/// <summary>
/// This method is gridview specific. It makes all data rows of the gridview readonly without impacting the sort and/or pager templates.
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <param name="gridview"></param>
/// <param name="resp"></param>
public void LockGridViewDataRowsResource(string resource, SecurityTokenHelper securityClass, GridView gridview, HttpResponse resp)
{
bool isRead;
bool isWrite;
isRead = hasReadAccess(resource, securityClass);
isWrite = hasWriteAccess(resource, securityClass);
if (!(isRead || isWrite))
{
// if neither isread or iswrite, transfer to no access page.
// NOTE!!! this code will generate a frame error if caller is in a try catch.
resp.Redirect("~/InvalidAccess.aspx");
}
else if (isRead && !isWrite)
{
// if is read, change all ctrls to disabled
foreach (GridViewRow r in gridview.Rows)
{
if (r.RowType == DataControlRowType.DataRow)
{
r.Enabled = false;
}
}
}
}
/// <summary>
/// Used when a page has no meaning when it is read only. If the user has write access they should have normal access
/// if the user has read access only they will be redirected to an access denied page. Because we do not allow just write
/// access by itself, the requirement is that the user must have both read & write access.
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <param name="ctrl"></param>
/// <param name="resp"></param>
public void LockMustWriteResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp)
{
bool isRead;
bool isWrite;
isRead = hasReadAccess(resource, securityClass);
isWrite = hasWriteAccess(resource, securityClass);
if (!(isRead && isWrite))
{
// NOTE!!! this code will generate a frame error if caller is in a try catch.
resp.Redirect("~/InvalidAccess.aspx");
}
}
/// <summary>
/// This checks to see if the user has any access. This is for pages which are already 100% readonly
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <param name="resp"></param>
public void LockAnyAccessResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp)
{
bool isRead;
bool isWrite;
isRead = hasReadAccess(resource, securityClass);
isWrite = hasWriteAccess(resource, securityClass);
if (!(isRead || isWrite))
{
// if neither isread or iswrite, transfer to no access page.
// NOTE!!! this code will generate a frame error if caller is in a try catch.
resp.Redirect("~/InvalidAccess.aspx");
}
}
/// <summary>
/// This method allows registration of javascript to fire during onload event.
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <param name="pg" contains page></param>
/// <param name="jscript" Javascript function to be called></param>
/// <param name="resp"></param>
public void LockJSOnLoadResource(string resource, SecurityTokenHelper securityClass, Page pg, String jscript, HttpResponse resp)
{
bool isRead;
bool isWrite;
isRead = hasReadAccess(resource, securityClass);
isWrite = hasWriteAccess(resource, securityClass);
if (!(isRead || isWrite))
{
// if neither isread or iswrite, transfer to no access page.
// NOTE!!! this code will generate a frame error if caller is in a try catch.
resp.Redirect("~/InvalidAccess.aspx");
}
else if (isRead && !isWrite)
{
pg.ClientScript.RegisterStartupScript(typeof(Page), "OnLoad", jscript, true);
}
}
/// <summary>
/// Check to see if a named application resource is/should be read accessible by the current user's permission token
/// If an invalid resource name is sent in, method will return false.
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <returns>true if the user has read access to the resource</returns>
public bool hasReadAccess(string resource, SecurityTokenHelper securityClass)
{
bool retValue = false;
long resourceAccessCode = 0;
Int32 resourceIndex = 0;
long userToken;
long groupReadToken;
resource = resource.ToUpper();
// get resource token for which access is being checked. This is a dictionary lookup.
// List<long> userReadToken = securityClass.ReadTokens;
if (_resources.ContainsKey(resource))
{
resourceAccessCode = _resources[resource].AccessCode;
resourceIndex = (Int32)_resources[resource].AccessTokenID;
}
// compare the resource token with the user's read token (if any).
if ((resourceAccessCode > 0) && (securityClass.ReadTokens.Count > 0))
{
userToken = securityClass.ReadTokens[resourceIndex - 1];
retValue = ((userToken & resourceAccessCode) >= 1); // binary compare
}
// get resource token for which access is being checked. This is a dictionary lookup.
// List<long> groupReadToken = securityClass.GroupTokens;
if (_resources.ContainsKey(resource))
{
resourceAccessCode = _resources[resource].AccessCode;
resourceIndex = (Int32)_resources[resource].AccessTokenID;
}
// compare the resource token with the group token (if any).
if ((resourceAccessCode > 0) && (securityClass.GroupReadTokens.Count > 0))
{
groupReadToken = securityClass.GroupReadTokens[resourceIndex - 1];
retValue = (retValue || ((groupReadToken & resourceAccessCode) >= 1)); // binary compare
}
//--------------------------------------------------------------------------------------
return(retValue);
}
/// <summary>
/// Checks to see if form can be accessed. If it can, checks to see if access is read or write
/// </summary>
/// <param name="resource"></param>
/// <param name="securityClass"></param>
/// <param name="p"></param>
/// <param name="r"></param>
/// <returns></returns>
public void LockResource(string resource, SecurityTokenHelper securityClass, Control ctrl, HttpResponse resp)
{
bool isRead;
bool isWrite;
isRead = hasReadAccess(resource, securityClass);
isWrite = hasWriteAccess(resource, securityClass);
if (!(isRead || isWrite))
{
// if neither isread or iswrite, transfer to no access page.
// NOTE!!! this code will generate a frame error if caller is in a try catch.
resp.Redirect("~/InvalidAccess.aspx");
}
else if (isRead && !isWrite)
{
// if is read, change all ctrls to disabled
makeReadOnly(ctrl);
// TODO: see if we can walk the Request.Form html objects and disable those here as well ...Request.Form["xxxxx"];
}
}
