
obj = tbl.Rows[j][i];
break;
}
}
bool isNumber = false;
bool isFloat = false;
if (obj != null)
{
var objType = obj.GetType();
isNumber = objType == typeof(int) || objType == typeof(long) ||
objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal);
isFloat = objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal);
}
isFloatDic.Add(tbl.Columns[i].ColumnName, isFloat);
string colTitle = columnsDic.ContainsKey(tbl.Columns[i].ColumnName) ?
columnsDic[tbl.Columns[i].ColumnName] : tbl.Columns[i].ColumnName;
responseText += (i == 0 ? string.Empty : ",") + "{\"ID\":\"" + tbl.Columns[i].ColumnName +
"\",\"Title\":\"" + Base64.encode(colTitle) + "\",\"Encoded\":true" +
",\"IsNumber\":" + isNumber.ToString().ToLower() + "}";
}
responseText += "],\"Total\":" + tbl.Rows.Count.ToString() + ",\"Rows\":[";
for (int i = firstRow; i <= lastRow; ++i)
{
responseText += (i == firstRow ? string.Empty : ",") + "{";
for (int j = 0, _ln = tbl.Columns.Count; j < _ln; ++j)
{
if (isFloatDic[tbl.Columns[j].ColumnName])
{
tbl.Rows[i].ItemArray[j] =
Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2);
}
string strVal = tbl.Rows[i].ItemArray[j].GetType() == typeof(DateTime) ?
PublicMethods.get_local_date((DateTime)tbl.Rows[i].ItemArray[j], true) :
(isFloatDic[tbl.Columns[j].ColumnName] ?
Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2) :
tbl.Rows[i].ItemArray[j]).ToString();
responseText += (j == 0 ? string.Empty : ",") + "\"" + tbl.Columns[j].ColumnName + "\":\"" + Base64.encode(strVal) + "\"";
}
responseText += "}";
}
responseText += "],\"Actions\":" + (string.IsNullOrEmpty(actions) ? "{}" : actions) + "}";
}