protected int OrgId; //Read from authentication ticket.
#endregion Fields
#region Methods
/// <summary>
/// Function is returning an access for input page.
/// </summary>
/// <param name="pageName">Input page</param>
/// <returns>The access for input page, false - not permission, true - yes</returns>
public bool CheckPermission(string pageName)
{
bool bResult = false;
DataView dvPages = null;
clsUsers user = null;
try
{
if((pageName.ToLower() != "default.aspx") && (pageName.ToLower() != "error.aspx") && (pageName.ToLower() != "accessdenied.aspx"))
{
dvPages = (DataView)Context.Cache["userPages"];
if(dvPages == null)
{
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
dvPages = new DataView(user.GetPagesList());
Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero);
}
dvPages.RowFilter = "vchPageName = '" + pageName + "'";
if(dvPages.Count > 0)
{
foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'}))
{
if(Context.User.IsInRole(role))
{
bResult = true;
}
}
}
else
if(Context.User.IsInRole("Administrators"))
bResult = true;
}
else
{
bResult = true;
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, "BFPPage.cs");
}
finally
{
if(user != null)
{
user.Dispose();
}
}
return bResult;
}
protected void CheckLinks(System.Web.UI.Page _page)
{
System.Web.UI.WebControls.HyperLink hlItem;
string pageName;
DataView dvPages = null;
clsUsers user = null;
try
{
foreach(System.Web.UI.Control _MainControl in _page.Controls)
{
if(_MainControl.GetType().FullName == "System.Web.UI.HtmlControls.HtmlForm")
{
foreach(System.Web.UI.Control _control in _MainControl.Controls)
{
if(_control.GetType().FullName == "System.Web.UI.WebControls.HyperLink")
{
hlItem = (System.Web.UI.WebControls.HyperLink)_control;
hlItem.Visible = false;
pageName = _functions.GetFileNameFromURL(hlItem.NavigateUrl);
if((pageName.ToLower() != "default.aspx") && (pageName.ToLower() != "error.aspx") && (pageName.ToLower() != "accessdenied.aspx"))
{
dvPages = (DataView)Context.Cache["userPages"];
if(dvPages == null)
{
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
dvPages = new DataView(user.GetPagesList());
Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero);
}
dvPages.RowFilter = "vchPageName = '" + pageName + "'";
if(dvPages.Count > 0)
{
foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'}))
{
if(Context.User.IsInRole(role))
{
hlItem.Visible = true;
}
}
}
else
if(Context.User.IsInRole("Administrators"))
hlItem.Visible = true;
}
else
{
hlItem.Visible = true;
}
}
}
return;
}
}
}
catch(Exception ex)
{
_functions.Log("Application error: \n" + ex.ToString());
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
private void Global_AuthorizeRequest(object sender, System.EventArgs e)
{
string sMode;
try
{
// Is user authenticated?
if(Request.IsAuthenticated)
{
// getting the current page from the Request Object
string pageName = Request.FilePath.Remove(0, Request.FilePath.LastIndexOf("/") + 1);
// if page is avaible then skip it
if((pageName.ToLower() == "default.aspx") ||
(pageName == "error.aspx") ||
(pageName.ToLower() == "accessdenied.aspx"))
return;
if (!pageName.Contains(".aspx"))
return;
// getting a mode from cookies
if(Request.Cookies["bfp_mode"] == null)
sMode = "";
else
sMode = Request.Cookies["bfp_mode"].Value;
switch(sMode)
{
case "OperatorKiosk":
if(pageName.Substring(0, 3) == "ok_" || pageName == "ReportViewer.aspx" || pageName == "selectMode.aspx")
break;
else
{
Context.RewritePath("accessdenied.aspx");
return;
}
case "TechnicianMode":
if(pageName.Substring(0, 5) == "admin_" || pageName.Substring(0, 6) == "error_")
{
Context.RewritePath("accessdenied.aspx");
return;
}
break;
default:
if(pageName == "ok_mainMenu.aspx")
break;
else if(pageName.Substring(0, 3) != "ok_")
break;
else
{
Context.RewritePath("accessdenied.aspx");
return;
}
}
if(Request.Cookies["bfp_operator"] == null)
{
if(pageName.Substring(0, 3) == "ok_" && pageName != "ok_mainMenu.aspx" && pageName != "ok_authCredentials.aspx")
{
Context.RewritePath("accessdenied.aspx");
return;
}
}
// getting the pages and groups for them from cache
DataView dvPages = (DataView)Context.Cache["userPages"];
// if pages isn't existing then we create a new
if(dvPages == null)
{
// getting the pages from database
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
dvPages = new DataView(user.GetPagesList());
// insert pages to cache
Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero);
}
// filter pages for current page
dvPages.RowFilter = "vchPageName = '" + pageName + "'";
// if the page is there in pages list
if(dvPages.Count > 0)
{
// to see roles for current groups of this page
foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'}))
{
// if the current user have current role then we give an access for current page
if(Context.User.IsInRole(role))
{
return;
}
}
}
else // if current user is administrator then we give all access for every page
if(Context.User.IsInRole("Administrators"))
return;
// if we come here then current user hasn't access to current page
Context.RewritePath("accessdenied.aspx");
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs");
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}
private void Global_AuthorizeRequest(object sender, System.EventArgs e)
{
try
{
if(Request.IsAuthenticated)
{
string pageName = Request.FilePath.Remove(0, Request.FilePath.LastIndexOf("/") + 1);
if((pageName == "default.aspx") || (pageName == "error.aspx") || (pageName.ToLower() == "accessdenied.aspx"))
return;
DataView dvPages = (DataView)Context.Cache["userPages"];
if(dvPages == null)
{
user = new clsUsers();
user.iOrgId = _functions.GetUserOrgId(HttpContext.Current.User.Identity.Name, false);
dvPages = new DataView(user.GetPagesList());
Context.Cache.Insert("userPages", dvPages, null, DateTime.Now.AddHours(12), TimeSpan.Zero);
}
dvPages.RowFilter = "vchPageName = '" + pageName + "'";
if(dvPages.Count > 0)
{
foreach(string role in dvPages[0]["vchGroupList"].ToString().Split(new char[] {';'}))
{
if(Context.User.IsInRole(role))
{
return;
}
}
}
else
if(Context.User.IsInRole("Administrators"))
return;
Context.RewritePath("accessdenied.aspx");
}
}
catch(Exception ex)
{
_functions.Log(ex, HttpContext.Current.User.Identity.Name, "Global.asax.cs");
}
finally
{
if(user != null)
{
user.Dispose();
}
}
}