public static bool IsApprover(RequisitionUserType pUserType, string pUsername)
{
bool blnReturn = false;
if (pUserType == RequisitionUserType.GroupHead || pUserType == RequisitionUserType.DivisionHead)
{
using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition))
{
SqlCommand cmd = cn.CreateCommand();
if (pUserType == RequisitionUserType.GroupHead)
{
cmd.CommandText = "SELECT userlvl FROM CIS.RequisitionApprover WHERE userlvl='sprv' AND username='******'";
}
else if (pUserType == RequisitionUserType.DivisionHead)
{
cmd.CommandText = "SELECT userlvl FROM CIS.RequisitionApprover WHERE userlvl='head' AND username='******'";
}
cn.Open();
SqlDataReader dr = cmd.ExecuteReader();
blnReturn = dr.Read();
dr.Close();
}
}
else if (pUserType == RequisitionUserType.SuppliesCustodian)
{
blnReturn = (clsRequisition.CurrentSuppliesCustodian.ToLower() == pUsername ? true : false);
}
return(blnReturn);
}
public string GetRequestStatus(RequisitionUserType pUserType, string pRequisitionCode)
{
string strReturn = "";
using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition))
{
SqlCommand cmd = cn.CreateCommand();
if (pUserType == RequisitionUserType.Requestor)
{
cmd.CommandText = "SELECT status FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'";
}
else if (pUserType == RequisitionUserType.GroupHead)
{
cmd.CommandText = "SELECT sprvstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'";
}
else if (pUserType == RequisitionUserType.DivisionHead)
{
cmd.CommandText = "SELECT headstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'";
}
else if (pUserType == RequisitionUserType.SuppliesCustodian)
{
cmd.CommandText = "SELECT suppstat FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "'";
}
cn.Open();
try { strReturn = cmd.ExecuteScalar().ToString(); }
catch { strReturn = ""; }
}
return(strReturn);
}
//////////////////////////////////
///////// Static Members /////////
//////////////////////////////////
public static void AuthenticateUser(RequisitionUserType pUserType, string pUserName, string pRequisitionCode)
{
bool blnHasRecord;
using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition))
{
using (SqlCommand cmd = cn.CreateCommand())
{
if (pUserType == RequisitionUserType.Requestor)
{
cmd.CommandText = "SELECT username FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND username='******'";
}
else if (pUserType == RequisitionUserType.GroupHead)
{
cmd.CommandText = "SELECT sprvcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND sprvcode='" + pUserName + "'";
}
else if (pUserType == RequisitionUserType.DivisionHead)
{
cmd.CommandText = "SELECT headcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND headcode='" + pUserName + "'";
}
else if (pUserType == RequisitionUserType.SuppliesCustodian)
{
cmd.CommandText = "SELECT suppcode FROM CIS.Requisition WHERE requcode='" + pRequisitionCode + "' AND suppcode='" + pUserName + "'";
}
cn.Open();
using (SqlDataReader dr = cmd.ExecuteReader())
{
blnHasRecord = dr.Read();
dr.Close();
}
}
}
if (!blnHasRecord)
{
System.Web.HttpContext.Current.Response.Redirect("~/AccessDenied.aspx");
}
}
public static RequisitionUserType GetUserType(string pUsername)
{
RequisitionUserType rutReturn = RequisitionUserType.Requestor;
if (pUsername.ToLower() == clsRequisition.CurrentSuppliesCustodian.ToLower())
{
rutReturn = RequisitionUserType.SuppliesCustodian;
}
else
{
using (SqlConnection cn = new SqlConnection(clsSystemConfigurations.ConnectionStringRequisition))
{
SqlCommand cmd = cn.CreateCommand();
cmd.CommandText = "SELECT userlvl FROM CIS.MrcfApprover WHERE username='******' AND pstatus='1' ORDER BY userlvl";
cn.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
if (dr["userlvl"].ToString() == "head")
{
rutReturn = RequisitionUserType.DivisionHead;
}
else if (dr["userlvl"].ToString() == "sprv")
{
rutReturn = RequisitionUserType.GroupHead;
}
}
else
{
rutReturn = RequisitionUserType.Requestor;
}
dr.Close();
}
}
return(rutReturn);
}
