protected void Page_Load(object sender, EventArgs e)
{
try {
//Retrieves session from Login.aspx
string fullname = (string)(Session["name"]);
string role = (string)(Session["role"]);
string Email = (string)(Session["email"]);
//Display retrieved values from session into relevant textbox
name.Text = fullname;
full_name.Text = fullname;
user_level.Text = role;
email.Text = Email;
//Checks the role to determine what page current user can access and display it on MasterPage sidebar based on the sitemap
if (role == "SuperAdmin")
{
SiteMapDataSource1.SiteMapProvider = "Admin";
}
else if (role == "Executive")
{
SiteMapDataSource1.SiteMapProvider = "Staff";
}
// Every time user visits a page
// Get his current page name
// And make sure he has access right
currentPageName = GetCurrentPageName();
DatabaseDAO userObj = new DatabaseDAO();
hasAccess = userObj.AccessRight(role, currentPageName);
//hasAccess = accessRight(RoleAction.roles, currentPageName);
if (hasAccess == false)
{
//CATCH ERRORS INTO ERROR LOG
ErrorLog.WriteErrorLog(fullname + " tried to access a prohibited site: " + currentPageName + " \r\nWith their Administrative Status of: " + role + ".");
// DO NOT allow user to access this page
html.Attributes.CssStyle.Add("display", "none");
ScriptManager.RegisterStartupScript(Page, GetType(), "AlertUnauthorised", "alert('Unathorised Access!');window.location.href='Login.aspx';", true);
}
}
catch (Exception ex)
{
//Catch error and write to ErrorLog.txt
ErrorLog.WriteErrorLog(ex.ToString());
}
}
