/// <summary> /// Page Load - This is executed when the page is first requested /// by the user and additionally when the user clicks a button on /// the form /// </summary> protected void Page_Load(object sender, System.EventArgs e) { // // To prevent users from by-passing the portal page (index.aspx) // and going directly to this page, use URL Authorization // See <url> for details. // // // Get the transaction ID from the posted variables // if no transaction ID was posted, i.e. the user // went directly to this page and not from the List.aspx page, // show an error message // try { transID = Convert.ToInt32(Request.QueryString["transactionId"]); } catch (System.ArgumentNullException) { Message.Text = "There was an error retrieving the transaction ID."; return; } // // Get the expense report data from the transaction ID // and check that the transaction exists // ExpenseData = ExpenseCommon.GetTransData(transID); if (ExpenseData == null) { Message.Text = "There was an error retrieving the transaction data. <br>The specified transaction does not exist."; return; } // // Check for this is the first time the page is being loaded // only fill in the form if this is the first time otherwise // any user changes will be lost // if (!Page.IsPostBack) { // // Check if the approver is also the owner of the // expense report and either display the report // or a message depending on the Self Approval setting // of the application // // // Get the status of the transaction // string transStatus = string.Concat(ExpenseCommon.GetTransactionStatus(transID), ""); // // Check for the transaction has not been approved // if (transStatus == "") { // // Check if the current user is the owner of the expense report // if ((ExpenseCommon.GetClientSamName() == ExpenseData["SamName"])) { // // Check for Self Approval is allowed // if (ExpenseCommon.GetSelfApproval() == false) { // // Self approval is not allowed so do not display the // decision buttons and show an error message // Status.Text = string.Concat(Status.Text, "PENDING", "<P>You are not authorized to approve your own expense.</p>"); DecisionGroup.Visible = false; } else { // // Self Approval is allowed so display the // decision buttons and it's status // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The current user is not the owner of the expense report so // display the decision buttons // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The expense report has been reviewed already // Display it's status and do not show the decision buttons // Status.Text = string.Concat(Status.Text, transStatus); DecisionGroup.Visible = false; } // // Check if the user has permission to list expenses // // // // Get the client context from the session variables // IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext(); // // Set BizRule Parameters // IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters; BizRuleParams.AddParameter("Amount", ExpenseData["Amount"]); BizRuleParams.AddParameter("Date", DateTime.Now.ToShortDateString()); BizRuleParams.AddParameter("SubmitterName", (object)ExpenseData["User"]); BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName()); // // Run the access check on the submit operation // Passing the audit text, scope, operations and business rule parameters // uint result = AzClient.AccessCheck2("Read Expense Report", "", ExpenseCommon.AzopRead); // // Check for success of the access check // bool bAuthorized = false; if (result == ExpenseCommon.NoError) { bAuthorized = true; } else if (result == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { Message.Text = "<font color=\"FF0000\">Access Denied." + errorMessage + "</font>"; } else { Message.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>"; } bAuthorized = false; } else { // // Check for other error // if (result != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(); Message.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>"; } } if (bAuthorized) { // // Display the expense report // DisplayExpense(); } else { // // Access Check failed so display an error message to the user // Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString(); return; } } }
/// <summary> /// Page Load - This is executed when the page is first requested /// by the user and additionally when the user clicks a button on /// the form /// </summary> protected void Page_Load(object sender, System.EventArgs e) { // // To prevent users from by-passing the portal page (index.aspx) // and going directly to this page, use URL Authorization // See <url> for details. // // // Get the transaction ID from the posted variables // if no transaction ID was posted, i.e. the user // went directly to this page and not from the List.aspx page, // show an error message // try { transID = Convert.ToInt32(Request.QueryString["transactionId"]); } catch (System.ArgumentNullException) { Message.Text = "There was an error retrieving the transaction ID."; return; } // // Get the expense report data from the transaction ID // and check that the transaction exists // ExpenseData = ExpenseCommon.GetTransData(transID); if (ExpenseData == null) { Message.Text = "There was an error retrieving the transaction data. <br>The specified transaction does not exist."; return; } // // Check for this is the first time the page is being loaded // only fill in the form if this is the first time otherwise // any user changes will be lost // if (!Page.IsPostBack) { // // Check if the approver is also the owner of the // expense report and either display the report // or a message depending on the Self Approval setting // of the application // // // Get the status of the transaction // string transStatus = string.Concat(ExpenseCommon.GetTransactionStatus(transID), ""); // // Check for the transaction has not been approved // if (transStatus == "") { // // Check if the current user is the owner of the expense report // if ((ExpenseCommon.GetClientSamName() == ExpenseData["SamName"])) { // // Check for Self Approval is allowed // if (ExpenseCommon.GetSelfApproval() == false) { // // Self approval is not allowed so do not display the // decision buttons and show an error message // Status.Text = string.Concat(Status.Text, "PENDING", "<P>You are not authorized to approve your own expense.</p>"); DecisionGroup.Visible = false; } else { // // Self Approval is allowed so display the // decision buttons and it's status // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The current user is not the owner of the expense report so // display the decision buttons // Status.Text = string.Concat(Status.Text, "PENDING"); DecisionGroup.Visible = true; } } else { // // The expense report has been reviewed already // Display it's status and do not show the decision buttons // Status.Text = string.Concat(Status.Text, transStatus); DecisionGroup.Visible = false; } // // Get the client context // IAzClientContext AzClient = ExpenseCommon.GetAzClientContext(); // // Check if the user has permission to list expenses // // // Contains the scope of the access check request // which is set to the application level (null) // object[] scope = new Object[1]; scope[0] = (object)""; // // Contains all the operations associated with // reading an expense // In this case the readExpense operation // object[] operations = new Object[1]; operations[0] = ExpenseCommon.AzopRead; // // Contains all the parameter names associated with // approving an expense. These are organized as // name-value pairs and passed to the business rule // if one is defined // // THEY MUST BE IN ALPHABETICAL ORDER (A-Z) // Object[] BRNames = new Object[3]; BRNames[0] = (object)ExpenseCommon.ParamAmount; BRNames[1] = (object)ExpenseCommon.ParamDate; BRNames[2] = (object)ExpenseCommon.ParamUserName; // // Contains all the paramenter values associted with // approving an expense. // Object[] BRValues = new Object[3]; BRValues[0] = (object)0; BRValues[1] = (object)DateTime.Now.ToShortDateString(); BRValues[2] = (object)ExpenseCommon.GetClientSamName(); // Contains the results from AccessCheck object[] results; try { // // Run the access check on the administer operation // Passing the audit text, scope, operations and business rule parameters // results = (object[])AzClient.AccessCheck("Read Expense Report", (object)scope, (object)operations, BRNames, BRValues, null, null, null); } catch (Exception ex) { Message.Text = "There was an error running AccessCheck: " + ex.Message; return; } // // Check for success of the access check // bool bAuthorized = true; foreach (int iResCode in results) { // // Check for access denied // if (iResCode == ExpenseCommon.AccessDenied) { string errorMessage = AzClient.GetBusinessRuleString(); if (errorMessage != "") { Message.Text = "Read Denied. " + errorMessage; } else { Message.Text = "Access Denied. You do not have sufficient permissions to perform this operation."; } bAuthorized = false; break; } // // Check for other error // else if (iResCode != ExpenseCommon.NoError) { Win32Exception ex = new Win32Exception(); Message.Text = "There was an error performing the AccessCheck: " + ex.Message; } } if (bAuthorized) { // // Display the expense report // DisplayExpense(); } else { // // Access Check failed so display an error message to the user // Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString(); return; } } }