/// <summary>
/// Initializes application variables when the application
/// is first created
/// </summary>
protected void Application_Start(Object sender, EventArgs e)
{
//
// Lock the application variables while editing
//
Application.Lock();
//
// Stores the application name
//
Application["AZMAN_APP_NAME"] = "Expense Web";
//
// Stores the Authorization Manager policy store object
//
Application["AZMAN_STORE"] = "AzManStore";
//
// Stores the Authorization Manager application object
//
Application["AZMAN_APP"] = "AzManApp";
//
// Stores the Authorization Manager policy store path
//
Application["STORE_PATH"] = "msxml://c:\\inetpub\\wwwroot\\WebExpense\\AzStore.xml";
//
// Uncomment the line below to use Active Directory for the policy store
// You will need to configure the connection string
//
//Application["STORE_PATH"]="msldap://CN=AzStore,CN=Program Data,DC=microsoft,DC=com";
//
// Stores the maximum number of transactions before the demo resets itself
//
Application["DATASTORE_MAXTRANS"] = 10;
//
// Stores the ID of the last transaction to be created
//
Application["DATASTORE_LASTTRANS"] = 0;
//
// Stores the value of the Self Approval setting
// True - Approvers can approve their own expenses
// False - Approvers cannot approve their own expenses
//
Application["SELF_APPROVAL"] = false;
//
// Unlock the application variables
//
Application.UnLock();
ExpenseCommon.Initialize();
}
/// <summary>
/// Self Approval CheckBox - Check this box to allow users who are both
/// approvers and submitters to approve their own expense
/// </summary>
/// <summary>
/// ExpenseWebAdministration Group Panel - Container for all of the administrative
/// UI controls on the page
/// </summary>
/// <summary>
/// Maximum Number of Transactions
/// The max number of transactions that can occur in the demo
/// before the tranasction are deleted and the demo is restarted
/// </summary>
/// <summary>
/// OK Button - Submits the changes made on the form and
/// redirects to the main page
/// </summary>
/// <summary>
/// Cancel Button - Cancels any changes made on the form and
/// redirects to the main page
/// </summary>
/// <summary>
/// Logo Hyperlink - A picture of the company logo which links
/// back to the main page
/// </summary>
/// <summary>
/// Administration Label - Title of the page, Administration
/// </summary>
/// <summary>
/// Message Label - Displays any messages to the user
/// </summary>
/// <summary>
/// Maximum Number of Transactions Label - Identifies the
/// max trans textbox
/// </summary>
#endregion
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// To prevent users from by-passing the portal page (index.aspx)
// and going directly to this page, use URL Authorization
// See <url> for details.
//
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Lock the application to ensure settings integrity
//
Application.Lock();
//
// Show the admin UI controls
//
AdminGroup.Visible = true;
//
// Load application settings
//
//
// Load the Self Approval setting
//
self_approval.Checked = ExpenseCommon.GetSelfApproval();
//
// Load the Maximum Number of Transactions setting
//
max_trans.Text = ExpenseCommon.GetMaxTransaction().ToString();
}
}
/// <summary>
/// Logo Image - Displays the logo of the company
/// </summary>
/// <summary>
/// Message Label - Displays messages to the user
/// </summary>
/// <summary>
/// Approve Link - Link to a page which lists all expense
/// reports which need to be approved
/// </summary>
/// <summary>
/// Submit Link - Link to a page which allows a user
/// to create a new expense report to submit
/// </summary>
/// <summary>
/// Administration Link - Link to a page which allows an
/// administrator to change application settings
/// </summary>
/// <summary>
/// Approve Image - Display an icon that links to a page
/// which lists all expense reports which need to be approved
/// </summary>
/// <summary>
/// Administration Image - Displays an icon that links
/// to a page which allows an administrator to change
/// application settings
/// </summary>
/// <summary>
/// Submit Image - Displays an icon that links
/// to a page which allows a user to create a new expense
/// report to submit
/// </summary>
/// <summary>
/// Title Label - Displays the application title
/// </summary>
#endregion
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Get the client context
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Use the client SAM name (\\domain\username)
// to display the username
//
string AccountName = ExpenseCommon.GetClientSamName();
AccountName = AccountName.Substring((AccountName.IndexOf(@"\") + 1));
MSG.Text = string.Concat("Welcome ", AccountName, ":");
//
// Get the user's role memberships from the
// client context
//
object[] Roles = (object[])AzClient.GetRoles(null);
//
// Check for the user has no roles
//
if (Roles.Length == 0)
{
MSG.Text = string.Concat(MSG.Text, "<P>Sorry ", AccountName, " you have no Roles. <Br> Please contact your manager <Br></P>");
}
else
{
//
// Display links to the various actions the user
// can perform depending on the user's role memberships
//
string Role;
foreach (object oRole in Roles)
{
Role = (string)oRole;
switch (Role)
{
case "Approver":
//
// User is an approver
// Show link to the approval page
//
ApproveLink.Visible = true;
break;
case "Administrator":
//
// User is an administrator
// Show link to the administration page
//
AdminLink.Visible = true;
break;
case "Submitter":
//
// User is an submitter
// Show link to the expense submission page
//
SubmitLink.Visible = true;
break;
}
}
}
}
}
/// <summary>
/// Submit Decision Click - When the user clicks the Submit button,
/// this submits the descision of the user, approve or reject,
/// to the application data store.
/// </summary>
protected void SubmitDecision_Click(object sender, System.EventArgs e)
{
//
// Check if the user has access to the administer
// operation and then save application settings
//
//
// Get the client context from the session variables
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
//
// Set BizRule Parameters
//
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", ExpenseData["Amount"]);
BizRuleParams.AddParameter("Date", ExpenseData["Date"]);
BizRuleParams.AddParameter("SubmitterName", (object)ExpenseData["User"]);
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Run the access check on the submit operation
// Passing the audit text, scope, operations and business rule parameters
//
uint result = AzClient.AccessCheck2("Approve Expense Report", "", ExpenseCommon.AzopApprove);
//
// Check for success of the access check
//
bool bAuthorized = false;
if (result == ExpenseCommon.NoError)
{
bAuthorized = true;
}
else if (result == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
Message.Text = "<font color=\"FF0000\">Access Denied." + errorMessage + "</font>";
}
else
{
Message.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>";
}
bAuthorized = false;
}
else
{
//
// Check for other error
//
if (result != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
Message.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>";
}
}
if (bAuthorized)
{
//
// Check for the user has added comments
//
if (Comment.Text.Length > 0)
{
//
// Attach the comment to the transaction
//
ExpenseData["Comment"] = string.Concat(ExpenseData["Comment"],
"<p><b>Approver Comment: </b></p>", Comment.Text);
ExpenseCommon.SaveTransaction(transID, ExpenseData);
}
//
// Check for the user approved or rejected the expense
//
if (Decision.SelectedValue == "approve")
{
//
// Approve the expense
//
ExpenseCommon.ApproveTransaction(transID);
}
else
{
//
// Reject the expense
//
ExpenseCommon.RejectTransaction(transID);
}
//
// Redirect the user to pending expenses list
//
Response.Redirect("List.aspx", true);
}
else
{
//
// If the access check failed, display an error message to the user
//
Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// To prevent users from by-passing the portal page (index.aspx)
// and going directly to this page, use URL Authorization
// See <url> for details.
//
//
// Get the transaction ID from the posted variables
// if no transaction ID was posted, i.e. the user
// went directly to this page and not from the List.aspx page,
// show an error message
//
try
{
transID = Convert.ToInt32(Request.QueryString["transactionId"]);
}
catch (System.ArgumentNullException)
{
Message.Text = "There was an error retrieving the transaction ID.";
return;
}
//
// Get the expense report data from the transaction ID
// and check that the transaction exists
//
ExpenseData = ExpenseCommon.GetTransData(transID);
if (ExpenseData == null)
{
Message.Text = "There was an error retrieving the transaction data. <br>The specified transaction does not exist.";
return;
}
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Check if the approver is also the owner of the
// expense report and either display the report
// or a message depending on the Self Approval setting
// of the application
//
//
// Get the status of the transaction
//
string transStatus = string.Concat(ExpenseCommon.GetTransactionStatus(transID), "");
//
// Check for the transaction has not been approved
//
if (transStatus == "")
{
//
// Check if the current user is the owner of the expense report
//
if ((ExpenseCommon.GetClientSamName() == ExpenseData["SamName"]))
{
//
// Check for Self Approval is allowed
//
if (ExpenseCommon.GetSelfApproval() == false)
{
//
// Self approval is not allowed so do not display the
// decision buttons and show an error message
//
Status.Text = string.Concat(Status.Text, "PENDING", "<P>You are not authorized to approve your own expense.</p>");
DecisionGroup.Visible = false;
}
else
{
//
// Self Approval is allowed so display the
// decision buttons and it's status
//
Status.Text = string.Concat(Status.Text, "PENDING");
DecisionGroup.Visible = true;
}
}
else
{
//
// The current user is not the owner of the expense report so
// display the decision buttons
//
Status.Text = string.Concat(Status.Text, "PENDING");
DecisionGroup.Visible = true;
}
}
else
{
//
// The expense report has been reviewed already
// Display it's status and do not show the decision buttons
//
Status.Text = string.Concat(Status.Text, transStatus);
DecisionGroup.Visible = false;
}
//
// Check if the user has permission to list expenses
//
//
//
// Get the client context from the session variables
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
//
// Set BizRule Parameters
//
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", ExpenseData["Amount"]);
BizRuleParams.AddParameter("Date", DateTime.Now.ToShortDateString());
BizRuleParams.AddParameter("SubmitterName", (object)ExpenseData["User"]);
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Run the access check on the submit operation
// Passing the audit text, scope, operations and business rule parameters
//
uint result = AzClient.AccessCheck2("Read Expense Report", "", ExpenseCommon.AzopRead);
//
// Check for success of the access check
//
bool bAuthorized = false;
if (result == ExpenseCommon.NoError)
{
bAuthorized = true;
}
else if (result == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
Message.Text = "<font color=\"FF0000\">Access Denied." + errorMessage + "</font>";
}
else
{
Message.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>";
}
bAuthorized = false;
}
else
{
//
// Check for other error
//
if (result != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
Message.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>";
}
}
if (bAuthorized)
{
//
// Display the expense report
//
DisplayExpense();
}
else
{
//
// Access Check failed so display an error message to the user
//
Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
}
/// <summary>
/// OK Button Click - When a user clicks the OK button
/// save any changes and rediret them to the main page
/// </summary>
protected void OK_Click(object sender, System.EventArgs e)
{
//
//
// Get the client context from the session variables
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Check if the user has access to the administer
// operation and then save application settings
//
//
// Contains the scope of the access check request
// which is set to the application level (null)
//
object[] scope = new Object[1];
scope[0] = (object)"";
//
// Contains all the operations associated with
// changing the application settings
// In this case the administer operation
//
object[] operations = new Object[1];
operations[0] = ExpenseCommon.AzopAdministrater;
//
// Contains all the parameter names associated with
// application settings. These are organized as
// name-value pairs and passed to the business rule
// if one is defined.
//
// THEY MUST BE IN ALPHABETICAL ORDER (A-Z)
//
Object[] BRNames = new Object[3];
BRNames[0] = (object)ExpenseCommon.ParamAmount;
BRNames[1] = (object)ExpenseCommon.ParamDate;
BRNames[2] = (object)ExpenseCommon.ParamUserName;
//
// Contains all the paramenter values associted with
// the application settings.
//
Object[] BRValues = new Object[3];
BRValues[0] = (object)0;
BRValues[1] = (object)DateTime.Now.ToShortDateString();
BRValues[2] = (object)ExpenseCommon.GetClientSamName();
//
// Run the access check on the administer operation
// Passing the audit text, scope, operations and business rule parameters
//
object[] results = (object[])AzClient.AccessCheck("Change Application Settings", (object)scope, (object)operations, BRNames, BRValues, null, null, null);
//
// Check for success of the access check
//
bool bAuthorized = true;
foreach (int iResCode in results)
{
//
// Check for access denied
//
if (iResCode == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
Message.Text = "Admin Denied. " + errorMessage;
}
else
{
Message.Text = "Access Denied. You do not have sufficient permissions to perform this operation.";
}
bAuthorized = false;
break;
}
//
// Check for other error
//
else if (iResCode != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
Message.Text = "There was an error performing the AccessCheck: " + ex.Message;
}
}
if (bAuthorized == true)
{
//
// Save the Self Approval setting
//
ExpenseCommon.SetApproval(self_approval.Checked);
//
// Save the Maximum Number of Tranascitons setting
//
ExpenseCommon.SetMaxTransaction(Convert.ToInt32(max_trans.Text));
//
// Redirect the user to the main page
//
Response.Redirect("../index.aspx", false);
}
else
{
//
// Display reason for the access check failure
//
Message.Text = "Error Access Denied:" + AzClient.GetBusinessRuleString();
}
}
/// <summary>
/// Submit Decision Click - When the user clicks the Submit button,
/// this submits the descision of the user, approve or reject,
/// to the application data store.
/// </summary>
protected void SubmitDecision_Click(object sender, System.EventArgs e)
{
//
//
// Get the client context from the session variables
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Check if the user has access to the administer
// operation and then save application settings
//
//
// Contains the scope of the access check request
// which is set to the application level (null)
//
object[] scope = new Object[1];
scope[0] = (object)"";
//
// Contains all the operations associated with
// changing the application settings
// In this case the approve operation
//
object[] operations = new Object[1];
operations[0] = ExpenseCommon.AzopApprove;
//
// Contains all the parameter names associated with
// approving an expense. These are organized as
// name-value pairs and passed to the business rule
// if one is defined
//
Object[] BRNames = new Object[3];
BRNames[0] = (object)ExpenseCommon.ParamAmount;
BRNames[1] = (object)ExpenseCommon.ParamDate;
BRNames[2] = (object)ExpenseCommon.ParamUserName;
//
// Contains all the paramenter values associted with
// approving an expense.
//
Object[] BRValues = new Object[3];
BRValues[0] = (object)ExpenseData["Amount"];
BRValues[1] = (object)ExpenseData["Date"];
BRValues[2] = (object)ExpenseCommon.GetClientSamName();
//
// Run the access check on the administer operation
// Passing the audit text, scope, operations and business rule parameters
//
object[] results = (object[])AzClient.AccessCheck("Approve Expense Report", (object)scope, (object)operations, BRNames, BRValues, null, null, null);
//
// Check for success of the access check
//
bool bAuthorized = true;
foreach (int iResCode in results)
{
if (iResCode != ExpenseCommon.NoError)
{
bAuthorized = false;
break;
}
}
if (bAuthorized)
{
//
// Check for the user has added comments
//
if (Comment.Text.Length > 0)
{
//
// Attach the comment to the transaction
//
ExpenseData["Comment"] = string.Concat(ExpenseData["Comment"],
"<p><b>Approver Comment: </b></p>", Comment.Text);
ExpenseCommon.SaveTransaction(transID, ExpenseData);
}
//
// Check for the user approved or rejected the expense
//
if (Decision.SelectedValue == "approve")
{
//
// Approve the expense
//
ExpenseCommon.ApproveTransaction(transID);
}
else
{
//
// Reject the expense
//
ExpenseCommon.RejectTransaction(transID);
}
//
// Redirect the user to pending expenses list
//
Response.Redirect("List.aspx", true);
}
else
{
//
// If the access check failed, display an error message to the user
//
Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// To prevent users from by-passing the portal page (index.aspx)
// and going directly to this page, use URL Authorization
// See <url> for details.
//
//
// Get the transaction ID from the posted variables
// if no transaction ID was posted, i.e. the user
// went directly to this page and not from the List.aspx page,
// show an error message
//
try
{
transID = Convert.ToInt32(Request.QueryString["transactionId"]);
}
catch (System.ArgumentNullException)
{
Message.Text = "There was an error retrieving the transaction ID.";
return;
}
//
// Get the expense report data from the transaction ID
// and check that the transaction exists
//
ExpenseData = ExpenseCommon.GetTransData(transID);
if (ExpenseData == null)
{
Message.Text = "There was an error retrieving the transaction data. <br>The specified transaction does not exist.";
return;
}
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Check if the approver is also the owner of the
// expense report and either display the report
// or a message depending on the Self Approval setting
// of the application
//
//
// Get the status of the transaction
//
string transStatus = string.Concat(ExpenseCommon.GetTransactionStatus(transID), "");
//
// Check for the transaction has not been approved
//
if (transStatus == "")
{
//
// Check if the current user is the owner of the expense report
//
if ((ExpenseCommon.GetClientSamName() == ExpenseData["SamName"]))
{
//
// Check for Self Approval is allowed
//
if (ExpenseCommon.GetSelfApproval() == false)
{
//
// Self approval is not allowed so do not display the
// decision buttons and show an error message
//
Status.Text = string.Concat(Status.Text, "PENDING", "<P>You are not authorized to approve your own expense.</p>");
DecisionGroup.Visible = false;
}
else
{
//
// Self Approval is allowed so display the
// decision buttons and it's status
//
Status.Text = string.Concat(Status.Text, "PENDING");
DecisionGroup.Visible = true;
}
}
else
{
//
// The current user is not the owner of the expense report so
// display the decision buttons
//
Status.Text = string.Concat(Status.Text, "PENDING");
DecisionGroup.Visible = true;
}
}
else
{
//
// The expense report has been reviewed already
// Display it's status and do not show the decision buttons
//
Status.Text = string.Concat(Status.Text, transStatus);
DecisionGroup.Visible = false;
}
//
// Get the client context
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Check if the user has permission to list expenses
//
//
// Contains the scope of the access check request
// which is set to the application level (null)
//
object[] scope = new Object[1];
scope[0] = (object)"";
//
// Contains all the operations associated with
// reading an expense
// In this case the readExpense operation
//
object[] operations = new Object[1];
operations[0] = ExpenseCommon.AzopRead;
//
// Contains all the parameter names associated with
// approving an expense. These are organized as
// name-value pairs and passed to the business rule
// if one is defined
//
// THEY MUST BE IN ALPHABETICAL ORDER (A-Z)
//
Object[] BRNames = new Object[3];
BRNames[0] = (object)ExpenseCommon.ParamAmount;
BRNames[1] = (object)ExpenseCommon.ParamDate;
BRNames[2] = (object)ExpenseCommon.ParamUserName;
//
// Contains all the paramenter values associted with
// approving an expense.
//
Object[] BRValues = new Object[3];
BRValues[0] = (object)0;
BRValues[1] = (object)DateTime.Now.ToShortDateString();
BRValues[2] = (object)ExpenseCommon.GetClientSamName();
// Contains the results from AccessCheck
object[] results;
try
{
//
// Run the access check on the administer operation
// Passing the audit text, scope, operations and business rule parameters
//
results = (object[])AzClient.AccessCheck("Read Expense Report", (object)scope, (object)operations, BRNames, BRValues, null, null, null);
}
catch (Exception ex)
{
Message.Text = "There was an error running AccessCheck: " + ex.Message;
return;
}
//
// Check for success of the access check
//
bool bAuthorized = true;
foreach (int iResCode in results)
{
//
// Check for access denied
//
if (iResCode == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
Message.Text = "Read Denied. " + errorMessage;
}
else
{
Message.Text = "Access Denied. You do not have sufficient permissions to perform this operation.";
}
bAuthorized = false;
break;
}
//
// Check for other error
//
else if (iResCode != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
Message.Text = "There was an error performing the AccessCheck: " + ex.Message;
}
}
if (bAuthorized)
{
//
// Display the expense report
//
DisplayExpense();
}
else
{
//
// Access Check failed so display an error message to the user
//
Message.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
}
/// <summary>
/// OK Button Click - When a user clicks the OK button
/// save any changes and rediret them to the main page
/// </summary>
protected void OK_Click(object sender, System.EventArgs e)
{
//
// Check if the user has access to the administer
// operation and then save application settings
//
//
//
// Get the client context from the session variables
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
//
// Set BizRule Parameters
//
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", 0);
BizRuleParams.AddParameter("Date", DateTime.Now.ToShortDateString());
BizRuleParams.AddParameter("SubmitterName", "");
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Run the access check on the administer operation
// Passing the audit text, scope, operations
//
uint result = AzClient.AccessCheck2("Administration", "", ExpenseCommon.AzopAdministrater);
//
// Check for success of the access check
//
bool bAuthorized = false;
if (result == ExpenseCommon.NoError)
{
bAuthorized = true;
}
else if (result == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
Message.Text = "<font color=\"FF0000\">Access Denied. " + errorMessage + "</font>";
}
else
{
Message.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>";
}
bAuthorized = false;
}
else
{
//
// Check for other error
//
if (result != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
Message.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>";
}
}
if (bAuthorized == true)
{
//
// Save the Self Approval setting
//
ExpenseCommon.SetApproval(self_approval.Checked);
//
// Save the Maximum Number of Tranascitons setting
//
ExpenseCommon.SetMaxTransaction(Convert.ToInt32(max_trans.Text));
//
// Redirect the user to the main page
//
Response.Redirect("../index.aspx", false);
}
else
{
//
// Display reason for the access check failure
//
Message.Text = "<font color=\"FF0000\">Error Access Denied. " + AzClient.GetBusinessRuleString() + "</font>";
}
}
/// <summary>
/// Comment TextBox - Allows a user to attach a comment
/// to the expense report
/// </summary>
/// <summary>
/// Date TextBox - Date the expense was incurred
/// </summary>
/// <summary>
/// Amount TextBox - Amount of the expense
/// </summary>
/// <summary>
/// Description TextBox - Descriptiong of the expense
/// </summary>
/// <summary>
/// Message Label - Displays any messages to the user
/// </summary>
/// <summary>
/// Submit Group Panel - Contains the UI controls to submit
/// an expense
/// </summary>
/// <summary>
/// Logo Link - Displays the company logo and links back to
/// the main page of the application
/// </summary>
/// <summary>
/// Title Label - Displays the title of the page
/// </summary>
/// <summary>
/// Description Label - Identifies the description textbox
/// </summary>
/// <summary>
/// Amount Label - Identifies the amount textbox
/// </summary>
/// <summary>
/// Date Label - Identifies the date textbox
/// </summary>
/// <summary>
/// Comment Label - Identifies the comment textbox
/// </summary>
/// <summary>
/// Submit Button - The user clicks this button to submit the expense
/// </summary>
/// <summary>
/// Return Link - Link back to the main page of the application
/// </summary>
/// <summary>
/// Description Validator - Requires that a description is entered
/// A description cannot be longer than 50 characters
/// </summary>
/// <summary>
/// Date Validator - Checks that the user entered a valid date between
/// the range of 01/01/1900 and 12/31/2999
/// </summary>
/// <summary>
/// Amount Validator - Checks that the user entered an amount
/// </summary>
/// <summary>
/// Date Validator - Checks that the user entered a date
/// </summary>
/// <summary>
/// Amount Validator - Checks that the user entered a valid amount
/// The amount must be between 1 and 99999999999
/// </summary>
#endregion
/// <summary>
/// Submit Button Click - When the user clicks the submit button
/// this saves the expense report in the application data store
/// </summary>
protected void SubmitBtn_Click(object sender, System.EventArgs e)
{
//
// Check if the user has access to the submit
// operation and then save the expense report
//
//
//
// Get the client context from the session variables
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
//
// Set BizRule Parameters
//
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", (object)Amount.Text);
BizRuleParams.AddParameter("Date", (object)Date.Text);
BizRuleParams.AddParameter("SubmitterName", ExpenseCommon.GetClientSamName());
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Run the access check on the submit operation
// Passing the audit text, scope, operations and business rule parameters
//
uint result = AzClient.AccessCheck2("Submit Expense Report", "", ExpenseCommon.AzopSubmit);
//
// Check for success of the access check
//
bool bAuthorized = false;
if (result == ExpenseCommon.NoError)
{
bAuthorized = true;
}
else if (result == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
MSG.Text = "<font color=\"FF0000\">Submission Denied." + errorMessage + "</font>";
}
else
{
MSG.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>";
}
bAuthorized = false;
}
else
{
//
// Check for other error
//
if (result != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
MSG.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>";
}
}
if (bAuthorized)
{
//
// AccessCheck passed so submit the expense report
//
//
// Store the expense report in a name-value collection
//
StringDictionary ExpenseData = new StringDictionary();
//
// Save the user SAM name (\\domain\username)
//
string name = ExpenseCommon.GetClientSamName();
ExpenseData.Add("SamName", name);
//
// Save the user Friendly Name
//
name = name.Substring((name.IndexOf(@"\") + 1));
ExpenseData.Add("User", name);
//
// Save the transaction date
//
ExpenseData.Add("Date", Date.Text);
//
// Save the expense description
//
ExpenseData.Add("Description", Description.Text);
//
// Save the expense amount
//
ExpenseData.Add("Amount", Amount.Text);
//
// Attach any comments to the expense report
//
ExpenseData.Add("Comment", Comment.Text);
//
// Save the transaction
//
ExpenseCommon.SaveTransaction(ExpenseCommon.AssignNextTransaction(), ExpenseData);
//
// Show link to submit a new expense or
// to return to the main page
//
MSG.Text = "Submission Sucessful.<p><a href='Submit.aspx'>Submit new expense</a> | <a href='../index.aspx'>Return to Main Menu</a></p>";
//
// Clear form for new entry
//
Description.Text = "";
Amount.Text = "";
Date.Text = "";
Comment.Text = "";
SubmitGroup.Visible = false;
}
}
/// <summary>
/// Comment TextBox - Allows a user to attach a comment
/// to the expense report
/// </summary>
/// <summary>
/// Date TextBox - Date the expense was incurred
/// </summary>
/// <summary>
/// Amount TextBox - Amount of the expense
/// </summary>
/// <summary>
/// Description TextBox - Descriptiong of the expense
/// </summary>
/// <summary>
/// Message Label - Displays any messages to the user
/// </summary>
/// <summary>
/// Submit Group Panel - Contains the UI controls to submit
/// an expense
/// </summary>
/// <summary>
/// Logo Link - Displays the company logo and links back to
/// the main page of the application
/// </summary>
/// <summary>
/// Title Label - Displays the title of the page
/// </summary>
/// <summary>
/// Description Label - Identifies the description textbox
/// </summary>
/// <summary>
/// Amount Label - Identifies the amount textbox
/// </summary>
/// <summary>
/// Date Label - Identifies the date textbox
/// </summary>
/// <summary>
/// Comment Label - Identifies the comment textbox
/// </summary>
/// <summary>
/// Submit Button - The user clicks this button to submit the expense
/// </summary>
/// <summary>
/// Return Link - Link back to the main page of the application
/// </summary>
/// <summary>
/// Description Validator - Requires that a description is entered
/// A description cannot be longer than 50 characters
/// </summary>
/// <summary>
/// Date Validator - Checks that the user entered a valid date between
/// the range of 01/01/1900 and 12/31/2999
/// </summary>
/// <summary>
/// Amount Validator - Checks that the user entered an amount
/// </summary>
/// <summary>
/// Date Validator - Checks that the user entered a date
/// </summary>
/// <summary>
/// Amount Validator - Checks that the user entered a valid amount
/// The amount must be between 1 and 99999999999
/// </summary>
#endregion
/// <summary>
/// Submit Button Click - When the user clicks the submit button
/// this saves the expense report in the application data store
/// </summary>
protected void SubmitBtn_Click(object sender, System.EventArgs e)
{
//
//
// Get the client context from the session variables
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Check if the user has access to the administer
// operation and then save application settings
//
//
// Contains the scope of the access check request
// which is set to the application level (null)
//
object[] scope = new Object[1];
scope[0] = (object)"";
//
// Contains all the operations associated with
// changing the application settings
// In this case the administer operation
//
object[] operations = new Object[1];
operations[0] = ExpenseCommon.AzopSubmit;
//
// Contains all the parameter names associated with
// submitting an expense. These are organized as
// name-value pairs and passed to the business rule
// if one is defined
//
// THEY MUST BE IN ALPHABETICAL ORDER (A-Z)
//
Object[] BRNames = new Object[3];
BRNames[0] = (object)ExpenseCommon.ParamAmount;
BRNames[1] = (object)ExpenseCommon.ParamDate;
BRNames[2] = (object)ExpenseCommon.ParamUserName;
//
// Contains all the paramenter values associted with
// the submitting an expense.
//
Object[] BRValues = new Object[3];
BRValues[0] = (object)Amount.Text;
BRValues[1] = (object)Date.Text;
BRValues[2] = (object)ExpenseCommon.GetClientSamName();
// Contains the results from the AccessCheck
object[] results;
try
{
//
// Run the access check on the administer operation
// Passing the audit text, scope, operations and business rule parameters
//
results = (object[])AzClient.AccessCheck("Change Application Settings", (object)scope, (object)operations, BRNames, BRValues, null, null, null);
}
catch (Exception ex)
{
MSG.Text = "There was an error running the AccessCheck: " + ex.Message;
return;
}
//
// Check for success of the access check
//
bool bAuthorized = true;
foreach (int iResCode in results)
{
//
// Check for access denied
//
if (iResCode == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
MSG.Text = "Submission Denied. " + errorMessage;
}
else
{
MSG.Text = "Access Denied. You do not have sufficient permissions to perform this operation.";
}
bAuthorized = false;
break;
}
//
// Check for other error
//
else if (iResCode != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
MSG.Text = "There was an error performing the AccessCheck: " + ex.Message;
}
}
if (bAuthorized)
{
//
// AccessCheck passed so submit the expense report
//
//
// Store the expense report in a name-value collection
//
StringDictionary ExpenseData = new StringDictionary();
//
// Save the user SAM name (\\domain\username)
//
string name = ExpenseCommon.GetClientSamName();
ExpenseData.Add("SamName", name);
//
// Save the user Friendly Name
//
name = name.Substring((name.IndexOf(@"\") + 1));
ExpenseData.Add("User", name);
//
// Save the transaction date
//
ExpenseData.Add("Date", Date.Text);
//
// Save the expense description
//
ExpenseData.Add("Description", Description.Text);
//
// Save the expense amount
//
ExpenseData.Add("Amount", Amount.Text);
//
// Attach any comments to the expense report
//
ExpenseData.Add("Comment", Comment.Text);
//
// Save the transaction
//
ExpenseCommon.SaveTransaction(ExpenseCommon.AssignNextTransaction(), ExpenseData);
//
// Show link to submit a new expense or
// to return to the main page
//
MSG.Text = "Submission Sucessful.<p><a href='Submit.aspx'>Submit new expense</a> | <a href='../index.aspx'>Return to Main Menu</a></p>";
//
// Clear form for new entry
//
Description.Text = "";
Amount.Text = "";
Date.Text = "";
Comment.Text = "";
SubmitGroup.Visible = false;
}
}
/// <summary>
/// Logo Image - Displays the logo of the company
/// </summary>
/// <summary>
/// Message Label - Displays messages to the user
/// </summary>
/// <summary>
/// Approve Link - Link to a page which lists all expense
/// reports which need to be approved
/// </summary>
/// <summary>
/// Submit Link - Link to a page which allows a user
/// to create a new expense report to submit
/// </summary>
/// <summary>
/// Administration Link - Link to a page which allows an
/// administrator to change application settings
/// </summary>
/// <summary>
/// Approve Image - Display an icon that links to a page
/// which lists all expense reports which need to be approved
/// </summary>
/// <summary>
/// Administration Image - Displays an icon that links
/// to a page which allows an administrator to change
/// application settings
/// </summary>
/// <summary>
/// Submit Image - Displays an icon that links
/// to a page which allows a user to create a new expense
/// report to submit
/// </summary>
/// <summary>
/// Title Label - Displays the application title
/// </summary>
#endregion
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
ExpenseCommon.Initialize();
//
// Get the client context
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", 0);
BizRuleParams.AddParameter("Date", "NA");
BizRuleParams.AddParameter("SubmitterName", "NA");
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Use the client SAM name (\\domain\username)
// to display the username
//
string AccountName = ExpenseCommon.GetClientSamName();
AccountName = AccountName.Substring((AccountName.IndexOf(@"\") + 1));
MSG.Text = string.Concat("Welcome ", AccountName, ":");
//
// Get the user's task assigments from the
// client context
//
IAzTasks Tasks = AzClient.GetTasks(null);
//
// Check for the user has no roles
//
if (Tasks.Count == 0)
{
MSG.Text = string.Concat(MSG.Text, "<P>Sorry ", AccountName, " you do not have permission to use this application. <Br> Please contact your manager <Br></P>");
}
else
{
//
// Display links to the various actions the user
// can perform depending on the user's role memberships and the tasks
// assigned to those roles.
//
string Task;
foreach (IAzTask AzTask in Tasks)
{
Task = (string)AzTask.Name;
switch (Task)
{
case "View Pending Expenses":
//
// User is an approver
// Show link to the approval page
//
ApproveLink.Visible = true;
break;
case "Administer Settings":
//
// User is an administrator
// Show link to the administration page
//
AdminLink.Visible = true;
break;
case "Submit Expense":
//
// User is an submitter
// Show link to the expense submission page
//
SubmitLink.Visible = true;
break;
}
}
}
}
}
/// <summary>
/// Message Label - Displays any messages for the user
/// </summary>
/// <summary>
/// Transaction List - Displays the transactions
/// filtered by the ModeSelect drop down listbox
/// </summary>
/// <summary>
/// Mode Select Drop Down ListBox - Filters which
/// expense transactions are displayed in the transaction list
/// </summary>
/// <summary>
/// Mode Label - Displays the filter on the transaction list
/// </summary>
/// <summary>
/// Logo Link - Displays the company logo and links
/// back to the main page of the application
/// </summary>
/// <summary>
/// Title Label - Displays the page title
/// </summary>
/// <summary>
/// Return Link - Displays a link back to the main
/// page of the application
/// </summary>
#endregion
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// To prevent users from by-passing the portal page (index.aspx)
// and going directly to this page, use URL Authorization
// See <url> for details.
//
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Get the client context
//
IAzClientContext AzClient = ExpenseCommon.GetAzClientContext();
//
// Check if the user has permission to list expenses
//
//
// Contains the scope of the access check request
// which is set to the application level (null)
//
object[] scope = new Object[1];
scope[0] = (object)"";
//
// Contains all the operations associated with
// listing an expense
// In this case the list operation
//
object[] operations = new Object[1];
operations[0] = ExpenseCommon.AzopList;
//
// Contains all the parameter names. These are organized as
// name-value pairs and passed to the business rule
// if one is defined
//
// THEY MUST BE IN ALPHABETICAL ORDER (A-Z)
//
Object[] BRNames = new Object[3];
BRNames[0] = (object)ExpenseCommon.ParamUserName;
BRNames[1] = (object)ExpenseCommon.ParamDate;
BRNames[2] = (object)ExpenseCommon.ParamUserName;
//
// Contains all the paramenter values
//
Object[] BRValues = new Object[3];
BRValues[0] = (object)0;
BRValues[1] = (object)DateTime.Now.ToShortDateString();
BRValues[2] = (object)ExpenseCommon.GetClientSamName();
// Contains the results from AccessCheck
object[] results;
try
{
//
// Run the access check on the list operation
// Passing the audit text, scope, operations and business rule parameters
//
results = (object[])AzClient.AccessCheck("List Expense Reports", (object)scope, (object)operations, BRNames, BRValues, null, null, null);
}
catch (Exception ex)
{
MSG.Text = "There was an error running AccessCheck: " + ex.Message;
throw(ex);
}
//
// Check for success of the access check
//
bool bAuthorized = true;
foreach (int iResCode in results)
{
//
// Check for access denied for each operation
//
if (iResCode == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
MSG.Text = "List Denied. " + errorMessage;
}
else
{
MSG.Text = "Access Denied. You do not have sufficient permissions to perform this operation.";
}
bAuthorized = false;
break;
}
//
// Check for other error
//
else if (iResCode != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception(iResCode, "There was an error performing the AccessCheck: ");
}
}
if (bAuthorized)
{
//
// List the expense reports
//
ListTransactions();
}
else
{
//
// Access Check failed so display an error message to the user
//
MSG.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
}
/// <summary>
/// Lists all transactions in the application data store
/// according to the filter set by the ModeSelect drop down listbox
/// </summary>
private void ListTransactions()
{
//
// remove previous transactions from list
//
TransList.Rows.Clear();
//
// Create the header row of the table
//
TableRow trow = new TableRow();
trow.BackColor = System.Drawing.Color.LightSteelBlue;
trow.Font.Bold = true;
TableCell tcell = new TableCell();
tcell.Text = "Select an expense";
trow.Cells.Add(tcell);
tcell = new TableCell();
tcell.Text = "Status";
trow.Cells.Add(tcell);
TransList.Rows.Add(trow);
//
// Get the number of transactions in the
// application data store
//
int numTrans = ExpenseCommon.GetNextTransaction();
//
// Check for a valid number of transactions
//
if (numTrans > 0)
{
//
// Check the transaction status filter
//
if (mode.Text == "ALL")
{
//
// Show all transactions
//
for (int i = 1; i <= numTrans; i++)
{
//
// Create a new transaction entry
//
TableRow row = new TableRow();
TableCell cell = new TableCell();
//
// Display a link to the transaction data
//
cell.Text = string.Concat("<a href='display.aspx?transactionId=",
i.ToString(), "'>Expense ", i.ToString());
row.Cells.Add(cell);
cell = new TableCell();
//
// Display the transaction status
//
cell.Text = string.Concat(ExpenseCommon.GetTransactionStatus(i), " ", ExpenseCommon.GetTransactionDecisionTime(i));
row.Cells.Add(cell);
TransList.Rows.Add(row);
}
}
else
{
//
// Only show transactions that match the status filter
//
for (int i = 1; i <= numTrans; i++)
{
//
// only show transactions of the specified type
// (ie approved, denied, pending)
if (string.Concat(ExpenseCommon.GetTransactionStatus(i), "") == mode.Text)
{
//
// Create a new transaction entry
//
TableRow row = new TableRow();
TableCell cell = new TableCell();
//
// Display a link to the transaction data
//
cell.Text = string.Concat("<a href='display.aspx?transactionId=",
i.ToString(), "'>Expense ", i.ToString());
row.Cells.Add(cell);
cell = new TableCell();
//
// Display the transaction status
//
cell.Text = string.Concat(ExpenseCommon.GetTransactionStatus(i), " ", ExpenseCommon.GetTransactionDecisionTime(i));
row.Cells.Add(cell);
TransList.Rows.Add(row);
}
}
}
}
}
/// <summary>
/// Message Label - Displays any messages for the user
/// </summary>
/// <summary>
/// Transaction List - Displays the transactions
/// filtered by the ModeSelect drop down listbox
/// </summary>
/// <summary>
/// Mode Select Drop Down ListBox - Filters which
/// expense transactions are displayed in the transaction list
/// </summary>
/// <summary>
/// Mode Label - Displays the filter on the transaction list
/// </summary>
/// <summary>
/// Logo Link - Displays the company logo and links
/// back to the main page of the application
/// </summary>
/// <summary>
/// Title Label - Displays the page title
/// </summary>
/// <summary>
/// Return Link - Displays a link back to the main
/// page of the application
/// </summary>
#endregion
/// <summary>
/// Page Load - This is executed when the page is first requested
/// by the user and additionally when the user clicks a button on
/// the form
/// </summary>
protected void Page_Load(object sender, System.EventArgs e)
{
//
// To prevent users from by-passing the portal page (index.aspx)
// and going directly to this page, use URL Authorization
// See <url> for details.
//
//
// Check for this is the first time the page is being loaded
// only fill in the form if this is the first time otherwise
// any user changes will be lost
//
if (!Page.IsPostBack)
{
//
// Check if the user has permission to list expenses
//
//
//
// Get the client context from the session variables
//
IAzClientContext3 AzClient = ExpenseCommon.GetAzClientContext();
//
// Set BizRule Parameters
//
IAzBizRuleParameters BizRuleParams = AzClient.BizRuleParameters;
BizRuleParams.AddParameter("Amount", 0);
BizRuleParams.AddParameter("Date", DateTime.Now.ToShortDateString());
BizRuleParams.AddParameter("SubmitterName", "");
BizRuleParams.AddParameter("UserName", ExpenseCommon.GetClientSamName());
//
// Run the access check on the submit operation
// Passing the audit text, scope, operations and business rule parameters
//
uint result = AzClient.AccessCheck2("List Expense Reports", "", ExpenseCommon.AzopList);
//
// Check for success of the access check
//
bool bAuthorized = false;
if (result == ExpenseCommon.NoError)
{
bAuthorized = true;
}
else if (result == ExpenseCommon.AccessDenied)
{
string errorMessage = AzClient.GetBusinessRuleString();
if (errorMessage != "")
{
MSG.Text = "<font color=\"FF0000\">Access Denied." + errorMessage + "</font>";
}
else
{
MSG.Text = "<font color=\"FF0000\">Access Denied. You do not have sufficient permissions to perform this operation.</font>";
}
bAuthorized = false;
}
else
{
//
// Check for other error
//
if (result != ExpenseCommon.NoError)
{
Win32Exception ex = new Win32Exception();
MSG.Text = "<font color=\"FF0000\">There was an error performing the AccessCheck: " + ex.Message + "</font>";
}
}
if (bAuthorized)
{
//
// List the expense reports
//
ListTransactions();
}
else
{
//
// Access Check failed so display an error message to the user
//
MSG.Text = "Error Access Denied: " + AzClient.GetBusinessRuleString();
return;
}
}
}