private bool HaveCurrentUserAccess(as_mt_metrics m, string[] roles, string username) { var res = false; var mRoles = (m.roles ?? "").Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); var mUsers = (m.users ?? "").Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); res = mUsers.Contains(username) || mRoles.Any(x => roles.Contains(x)); return(res); }
/*public string[] getRolesForMetric(int metricID) * { * List<String> res = new List<String>(); * List<as_mt_metrics> list = db.db.as_mt_metrics.Where(x => x.id == metricID).ToList(); * foreach (as_mt_metrics item in list) * { * var r = item.roles; * res.AddRange(r.Split(',')); * } * return res.ToArray(); * }*/ public string[] getRolesForMetric(int metricID) { List <String> res = new List <String>(); as_mt_metrics m = db.db.as_mt_metrics.FirstOrDefault(x => x.id == metricID); if (m != null) { res.AddRange(m.roles.Split(',')); } return(res.ToArray()); }
private bool HaveCurrentUserAccess(as_mt_metrics m) { var res = false; var roles = Roles.GetRolesForUser(); var username = HttpContext.Current.User.Identity.Name; var mRoles = (m.roles ?? "").Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); var mUsers = (m.users ?? "").Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); res = mUsers.Contains(username) || mRoles.Any(x => roles.Contains(x)); return(res); }
public void SaveMetric(as_mt_metrics item) { try { db.SaveMt_metric(item); RDL.CacheManager.PurgeCacheItems("as_mt_metrics"); } catch (Exception ex) { RDL.Debug.LogError(ex); } }
public as_mt_metrics GetMetric(int metricID, ArrayList row, out DataTable dt) { dt = new DataTable(); var res = new as_mt_metrics(); res = db.db.as_mt_metrics.FirstOrDefault(x => x.id == metricID); if (!HaveCurrentUserAccess(res)) { return(res); } try { using (SqlConnection cn = new SqlConnection(ConfigurationManager.ConnectionStrings["LocalSqlServerSimple"].ConnectionString)) { SqlCommand cmd = new SqlCommand(res.sql, cn); cmd.CommandType = res.isSP == true ? CommandType.StoredProcedure : CommandType.Text; cmd.Parameters.AddWithValue("@username", User.CurrentUser.Identity.Name); // cmd.Parameters.Add("@FirstName", SqlDbType.VarChar).Value = "dd"; // cmd.Parameters.Add("@LastName", SqlDbType.VarChar).Value = "ddds"; if (row != null) { foreach (var par in row) { var item = par as Dictionary <string, object>; cmd.Parameters.AddWithValue("@" + item["colname"].ToString(), item["value"] != null ? item["value"].ToString() : ""); } } cn.Open(); SqlDataAdapter da = new SqlDataAdapter(cmd); // var reader = cmd.ExecuteReader(); da.Fill(dt); } } catch (Exception ex) { RDL.Debug.LogError(ex); } return(res); }