private bool IsGeneric(string sRequestType, int nRequestType, string sNameSpacePrefix, out string sRequestRootTagName) { sRequestRootTagName = "requestdetails"; bool bIsGeneric = false; try { string sIsGeneric = String.Empty; if (nRequestType == -1) { sIsGeneric = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/@isgeneric", sRequestType)); } else { sIsGeneric = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[typevalue=\"{0}\"]/@isgeneric", nRequestType)); } bIsGeneric = (sIsGeneric.ToLower() == "yes" || sIsGeneric.ToLower() == "true"); sRequestRootTagName = bIsGeneric ? "genericrequestdetails/analysisparams" : "requestdetails"; } catch (Exception ex) { } sRequestRootTagName = sNameSpacePrefix + ":" + sRequestRootTagName.Replace("/", string.Format("/{0}:", sNameSpacePrefix)); sRequestRootTagName = sRequestRootTagName.Replace(string.Format("{0}:@", sNameSpacePrefix), "@"); return(bIsGeneric); }
protected override void SelectTemplate(BaseRequest reqInfo, bool bIsInline, int nTemplateID, int createdBy, ref int ProfileID, ref string templateXML, ref int directManagerID, ref int createUserAsID, ref int nReqID) { #region Select approval template Details TemplateDBOperations templateOps = new TemplateDBOperations(); bool PersistObjectOwner = true; string strOperation = "Role Assignment/Revocation"; string reqPayload = string.Empty; try { strOperation = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/templateselection[@required=\"yes\"]/operation", reqInfo.sRequestType)); } catch (Exception) { } if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty) { reqPayload = reqInfo.RequestDetails; } else { reqPayload = reqInfo.GenericRequestDetails; } if (bIsInline) { templateOps.SelectTemplate(reqInfo.applicationScope, reqPayload, strOperation, false, false, out templateXML); } else { templateOps.SelectTemplateForRequest(reqInfo.applicationScope, createdBy, reqPayload, strOperation, nTemplateID, PersistObjectOwner, true, out templateXML); } try { #region Get Manager and User ID GetManagerAndUserId(reqInfo, ref ProfileID, ref directManagerID, ref createUserAsID); #endregion Get Manager and User ID #region Validate Request Completion ValidateGenericRequestCompletion(reqInfo.ApplicationID, templateXML, reqInfo.GenericRequestDetails, reqInfo.nRequestType); #endregion } catch (Exception Bex) { throw Bex; } #endregion }
private void GetManagerAndUserId(BaseRequest reqInfo, ref int ProfileID, ref int directManagerID, ref int createUserAsID) { #region Get Manager and User ID //Retrieve User and Manager IDs directManagerID = -1; ProfileID = 0; string requestNS = "http://www.approva.net/ApprovalRequest.xsd"; string sRequestDetailsXml = String.Empty; if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty) { sRequestDetailsXml = reqInfo.RequestDetails; } else { sRequestDetailsXml = reqInfo.GenericRequestDetails; } if (sRequestDetailsXml != null && sRequestDetailsXml != String.Empty) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.LoadXml(sRequestDetailsXml); XmlNamespaceManager nsmgr1 = new XmlNamespaceManager(xmlDoc.NameTable); nsmgr1.AddNamespace("apns", requestNS); string sRequestRootTagName = String.Empty; bool bIsGeneric = IsGeneric(reqInfo.sRequestType, "apns", out sRequestRootTagName); try { string sAssigneeProfileIDXPath = "requestdetails/roleassignment/users/user/id"; string sTmp = XmlDocumentHelper.GetNodeValue(base.xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/templateselection[@required=\"yes\"]/assigneeProfileIDXPath", reqInfo.sRequestType)); if (sTmp != String.Empty) { sAssigneeProfileIDXPath = sTmp; } sAssigneeProfileIDXPath = "apns:" + sAssigneeProfileIDXPath.Replace("/", "/apns:"); sAssigneeProfileIDXPath = sAssigneeProfileIDXPath.Replace("/apns:@", "/@"); //XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan ProfileID = Convert.ToInt32(xmlDoc.SelectSingleNode(sAssigneeProfileIDXPath, nsmgr1).InnerText); } catch { } //get the node from all possible cases and update database where profile id = -1 //XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan XmlNode directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:userstoadd/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1); if (directManagerNode == null) { directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:userstomodify/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1); } if (directManagerNode == null) { directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:createusersas/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1); } if (directManagerNode == null) { directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:roleassignment/apns:users/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1); } if (directManagerNode != null) { directManagerID = System.Convert.ToInt32(directManagerNode.InnerText); } //XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan XmlNode createUserAsNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:createusersas/apns:user/apns:id", sRequestRootTagName), nsmgr1); //select Create User As userid for create request as option if (createUserAsNode != null) { try { GetAppPrincipalIDForBRID(reqInfo.ApplicationID, System.Convert.ToInt32(createUserAsNode.InnerText), out createUserAsID); } catch { createUserAsNode.InnerText = "-1"; //CWE-643- Not a Issue-Appscan XmlNode roleassignmentNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:roleassignment", sRequestRootTagName), nsmgr1); if (roleassignmentNode != null) { XmlNode userstoaddNode = xmlDoc.CreateNode(XmlNodeType.Element, "userstoadd", requestNS); userstoaddNode.InnerXml = createUserAsNode.ParentNode.ParentNode.InnerXml; roleassignmentNode.ParentNode.InsertAfter(userstoaddNode, roleassignmentNode); roleassignmentNode.ParentNode.RemoveChild(createUserAsNode.ParentNode.ParentNode); if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty) { reqInfo.RequestDetails = xmlDoc.OuterXml; } else { reqInfo.GenericRequestDetails = xmlDoc.OuterXml; } } else { throw; } } } } #endregion Get Manager and User ID }
protected void GetRequestInfoFromRequestXml(XmlNode xmlRequestNode, out BaseRequest reqInfo) { XmlNodeList nodeList = xmlRequestNode.ChildNodes; reqInfo = new BaseRequest(); XmlNamespaceManager nsmgr = new XmlNamespaceManager(xmlRequestNode.OwnerDocument.NameTable); nsmgr.AddNamespace("apns", xmlRequestNode.NamespaceURI); foreach (XmlNode node in nodeList) { switch (node.Name.ToLower()) { case "id": reqInfo.id = System.Convert.ToInt32(node.InnerText); break; case "name": reqInfo.name = HttpUtility.HtmlEncode((string)node.InnerText); break; case "description": reqInfo.description = HttpUtility.HtmlEncode((string)node.InnerText); break; case "type": reqInfo.sRequestType = node.InnerText; reqInfo.nRequestType = Convert.ToInt32(XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/typevalue", node.InnerText))); break; case "status": reqInfo.requestStatus = RequestStatus.Draft; if ((string)node.InnerText != String.Empty) { RequestStatus reqStatus = (RequestStatus)(Enum.Parse(reqInfo.requestStatus.GetType(), (string)node.InnerText)); reqInfo.requestStatus = reqStatus; } break; case "priority": reqInfo.requestPriority = RequestPriority.Normal; if ((string)node.InnerText != String.Empty) { RequestPriority reqPriority = (RequestPriority)(Enum.Parse(reqInfo.requestPriority.GetType(), (string)node.InnerText)); reqInfo.requestPriority = reqPriority; } break; case "applicationid": reqInfo.ApplicationID = System.Convert.ToInt32(node.InnerText); break; case "applicationname": reqInfo.applicationname = node.InnerText; break; case "format": reqInfo.requestFormat = RequestFormat.NoConstraints; if ((string)node.InnerText != String.Empty) { RequestFormat reqFormat = (RequestFormat)(Enum.Parse(reqInfo.requestFormat.GetType(), (string)node.InnerText)); reqInfo.requestFormat = reqFormat; } break; case "applicationscope": reqInfo.applicationScope = (string)node.OuterXml; if (reqInfo.applicationname == null || reqInfo.applicationname == String.Empty) { reqInfo.applicationname = node.SelectSingleNode("apns:scope[@name='firstlevelscope']/apns:scopevalue", nsmgr).InnerText; } break; case "requestdetails": reqInfo.RequestDetails = (string)node.OuterXml; break; case "approvaltemplatedetails": reqInfo.approvalTemplateDetails = (string)node.OuterXml; break; case "lastapprovedon": reqInfo.lastApprovedOn = System.Convert.ToDateTime((string)node.InnerText); break; case "expiration": reqInfo.expiration = System.Convert.ToDateTime((string)node.InnerText); break; case "requestedon": if (node.InnerText != String.Empty) { reqInfo.requestedOn = System.Convert.ToDateTime(node.InnerText); } break; case "lastupdatedon": if (node.InnerText != String.Empty) { reqInfo.lastUpdatedOn = System.Convert.ToDateTime(node.InnerText); } break; case "lastupdatedby": reqInfo.lastUpdatedBy = (string)node.InnerText; break; case "totalstages": reqInfo.totalStages = System.Convert.ToInt32(node.InnerText); break; case "currentstage": reqInfo.currentStage = System.Convert.ToInt32(node.InnerText); break; case "templateautoapprovalflag": reqInfo.templateAutoApprovalFlag = System.Convert.ToInt32(node.InnerText); break; case "templateautocompletionflag": reqInfo.templateAutoCompletionFlag = System.Convert.ToInt32(node.InnerText); break; case "templateid": reqInfo.templateID = System.Convert.ToInt32(node.InnerText); break; case "liveverify": reqInfo.liveverify = System.Convert.ToInt32(node.InnerText); break; case "requestactivationtime": reqInfo.requestActivationTime = System.Convert.ToDateTime((string)node.InnerText); break; //START: Code change to support Generic Request /* Fill the 'GenericRequestDetails' with the content of <genericrequestdetails> */ case "genericrequestdetails": reqInfo.GenericRequestDetails = (string)node.OuterXml; break; default: break; } } }