bool HasAddPermissonByQuota() { return(ModuleSecurity.HasAddPermissonByQuota(DataSet.Tables[DataSetTableName.Fields], DataSet.Tables[DataSetTableName.Data], Settings.UserRecordQuota, ModuleContext.PortalSettings.UserInfo.GetSafeUsername())); }
public void EnsureActionButton() { var modSecurity = new ModuleSecurity(ModuleContext); var useButtons = Settings.UseButtonsInForm; if (Settings.OnlyFormIsShown) { var url = Globals.NavigateURL(ModuleContext.TabId); var title = Localization.GetString("BackToForm.Action", LocalResourceFile); ActionLink.NavigateUrl = url; ActionLink.Text = title; placeholderActions.Visible = useButtons; } else if (Settings.OnlyListIsShown && modSecurity.IsAllowedToAddRow() && SchemaIsDefined() && (modSecurity.IsAllowedToAdministrateModule() || HasAddPermissonByQuota())) { var url = ModuleContext.EditUrl(); var title = Localization.GetString(ModuleActionType.AddContent, LocalResourceFile); ActionLink.NavigateUrl = url; ActionLink.Text = title; placeholderActions.Visible = useButtons; } }
void SetEditLinksAndVisibilityBasedOnPermissions(DataSet ds) { if (User != null && TabId != Null.NullInteger) { //Provide a permission aware EditLink as an additional column to the dataset var security = new ModuleSecurity(ModuleId, TabId, Settings); var createdByColumnName = ColumnNameByDataType(ds, DataTypeNames.UDT_DataType_CreatedBy); ds.Tables[DataSetTableName.Data].Columns.Add(DataTableColumn.EditLink, typeof(string)); var urlPattern = EditUrlPattern ?? Globals.NavigateURL(TabId, "edit", "mid=" + ModuleId, DataTableColumn.RowId + "={0}"); foreach (DataRow row in ds.Tables[DataSetTableName.Data].Rows) { var rowCreatorUserName = row[createdByColumnName].ToString(); var isRowOwner = Convert.ToBoolean((rowCreatorUserName == User.Username) && rowCreatorUserName != Definition.NameOfAnonymousUser); if (security.IsAllowedToEditRow(isRowOwner)) { row[DataTableColumn.EditLink] = string.Format(urlPattern, row[DataTableColumn.RowId]); } } //Adjust visibility to actual permissions foreach (DataRow row in ds.Tables[DataSetTableName.Fields].Rows) { row[FieldsTableColumn.Visible] = Convert.ToBoolean(row[FieldsTableColumn.Visible]) || (security.IsAllowedToSeeAllUserDefinedColumns() && (DataType.ByName(row[FieldsTableColumn.Type].ToString()). IsUserDefinedField || Settings.ShowSystemColumns)); } } }
void CheckPermission(bool isUsersOwnItem = true) { var security = new ModuleSecurity(ModuleContext); if ( !((!IsNewRow && security.IsAllowedToEditRow(isUsersOwnItem)) || (IsNewRow && security.IsAllowedToAddRow() && (security.IsAllowedToAdministrateModule() || HasAddPermissonByQuota())))) { if (IsNested()) { cmdUpdate.Enabled = false; divForm.Visible = true; } else { Response.Redirect(Globals.NavigateURL(ModuleContext.TabId), true); } } else { _hasUpdatePermission = true; } _hasDeletePermission = Convert.ToBoolean(security.IsAllowedToDeleteRow(isUsersOwnItem) && !IsNewRow); cmdDelete.Visible = _hasDeletePermission; }
public void RaisePostBackEvent(string eventArgument) { var modSecurity = new ModuleSecurity(ModuleContext); if (eventArgument == "DeleteAll" && modSecurity.IsAllowedToAdministrateModule()) { UdtController.DeleteRows(); Response.Redirect(Globals.NavigateURL(ModuleContext.TabId), true); } }
void ShowModuleMessage(string message) { var moduleControl = GetModuleControl(); var modSecurity = new ModuleSecurity(ModuleContext); if (modSecurity.IsAllowedToAdministrateModule()) { UI.Skins.Skin.AddModuleMessage(moduleControl, message, ModuleMessage.ModuleMessageType.YellowWarning); } }
string GetFieldTitle() { var fieldTitle = txtFieldTitle.Text.Trim(); if (!ModuleSecurity.IsAdministrator()) { fieldTitle = new PortalSecurity().InputFilter(fieldTitle, PortalSecurity.FilterFlag.NoScripting); } return(fieldTitle); }
protected void Page_Load(object sender, EventArgs e) { try { ModuleSecurity ms = new ModuleSecurity(this.ModuleConfiguration); //secTestLabel.Visible = ms.HasPermission1; } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException(this, exc); } }
/// <summary> /// Checks if all/any of the permissions specified are available in the Session /// </summary> /// <param name="checkAll">if set to true, will check if all the specified permissions are available</param> /// <param name="module">Module Name</param> /// <param name="permissions">Permissions to check with</param> /// <returns></returns> public bool HasPermission(bool checkAll, SiteModule module, params ModulePermission[] permissions) { ModuleSecurity _moduleSecurity = GetModule(module); if (null == _moduleSecurity) { return(false); } else { return(_moduleSecurity.CheckPermission(checkAll, permissions)); } }
void Page_Load(object sender, EventArgs e) { if (Page.IsPostBack) { if (ViewState[Editor] != null) { Controls.Add( new LiteralControl("<span class=\"Normal\">" + ModuleSecurity.BestUserName(ViewState[Editor].ToString(), PortalId) + "</span>")); } } }
bool HasAddPermissonByQuota() { var userquota = Settings.UserRecordQuota; if (userquota > 0 && Request.IsAuthenticated) { var ds = UdtController.GetDataSet(false); return(ModuleSecurity.HasAddPermissonByQuota(ds.Tables[DataSetTableName.Fields], ds.Tables[DataSetTableName.Data], userquota, UserInfo.GetSafeUsername())); } return(true); }
public void EnsureActionButton() { var useButtons = Settings.UseButtonsInForm; var sec = new ModuleSecurity(ModuleId, TabId, Settings); if (sec.IsAllowedToViewList() && Settings.OnlyFormIsShown) { var url = Globals.NavigateURL(TabId, "", "show=records"); var title = Localization.GetString("List.Action", LocalResourceFile); cmdShowRecords.NavigateUrl = url; cmdShowRecords.Text = title; cmdShowRecords.Visible = useButtons; } }
protected override void OnLoad(EventArgs e) { GetSettings(this, EventArgs.Empty); GetTemplate(this, EventArgs.Empty); ApplySettings(); var moduleSecurity = new ModuleSecurity(ModuleContext.Configuration); if (!moduleSecurity.HasEditTemplatePermission) { Response.Redirect(Globals.NavigateURL("Access Denied")); } cancelHyperLink.NavigateUrl = Globals.NavigateURL(); }
void InitViews() { var sec = new ModuleSecurity(ModuleId, TabId, new Components.Settings(Settings)); switch (ModuleContext.Settings[SettingName.ListOrForm].AsString("Unknown")) { case "List": LoadControlByKey("List"); break; case "Form": if (Request.QueryString["show"].AsString() == "records" && sec.IsAllowedToViewList()) { LoadControlByKey("List"); } else { LoadControlByKey("Edit"); } break; case "FormAndList": LoadControlByKey("Edit"); if (sec.IsAllowedToViewList()) { LoadControlByKey("List"); } break; case "ListAndForm": if (sec.IsAllowedToViewList()) { LoadControlByKey("List"); } LoadControlByKey("Edit"); break; default: LoadControlByKey(IsNewModuleInstance() ? "TemplateList" : "List"); break; } }
void BuildEditForm() { var fieldSettingsTable = FieldSettingsController.GetFieldSettingsTable(ModuleId); var editForm = new List <FormColumnInfo>(); FormColumnInfo currentField; var security = new ModuleSecurity(ModuleContext); _editControls = new EditControls(ModuleContext); foreach (DataRow dr in Data.Tables[DataSetTableName.Fields].Rows) { var fieldTitle = dr[FieldsTableColumn.Title].AsString(); var dataTypeName = dr[FieldsTableColumn.Type].AsString(); var dataType = DataType.ByName(dataTypeName); var isColumnEditable = Convert.ToBoolean((!dataType.SupportsHideOnEdit || Convert.ToBoolean(dr[FieldsTableColumn.ShowOnEdit])) && (!Convert.ToBoolean(dr[FieldsTableColumn.IsPrivate]) || security.IsAllowedToEditAllColumns())); //If Column is hidden, the Fieldtype falls back to "String" as the related EditControl works perfect even if it is not visibile //EditControls of other user defined datatypes may use core controls (e.g. UrlControl or RTE) which are not rock solid regarding viewstate. if (!isColumnEditable && dataType.IsUserDefinedField) { dataTypeName = "String"; } currentField = new FormColumnInfo { IsUserDefinedField = dataType.IsUserDefinedField }; if (dataType.IsSeparator) { var fieldId = (int)dr[FieldsTableColumn.Id]; currentField.IsCollapsible = Data.Tables[DataSetTableName.FieldSettings].GetFieldSetting("IsCollapsible", fieldId).AsBoolean(); currentField.IsSeparator = true; if (dr[FieldsTableColumn.Visible].AsBoolean()) { currentField.Title = fieldTitle; } currentField.Visible = isColumnEditable; } else { currentField.Help = dr[FieldsTableColumn.HelpText].AsString(); currentField.Title = dr[FieldsTableColumn.Title].AsString(); currentField.Required = Convert.ToBoolean(dr[FieldsTableColumn.Required].AsBoolean() && dataType.IsUserDefinedField); //advanced Settings: Dynamic control currentField.EditControl = _editControls.Add(dr[FieldsTableColumn.Title].AsString(), dataTypeName, Convert.ToInt32(dr[FieldsTableColumn.Id]), dr[FieldsTableColumn.HelpText].AsString(), dr[FieldsTableColumn.Default].AsString(), dr[FieldsTableColumn.Required].AsBoolean(), dr[FieldsTableColumn.ValidationRule].AsString(), dr[FieldsTableColumn.ValidationMessage].AsString(), dr[FieldsTableColumn.EditStyle].AsString(), dr[FieldsTableColumn.InputSettings].AsString(), dr[FieldsTableColumn.OutputSettings].AsString(), dr[FieldsTableColumn.NormalizeFlag].AsBoolean(), dr[FieldsTableColumn.MultipleValues].AsBoolean(), fieldSettingsTable, this); currentField.Visible = isColumnEditable; } editForm.Add(currentField); } if (CaptchaNeeded()) { if (!Settings.PreferReCaptcha) { // use DnnCaptcha _ctlCaptcha = new CaptchaControl { ID = "Captcha", CaptchaWidth = Unit.Pixel(130), CaptchaHeight = Unit.Pixel(40), ToolTip = Localization.GetString("CaptchaToolTip", LocalResourceFile), ErrorMessage = Localization.GetString("CaptchaError", LocalResourceFile) }; currentField = new FormColumnInfo { Title = Localization.GetString("Captcha", LocalResourceFile), EditControl = _ctlCaptcha, Visible = true, IsUserDefinedField = false }; editForm.Add(currentField); } } var enableFormTemplate = Settings.EnableFormTemplate; var formTemplate = Settings.FormTemplate; if (enableFormTemplate && !string.IsNullOrEmpty(formTemplate)) { BuildTemplateForm(editForm, formTemplate); } else { BuildCssForm(editForm); } //Change captions of buttons in Form mode if (IsNewRow && Settings.ListOrForm.Contains("Form")) { cmdUpdate.Attributes["resourcekey"] = "cmdSend.Text"; } }
public override void RenderValuesToHtmlInsideDataSet(DataSet ds, int moduleId, bool noScript) { var colCreatedBy = new ArrayList(); var tableData = ds.Tables[DataSetTableName.Data]; var asLink = false; var openInNewWindow = false; var preferDisplayName = false; foreach (DataRow row in ds.Tables[DataSetTableName.Fields].Rows) { if (row[FieldsTableColumn.Type].ToString() == Name) { var fieldId = (int)row[FieldsTableColumn.Id]; asLink = GetFieldSetting("AsLink", fieldId, ds).AsBoolean( ); openInNewWindow = GetFieldSetting("OpenInNewWindow", fieldId, ds).AsBoolean(); preferDisplayName = GetFieldSetting("PreferDisplayName", fieldId, ds).AsBoolean(); var title = row[FieldsTableColumn.Title].ToString(); colCreatedBy.Add(title); tableData.Columns.Add(new DataColumn(title + DataTableColumn.Appendix_Original, typeof(string))); tableData.Columns.Add(new DataColumn(title + DataTableColumn.Appendix_Caption, typeof(string))); tableData.Columns.Add(new DataColumn(title + DataTableColumn.Appendix_Url, typeof(string))); } } if (colCreatedBy.Count > 0) { var portalId = Null.NullInteger; var tabId = Null.NullInteger; if (HttpContext.Current != null) { var portalSettings = PortalController.Instance.GetCurrentPortalSettings(); portalId = portalSettings.PortalId; tabId = portalSettings.ActiveTab.TabID; } foreach (DataRow row in tableData.Rows) { foreach (string fieldName in colCreatedBy) { var strCreatedBy = row[fieldName].ToString(); var strCaption = strCreatedBy; var strUrl = string.Empty; if (!preferDisplayName) { strCaption = ModuleSecurity.BestUserName(strCreatedBy, portalId); } if (asLink) { var userId = ModuleSecurity.UserId(strCreatedBy, portalId); if (userId > 0) { strUrl = HttpUtility.HtmlEncode(Globals.LinkClick(("userid=" + userId), tabId, moduleId)); } } string strFieldvalue; if (asLink && strUrl != string.Empty) { strFieldvalue = string.Format("<!--{1}--><a href=\"{0}\"{2}>{1}</a>", strUrl, strCaption, (openInNewWindow ? " target=\"_blank\"" : "")); } else { strFieldvalue = strCaption; } row[fieldName] = strFieldvalue; row[fieldName + DataTableColumn.Appendix_Original] = strCreatedBy; row[fieldName + DataTableColumn.Appendix_Caption] = strCaption; if (strUrl != string.Empty) { row[fieldName + DataTableColumn.Appendix_Url] = strUrl; } } } } }
/// <summary> /// Gets allowed premission for currently logged in user. /// </summary> public void AddPermission(ModuleSecurity moduleSecurity) { _permissions.Add(moduleSecurity); }
protected void Page_Load(object sender, EventArgs e) { try { LocalizePage(); if (!IsPostBack) { //on initial pageload get SurveyId from DNN module settings; if null int 0 is returned; SurveyControl.SurveyId = SurveyID(); ModuleSecurity ms = new ModuleSecurity(this.ModuleConfiguration); if (ms.HasPermission2 && UserID() != 0) { ShowSurveyDDL(); SurveyControl.Visible = false; } else { if (SurveyID() >= 1) { SurveyControl.Visible = true; Votations.NSurvey.SQLServerDAL.SurveyLayout u = new Votations.NSurvey.SQLServerDAL.SurveyLayout(); _userSettings = u.SurveyLayoutGet(SurveyControl.SurveyId); if (!(_userSettings == null || _userSettings.SurveyLayout.Count == 0)) { if (!string.IsNullOrEmpty(_userSettings.SurveyLayout[0].SurveyCss)) { string cssurl = ResolveUrl("Css/" + SurveyControl.SurveyId.ToString() + "/" + _userSettings.SurveyLayout[0].SurveyCss); defaultCSS.InnerHtml = "@import url(\"" + cssurl + "\");"; } } else { string alt2css = ResolveUrl("Css/surveymobile.css"); defaultCSS.InnerHtml = "@import url(\"" + alt2css + "\");"; } } else { //test: SurveyControl.SurveyId = 0; SurveyControl.Visible = false; } } } //Votations.NSurvey.SQLServerDAL.SurveyLayout u = new Votations.NSurvey.SQLServerDAL.SurveyLayout(); ////_userSettings = u.SurveyLayoutGet(((PageBase)Page).getSurveyId()); ////test set surveyid to 1 //_userSettings = u.SurveyLayoutGet(SurveyControl.SurveyId); //if (!(_userSettings == null || _userSettings.SurveyLayout.Count == 0)) //{ // if (!string.IsNullOrEmpty(_userSettings.SurveyLayout[0].SurveyCss)) // { // defaultCSS.InnerHtml = "@import url(\"desktopmodules/surveybox/Css/" + SurveyControl.SurveyId.ToString() + "/" + _userSettings.SurveyLayout[0].SurveyCss + "\")"; // } //} //Used if surveyid is taken from DNN module settings // should depend on module permissions //SurveyControl.SurveyId = SurveyID(); } catch (Exception exc) //Module failed to load { Exceptions.ProcessModuleLoadException("ErrorDetails:" + exc.StackTrace + "& Inner:" + exc.GetBaseException(), this, exc, true); } }
/// ----------------------------------------------------------------------------- /// <summary> /// Implements the search interface for DotNetNuke /// </summary> /// ----------------------------------------------------------------------------- public SearchItemInfoCollection GetSearchItems(ModuleInfo modInfo) { var searchItemCollection = new SearchItemInfoCollection(); var udtController = new UserDefinedTableController(modInfo); try { var dsUserDefinedRows = udtController.GetDataSet(withPreRenderedValues: false); //Get names of ChangedBy and ChangedAt columns var colnameChangedBy = udtController.ColumnNameByDataType(dsUserDefinedRows, DataTypeNames.UDT_DataType_ChangedBy); var colnameChangedAt = udtController.ColumnNameByDataType(dsUserDefinedRows, DataTypeNames.UDT_DataType_ChangedAt); var moduleController = new ModuleController(); var settings = moduleController.GetModuleSettings(modInfo.ModuleID); var includeInSearch = !(settings[SettingName.ExcludeFromSearch].AsBoolean()); if (includeInSearch) { foreach (DataRow row in dsUserDefinedRows.Tables[DataSetTableName.Data].Rows) { var changedDate = DateTime.Today; var changedByUserId = 0; if (colnameChangedAt != string.Empty && !Information.IsDBNull(row[colnameChangedAt])) { changedDate = Convert.ToDateTime(row[colnameChangedAt]); } if (colnameChangedBy != string.Empty && !Information.IsDBNull(row[colnameChangedBy])) { changedByUserId = ModuleSecurity.UserId(row[colnameChangedBy].ToString(), modInfo.PortalID); } var desc = string.Empty; foreach (DataRow col in dsUserDefinedRows.Tables[DataSetTableName.Fields].Rows) { var fieldType = col[FieldsTableColumn.Type].ToString(); var fieldTitle = col[FieldsTableColumn.Title].ToString(); var visible = Convert.ToBoolean(col[FieldsTableColumn.Visible]); if (visible && (fieldType.StartsWith("Text") || fieldType == DataTypeNames.UDT_DataType_String)) { desc += string.Format("{0} • ", Convert.ToString(row[fieldTitle])); } } if (desc.EndsWith("<br/>")) { desc = desc.Substring(0, Convert.ToInt32(desc.Length - 5)); } var searchItem = new SearchItemInfo(modInfo.ModuleTitle, desc, changedByUserId, changedDate, modInfo.ModuleID, row[DataTableColumn.RowId].ToString(), desc); searchItemCollection.Add(searchItem); } } } catch (Exception ex) { Exceptions.LogException(ex); } return(searchItemCollection); }
/// ----------------------------------------------------------------------------- /// <summary> /// Provides a list of context variables for XML output /// </summary> /// <returns>DataTable with all context variables</returns> /// ----------------------------------------------------------------------------- public DataTable Context(ModuleInfo moduleInfo, UserInfo userInfo, string searchInput, string orderBy, string orderDirection, string paging) { var request = HttpContext.Current.Request; orderBy = orderBy.AsString("UserDefinedRowId"); orderDirection = orderDirection.AsString("ascending"); var contextTable = new DataTable("Context"); contextTable.Columns.Add("ModuleId", typeof(int)); contextTable.Columns.Add("TabId", typeof(int)); contextTable.Columns.Add("TabName", typeof(string)); contextTable.Columns.Add("PortalId", typeof(int)); contextTable.Columns.Add("UserName", typeof(string)); contextTable.Columns.Add("BestUserName", typeof(string)); //obsolete, please use DisplayName contextTable.Columns.Add("DisplayName", typeof(string)); contextTable.Columns.Add("ApplicationPath", typeof(string)); contextTable.Columns.Add("HomePath", typeof(string)); contextTable.Columns.Add("UserRoles", typeof(string)); contextTable.Columns.Add("IsAdministratorRole", typeof(bool)); contextTable.Columns.Add("Parameter", typeof(string)); contextTable.Columns.Add("OrderBy", typeof(string)); contextTable.Columns.Add("OrderDirection", typeof(string)); contextTable.Columns.Add("CurrentCulture", typeof(string)); contextTable.Columns.Add("LocalizedString_Search", typeof(string)); contextTable.Columns.Add("LocalizedString_Page", typeof(string)); contextTable.Columns.Add("LocalizedString_Of", typeof(string)); contextTable.Columns.Add("LocalizedString_First", typeof(string)); contextTable.Columns.Add("LocalizedString_Previous", typeof(string)); contextTable.Columns.Add("LocalizedString_Next", typeof(string)); contextTable.Columns.Add("LocalizedString_Last", typeof(string)); contextTable.Columns.Add("NowInTicks", typeof(long)); contextTable.Columns.Add("TodayInTicks", typeof(long)); contextTable.Columns.Add("TicksPerDay", typeof(long)); contextTable.Columns.Add("LocalizedDate", typeof(string)); contextTable.Columns.Add("Now", typeof(DateTime)); if (paging != string.Empty) { contextTable.Columns.Add("Paging", typeof(int)); } var row = contextTable.NewRow(); row["ModuleId"] = moduleInfo.ModuleID; row["TabId"] = moduleInfo.TabID; row["TabName"] = moduleInfo.ParentTab.TabName; row["PortalId"] = moduleInfo.PortalID; // null username handled by extension method row["DisplayName"] = userInfo.GetSafeDisplayname(); row["UserName"] = userInfo.GetSafeUsername(); row["BestUserName"] = row["DisplayName"]; var portalSettings = Globals.GetPortalSettings(); row["HomePath"] = portalSettings.HomeDirectory; row["ApplicationPath"] = request.ApplicationPath == "/" ? "" : request.ApplicationPath; row["UserRoles"] = ModuleSecurity.RoleNames(userInfo); if (ModuleSecurity.IsAdministrator()) { row["IsAdministratorRole"] = true; } row["Parameter"] = searchInput; row["OrderBy"] = orderBy; row["OrderDirection"] = orderDirection == "DESC" ? "descending" : "ascending"; row["CurrentCulture"] = new Localization().CurrentCulture; if (paging != string.Empty) { row["Paging"] = int.Parse(paging); } row["LocalizedString_Search"] = Localization.GetString("Search.Text", Definition.SharedRessources); row["LocalizedString_Page"] = Localization.GetString("PagingPage.Text", Definition.SharedRessources); row["LocalizedString_of"] = Localization.GetString("PagingOf.Text", Definition.SharedRessources); row["LocalizedString_First"] = Localization.GetString("PagingFirst.Text", Definition.SharedRessources); row["LocalizedString_Previous"] = Localization.GetString("PagingPrevious.Text", Definition.SharedRessources); row["LocalizedString_Next"] = Localization.GetString("PagingNext.Text", Definition.SharedRessources); row["LocalizedString_Last"] = Localization.GetString("PagingLast.Text", Definition.SharedRessources); var d = DateUtils.GetDatabaseTime(); var timeZone = userInfo.Username != null ? userInfo.Profile.PreferredTimeZone : portalSettings.TimeZone; d = TimeZoneInfo.ConvertTimeFromUtc(d, timeZone); row["Now"] = d; row["LocalizedDate"] = d.ToString("g", Thread.CurrentThread.CurrentCulture); row["NowInTicks"] = d.Ticks; row["TodayInTicks"] = d.Date.Ticks; row["TicksPerDay"] = TimeSpan.TicksPerDay; contextTable.Rows.Add(row); return(contextTable); }