public static bool IsApprover(RequisitionUserType pUserType, string pUsername) { bool blnReturn = false; if (pUserType == RequisitionUserType.GroupHead || pUserType == RequisitionUserType.DivisionHead) { using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition)) { SqlCommand cmd = cn.CreateCommand(); if (pUserType == RequisitionUserType.GroupHead) { cmd.CommandText = "SELECT userlvl FROM CIS.RequisitionApprover WHERE userlvl='sprv' AND username='******'"; } else if (pUserType == RequisitionUserType.DivisionHead) { cmd.CommandText = "SELECT userlvl FROM CIS.RequisitionApprover WHERE userlvl='head' AND username='******'"; } cn.Open(); SqlDataReader dr = cmd.ExecuteReader(); blnReturn = dr.Read(); dr.Close(); } } else if (pUserType == RequisitionUserType.SuppliesCustodian) { blnReturn = (clsRequisition.CurrentSuppliesCustodian.ToLower() == pUsername ? true : false); } return(blnReturn); }
public string GetRequestStatus(RequisitionUserType pUserType, string pRequisitionCode) { string strReturn = ""; using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition)) { SqlCommand cmd = cn.CreateCommand(); if (pUserType == RequisitionUserType.Requestor) { cmd.CommandText = "SELECT status FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'"; } else if (pUserType == RequisitionUserType.GroupHead) { cmd.CommandText = "SELECT sprvstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'"; } else if (pUserType == RequisitionUserType.DivisionHead) { cmd.CommandText = "SELECT headstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'"; } else if (pUserType == RequisitionUserType.SuppliesCustodian) { cmd.CommandText = "SELECT suppstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'"; } cn.Open(); try { strReturn = cmd.ExecuteScalar().ToString(); } catch { strReturn = ""; } } return(strReturn); }
////////////////////////////////// ///////// Static Members ///////// ////////////////////////////////// public static void AuthenticateUser(RequisitionUserType pUserType, string pUserName, string pRequisitionCode) { bool blnHasRecord; using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition)) { using (SqlCommand cmd = cn.CreateCommand()) { if (pUserType == RequisitionUserType.Requestor) { cmd.CommandText = "SELECT username FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND username='******'"; } else if (pUserType == RequisitionUserType.GroupHead) { cmd.CommandText = "SELECT sprvcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND sprvcode='" + pUserName + "'"; } else if (pUserType == RequisitionUserType.DivisionHead) { cmd.CommandText = "SELECT headcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND headcode='" + pUserName + "'"; } else if (pUserType == RequisitionUserType.SuppliesCustodian) { cmd.CommandText = "SELECT suppcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND suppcode='" + pUserName + "'"; } cn.Open(); using (SqlDataReader dr = cmd.ExecuteReader()) { blnHasRecord = dr.Read(); dr.Close(); } } } if (!blnHasRecord) { System.Web.HttpContext.Current.Response.Redirect("~/AccessDenied.aspx"); } }
public static RequisitionUserType GetUserType(string pUsername) { RequisitionUserType rutReturn = RequisitionUserType.Requestor; if (pUsername.ToLower() == clsRequisition.CurrentSuppliesCustodian.ToLower()) { rutReturn = RequisitionUserType.SuppliesCustodian; } else { using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition)) { SqlCommand cmd = cn.CreateCommand(); cmd.CommandText = "SELECT userlvl FROM CIS.MrcfApprover WHERE username='******' AND pstatus='1' ORDER BY userlvl"; cn.Open(); SqlDataReader dr = cmd.ExecuteReader(); if (dr.Read()) { if (dr["userlvl"].ToString() == "head") { rutReturn = RequisitionUserType.DivisionHead; } else if (dr["userlvl"].ToString() == "sprv") { rutReturn = RequisitionUserType.GroupHead; } } else { rutReturn = RequisitionUserType.Requestor; } dr.Close(); } } return(rutReturn); }