/// <summary>
/// get the list of access permissions to database tables for the user
/// </summary>
/// <param name="AUserID"></param>
/// <returns></returns>
public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID)
{
SUserTableAccessPermissionTable ReturnValue;
TDBTransaction ReadTransaction;
Boolean NewTransaction = false;
try
{
ReadTransaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.Serializable, out NewTransaction);
if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ReadTransaction) > 0)
{
ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ReadTransaction);
}
else
{
ReturnValue = new SUserTableAccessPermissionTable();
}
}
finally
{
if (NewTransaction)
{
DBAccess.GDBAccessObj.CommitTransaction();
TLogging.LogAtLevel(8, "TTableAccessPermissionManager.LoadTableAccessPermissions: committed own transaction.");
}
}
return(ReturnValue);
}
/// <summary>
/// get the list of access permissions to database tables for the user
/// </summary>
/// <param name="AUserID"></param>
/// <returns></returns>
public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID)
{
SUserTableAccessPermissionTable ReturnValue;
TDBTransaction ReadTransaction;
Boolean NewTransaction = false;
try
{
ReadTransaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.Serializable, out NewTransaction);
if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ReadTransaction) > 0)
{
ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ReadTransaction);
}
else
{
ReturnValue = new SUserTableAccessPermissionTable();
}
}
finally
{
if (NewTransaction)
{
DBAccess.GDBAccessObj.CommitTransaction();
TLogging.LogAtLevel(8, "TTableAccessPermissionManager.LoadTableAccessPermissions: committed own transaction.");
}
}
return ReturnValue;
}
/// <summary>
/// tells if the user has the given permission to the given table
/// </summary>
/// <param name="APermission"></param>
/// <param name="ADBTable"></param>
/// <returns></returns>
public Boolean IsTableAccessOK(TTableAccessPermission APermission, String ADBTable)
{
Boolean ReturnValue;
SUserTableAccessPermissionRow FoundTableRow;
DataRow[] FoundDataRows = FUserTableAccessPermissionDT.Select(
SUserTableAccessPermissionTable.GetTableNameDBName() + " = '" + ADBTable + "'");
if (FoundDataRows.Length != 0)
{
ReturnValue = true;
FoundTableRow = (SUserTableAccessPermissionRow)FoundDataRows[0];
switch (APermission)
{
case TTableAccessPermission.tapINQUIRE:
if (!FoundTableRow.CanInquire)
{
ReturnValue = false;
}
break;
case TTableAccessPermission.tapMODIFY:
if (!FoundTableRow.CanModify)
{
ReturnValue = false;
}
break;
case TTableAccessPermission.tapCREATE:
if (!FoundTableRow.CanCreate)
{
ReturnValue = false;
}
break;
case TTableAccessPermission.tapDELETE:
if (!FoundTableRow.CanDelete)
{
ReturnValue = false;
}
break;
}
}
else
{
ReturnValue = false;
}
return(ReturnValue);
}
/// <summary>
/// get the list of access permissions to database tables for the user
/// </summary>
/// <param name="AUserID"></param>
/// <param name="ATransaction">Instantiated DB Transaction.</param>
/// <returns></returns>
public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID, TDBTransaction ATransaction)
{
SUserTableAccessPermissionTable ReturnValue;
if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ATransaction) > 0)
{
ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ATransaction);
}
else
{
ReturnValue = new SUserTableAccessPermissionTable();
}
return(ReturnValue);
}
/// <summary>
/// constructor
/// </summary>
/// <param name="AIdentity"></param>
/// <param name="AGroups"></param>
/// <param name="AUserTableAccessPermissions"></param>
/// <param name="AModuleAccess"></param>
/// <param name="AFunctions"></param>
/// <param name="ARoles"></param>
public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity,
SUserGroupTable AGroups,
SUserTableAccessPermissionTable AUserTableAccessPermissions,
String[] AModuleAccess,
String[] AFunctions,
String[] ARoles) : base()
{
if (AIdentity == null)
{
throw new ArgumentNullException("AIdentity", "Argument must not be null");
}
FIdentity = AIdentity;
FGroupsDT = AGroups;
FUserTableAccessPermissionDT = AUserTableAccessPermissions;
FModuleAccess = AModuleAccess;
FFunctions = AFunctions;
FRoles = ARoles;
// Prepare Arrays for fast BinarySearch
if (FModuleAccess != null)
{
System.Array.Sort(FModuleAccess);
}
if (FRoles != null)
{
System.Array.Sort(FRoles);
}
if (FFunctions != null)
{
System.Array.Sort(FFunctions);
}
// Default LoginMessage is not defined
FLoginMessage = null;
}
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName, string AModulePermissions)
{
TDBTransaction ReadTransaction = null;
TDBTransaction SubmitChangesTransaction = null;
bool UserExists = false;
bool SubmissionOK = false;
// TODO: check permissions. is the current user allowed to create other users?
SUserTable userTable = new SUserTable();
SUserRow newUser = userTable.NewRowTyped();
newUser.UserId = AUsername;
newUser.FirstName = AFirstName;
newUser.LastName = AFamilyName;
if (AUsername.Contains("@"))
{
newUser.EmailAddress = AUsername;
newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")).
Replace(".", string.Empty).
Replace("_", string.Empty).ToUpper();
}
// Check whether the user that we are asked to create already exists
DBAccess.GDBAccessObj.BeginAutoReadTransaction(IsolationLevel.ReadCommitted, ref ReadTransaction,
delegate
{
if (SUserAccess.Exists(newUser.UserId, ReadTransaction))
{
TLogging.Log("Cannot create new user as a user with User Name '" + newUser.UserId + "' already exists!");
UserExists = true;
}
});
if (UserExists)
{
return(false);
}
userTable.Rows.Add(newUser);
string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false);
if (UserAuthenticationMethod == "OpenPetraDBSUser")
{
if (APassword.Length > 0)
{
newUser.PasswordSalt = PasswordHelper.GetNewPasswordSalt();
newUser.PasswordHash = PasswordHelper.GetPasswordHash(APassword, newUser.PasswordSalt);
newUser.PasswordNeedsChange = true;
}
}
else
{
try
{
IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod);
if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName))
{
newUser = null;
}
}
catch (Exception e)
{
TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString());
return(false);
}
}
if (newUser != null)
{
DBAccess.GDBAccessObj.BeginAutoTransaction(IsolationLevel.Serializable, ref SubmitChangesTransaction, ref SubmissionOK,
delegate
{
SUserAccess.SubmitChanges(userTable, SubmitChangesTransaction);
List <string> modules = new List <string>();
if (AModulePermissions == DEMOMODULEPERMISSIONS)
{
modules.Add("PTNRUSER");
modules.Add("FINANCE-1");
ALedgerTable theLedgers = ALedgerAccess.LoadAll(SubmitChangesTransaction);
foreach (ALedgerRow ledger in theLedgers.Rows)
{
modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000"));
}
}
else
{
string[] modulePermissions = AModulePermissions.Split(new char[] { ',' });
foreach (string s in modulePermissions)
{
if (s.Trim().Length > 0)
{
modules.Add(s.Trim());
}
}
}
SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable();
foreach (string module in modules)
{
SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped();
moduleAccessPermissionRow.UserId = newUser.UserId;
moduleAccessPermissionRow.ModuleId = module;
moduleAccessPermissionRow.CanAccess = true;
moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow);
}
SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, SubmitChangesTransaction);
// TODO: table permissions should be set by the module list
// TODO: add p_data_label... tables here so user can generally have access
string[] tables = new string[] {
"p_bank", "p_church", "p_family", "p_location",
"p_organisation", "p_partner", "p_partner_location",
"p_partner_type", "p_person", "p_unit", "p_venue",
"p_data_label", "p_data_label_lookup", "p_data_label_lookup_category", "p_data_label_use", "p_data_label_value_partner",
};
SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable();
foreach (string table in tables)
{
SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped();
tableAccessPermissionRow.UserId = newUser.UserId;
tableAccessPermissionRow.TableName = table;
tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow);
}
SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, SubmitChangesTransaction);
SubmissionOK = true;
});
return(true);
}
return(false);
}
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName, string AModulePermissions)
{
TDBTransaction ReadTransaction = null;
TDBTransaction SubmitChangesTransaction = null;
bool UserExists = false;
bool SubmissionOK = false;
// TODO: check permissions. is the current user allowed to create other users?
SUserTable userTable = new SUserTable();
SUserRow newUser = userTable.NewRowTyped();
newUser.UserId = AUsername;
newUser.FirstName = AFirstName;
newUser.LastName = AFamilyName;
if (AUsername.Contains("@"))
{
newUser.EmailAddress = AUsername;
newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")).
Replace(".", string.Empty).
Replace("_", string.Empty).ToUpper();
}
// Check whether the user that we are asked to create already exists
DBAccess.GDBAccessObj.BeginAutoReadTransaction(IsolationLevel.ReadCommitted, ref ReadTransaction,
delegate
{
if (SUserAccess.Exists(newUser.UserId, ReadTransaction))
{
TLogging.Log("Cannot create new user as a user with User Name '" + newUser.UserId + "' already exists!");
UserExists = true;
}
});
if (UserExists)
{
return false;
}
userTable.Rows.Add(newUser);
string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false);
if (UserAuthenticationMethod == "OpenPetraDBSUser")
{
if (APassword.Length > 0)
{
newUser.PasswordSalt = PasswordHelper.GetNewPasswordSalt();
newUser.PasswordHash = PasswordHelper.GetPasswordHash(APassword, newUser.PasswordSalt);
newUser.PasswordNeedsChange = true;
}
}
else
{
try
{
IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod);
if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName))
{
newUser = null;
}
}
catch (Exception e)
{
TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString());
return false;
}
}
if (newUser != null)
{
DBAccess.GDBAccessObj.BeginAutoTransaction(IsolationLevel.Serializable, ref SubmitChangesTransaction, ref SubmissionOK,
delegate
{
SUserAccess.SubmitChanges(userTable, SubmitChangesTransaction);
List <string>modules = new List <string>();
if (AModulePermissions == DEMOMODULEPERMISSIONS)
{
modules.Add("PTNRUSER");
modules.Add("FINANCE-1");
ALedgerTable theLedgers = ALedgerAccess.LoadAll(SubmitChangesTransaction);
foreach (ALedgerRow ledger in theLedgers.Rows)
{
modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000"));
}
}
else
{
string[] modulePermissions = AModulePermissions.Split(new char[] { ',' });
foreach (string s in modulePermissions)
{
if (s.Trim().Length > 0)
{
modules.Add(s.Trim());
}
}
}
SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable();
foreach (string module in modules)
{
SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped();
moduleAccessPermissionRow.UserId = newUser.UserId;
moduleAccessPermissionRow.ModuleId = module;
moduleAccessPermissionRow.CanAccess = true;
moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow);
}
SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, SubmitChangesTransaction);
// TODO: table permissions should be set by the module list
string[] tables = new string[] {
"p_bank", "p_church", "p_family", "p_location",
"p_organisation", "p_partner", "p_partner_location",
"p_partner_type", "p_person", "p_unit", "p_venue"
};
SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable();
foreach (string table in tables)
{
SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped();
tableAccessPermissionRow.UserId = newUser.UserId;
tableAccessPermissionRow.TableName = table;
tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow);
}
SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, SubmitChangesTransaction);
SubmissionOK = true;
});
return true;
}
return false;
}
/// <summary>
/// constructor
/// </summary>
/// <param name="AIdentity"></param>
/// <param name="AGroups"></param>
/// <param name="AUserTableAccessPermissions"></param>
/// <param name="AModuleAccess"></param>
public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity,
SUserGroupTable AGroups,
SUserTableAccessPermissionTable AUserTableAccessPermissions,
String[] AModuleAccess) : this(AIdentity, AGroups, AUserTableAccessPermissions, AModuleAccess, null, null)
{
}
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName,
string AModulePermissions, string AClientComputerName, string AClientIPAddress, TDBTransaction ATransaction = null)
{
TDataBase DBConnectionObj = DBAccess.GetDBAccessObj(ATransaction);
TDBTransaction ReadWriteTransaction = null;
bool SeparateDBConnectionEstablished = false;
bool NewTransaction;
bool SubmissionOK = false;
// TODO: check permissions. is the current user allowed to create other users?
SUserTable userTable = new SUserTable();
SUserRow newUser = userTable.NewRowTyped();
newUser.UserId = AUsername;
newUser.FirstName = AFirstName;
newUser.LastName = AFamilyName;
if (AUsername.Contains("@"))
{
newUser.EmailAddress = AUsername;
newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")).
Replace(".", string.Empty).
Replace("_", string.Empty).ToUpper();
}
if (DBConnectionObj == null)
{
// ATransaction was null and GDBAccess is also null: we need to establish a DB Connection manually here!
DBConnectionObj = DBAccess.SimpleEstablishDBConnection("CreateUser");
SeparateDBConnectionEstablished = true;
}
ReadWriteTransaction = DBConnectionObj.GetNewOrExistingTransaction(
IsolationLevel.Serializable, out NewTransaction, "CreateUser");
try
{
// Check whether the user that we are asked to create already exists
if (SUserAccess.Exists(newUser.UserId, ReadWriteTransaction))
{
TLogging.Log("Cannot create new user because a user with User Name '" + newUser.UserId + "' already exists!");
return(false);
}
newUser.PwdSchemeVersion = TPasswordHelper.CurrentPasswordSchemeNumber;
userTable.Rows.Add(newUser);
string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false);
if (UserAuthenticationMethod == "OpenPetraDBSUser")
{
if (APassword.Length > 0)
{
SetNewPasswordHashAndSaltForUser(newUser, APassword, AClientComputerName, AClientIPAddress, ReadWriteTransaction);
if (AModulePermissions != TMaintenanceWebConnector.DEMOMODULEPERMISSIONS)
{
newUser.PasswordNeedsChange = true;
}
}
}
else
{
try
{
IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod);
if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName))
{
newUser = null;
}
}
catch (Exception e)
{
TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString());
return(false);
}
}
if (newUser != null)
{
SUserAccess.SubmitChanges(userTable, ReadWriteTransaction);
List <string> modules = new List <string>();
if (AModulePermissions == DEMOMODULEPERMISSIONS)
{
modules.Add("PTNRUSER");
modules.Add("FINANCE-1");
ALedgerTable theLedgers = ALedgerAccess.LoadAll(ReadWriteTransaction);
foreach (ALedgerRow ledger in theLedgers.Rows)
{
modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000"));
}
}
else
{
string[] modulePermissions = AModulePermissions.Split(new char[] { ',' });
foreach (string s in modulePermissions)
{
if (s.Trim().Length > 0)
{
modules.Add(s.Trim());
}
}
}
SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable();
foreach (string module in modules)
{
SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped();
moduleAccessPermissionRow.UserId = newUser.UserId;
moduleAccessPermissionRow.ModuleId = module;
moduleAccessPermissionRow.CanAccess = true;
moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow);
}
SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, ReadWriteTransaction);
// TODO: table permissions should be set by the module list
// TODO: add p_data_label... tables here so user can generally have access
string[] tables = new string[] {
"p_bank", "p_church", "p_family", "p_location",
"p_organisation", "p_partner", "p_partner_location",
"p_partner_type", "p_person", "p_unit", "p_venue",
"p_data_label", "p_data_label_lookup", "p_data_label_lookup_category", "p_data_label_use", "p_data_label_value_partner",
};
SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable();
foreach (string table in tables)
{
SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped();
tableAccessPermissionRow.UserId = newUser.UserId;
tableAccessPermissionRow.TableName = table;
tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow);
}
SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, ReadWriteTransaction);
TUserAccountActivityLog.AddUserAccountActivityLogEntry(newUser.UserId,
TUserAccountActivityLog.USER_ACTIVITY_USER_RECORD_CREATED,
String.Format(Catalog.GetString("The user record for the new user {0} got created by user {1}. "),
newUser.UserId, UserInfo.GUserInfo.UserID) +
String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress),
ReadWriteTransaction);
SubmissionOK = true;
return(true);
}
}
finally
{
if (NewTransaction)
{
if (SubmissionOK)
{
ReadWriteTransaction.DataBaseObj.CommitTransaction();
}
else
{
ReadWriteTransaction.DataBaseObj.RollbackTransaction();
}
if (SeparateDBConnectionEstablished)
{
DBConnectionObj.CloseDBConnection();
}
}
}
return(false);
}
/// <summary>
/// constructor
/// </summary>
/// <param name="AIdentity"></param>
/// <param name="AGroups"></param>
/// <param name="AUserTableAccessPermissions"></param>
/// <param name="AModuleAccess"></param>
/// <param name="AFunctions"></param>
/// <param name="ARoles"></param>
public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity,
SUserGroupTable AGroups,
SUserTableAccessPermissionTable AUserTableAccessPermissions,
String[] AModuleAccess,
String[] AFunctions,
String[] ARoles) : base()
{
if (AIdentity == null)
{
throw new ArgumentNullException("AIdentity", "Argument must not be null");
}
FIdentity = AIdentity;
FGroupsDT = AGroups;
FUserTableAccessPermissionDT = AUserTableAccessPermissions;
FModuleAccess = AModuleAccess;
FFunctions = AFunctions;
FRoles = ARoles;
// Prepare Arrays for fast BinarySearch
if (FModuleAccess != null)
{
System.Array.Sort(FModuleAccess);
}
if (FRoles != null)
{
System.Array.Sort(FRoles);
}
if (FFunctions != null)
{
System.Array.Sort(FFunctions);
}
// Default LoginMessage is not defined
FLoginMessage = null;
}
/// <summary>
/// constructor
/// </summary>
/// <param name="AIdentity"></param>
/// <param name="AGroups"></param>
/// <param name="AUserTableAccessPermissions"></param>
/// <param name="AModuleAccess"></param>
public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity,
SUserGroupTable AGroups,
SUserTableAccessPermissionTable AUserTableAccessPermissions,
String[] AModuleAccess) : this(AIdentity, AGroups, AUserTableAccessPermissions, AModuleAccess, null, null)
{
}
