/// <summary>
/// US:865 does the user have a specific checklist item permission
/// </summary>
/// <param name="user"></param>
/// <param name="kPermission"></param>
/// <returns></returns>
public bool HasPermission(CAppUser user,
k_CHECKLIST_PERMISSION kPermission)
{
//viewable permissions - most liberal role takes precident
if (kPermission == k_CHECKLIST_PERMISSION.DSOverride)
{
bool bOverride = false;
if (user.IsAdministrator)
{
if (DSOverrideAdministrator)
{
bOverride = true;
}
}
if (user.IsDoctor)
{
if (DSOverrideDoctor)
{
bOverride = true;
}
}
if (user.IsNurse)
{
if (DSOverrideNurse)
{
bOverride = true;
}
}
return(bOverride);
}
return(false);
}
/// <summary>
/// logoff the system
/// </summary>
/// <returns></returns>
public bool LogOff()
{
if (AppUser != null)
{
AppUser.LogOff();
AppUser = new CAppUser(this.BaseData);
}
Response.Redirect("VAPPCTHome.aspx");
return(true);
}
/// <summary>
/// override page load
/// </summary>
/// <param name="e"></param>
protected override void OnLoad(EventArgs e)
{
// csrf protection on post backs only
//one and only appuser holds data in session state
AppUser = new CAppUser(BaseData);
//check token if we are logged in
if (AppUser.LoggedIn)
{
//using a session token to prevent against CSRF attacks
//
//if no token yet create one
if (Session["CSRF_TOKEN"] == null)
{
Session["CSRF_TOKEN"] = Guid.NewGuid().ToString();
}
if (!IsPostBack)
{
//not a postback so put the token in view state
ViewState["CSRF_TOKEN"] = Session["CSRF_TOKEN"].ToString();
}
else
{
//post back so check the token
//
//logoff if null
if (ViewState["CSRF_TOKEN"] == null)
{
LogOff();
return;
}
//logoff if session token and viewstate totken do not match
string strSessionCSRF = Session["CSRF_TOKEN"].ToString();
string strViewStateCSRF = ViewState["CSRF_TOKEN"].ToString();
if (strSessionCSRF != strViewStateCSRF)
{
LogOff();
return;
}
}
}
//call base to finish the load
base.OnLoad(e);
}
/// <summary>
/// US:840
/// helper to determine if MDWS is valid
/// </summary>
/// <returns></returns>
public CStatus IsMDWSValid()
{
//check the connection to MDWS, will attempt to reconnect
//if necessary
CAppUser appUser = new CAppUser(this);
//get the users security keys, this is how we test the connection
UserSecurityKeyArray usk = GetMDWSSOAPClient().getUserSecurityKeys(appUser.UserID.ToString());
if (usk != null && usk.fault != null)
{
long lUserID = 0;
EmrSvcSoapClient mdwsSOAPClient = null;
CStatus status = MDWSLogin(
appUser.MDWSUID.ToString(),
appUser.MDWSPWD.ToString(),
appUser.SiteID,
out lUserID,
out mdwsSOAPClient);
if (!status.Status)
{
return(status);
}
}
/*todo: debug
* else
* {
* string strkeys = String.Empty;
* foreach (UserSecurityKeyTO to in usk.keys)
* {
* strkeys += to.name + "\r\n";
* }
*
* strkeys += "";
* }*/
return(new CStatus());
}
/// <summary>
/// US:864 US:876 does the user have a specific checklist permission
/// </summary>
/// <param name="user"></param>
/// <param name="kPermission"></param>
/// <returns></returns>
public bool HasPermission(CAppUser user,
k_CHECKLIST_PERMISSION kPermission)
{
//viewable permissions - most liberal role takes precident
if (kPermission == k_CHECKLIST_PERMISSION.Viewable)
{
bool bViewable = false;
if (user.IsDoctor)
{
if (ViewableDoctor)
{
bViewable = true;
}
}
if (user.IsNurse)
{
if (ViewableNurse)
{
bViewable = true;
}
}
if (user.IsAdministrator)
{
if (ViewableAdministrator)
{
bViewable = true;
}
}
return(bViewable);
}
//readonly permissions - most liberal takes precidence
if (kPermission == k_CHECKLIST_PERMISSION.ReadOnly)
{
bool bReadOnly = true;
if (user.IsDoctor)
{
if (!ReadOnlyDoctor)
{
bReadOnly = false;
}
}
if (user.IsNurse)
{
if (!ReadOnlyNurse)
{
bReadOnly = false;
}
}
if (user.IsAdministrator)
{
if (!ReadOnlyAdministrator)
{
bReadOnly = false;
}
}
return(bReadOnly);
}
//closeable permissions - most liberal role takes precident
if (kPermission == k_CHECKLIST_PERMISSION.Closeable)
{
bool bCloseable = false;
if (user.IsDoctor)
{
if (CloseableDoctor)
{
bCloseable = true;
}
}
if (user.IsNurse)
{
if (CloseableNurse)
{
bCloseable = true;
}
}
if (user.IsAdministrator)
{
if (CloseableAdministrator)
{
bCloseable = true;
}
}
return(bCloseable);
}
//TIU Note permissions - most liberal role takes precident
if (kPermission == k_CHECKLIST_PERMISSION.TIUNote)
{
bool bTIUNote = false;
if (user.IsDoctor)
{
if (TIUDoctor)
{
bTIUNote = true;
}
}
if (user.IsNurse)
{
if (TIUNurse)
{
bTIUNote = true;
}
}
if (user.IsAdministrator)
{
if (TIUAdministrator)
{
bTIUNote = true;
}
}
return(bTIUNote);
}
return(false);
}
/// <summary>
/// US:836 US:1882 this is the proper place to do initialization in a master page
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Init(object sender, EventArgs e)
{
CStatus status = new CStatus();
//Returns a string that can be used in a client
//event to cause postback to the server.
Page.ClientScript.GetPostBackEventReference(this, String.Empty);
//set the character set, since all pages derive from basemaster
//this will set the encoding for all pages...
Response.ContentEncoding = Encoding.UTF8;
//is MDWS on?
MDWSTransfer = false;
if (System.Configuration.ConfigurationManager.AppSettings["MDWSTransfer"] != null)
{
string strMDWS = System.Configuration.ConfigurationManager.AppSettings["MDWSTransfer"].ToString();
if (strMDWS == "1")
{
MDWSTransfer = true;
}
}
//connect to the data source
if (m_DBConn != null)
{
status = m_DBConn.Connect();
if (!status.Status)
{
//redirect to an error page
Response.Redirect("ep_error_page.htm");
Response.End();
}
}
//one and only basedata, used as a base class for all
//data items. allows us to share data classes from
//VAPPCT.Data
BaseData = new CData(DBConn,
ClientIP,
UserID,
SessionID,
Session,
MDWSTransfer);
//one and only appuser holds data in session state
AppUser = new CAppUser(BaseData);
//because basedata gets set before appuser and
//app user id is stored in session state we must
//set it here again to avoid a 0 user id if the
//user is logged in...
BaseData.UserID = AppUser.UserID;
//timeout for the application is 20 minutes
Session.Timeout = TimeOutInMinutes;
//check for a valid session
if (AppUser.LoggedIn)
{
CUserData ud = new CUserData(BaseData);
status = ud.CheckFXSession();
if (!status.Status)
{
LogOff();
return;
}
}
//if we are not logged in and not on the home page
//redirct to the home page...
if (!AppUser.LoggedIn)
{
if (GetPageName().ToLower() != "vappcthome.aspx")
{
Response.Redirect("VAPPCTHome.aspx");
}
}
else
{
//if we are logged in but not connected to mdws
//then reconnect
if (MDWSTransfer)
{
CStatus s = new CStatus();
s = AppUser.CheckMDWSConnection();
}
}
//if the user does not have access to this page
//then logg them off
if (GetPageName().ToLower() != "vappcthome.aspx")
{
if (!AppUser.AuditPageAccess(GetPageName()))
{
LogOff();
}
}
}