public virtual JObject GetFormStateInfo(HttpContext context) { YZRequest request = new YZRequest(context); string app = request.GetString("app"); string key = request.GetString("key", null); string formstate = request.GetString("formstate", null); FormApplication formApplication; FormState formState; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); formApplication = FormApplication.Open(cn, app); formState = FormService.GetFormStateBasicInfo(cn, app, formstate); } JObject rv = new JObject(); rv[YZJsonProperty.success] = true; rv["appShortName"] = formApplication.Name; rv["formstate"] = formState.Name; rv["token"] = YZSecurityHelper.GenFormApplicationToken(app, key, formState.Name); rv["showSaveButton"] = formState.ShowSaveButton; rv["validationGroup"] = formState.ValidationGroup; rv["url"] = YZUtility.GetFormRedirectUrl(formApplication.Form).ToString(); return(rv); }
public virtual JObject GetFileUploadAccessParams(HttpContext context) { JObject rv = new JObject(); rv["UploadAuthorAccount"] = YZAuthHelper.LoginUserAccount; rv["UploadAuthorToken"] = YZSecurityHelper.GenFileUploadToken(); return(rv); }
public virtual JObject GetReadFormToken(HttpContext context) { YZRequest request = new YZRequest(context); int taskid = request.GetInt32("TaskID"); string token = YZSecurityHelper.GenReadFormToken(taskid); JObject rv = new JObject(); rv["token"] = token; return(rv); }
public virtual JObject GetReadToken(HttpContext context) { YZRequest request = new YZRequest(context); int taskid = request.GetInt32("TaskID"); string token = YZSecurityHelper.GenTaskAccessToken(taskid); JObject rv = new JObject(); rv[YZJsonProperty.success] = true; rv["token"] = token; return(rv); }
protected virtual JObject CheckPermision(PostInfo postInfo, string permString) { JObject rv = new JObject(); NodePermision[] perms = YZSecurityHelper.ParseNodePermisions(permString); for (int i = 0; i < perms.Length; i++) { NodePermision perm = perms[i]; rv[perm.ToString()] = (postInfo.NodePermision & perm) == perm; } return(rv); }
public virtual JObject GetFormApplicationToken(HttpContext context) { YZRequest request = new YZRequest(context); string app = request.GetString("app"); string key = request.GetString("key"); string formstate = request.GetString("formstate", null); string token = YZSecurityHelper.GenFormApplicationToken(app, key, formstate); JObject rv = new JObject(); rv[YZJsonProperty.success] = true; rv["token"] = token; return(rv); }
protected virtual JObject CheckPermision(BPMConnection cn, int taskid, int stepid, string permString) { JObject rv = new JObject(); NodePermision[] perms = YZSecurityHelper.ParseNodePermisions(permString); bool[] allows = BPMTask.TaskOptPermCheckExt(cn, taskid, stepid, perms); for (int i = 0; i < perms.Length; i++) { rv[perms[i].ToString()] = allows[i]; } return(rv); }
public virtual JObject GetPublicKey(HttpContext context) { RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024); string publicKey = rsaProvider.ToXmlString(false); string privateKey = rsaProvider.ToXmlString(true); string keystore = YZTempStorageManager.CurrentStore.Save(privateKey); string publicKeyPKCS = YZSecurityHelper.RSAPublicKeyDotNet2PCKS(publicKey); JObject rv = new JObject(); rv["success"] = true; rv["publicKey"] = publicKeyPKCS; rv["keystore"] = keystore; return(rv); }
public virtual JObject GetStoreObjectPerms(HttpContext context) { YZRequest request = new YZRequest(context); StoreZoneType zone = request.GetEnum <StoreZoneType>("zone"); string path = request.GetString("path", null); string strPerms = request.GetString("perms", null); BPMObjectNameCollection ids = BPMObjectNameCollection.FromStringList(request.GetString("ids", ""), ',');; BPMPermision[] bpmPerms = YZSecurityHelper.ParsePermisions(strPerms); JObject rv = new JObject(); JObject perms = new JObject(); rv["perms"] = perms; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); foreach (string id in ids) { string fullName; if (String.IsNullOrEmpty(path)) { fullName = id; } else { fullName = path + "/" + id; } ACL acl = SecurityManager.GetACL(cn, zone.ToString() + "://" + fullName); JObject jPerm = new JObject(); perms[id] = jPerm; foreach (BPMPermision perm in bpmPerms) { jPerm[perm.ToString()] = acl.HasPermision(cn.Token, perm); } } } rv[YZJsonProperty.success] = true; return(rv); }
public virtual void GetPublicKey() { RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(1024); string publicKey = rsaProvider.ToXmlString(false); string privateKey = rsaProvider.ToXmlString(true); string keystore = YZTempStorageManager.CurrentStore.Save(privateKey); string publicKeyPKCS = YZSecurityHelper.RSAPublicKeyDotNet2PCKS(publicKey); JObject rv = new JObject(); rv["success"] = true; rv["publicKey"] = publicKeyPKCS; rv["keystore"] = keystore; this.Response.Write(rv.ToString(Formatting.Indented, YZJsonHelper.Converters)); this.Response.End(); }
public static string GenFormAccessHash() { Page page = HttpContext.Current.Handler as Page; List <string> values = new List <string>(); values.Add(String.Format("tid={0}", page.Request.QueryString["tid"])); values.Add(String.Format("pid={0}", page.Request.QueryString["pid"])); values.Add(String.Format("var={0}", page.Request.QueryString["var"])); values.Add(String.Format("share={0}", page.Request.QueryString["share"])); values.Add(String.Format("pn={0}", page.Request.QueryString["pn"])); values.Add(String.Format("app={0}", page.Request.QueryString["app"])); values.Add(String.Format("state={0}", page.Request.QueryString["state"])); values.Add(String.Format("key={0}", page.Request.QueryString["key"])); values.Add(String.Format("account={0}", YZAuthHelper.LoginUserAccount)); return(YZSecurityHelper.GenHash(values, YZSecurityHelper.SecurityKey)); }
public override void ProcessRequest(HttpContext context) { YZRequest request = new YZRequest(context); try { if (!YZAuthHelper.IsAuthenticated) { string account = request.GetString("UploadAuthorAccount", null); string uploadToken = request.GetString("UploadAuthorToken", null); if (!String.IsNullOrEmpty(account) && !String.IsNullOrEmpty(uploadToken)) { if (YZSecurityHelper.CheckUploadToken(account, uploadToken)) { YZAuthHelper.SetAuthCookie(account); } } } if (!YZAuthHelper.IsAuthenticated) { JObject rv = new JObject(); rv["success"] = false; rv["errorMessage"] = Resources.YZStrings.Aspx_Upload_NoAuth; context.Response.Write(rv.ToString()); return; } HttpFileCollection files = context.Request.Files; if (files.Count > 0 && files[0].ContentLength > 0) { HttpPostedFile file = files[0]; string fileName = System.IO.Path.GetFileName(file.FileName); long fileSize = file.ContentLength; string fileExt = System.IO.Path.GetExtension(fileName).ToLower(); string method = request.GetString("Method", "SaveAttachment"); if (!YZNameChecker.IsValidMethodName(method)) { throw new Exception("Invalid method name"); } Type type = this.GetType(); System.Reflection.MethodInfo methodcall = type.GetMethod(method, System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Public); if (methodcall == null) { throw new Exception(String.Format(Resources.YZStrings.Aspx_UnknowCommand, method)); } object rv; try { rv = methodcall.Invoke(this, new object[] { context, file, fileName, fileSize, fileExt }); } catch (Exception exp) { throw exp.InnerException; } JToken jToken; if (rv == null) { jToken = new JObject(); jToken["success"] = true; } else if (rv is JToken) { jToken = rv as JToken; } else { if (rv is string) { jToken = JValue.FromObject(rv); } else if (rv is IEnumerable) { jToken = JArray.FromObject(rv); } else { jToken = JValue.FromObject(rv); } } context.Response.Write(jToken.ToString(Formatting.Indented, request.Converters)); } else { JObject rv = new JObject(); rv[YZJsonProperty.success] = false; rv[YZJsonProperty.errorMessage] = Resources.YZStrings.Aspx_Invalid_File; context.Response.Write(rv.ToString(Formatting.Indented, request.Converters)); } } catch (Exception exp) { JObject rv = new JObject(); rv[YZJsonProperty.success] = false; rv[YZJsonProperty.errorMessage] = HttpUtility.HtmlEncode(exp.Message) /* + exp.StackTrace*/; context.Response.Write(rv.ToString(Formatting.Indented, request.Converters)); } }
protected void Page_Load(object sender, EventArgs e) { if (!YZAuthHelper.IsAuthenticated) { string token = this.Request.QueryString["Token"]; if (!String.IsNullOrEmpty(token)) { using (SqlConnection cn = new SqlConnection()) { cn.ConnectionString = System.Web.Configuration.WebConfigurationManager.ConnectionStrings["BPMDB"].ConnectionString; cn.Open(); using (SqlCommand cmd = new SqlCommand()) { cmd.Connection = cn; cmd.CommandText = "SELECT StepID,Account,hash FROM BPMInstProcessToken WHERE Token=@Token"; cmd.Parameters.Add("@Token", SqlDbType.NVarChar).Value = token; using (DBReader reader = new DBReader(cmd.ExecuteReader())) { if (reader.Read()) { int stepid = Int32.Parse(this.Request.QueryString["pid"]); int stepidSaved = reader.ReadInt32(0); string account = reader.ReadString(1); string hash = reader.ReadString(2); if (stepid == stepidSaved) { List <string> values = new List <string>(); values.Add(token); values.Add(stepid.ToString()); values.Add(account); if (YZSecurityHelper.CheckHash(values, hash, YZSecurityHelper.SecurityKey)) { YZAuthHelper.SetAuthCookie(account); } } } } } } } } if (!YZAuthHelper.IsAuthenticated) { FormsAuthentication.RedirectToLoginPage(); return; } int pid = Int32.Parse(this.Request["pid"]); BPM.Client.ProcessInfo processInfo; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); //如果是共享任务,表单打开时直接获取共享任务 //BPMProcStep step = BPMProcStep.Load(cn,pid); //if (step.Share) // BPMProcStep.PickupShareStep(cn, pid); processInfo = BPMProcess.GetProcessInfo(cn, pid); } if (String.IsNullOrEmpty(processInfo.FormFile)) { throw new Exception(Resources.YZStrings.Aspx_Process_MissForm); } else { YZUrlBuilder urlBuilder = YZUtility.GetFormRedirectUrl(this.Page, processInfo.FormFile); this.Response.Redirect(urlBuilder.ToString(), true); } }
public virtual JObject GetReportData(HttpContext context) { YZRequest request = new YZRequest(context); string path = request.GetString("path"); string viewName = request.GetString("viewName", null); string outputType = request.GetString("outputType", ""); YZClientParamCollection runtimeParams = JArray.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(request.GetString("params", YZJsonHelper.Base64EmptyJArray)))).ToObject <YZClientParamCollection>(); //获得数据 Report report; ReportView view; DataTable dataTable; int rowcount; using (BPMConnection cn = new BPMConnection()) { cn.WebOpen(); //获得报表定义 report = Report.Open(cn, path); if (String.IsNullOrEmpty(viewName)) { view = report.DefaultView; } else { view = report.Views.TryGetItem(viewName); } string srcdata = request.GetString("srcdata", null); if (String.IsNullOrEmpty(srcdata)) { BPMDBParameterCollection selectParameters = report.QueryParameters.CreateNullDBParameters(); //应用查询条件 foreach (BPMDBParameter selectParam in selectParameters) { YZClientParam clientParam = runtimeParams.TryGetItem(selectParam.Name); if (clientParam != null && clientParam.value != null) { selectParam.Value = clientParam.value; } } cn.RequestParams["sortstring"] = request.GetSortString(""); cn.UpdateRequestParams(); //获得数据 FlowDataTable ftable = new FlowDataTable(); ftable.Load(cn, BPMCommandType.Report, path, selectParameters, report.ClientCursor, request.Start, request.Limit, out rowcount); dataTable = ftable.ToDataTable(); } else { dataTable = JArray.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(srcdata))).ToObject <DataTable>(); rowcount = request.GetInt32("total"); } } //将数据转化为Json集合 JObject rv = new JObject(); rv[YZJsonProperty.total] = rowcount; rv["srcdata"] = Convert.ToBase64String(Encoding.UTF8.GetBytes(JArray.FromObject(dataTable).ToString(Formatting.None, YZJsonHelper.Converters))); JArray children = new JArray(); rv.Add("children", children); //不管是什么view都要给数据 foreach (DataRow row in dataTable.Rows) { JObject item = new JObject(); children.Add(item); foreach (DataColumn column in dataTable.Columns) { object value = row[column.ColumnName]; item[column.ColumnName] = JToken.FromObject(value); if (NameCompare.EquName(column.ColumnName, "TaskID") && (value is int)) { item["Token"] = YZSecurityHelper.GenTaskAccessToken((int)value); } //为任务链接生成Token ReportColumnInfo colInfo = report.ReportColumnInfos.TryGetItem(column.ColumnName); if (colInfo != null && colInfo.LinkType == ReportLinkType.Task) { ParameterFill paramFill = colInfo.ParametersFill.TryGetItem("@TaskID"); if (paramFill != null) { int linktoTaskID; if (Int32.TryParse(Convert.ToString(row[paramFill.FillWith]), out linktoTaskID)) { item[column.ColumnName + "Token"] = YZSecurityHelper.GenTaskAccessToken((int)linktoTaskID); } } } } } if (String.Compare(outputType, "Export", true) != 0) { if (view is ReportMSChartView) { this.ApplyMSChartData(request, rv, view as ReportMSChartView, dataTable); } if (view is ReportExcelView) { this.ApplyExcelData(request, rv, view as ReportExcelView, dataTable, runtimeParams); } } return(rv); }