public object Get(ApprovalRequest ApprovalRequest)
{
Uri redirectURI = null;
Uri current = new Uri(Request.AbsoluteUri);
ApprovalData data = new ApprovalData();
if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = ApprovalRequest.redirect;
DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (user == null)
{
UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl());
bldr.Path += "/auth/login";
bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();
return(new HttpResult(data)
{
Headers = { { "Location", bldr.ToString() } },
StatusCode = System.Net.HttpStatusCode.Redirect,
});
}
data.User = user;
DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
if (!string.IsNullOrWhiteSpace(client.owned_by))
{
data.Owner = ResourceOwnerModel.GetByID(client.owned_by);
}
data.Client = client;
string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries);
List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList();
if (scopeDetails.Count != scopes.Length)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data);
}
data.RequestedScopes = scopeDetails;
return((IApprovalData)data);
}
private void Load(ApprovalData data)
{
Init();
if (data != null)
{
ApprovalID = data.approval_id;
ObjectTypeName = data.object_type_name;
Identifier = data.identifier;
if (data.approver_id == null)
{
ApproverID = 0;
}
else
{
ApproverID = ( int )data.approver_id;
}
ApprovalStatusLUID = data.approval_status_luid;
CreatedByUserID = data.created_by;
ModifiedByUserID = data.modified_by;
if (data.date_approved != null)
{
DateApproved = ( DateTime )data.date_approved;
}
if (data.date_notified != null)
{
DateNotified = ( DateTime )data.date_notified;
}
DateCreated = data.date_created;
DateModified = ( DateTime )data.date_modified;
Active = data.active;
OrganizationID = data.organization_id;
ApprovalTypeLUID = data.approval_type_luid;
}
}
public List <ApprovalData> GetApprovalData()
{
List <ApprovalData> list = new List <ApprovalData>();
string url = @"https://qyapi.weixin.qq.com/cgi-bin/corp/getapprovaldata?access_token=" + _approvalAccessToken;
string requestJson = new JObject
{
{ "starttime", (DateTime.Now.AddDays(-7).Date.ToUniversalTime().Ticks - 621355968000000000) / 10000000 },
{ "endtime", (DateTime.Now.AddDays(-1).ToUniversalTime().Ticks - 621355968000000000) / 10000000 }
}.ToString();
string returnjson =
Requests.HttpPost(url,
requestJson);
JObject returnJObject = JObject.Parse(returnjson);
if ((int)returnJObject["errcode"] != 0)
{
throw new Exception((string)returnJObject["errmsg"]);
}
JArray itemsArray = JArray.FromObject(returnJObject["data"]);
foreach (var item in itemsArray.Children())
{
JObject itemJObject = JObject.Parse(item.ToString());
ApprovalData data = new ApprovalData
{
apply_name = (string)itemJObject["apply_name"],
apply_org = (string)itemJObject["apply_org"],
apply_time = (int)itemJObject["apply_time"],
apply_user_id = (string)itemJObject["apply_user_id"],
sp_num = (ulong)itemJObject["sp_num"],
sp_status = (ApprovalStatus)(int)itemJObject["sp_status"],
spname = (string)itemJObject["spname"]
};
list.Add(data);
}
return(list);
}
private void Populate_AddApprovals(ApprovalData[] approval_data)
{
System.Web.UI.WebControls.BoundColumn colBound = new System.Web.UI.WebControls.BoundColumn();
colBound.DataField = "TITLE";
colBound.HeaderText = m_refMsg.GetMessage("user or group name title");
colBound.ItemStyle.Wrap = false;
colBound.ItemStyle.VerticalAlign = VerticalAlign.Top;
colBound.HeaderStyle.CssClass = "title-header";
AddApprovalsGrid.Columns.Add(colBound);
colBound = new System.Web.UI.WebControls.BoundColumn();
colBound.DataField = "ID";
colBound.HeaderText = m_refMsg.GetMessage("generic ID");
colBound.ItemStyle.VerticalAlign = VerticalAlign.Top;
colBound.HeaderStyle.CssClass = "title-header";
colBound.ItemStyle.Wrap = false;
AddApprovalsGrid.Columns.Add(colBound);
AddApprovalsGrid.BorderColor = System.Drawing.Color.White;
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new DataColumn("TITLE", typeof(string)));
dt.Columns.Add(new DataColumn("ID", typeof(string)));
bool bInherited = false;
if (ItemType == "folder")
{
bInherited = folder_data.Inherited;
}
else
{
bInherited = content_data.IsInherited;
}
int i;
if (!(approval_data == null))
{
for (i = 0; i <= approval_data.Length - 1; i++)
{
dr = dt.NewRow();
if (approval_data[i].UserId != 0)
{
dr[0] = "<a href=\"content.aspx?LangType=" + ContentLanguage + "&action=DoAddItemApproval&item_id=" + approval_data[i].UserId + "&base=user&id=" + m_intId + "&type=" + ItemType + "\" title=\"" + m_refMsg.GetMessage("alt add button text (user approvals)") + "\" OnClick=\"javascript:return CheckApprovalAddition(\'user\');\">";
dr[0] += "<img class=\"imgUsers\" src=\"" + m_refContentApi.AppPath + "images/UI/Icons/user.png\" align=\"absbottom\" alt=\"" + m_refMsg.GetMessage("alt add button text (user approvals)") + "\" title=\"" + m_refMsg.GetMessage("alt add button text (user approvals)") + "\"/>" + approval_data[i].DisplayUserName + "</a>";
dr[1] = approval_data[i].UserId;
}
else
{
if (approval_data[i].GroupId != 0)
{
dr[0] = "<a href=\"content.aspx?LangType=" + ContentLanguage + "&action=DoAddItemApproval&item_id=" + approval_data[i].GroupId + "&base=group&id=" + m_intId + "&type=" + ItemType + "\" title=\"" + m_refMsg.GetMessage("alt add button text (usergroup approvals)") + "\" OnClick=\"javascript:return CheckApprovalAddition(\'group\');\">";
dr[0] += "<img class=\"imgUsers\" src=\"" + m_refContentApi.AppPath + "images/UI/Icons/users.png\" align=\"absbottom\" alt=\"" + m_refMsg.GetMessage("alt add button text (usergroup approvals)") + "\" title=\"" + m_refMsg.GetMessage("alt add button text (usergroup approvals)") + "\"/>" + approval_data[i].DisplayUserGroupName + "</a>";
dr[1] = approval_data[i].GroupId;
}
}
dt.Rows.Add(dr);
}
}
DataView dv = new DataView(dt);
AddApprovalsGrid.DataSource = dv;
AddApprovalsGrid.DataBind();
}
public object Post(ApprovalResponse ApprovalResponse)
{
ApprovalData data = new ApprovalData();
data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
Request.Items.Add("Model", data);
data.Redirect = ApprovalResponse.redirect;
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
}
Uri redirectURI = null;
if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
(redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = redirectURI.ToString();
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
}
data.Owner = owner;
DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
data.Client = client;
List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();
string scope = "";
if (scopes != null)
{
scopes.ForEach((cur) => scope += cur.scope_name + " ");
}
data.RequestedScopes = scopes;
DataModels.Approval approval = new DataModels.Approval()
{
client_id = client.id,
resource_owner_id = owner.id,
type = DataModels.ApprovalTypes.user_granted,
scope = scope,
};
if (!ApprovalModel.AddOrUpdateApproval(approval))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
}
return(new HttpResult(data)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Location = ApprovalResponse.redirect
});
}
public void Save(string uid)
{
try
{
if (String.IsNullOrEmpty(uid))
{
throw new ArgumentNullException("uid", "User ID is required.");
}
Dictionary <string, string> ValErrors = Validate();
if (ValErrors.Count > 0)
{
throw new RequisitionNotValidException("Approval is not valid.", ValErrors);
}
Approval Original = null;
Enums.HistoryType ChangeType;
using (PurchasingContext Context = ContextHelper.GetDBContext())
{
ApprovalData Data;
if (ApprovalID > 0)
{
Data = Context.ApprovalDatas.FirstOrDefault(x => x.approval_id == ApprovalID);
Original = new Approval(Data);
ChangeType = Enums.HistoryType.UPDATE;
}
else
{
Data = new ApprovalData();
ChangeType = Enums.HistoryType.ADD;
Data.date_created = DateTime.Now;
Data.created_by = uid;
}
Data.object_type_name = ObjectTypeName;
Data.identifier = Identifier;
if (ApproverID > 0)
{
Data.approver_id = ApproverID;
}
else
{
Data.approver_id = null;
}
Data.approval_status_luid = ApprovalStatusLUID;
if (DateApproved == DateTime.MinValue)
{
Data.date_approved = null;
}
else
{
Data.date_approved = DateApproved;
}
if (DateNotified == DateTime.MinValue)
{
Data.date_notified = null;
}
else
{
Data.date_notified = DateNotified;
}
Data.organization_id = OrganizationID;
Data.active = Active;
Data.date_modified = DateTime.Now;
Data.modified_by = uid;
Data.approval_type_luid = ApprovalTypeLUID;
if (ApprovalID <= 0)
{
Context.ApprovalDatas.InsertOnSubmit(Data);
}
Context.SubmitChanges();
Load(Data);
}
SaveHistory(ChangeType, Original, uid);
}
catch (Exception ex)
{
throw new RequisitionNotValidException("An error has occurred while saving approval.", ex);
}
}
public Approval(ApprovalData data)
{
Load(data);
}
