public void ClearUserToken(int userId, int sessionId) { using (var scope = new QPConnectionScope()) { CommonSecurity.ClearUserToken(scope.DbConnection, userId, sessionId); } }
private static IEnumerable <ContentListItem> AggregatedContentListItems(Field classifier, string excludeValue, int permissionLevel) { var items = QPContext.EFContext.FieldSet .Where(f => f.Id == classifier.Id) .SelectMany(f => f.Aggregators) .Select(a => new ContentListItem { Id = (int)a.Content.Id, Name = a.Content.Name, SiteId = a.Content.SiteId }) .Distinct() .OrderBy(c => c.Name) .ToArray(); if (!QPContext.IsAdmin && classifier.UseTypeSecurity) { var ids = items.Select(n => n.Id).ToArray(); var siteId = items.Select(n => (int)n.SiteId).First(); var excludeId = Converter.ToInt32(excludeValue, 0); using (var scope = new QPConnectionScope()) { var result = CommonSecurity.CheckContentSecurity(scope.DbConnection, siteId, ids, QPContext.CurrentUserId, permissionLevel); items = items.Where(n => result[n.Id] || n.Id == excludeId).ToArray(); } } return(items); }
/// <summary> /// Добавляет новый сайт /// </summary> /// <param name="site">информация о сайте</param> /// <returns>информация о сайте</returns> internal static Site Save(Site site) { using (var scope = new QPConnectionScope()) { if (QPContext.DatabaseType == DatabaseType.SqlServer) { ChangeInsertAccessTriggerState(false); ChangeInsertDefaultTriggerState(false); DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.Site, site); } var fieldValues = site.QpPluginFieldValues; var result = DefaultRepository.Save <Site, SiteDAL>(site); CommonSecurity.CreateSiteAccess(scope.DbConnection, result.Id); CreateDefaultStatuses(result); CreateDefaultNotificationTemplate(result); CreateDefaultGroup(result); UpdatePluginValues(fieldValues, result.Id); if (QPContext.DatabaseType == DatabaseType.SqlServer) { DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.Site); ChangeInsertAccessTriggerState(true); ChangeInsertDefaultTriggerState(true); } return(result); } }
internal static bool IsEntityAccessibleForUserGroup(string entityTypeCode, int entityId, string actionTypeCode, int userGroupId) { using (new QPConnectionScope()) { var requiredPermissionLevel = GetRequiredPermissionLevel(actionTypeCode); var actualLevel = CommonSecurity.GetEntityAccessLevel(QPConnectionScope.Current.DbConnection, QPContext.EFContext, 0, userGroupId, entityTypeCode, entityId); return(actualLevel >= requiredPermissionLevel); } }
internal static Workflow SaveProperties(Workflow workflow) { using (new QPConnectionScope()) { var entities = QPContext.EFContext; UpdateRuleOrder(workflow); var forceIds = workflow.ForceRulesIds == null ? null : new Queue <int>(workflow.ForceRulesIds); workflow.LastModifiedBy = QPContext.CurrentUserId; workflow.Created = Common.GetSqlDate(QPConnectionScope.Current.DbConnection); workflow.Modified = workflow.Created; if (workflow.ForceId > 0) { workflow.Id = workflow.ForceId; } var dal = MapperFacade.WorkflowMapper.GetDalObject(workflow); entities.Entry(dal).State = EntityState.Added; if (QPContext.DatabaseType == DatabaseType.SqlServer) { DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.Workflow, workflow); ChangeInsertAccessTriggerState(false); } entities.SaveChanges(); workflow.Id = (int)dal.Id; CommonSecurity.CreateWorkflowAccess(QPConnectionScope.Current.DbConnection, workflow.Id); if (QPContext.DatabaseType == DatabaseType.SqlServer) { DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.Workflow); ChangeInsertAccessTriggerState(true); } foreach (var rule in workflow.WorkflowRules) { rule.WorkflowId = workflow.Id; if (forceIds != null) { rule.Id = forceIds.Dequeue(); } var dalRule = MapperFacade.WorkFlowRuleMapper.GetDalObject(rule); entities.Entry(dalRule).State = EntityState.Added; } DefaultRepository.TurnIdentityInsertOn(EntityTypeCode.WorkflowRule); entities.SaveChanges(); DefaultRepository.TurnIdentityInsertOff(EntityTypeCode.WorkflowRule); return(MapperFacade.WorkflowMapper.GetBizObject(dal)); } }
/// <summary> /// Возвращает список статусов действий /// </summary> internal static IEnumerable <BackendActionStatus> GetStatusesList(string menuCode, int entityId) { using (var scope = new QPConnectionScope()) { return(MapperFacade.BackendActionStatusMapper.GetBizList( CommonSecurity.GetMenuStatusList( scope.DbConnection, QPContext.EFContext, QPContext.CurrentUserId, QPContext.IsAdmin, menuCode, entityId ).ToList())); } }
protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e) { string passwordTemp = CommonSecurity.SHA1MD5MD5(Login1.Password); using (Entity entity = new Entity()) { User user = entity.User .Where(o => o.Tel == Login1.UserName && o.PassWord == passwordTemp && (o.Type & 8) > 0 && o.State == 1).FirstOrDefault(); if (user == null) { Server.Transfer("default.aspx?login=error"); } else { Session["userID"] = user.UserID; Server.Transfer("main.aspx"); } } }
internal static IEnumerable <BackendActionStatus> GetStatusesList(string actionCode, int entityId) { using (var scope = new QPConnectionScope()) { var userId = QPContext.CurrentUserId; var action = BackendActionCache.Actions.FirstOrDefault(x => x.Code == actionCode); if (action == null) { throw new ApplicationException(string.Format(CustomActionStrings.ActionNotFoundByCode, actionCode)); } var actionId = action.Id; var entityCode = EntityTypeRepository.GetById(action.EntityTypeId)?.Code; var statusesList = MapperFacade.BackendActionStatusMapper.GetBizList( CommonSecurity.GetActionStatusList( QPContext.EFContext, scope.DbConnection, userId, actionCode, actionId, entityId, entityCode, QPContext.IsAdmin ).ToList() ); return(statusesList); } }
protected void DetailsView1_ItemInserting(object sender, DetailsViewInsertEventArgs e) { try { var user = new User(); var file_url = (HtmlInputHidden)DetailsView1.FindControl("file_url"); if (!string.IsNullOrEmpty(file_url.Value)) { var img_url = (HtmlImage)DetailsView1.FindControl("img_url"); img_url.Src = ConfigurationManager.AppSettings["UploadUrl"] + file_url.Value; user.HeadPortrait = file_url.Value; } if (e.Values["Tel"] == null) { throw new Exception("用户电话不能为空"); } if (e.Values["PassWord"] == null) { throw new Exception("密码不能为空"); } user.Tel = (e.Values["Tel"]).ToString().Trim(); user.PassWord = CommonSecurity.SHA1MD5MD5((e.Values["PassWord"]).ToString().Trim()); string pattern = @"^(0|86|17951)?(1[234578])[0-9]{9}$"; Regex rgx = new Regex(pattern); if (!rgx.IsMatch(user.Tel)) { throw new Exception("电话号不正确"); } if (user.PassWord.Length < 6) { throw new Exception("密码长度不能小于6"); } if (e.Values["NickName"] == null) { user.NickName = "分享玩家"; } else { user.NickName = (e.Values["NickName"]).ToString().Trim(); } user.Gender = ((RadioButtonList)DetailsView1.FindControl("RadioButtonList_Gender")).SelectedValue; user.Married = ((RadioButtonList)DetailsView1.FindControl("RadioButtonList_Married")).SelectedValue; var CheckBoxList_Type = ((CheckBoxList)DetailsView1.FindControl("CheckBoxList_Type")); if (CheckBoxList_Type.Items[0].Selected) { user.Type = user.Type | 1; } if (CheckBoxList_Type.Items[1].Selected) { user.Type = user.Type | 2; } if (CheckBoxList_Type.Items[2].Selected) { user.Type = user.Type | 4; } if (CheckBoxList_Type.Items[3].Selected) { user.Type = user.Type | 8; } user.State = Convert.ToInt32(((RadioButtonList)DetailsView1.FindControl("RadioButtonList_State")).SelectedValue); user.CreatTime = DateTime.Now; user.UpdateTime = DateTime.Now; user.UserExtend = new UserExtend(); if (e.Values["UserExtend.ExperienceLevel"] != null) { int temp; if (!int.TryParse(e.Values["UserExtend.ExperienceLevel"].ToString(), out temp)) { throw new Exception("经验等级必须是整数"); } if (temp == 0) { temp = 1; } user.UserExtend.ExperienceLevel = temp; } using (Entity entity = new Entity()) { ExperienceLevel experienceLevel = entity.ExperienceLevel.Where(o => o.ExperienceLevelValue == user.UserExtend.ExperienceLevel).FirstOrDefault(); if (experienceLevel == null) { throw new Exception("经验等级和等级不对应"); } user.UserExtend.ExperienceValue = experienceLevel.ExperienceValueMin; if (user.Gender == "男") { user.UserExtend.ExperienceName = experienceLevel.NameMan; } else { user.UserExtend.ExperienceName = experienceLevel.NameWoman; } user.InitBeforeSave(); user.SetCounterfeit(); entity.User.Add(user); entity.SaveChanges(); } Response.Redirect("UserDetail.aspx?userID=" + user.UserID); } catch (Exception exception) { string error = exception.GetErrorMessage().Replace("'", "\\'").Replace("\"", "\\\"").Replace("\r\n", "\\r\\n"); ClientScript.RegisterStartupScript(ClientScript.GetType(), "myscript", string.Format("<script>alert('{0}')</script>", error)); } }