public static LoginResult AttemptLogin(IOwinContext owinContext, string username, string password)
{
LoginResult result = new LoginResult();
bool authenticated = check_password(username, password);
if (authenticated)
{
SQLString sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = DbUtil.get_datarow(sql);
if (dr != null)
{
Security.SignIn(owinContext, username);
result.Success = true;
result.ErrorMessage = string.Empty;
}
else
{
// How could this happen? If someday the authentication
// method uses, say LDAP, then check_password could return
// true, even though there's no user in the database";
result.Success = false;
result.ErrorMessage = "User not found in database";
}
}
else
{
result.Success = false;
result.ErrorMessage = "Invalid User or Password.";
}
return result;
}
public static int get_bugid_from_subject(ref string subject)
{
int bugid = 0;
// Try to parse out the bugid from the subject line
string bugidString = Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:");
int pos = subject.IndexOf(bugidString);
if (pos >= 0)
{
// position of colon
pos = subject.IndexOf(":", pos);
pos++;
// position of close paren
int pos2 = subject.IndexOf(")", pos);
if (pos2 > pos)
{
string bugid_string_temp = subject.Substring(pos, pos2 - pos);
if (Util.is_int(bugid_string_temp))
{
bugid = Convert.ToInt32(bugid_string_temp);
}
}
}
// maybe a deleted bug?
if (bugid != 0)
{
var sql = new SQLString("select count(1) from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", Convert.ToString(bugid));
int bug_count = (int)btnet.DbUtil.execute_scalar(sql);
if (bug_count != 1)
{
subject = subject.Replace(bugidString, "WAS #:");
bugid = 0;
}
}
return bugid;
}
///////////////////////////////////////////////////////////////////////
public static DataRow get_user_datarow_maybe_using_from_addr(Message message, string from_addr, string username)
{
DataRow dr = null;
var sql = new SQLString( @"
select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project
from users
inner join orgs on us_org = og_id
where us_username = @us");
// Create a new user from the "from" email address
string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", "");
if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username)
{
from_addr = get_from_addr(message);
// See if there's already a username that matches this email address
username = Email.simplify_email_address(from_addr);
// Does a user with this email already exist?
sql = sql.AddParameterWithValue("us", username);
// We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user
dr = btnet.DbUtil.get_datarow(sql);
// We didn't find the user, so let's create him, using the email address as the username.
if (dr == null)
{
bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1";
btnet.User.copy_user(
username,
username,
"", "", "", // first, last, signature
0, // salt
Guid.NewGuid().ToString(), // random value for password,
Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"),
use_domain_as_org_name);
// now that we have created a user, try again
dr = btnet.DbUtil.get_datarow(sql);
}
}
else
{
// Use the btnet_service.exe user as the username
sql = sql.AddParameterWithValue("$us", username.Replace("'", "''"));
dr = btnet.DbUtil.get_datarow(sql);
}
return dr;
}
public IHttpActionResult Post([FromBody] BugFromEmail bugFromEmail)
{
if (bugFromEmail != null && ModelState.IsValid)
{
if (bugFromEmail.ShortDescription == null)
{
bugFromEmail.ShortDescription = "";
}
else if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
Message mimeMessage = null;
if (!string.IsNullOrEmpty(bugFromEmail.Message))
{
mimeMessage = Mime.GetMimeMessage(bugFromEmail.Message);
bugFromEmail.Comment = Mime.get_comment(mimeMessage);
string headers = Mime.get_headers_for_comment(mimeMessage);
if (headers != "")
{
bugFromEmail.Comment = string.Format("{0}{1}{2}", headers, Environment.NewLine, bugFromEmail.Comment);
}
bugFromEmail.FromAddress = Mime.get_from_addr(mimeMessage);
}
else
{
if (bugFromEmail.Comment == null)
{
bugFromEmail.Comment = string.Empty;
}
}
// Even though btnet_service.exe has already parsed out the bugid,
// we can do a better job here with SharpMimeTools.dll
string subject = "";
if (mimeMessage != null)
{
subject = Mime.get_subject(mimeMessage);
if (subject != "[No Subject]")
{
bugFromEmail.BugId = Mime.get_bugid_from_subject(ref subject);
}
bugFromEmail.CcAddress = Mime.get_cc(mimeMessage);
}
SQLString sql;
if (bugFromEmail.BugId != 0)
{
// Check if the bug is still in the database
// No comment can be added to merged or deleted bugids
// In this case a new bug is created, this to prevent possible loss of information
sql = new SQLString(@"select count(bg_id)
from bugs
where bg_id = @id");
sql = sql.AddParameterWithValue("id", Convert.ToString(bugFromEmail.BugId));
if (Convert.ToInt32(DbUtil.execute_scalar(sql)) == 0)
{
bugFromEmail.BugId = 0;
}
}
// Either insert a new bug or append a commment to existing bug
// based on presence, absence of bugid
if (bugFromEmail.BugId == 0)
{
// insert a new bug
if (mimeMessage != null)
{
// in case somebody is replying to a bug that has been deleted or merged
subject = subject.Replace(Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"), "PREVIOUS:");
bugFromEmail.ShortDescription = subject;
if (bugFromEmail.ShortDescription.Length > 200)
{
bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200);
}
}
DataRow defaults = Bug.get_bug_defaults();
// If you didn't set these from the query string, we'll give them default values
if (!bugFromEmail.ProjectId.HasValue || bugFromEmail.ProjectId == 0) { bugFromEmail.ProjectId = (int)defaults["pj"]; }
bugFromEmail.OrganizationId = bugFromEmail.OrganizationId ?? User.Identity.GetOrganizationId();
bugFromEmail.CategoryId = bugFromEmail.CategoryId ?? (int)defaults["ct"];
bugFromEmail.PriorityId = bugFromEmail.PriorityId ?? (int)defaults["pr"];
bugFromEmail.StatusId = bugFromEmail.StatusId ?? (int)defaults["st"];
bugFromEmail.UdfId = bugFromEmail.UdfId ?? (int)defaults["udf"];
// but forced project always wins
if (User.Identity.GetForcedProjectId() != 0)
{
bugFromEmail.ProjectId = User.Identity.GetForcedProjectId();
}
Bug.NewIds newIds = Bug.insert_bug(
bugFromEmail.ShortDescription,
User.Identity,
"", // tags
bugFromEmail.ProjectId.Value,
bugFromEmail.OrganizationId.Value,
bugFromEmail.CategoryId.Value,
bugFromEmail.PriorityId.Value,
bugFromEmail.StatusId.Value,
bugFromEmail.AssignedTo ?? 0,
bugFromEmail.UdfId.Value,
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false, // internal only
null, // custom columns
false); // suppress notifications for now - wait till after the attachments
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, newIds.bugid, newIds.postid, User.Identity);
Email.auto_reply(newIds.bugid, bugFromEmail.FromAddress, bugFromEmail.ShortDescription, bugFromEmail.ProjectId.Value);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
newIds.bugid,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
// your customizations
Bug.apply_post_insert_rules(newIds.bugid);
Bug.send_notifications(Bug.INSERT, newIds.bugid, User.Identity);
WhatsNew.add_news(newIds.bugid, bugFromEmail.ShortDescription, "added", User.Identity);
return Ok(newIds.bugid);
}
else // update existing bug
{
string statusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0");
if (statusResultingFromIncomingEmail != "0")
{
sql = new SQLString(@"update bugs
set bg_status = @st
where bg_id = @bg
");
sql = sql.AddParameterWithValue("st", statusResultingFromIncomingEmail);
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DbUtil.execute_nonquery(sql);
}
sql = new SQLString("select bg_short_desc from bugs where bg_id = @bg");
sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId);
DataRow dr2 = DbUtil.get_datarow(sql);
// Add a comment to existing bug.
int postid = Bug.insert_comment(
bugFromEmail.BugId,
User.Identity.GetUserId(), // (int) dr["us_id"],
bugFromEmail.Comment,
bugFromEmail.Comment,
bugFromEmail.FromAddress,
bugFromEmail.CcAddress,
"text/plain",
false); // internal only
if (mimeMessage != null)
{
Mime.add_attachments(mimeMessage, bugFromEmail.BugId, postid, User.Identity);
}
else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0)
{
Stream stream = new MemoryStream(bugFromEmail.Attachment);
Bug.insert_post_attachment(
User.Identity,
bugFromEmail.BugId,
stream,
bugFromEmail.Attachment.Length,
bugFromEmail.AttachmentFileName ?? string.Empty,
bugFromEmail.AttachmentDescription ?? string.Empty,
bugFromEmail.AttachmentContentType ?? string.Empty,
-1, // parent
false, // internal_only
false); // don't send notification yet
}
Bug.send_notifications(Bug.UPDATE, bugFromEmail.BugId, User.Identity);
WhatsNew.add_news(bugFromEmail.BugId, (string)dr2["bg_short_desc"], "updated", User.Identity);
return Ok(bugFromEmail.BugId);
}
}
else
{
return BadRequest(ModelState);
}
}
public static bool check_password(string username, string password)
{
var sql = new SQLString(@"
select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active
from users
where us_username = @username");
sql = sql.AddParameterWithValue("username", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
if (dr == null)
{
Util.write_to_log("Unknown user " + username + " attempted to login.");
return false;
}
int us_active = (int)dr["us_active"];
if (us_active == 0)
{
Util.write_to_log("Inactive user " + username + " attempted to login.");
return false;
}
bool authenticated = false;
LinkedList<DateTime> failed_attempts = null;
// Too many failed attempts?
// We'll only allow N in the last N minutes.
failed_attempts = (LinkedList<DateTime>)HttpRuntime.Cache[username];
if (failed_attempts != null)
{
// Don't count attempts older than N minutes ago.
int minutes_ago = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsMinutes", "10"));
int failed_attempts_allowed = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsAllowed", "10"));
DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago);
while (true)
{
if (failed_attempts.Count > 0)
{
if (failed_attempts.First.Value < n_minutes_ago)
{
Util.write_to_log("removing stale failed attempt for " + username);
failed_attempts.RemoveFirst();
}
else
{
break;
}
}
else
{
break;
}
}
// how many failed attempts in last N minutes?
Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count));
if (failed_attempts.Count > failed_attempts_allowed)
{
Util.write_to_log("Too many failed login attempts in too short a time period: " + username);
return false;
}
// Save the list of attempts
HttpRuntime.Cache[username] = failed_attempts;
}
if (btnet.Util.get_setting("AuthenticateUsingLdap", "0") == "1")
{
authenticated = check_password_with_ldap(username, password);
}
else
{
authenticated = check_password_with_db(username, password, dr);
}
if (authenticated)
{
// clear list of failed attempts
if (failed_attempts != null)
{
failed_attempts.Clear();
HttpRuntime.Cache[username] = failed_attempts;
}
btnet.Util.update_most_recent_login_datetime((int)dr["us_id"]);
return true;
}
else
{
if (failed_attempts == null)
{
failed_attempts = new LinkedList<DateTime>();
}
// Record a failed login attempt.
failed_attempts.AddLast(DateTime.Now);
HttpRuntime.Cache[username] = failed_attempts;
return false;
}
}
public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid)
{
string auto_reply_text = Util.get_setting("AutoReplyText", "");
if (auto_reply_text == "")
return;
auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid));
var sql = new SQLString(@"select
pj_pop3_email_from
from projects
where pj_id = @pj");
sql = sql.AddParameterWithValue("pj", Convert.ToString(projectid));
object project_email = btnet.DbUtil.execute_scalar(sql);
if (project_email == null)
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
string project_email_string = Convert.ToString(project_email);
if (project_email_string == "")
{
btnet.Util.write_to_log("skipping auto reply because project email is blank");
return;
}
// To avoid an infinite loop of replying to emails and then having to reply to the replies!
if (project_email_string.ToLower() == from_addr.ToLower())
{
btnet.Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string);
return;
}
string outgoing_subject = short_desc + " ("
+ Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:")
+ Convert.ToString(bugid) + ")";
bool use_html_format = (btnet.Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1");
// commas cause trouble
string cleaner_from_addr = from_addr.Replace(",", " ");
Email.send_email(// 4 args
cleaner_from_addr, // we are responding TO the address we just received email FROM
project_email_string,
"", // cc
outgoing_subject,
auto_reply_text,
use_html_format ? MailFormat.Html : MailFormat.Text);
}
private IEnumerable<IHit<object>> GetHitsFilteredBySecurity(ISearchResponse<object> response, IIdentity identity)
{
//NOTE: The search response will contain all bugs, but the current user might not have access to some of the bugs in the search response.
// This method filters the list of hits based on the list of bugs that the user has access to in the system.
// This is not an optimal solution but was considered the best approach given the current security filtering approach in bug tracker
//TODO: Change this once the security approach has been redesigned.
var sql = new SQLString(@"SELECT bg_id FROM bugs WHERE $ALTER_HERE");
sql = Util.alter_sql_per_project_permissions(sql, identity);
DataSet ds = DbUtil.get_dataset(sql);
HashSet<int> visibleBugIds = new HashSet<int>(
ds.Tables[0].AsEnumerable().Select(d => Convert.ToInt32(d["bg_id"])).ToArray());
return response.Hits.Where(h => visibleBugIds.Contains(Convert.ToInt32(h.Id)));
}
public static ClaimsIdentity GetIdentity(string username)
{
SQLString sql = new SQLString(@"
select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups,
u.us_use_fckeditor, u.us_forced_project, u.us_email,
org.*,
isnull(u.us_forced_project, 0 ) us_forced_project,
proj.pu_permission_level,
isnull(proj.pu_admin, 0) pu_admin,
u.us_admin
from users u
inner join orgs org
on u.us_org = org.og_id
left outer join project_user_xref proj
on proj.pu_project = u.us_forced_project
and proj.pu_user = u.us_id
where us_username = @us and u.us_active = 1");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"];
var claims = new List<Claim>
{
new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])),
new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])),
new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])),
new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])),
new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)),
new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["og_can_only_see_own_reported"] == 1)),
new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int) dr["og_can_use_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int) dr["og_can_edit_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int) dr["og_can_delete_bug"] == 1)),
new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int) dr["og_can_merge_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int) dr["og_can_mass_edit_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int) dr["og_can_assign_to_internal_users"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int) dr["og_can_edit_tasks"] == 1)),
new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int) dr["og_can_view_tasks"] == 1)),
new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])),
new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])),
new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])),
new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])),
new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])),
new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])),
new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])),
new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int) dr["og_can_search"] == 1)),
new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int) dr["og_external_user"] == 1)),
new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int) dr["us_use_fckeditor"] == 1))
};
bool canAdd = true;
int permssionLevel = dr["pu_permission_level"] == DBNull.Value
? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2"))
: (int)dr["pu_permission_level"];
// if user is forced to a specific project, and doesn't have
// at least reporter permission on that project, than user
// can't add bugs
int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"];
if (forcedProjectId != 0)
{
if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None)
{
canAdd = false;
}
}
claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd)));
claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId)));
int tagsPermissionLevel;
if (Util.get_setting("EnableTags", "0") == "1")
{
tagsPermissionLevel = (int)dr["og_tags_field_permission_level"];
}
else
{
tagsPermissionLevel = PermissionLevel.None;
}
claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel)));
if ((int)dr["us_admin"] == 1)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin));
}
else
{
if ((int)dr["project_admin"] > 0)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin));
}
}
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User));
return new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role);
}
/// <summary>
/// Index of re-index the bug matching the specified id
/// </summary>
/// <param name="bugId">The id of the bug to index</param>
public void IndexBug(int bugId)
{
try
{
Util.write_to_log("started updating search index");
var sql = new SQLString(@"
select bg_id,
isnull(bg_tags,'') tags,
bg_reported_date,
isnull(st_name,'') status,
bg_short_desc as [desc]
from bugs
left outer join statuses on st_id = bg_status
where bg_id = @bugid");
sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugId));
DataRow bugRow = DbUtil.get_datarow(sql);
sql = new SQLString(@"
select bp_id,
isnull(bp_comment_search,bp_comment) [text] ,
bp_date
from bug_posts
where bp_type <> 'update'
and bp_hidden_from_external_users = 0
and bp_bug = @bugId");
sql.AddParameterWithValue("bugId", bugId.ToString());
DataSet bugPosts = DbUtil.get_dataset(sql);
IndexBug(bugRow, bugPosts.Tables[0]);
Util.write_to_log("done updating search index");
}
catch (Exception e)
{
Util.write_to_log("exception updating search index: " + e.Message);
Util.write_to_log(e.StackTrace);
}
}
public static ClaimsIdentity GetIdentity(string username)
{
SQLString sql = new SQLString(@"
select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups,
u.us_use_fckeditor, u.us_forced_project, u.us_email,
org.*,
isnull(u.us_forced_project, 0 ) us_forced_project,
proj.pu_permission_level,
isnull(proj.pu_admin, 0) pu_admin,
u.us_admin
from users u
inner join orgs org
on u.us_org = org.og_id
left outer join project_user_xref proj
on proj.pu_project = u.us_forced_project
and proj.pu_user = u.us_id
where us_username = @us and u.us_active = 1");
sql = sql.AddParameterWithValue("us", username);
DataRow dr = btnet.DbUtil.get_datarow(sql);
var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"];
var claims = new List <Claim>
{
new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])),
new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])),
new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])),
new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])),
new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)),
new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["og_can_only_see_own_reported"] == 1)),
new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int)dr["og_can_use_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int)dr["og_can_edit_reports"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int)dr["og_can_delete_bug"] == 1)),
new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int)dr["og_can_merge_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int)dr["og_can_mass_edit_bugs"] == 1)),
new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int)dr["og_can_assign_to_internal_users"] == 1)),
new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)),
new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int)dr["og_can_edit_tasks"] == 1)),
new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int)dr["og_can_view_tasks"] == 1)),
new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])),
new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])),
new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])),
new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])),
new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])),
new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])),
new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])),
new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])),
new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)),
new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int)dr["og_can_search"] == 1)),
new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int)dr["og_external_user"] == 1)),
new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int)dr["us_use_fckeditor"] == 1))
};
bool canAdd = true;
int permssionLevel = dr["pu_permission_level"] == DBNull.Value
? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2"))
: (int)dr["pu_permission_level"];
// if user is forced to a specific project, and doesn't have
// at least reporter permission on that project, than user
// can't add bugs
int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"];
if (forcedProjectId != 0)
{
if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None)
{
canAdd = false;
}
}
claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd)));
claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId)));
int tagsPermissionLevel;
if (Util.get_setting("EnableTags", "0") == "1")
{
tagsPermissionLevel = (int)dr["og_tags_field_permission_level"];
}
else
{
tagsPermissionLevel = PermissionLevel.None;
}
claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel)));
if ((int)dr["us_admin"] == 1)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin));
}
else
{
if ((int)dr["project_admin"] > 0)
{
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin));
}
}
claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User));
return(new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role));
}
/*根据员工编号和员工登陆密码判断登陆信息是否正确*/
public bool CheckLogin(string username, string password)
{
string sqlString = "select * from [employeeInfo] where employeeNo=" + SQLString.GetQuotedString(username);
DataSet employeeInfoDs = DBOperation.GetDataSet(DBOperation.CONN_STRING_NON_DTC, CommandType.Text, sqlString, null);
if (employeeInfoDs.Tables[0].Rows.Count == 0)
{
this.errMessage = "对不起,不存在该员工的帐号信息!";
return(false);
}
else
{
if (employeeInfoDs.Tables[0].Rows[0]["employeePassword"].ToString() != password)
{
this.errMessage = "对不起,员工的密码不正确!";
return(false);
}
}
return(true);
}
protected void btSaveNew_Click(object sender, EventArgs e)
{
//建立QID
DataReceiver myReceiver = new DataReceiver();
strQID = strUserID + "_Q_" + myReceiver.getNowTime();
System.Threading.Thread.Sleep(1000);
strAID = strUserID + "_A_" + myReceiver.getNowTime();
//儲存題目
clsTextQuestion myText = new clsTextQuestion();
string strQTextContent = txtQuestionData.Text;
string strATextContent = txtAnswerData.Text;
strQTextContent = strQTextContent.Replace("<", "<");
strQTextContent = strQTextContent.Replace(">", ">");
strATextContent = strATextContent.Replace("<", "<");
strATextContent = strATextContent.Replace(">", ">");
myText.saveQuestionAnswer(strQID, strAID, strQTextContent, strATextContent, strUserID, strPaperID, strGroupDivisionID, strGroupID, hiddenQuestionMode.Value);
//儲存問題難易度
int iQuestionLevel = AuthoringTool.QuestionEditLevel.QuestionLevel.QuestionLevelName_SELECT_QuestionLevel(ddlQuestionLevel.SelectedValue);
AuthoringTool.QuestionEditLevel.QuestionLevel.INSERT_QuestionLevel(strQID, iQuestionLevel);
//儲存問題的病徵
AuthoringTool.QuestionEditLevel.QuestionLevel.QuestionLevel_INSERT_QuestionSymptoms(strQID, ddlSymptoms.SelectedValue);
//如果是Specific題目則需儲存一筆資料至Paper_Content
if (hiddenQuestionMode.Value == "Specific")
{
int intContentSeq = myReceiver.getPaperContentMaxSeq(strPaperID) + 1;
SQLString mySQL = new SQLString();
mySQL.SaveToQuestionContent(strPaperID, strQID, "0", "2", hiddenQuestionMode.Value, intContentSeq.ToString());
}
//若從編輯考卷來,直接將問題新增至考卷裡 蕭凱 2014/3/25
if (hiddenPreOpener.Value == "SelectPaperMode" && hiddenQuestionMode.Value != "Specific")
{
SQLString mySQL = new SQLString();
//取得考卷題數
string strSeq = Convert.ToString(myReceiver.getPaperContentMaxSeq(strPaperID) + 1);
mySQL.SaveToQuestionContent(strPaperID, strQID, "0", "2", "General", strSeq);
Session.Remove("PreOpener");
}
//Redirect至下一個網頁
string strSystemFunction = "";
if (Session["SystemFunction"] != null)
{
strSystemFunction = Session["SystemFunction"].ToString();
}
switch (strSystemFunction)
{
case "EditPaper":
Response.Redirect("Paper_OtherQuestion.aspx?Opener=Paper_TextQuestionEditor");
break;
case "EditQuestion":
if (Request.QueryString["QID"] != null)
{
Response.Redirect("Paper_QuestionViewNew.aspx?Opener=Paper_TextQuestionEditor");
}
else
{
Response.Redirect("Paper_QuestionMain.aspx?Opener=Paper_TextQuestionEditor");
}
break;
case "PreviewPaper":
if (hiddenPreOpener.Value == "SelectPaperMode")
{
Response.Redirect("Paper_MainPage.aspx?Opener=SelectPaperMode&cCaseID=" + strCaseID + "&cSectionName=" + strSectionName + "&cPaperID=" + strPaperID);
}
else
{
Response.Redirect("Paper_MainPage.aspx?Opener=Paper_TextQuestionEditor");
}
break;
default:
Response.Redirect("Paper_QuestionMain.aspx?Opener=Paper_TextQuestionEditor");
break;
}
}
/// <summary>
/// 接收參數
/// </summary>
private void getParametor()
{
//UserID
if (Session["UserID"] != null)
{
strUserID = Session["UserID"].ToString();
}
//strUserID = "swakevin";
//CaseID
if (Session["CaseID"] != null)
{
strCaseID = Session["CaseID"].ToString();
hiddenCaseID.Value = Session["CaseID"].ToString();
}
//Division
if (Session["DivisionID"] != null)
{
strDivisionID = Session["DivisionID"].ToString();
}
//ClinicNum
if (Session["ClinicNum"] != null)
{
strClinicNum = Session["ClinicNum"].ToString();
}
//SectionName
if (Session["SectionName"] != null)
{
strSectionName = Session["SectionName"].ToString();
}
hfPaperID.Value = "";
//PaperID
if (Session["PaperID"] != null)
{
strPaperID = Session["PaperID"].ToString();
hfPaperID.Value = strPaperID;
}
else
{
SQLString mySQL = new SQLString();
strPaperID = mySQL.getPaperIDFromCase(strCaseID, strClinicNum.ToString(), strSectionName);
hfPaperID.Value = strPaperID;
}
//strPaperID = "wyt20060510150619";
//Opener
if (Request.QueryString["Opener"] != null)
{
hiddenOpener.Value = Request.QueryString["Opener"].ToString();
}
//QuestionMode
if (Session["QuestionMode"] != null)
{
hiddenQuestionMode.Value = Session["QuestionMode"].ToString();
}
//hiddenQuestionMode.Value = "General";
//PresentType
if (Session["PresentType"] != null)
{
hiddenPresentType.Value = Session["PresentType"].ToString();
}
//Edit method
if (Session["EditMode"] != null)
{
hiddenEditMode.Value = Session["EditMode"].ToString();
}
//ModifyType
if (Session["ModifyType"] != null)
{
hiddenModifyType.Value = Session["ModifyType"].ToString();
}
//bModify
if (Session["bModify"] != null)
{
bModify = Convert.ToBoolean(Session["bModify"]);
}
//PreOpener
if (Session["PreOpener"] != null)
{
if (Request.QueryString["Opener"] != null)
{
if (Request.QueryString["Opener"].ToString() == "Paper_MainPage")
{
hiddenPreOpener.Value = Session["PreOpener"].ToString();
}
else
{
hiddenPreOpener.Value = "";
}
}
}
//QID
if (!IsPostBack)
{
Session["TextQuestionQID"] = null;
}
if (Request.QueryString["QID"] != null)
{
strQID = Request.QueryString["QID"].ToString();
//把QID的題目內容寫入txtData中
string strQuestion = DataReceiver.QuestionAnswer_Question_SELECT_Question(strQID);
string strQuestionAnswer = DataReceiver.getTextQuestionContentByQID(strQID);
if (this.IsPostBack == false)
{
txtQuestionData.Text = strQuestion;
txtAnswerData.Text = strQuestionAnswer.Split('$')[1];
}
}
else
{
//若不用session把strQID暫存,則postback後會有第二個strQID產生,則特徵listbox會被自動刷新,讀取不到使用者所選的特徵值
//朱君 2012/12/18
if (Session["TextQuestionQID"] != null)
{
strQID = Session["TextQuestionQID"].ToString();
}
else
{
//建立QID
DataReceiver myReceiver = new DataReceiver();
strQID = strUserID + "_Q_" + myReceiver.getNowTime();
Session["TextQuestionQID"] = strQID;
}
}
//AID
if (Request.QueryString["AID"] != null)
{
//暫存AID以防止PostBack後AID會改變 老詹 2013/09/09
if (ViewState["TextQuestionAID"] == null)
{
strAID = Request.QueryString["AID"].ToString();
}
else
{
strAID = ViewState["TextQuestionAID"].ToString();
}
//把QID的題目答案寫入txtEdit中
string strAnswer = DataReceiver.QuestionAnswer_Answer_SELECT_Answer(strQID, strAID);
if (this.IsPostBack == false)
{
txtAnswerData.Text = strAnswer;
}
}
else
{
//建立AID
DataReceiver myReceiver = new DataReceiver();
System.Threading.Thread.Sleep(1000);
strAID = strUserID + "_A_" + myReceiver.getNowTime();
}
//GroupID
if (Request.QueryString["GroupID"] != null)
{
strGroupID = Request.QueryString["GroupID"].ToString();
hfGroupID.Value = strGroupID;
hfGroupSerialNum.Value = DataReceiver.getQuestionGroupSerialNumByQuestionGroupID(strGroupID).ToString();
if (Session["GroupID"] != null)
{
Session["GroupID"] = strGroupID;
}
else
{
Session.Add("GroupID", strGroupID);
}
}
else
{
SQLString sqlstring = new SQLString();
strGroupID = sqlstring.GetQuestionGroupIDByQID(strQID);
hfGroupID.Value = strGroupID;
hfGroupSerialNum.Value = DataReceiver.getQuestionGroupSerialNumByQuestionGroupID(strGroupID).ToString();
if (Session["GroupID"] != null)
{
Session["GroupID"] = strGroupID;
}
else
{
Session.Add("GroupID", strGroupID);
}
}
//GroupDivisionID
if (strGroupID != null)
{
if (strGroupID.Trim().Length > 0)
{
DataReceiver myReceiver = new DataReceiver();
strGroupDivisionID = myReceiver.getGroupDivisionID(strGroupID);
if (Session["GroupDivisionID"] != null)
{
Session["GroupDivisionID"] = strGroupDivisionID;
}
else
{
Session.Add("GroupDivisionID", strGroupDivisionID);
}
}
}
}
