Exemple #1
0
        /// <summary>
        /// This method is gridview specific. It makes all data rows of the gridview readonly without impacting the sort and/or pager templates.
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <param name="gridview"></param>
        /// <param name="resp"></param>
        public void LockGridViewDataRowsResource(string resource, SecurityTokenHelper securityClass, GridView gridview, HttpResponse resp)
        {
            bool isRead;
            bool isWrite;

            isRead  = hasReadAccess(resource, securityClass);
            isWrite = hasWriteAccess(resource, securityClass);

            if (!(isRead || isWrite))
            {
                // if neither isread or iswrite, transfer to no access page.
                // NOTE!!! this code will generate a frame error if caller is in a try catch.
                resp.Redirect("~/InvalidAccess.aspx");
            }
            else if (isRead && !isWrite)
            {
                // if is read, change all ctrls to disabled
                foreach (GridViewRow r in gridview.Rows)
                {
                    if (r.RowType == DataControlRowType.DataRow)
                    {
                        r.Enabled = false;
                    }
                }
            }
        }
Exemple #2
0
        /// <summary>
        /// Used when a page has no meaning when it is read only.  If the user has write access they should have normal access
        /// if the user has read access only they will be redirected to an access denied page. Because we do not allow just write
        /// access by itself, the requirement is that the user must have both read & write access.
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <param name="ctrl"></param>
        /// <param name="resp"></param>
        public void LockMustWriteResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp)
        {
            bool isRead;
            bool isWrite;

            isRead  = hasReadAccess(resource, securityClass);
            isWrite = hasWriteAccess(resource, securityClass);

            if (!(isRead && isWrite))
            {
                // NOTE!!! this code will generate a frame error if caller is in a try catch.
                resp.Redirect("~/InvalidAccess.aspx");
            }
        }
Exemple #3
0
        /// <summary>
        /// This checks to see if the user has any access. This is for pages which are already 100% readonly
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <param name="resp"></param>
        public void LockAnyAccessResource(string resource, SecurityTokenHelper securityClass, HttpResponse resp)
        {
            bool isRead;
            bool isWrite;

            isRead  = hasReadAccess(resource, securityClass);
            isWrite = hasWriteAccess(resource, securityClass);

            if (!(isRead || isWrite))
            {
                // if neither isread or iswrite, transfer to no access page.
                // NOTE!!! this code will generate a frame error if caller is in a try catch.
                resp.Redirect("~/InvalidAccess.aspx");
            }
        }
Exemple #4
0
        /// <summary>
        /// This method allows registration of javascript to fire during onload event.
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <param name="pg" contains page></param>
        /// <param name="jscript" Javascript function to be called></param>
        /// <param name="resp"></param>
        public void LockJSOnLoadResource(string resource, SecurityTokenHelper securityClass, Page pg, String jscript, HttpResponse resp)
        {
            bool isRead;
            bool isWrite;

            isRead  = hasReadAccess(resource, securityClass);
            isWrite = hasWriteAccess(resource, securityClass);

            if (!(isRead || isWrite))
            {
                // if neither isread or iswrite, transfer to no access page.
                // NOTE!!! this code will generate a frame error if caller is in a try catch.
                resp.Redirect("~/InvalidAccess.aspx");
            }
            else if (isRead && !isWrite)
            {
                pg.ClientScript.RegisterStartupScript(typeof(Page), "OnLoad", jscript, true);
            }
        }
Exemple #5
0
        /// <summary>
        /// Check to see if a named application resource is/should be read accessible by the current user's permission token
        /// If an invalid resource name is sent in, method will return false.
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <returns>true if the user has read access to the resource</returns>
        public bool hasReadAccess(string resource, SecurityTokenHelper securityClass)
        {
            bool  retValue           = false;
            long  resourceAccessCode = 0;
            Int32 resourceIndex      = 0;
            long  userToken;
            long  groupReadToken;

            resource = resource.ToUpper();

            // get resource token for which access is being checked. This is a dictionary lookup.
            // List<long> userReadToken = securityClass.ReadTokens;
            if (_resources.ContainsKey(resource))
            {
                resourceAccessCode = _resources[resource].AccessCode;
                resourceIndex      = (Int32)_resources[resource].AccessTokenID;
            }

            // compare the resource token with the user's read token (if any).
            if ((resourceAccessCode > 0) && (securityClass.ReadTokens.Count > 0))
            {
                userToken = securityClass.ReadTokens[resourceIndex - 1];
                retValue  = ((userToken & resourceAccessCode) >= 1);         // binary compare
            }

            // get resource token for which access is being checked. This is a dictionary lookup.
            // List<long> groupReadToken = securityClass.GroupTokens;
            if (_resources.ContainsKey(resource))
            {
                resourceAccessCode = _resources[resource].AccessCode;
                resourceIndex      = (Int32)_resources[resource].AccessTokenID;
            }

            // compare the resource token with the group token (if any).
            if ((resourceAccessCode > 0) && (securityClass.GroupReadTokens.Count > 0))
            {
                groupReadToken = securityClass.GroupReadTokens[resourceIndex - 1];
                retValue       = (retValue || ((groupReadToken & resourceAccessCode) >= 1));    // binary compare
            }
            //--------------------------------------------------------------------------------------

            return(retValue);
        }
Exemple #6
0
        /// <summary>
        /// Checks to see if form can be accessed. If it can, checks to see if access is read or write
        /// </summary>
        /// <param name="resource"></param>
        /// <param name="securityClass"></param>
        /// <param name="p"></param>
        /// <param name="r"></param>
        /// <returns></returns>
        public void LockResource(string resource, SecurityTokenHelper securityClass, Control ctrl, HttpResponse resp)
        {
            bool isRead;
            bool isWrite;

            isRead  = hasReadAccess(resource, securityClass);
            isWrite = hasWriteAccess(resource, securityClass);

            if (!(isRead || isWrite))
            {
                // if neither isread or iswrite, transfer to no access page.
                // NOTE!!! this code will generate a frame error if caller is in a try catch.
                resp.Redirect("~/InvalidAccess.aspx");
            }
            else if (isRead && !isWrite)
            {
                // if is read, change all ctrls to disabled
                makeReadOnly(ctrl);
                // TODO: see if we can walk the Request.Form html objects and disable those here as well ...Request.Form["xxxxx"];
            }
        }