/// <summary> /// This method is gridview specific. It makes all data rows of the gridview readonly without impacting the sort and/or pager templates. /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <param name="gridview"></param> /// <param name="resp"></param> public void LockGridViewDataRowsResource(string resource, SecurityTokenHelper securityClass, GridView gridview, HttpResponse resp) { bool isRead; bool isWrite; isRead = hasReadAccess(resource, securityClass); isWrite = hasWriteAccess(resource, securityClass); if (!(isRead || isWrite)) { // if neither isread or iswrite, transfer to no access page. // NOTE!!! this code will generate a frame error if caller is in a try catch. resp.Redirect("~/InvalidAccess.aspx"); } else if (isRead && !isWrite) { // if is read, change all ctrls to disabled foreach (GridViewRow r in gridview.Rows) { if (r.RowType == DataControlRowType.DataRow) { r.Enabled = false; } } } }
/// <summary> /// Used when a page has no meaning when it is read only. If the user has write access they should have normal access /// if the user has read access only they will be redirected to an access denied page. Because we do not allow just write /// access by itself, the requirement is that the user must have both read & write access. /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <param name="ctrl"></param> /// <param name="resp"></param> public void LockMustWriteResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp) { bool isRead; bool isWrite; isRead = hasReadAccess(resource, securityClass); isWrite = hasWriteAccess(resource, securityClass); if (!(isRead && isWrite)) { // NOTE!!! this code will generate a frame error if caller is in a try catch. resp.Redirect("~/InvalidAccess.aspx"); } }
/// <summary> /// This checks to see if the user has any access. This is for pages which are already 100% readonly /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <param name="resp"></param> public void LockAnyAccessResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp) { bool isRead; bool isWrite; isRead = hasReadAccess(resource, securityClass); isWrite = hasWriteAccess(resource, securityClass); if (!(isRead || isWrite)) { // if neither isread or iswrite, transfer to no access page. // NOTE!!! this code will generate a frame error if caller is in a try catch. resp.Redirect("~/InvalidAccess.aspx"); } }
/// <summary> /// This method allows registration of javascript to fire during onload event. /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <param name="pg" contains page></param> /// <param name="jscript" Javascript function to be called></param> /// <param name="resp"></param> public void LockJSOnLoadResource(string resource, SecurityTokenHelper securityClass, Page pg, String jscript, HttpResponse resp) { bool isRead; bool isWrite; isRead = hasReadAccess(resource, securityClass); isWrite = hasWriteAccess(resource, securityClass); if (!(isRead || isWrite)) { // if neither isread or iswrite, transfer to no access page. // NOTE!!! this code will generate a frame error if caller is in a try catch. resp.Redirect("~/InvalidAccess.aspx"); } else if (isRead && !isWrite) { pg.ClientScript.RegisterStartupScript(typeof(Page), "OnLoad", jscript, true); } }
/// <summary> /// Check to see if a named application resource is/should be read accessible by the current user's permission token /// If an invalid resource name is sent in, method will return false. /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <returns>true if the user has read access to the resource</returns> public bool hasReadAccess(string resource, SecurityTokenHelper securityClass) { bool retValue = false; long resourceAccessCode = 0; Int32 resourceIndex = 0; long userToken; long groupReadToken; resource = resource.ToUpper(); // get resource token for which access is being checked. This is a dictionary lookup. // List<long> userReadToken = securityClass.ReadTokens; if (_resources.ContainsKey(resource)) { resourceAccessCode = _resources[resource].AccessCode; resourceIndex = (Int32)_resources[resource].AccessTokenID; } // compare the resource token with the user's read token (if any). if ((resourceAccessCode > 0) && (securityClass.ReadTokens.Count > 0)) { userToken = securityClass.ReadTokens[resourceIndex - 1]; retValue = ((userToken & resourceAccessCode) >= 1); // binary compare } // get resource token for which access is being checked. This is a dictionary lookup. // List<long> groupReadToken = securityClass.GroupTokens; if (_resources.ContainsKey(resource)) { resourceAccessCode = _resources[resource].AccessCode; resourceIndex = (Int32)_resources[resource].AccessTokenID; } // compare the resource token with the group token (if any). if ((resourceAccessCode > 0) && (securityClass.GroupReadTokens.Count > 0)) { groupReadToken = securityClass.GroupReadTokens[resourceIndex - 1]; retValue = (retValue || ((groupReadToken & resourceAccessCode) >= 1)); // binary compare } //-------------------------------------------------------------------------------------- return(retValue); }
/// <summary> /// Checks to see if form can be accessed. If it can, checks to see if access is read or write /// </summary> /// <param name="resource"></param> /// <param name="securityClass"></param> /// <param name="p"></param> /// <param name="r"></param> /// <returns></returns> public void LockResource(string resource, SecurityTokenHelper securityClass, Control ctrl, HttpResponse resp) { bool isRead; bool isWrite; isRead = hasReadAccess(resource, securityClass); isWrite = hasWriteAccess(resource, securityClass); if (!(isRead || isWrite)) { // if neither isread or iswrite, transfer to no access page. // NOTE!!! this code will generate a frame error if caller is in a try catch. resp.Redirect("~/InvalidAccess.aspx"); } else if (isRead && !isWrite) { // if is read, change all ctrls to disabled makeReadOnly(ctrl); // TODO: see if we can walk the Request.Form html objects and disable those here as well ...Request.Form["xxxxx"]; } }