コード例 #1
0
 ///<summary></summary>
 public static long Insert(GroupPermission gp)
 {
     if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
     {
         gp.GroupPermNum = Meth.GetLong(MethodBase.GetCurrentMethod(), gp);
         return(gp.GroupPermNum);
     }
     if (gp.NewerDate.Year > 1880 && gp.NewerDays > 0)
     {
         throw new Exception(Lans.g("GroupPermissions", "Date or days can be set, but not both."));
     }
     if (!GroupPermissions.PermTakesDates(gp.PermType))
     {
         if (gp.NewerDate.Year > 1880 || gp.NewerDays > 0)
         {
             throw new Exception(Lans.g("GroupPermissions", "This type of permission may not have a date or days set."));
         }
     }
     if (gp.PermType == Permissions.SecurityAdmin)
     {
         //Make sure there are no hidden users in the group that is about to get the Security Admin permission.
         string command = "SELECT COUNT(*) FROM userod "
                          + "INNER JOIN usergroupattach ON usergroupattach.UserNum=userod.UserNum "
                          + "WHERE userod.IsHidden=1 "
                          + "AND usergroupattach.UserGroupNum=" + gp.UserGroupNum;
         int count = PIn.Int(Db.GetCount(command));
         if (count != 0)               //there are hidden users in this group
         {
             throw new Exception(Lans.g("FormSecurity", "The Security Admin permission cannot be given to a user group with hidden users."));
         }
     }
     return(Crud.GroupPermissionCrud.Insert(gp));
 }
コード例 #2
0
 ///<summary></summary>
 public static void Update(GroupPermission gp)
 {
     if (RemotingClient.RemotingRole == RemotingRole.ClientWeb)
     {
         Meth.GetVoid(MethodBase.GetCurrentMethod(), gp);
         return;
     }
     if (gp.NewerDate.Year > 1880 && gp.NewerDays > 0)
     {
         throw new Exception(Lans.g("GroupPermissions", "Date or days can be set, but not both."));
     }
     if (!GroupPermissions.PermTakesDates(gp.PermType))
     {
         if (gp.NewerDate.Year > 1880 || gp.NewerDays > 0)
         {
             throw new Exception(Lans.g("GroupPermissions", "This type of permission may not have a date or days set."));
         }
     }
     Crud.GroupPermissionCrud.Update(gp);
 }
コード例 #3
0
ファイル: Security.cs プロジェクト: royedwards/DRDNet
        ///<summary>Will throw an error if not authorized and message not suppressed.</summary>
        public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage, bool suppressLockDateMessage, Userod curUser,
                                        long procCodeNum, double procFee, long sheetDefNum, long fKey)
        {
            //No need to check RemotingRole; no call to db.
            date = date.Date;           //Remove the time portion of date so we can compare strictly as a date later.
            //Check eConnector permission first.
            if (IsValidEServicePermission(perm))
            {
                return(true);
            }
            if (!GroupPermissions.HasPermission(curUser, perm, fKey))
            {
                if (!suppressMessage)
                {
                    throw new Exception(Lans.g("Security", "Not authorized.") + "\r\n"
                                        + Lans.g("Security", "A user with the SecurityAdmin permission must grant you access for") + ":\r\n" + GroupPermissions.GetDesc(perm));
                }
                return(false);
            }
            if (perm == Permissions.AccountingCreate || perm == Permissions.AccountingEdit)
            {
                if (date <= PrefC.GetDate(PrefName.AccountingLockDate))
                {
                    if (!suppressMessage && !suppressLockDateMessage)
                    {
                        throw new Exception(Lans.g("Security", "Locked by Administrator."));
                    }
                    return(false);
                }
            }
            //Check the global security lock------------------------------------------------------------------------------------
            if (IsGlobalDateLock(perm, date, suppressMessage || suppressLockDateMessage, procCodeNum, procFee, sheetDefNum))
            {
                return(false);
            }
            //Check date/days limits on individual permission----------------------------------------------------------------
            if (!GroupPermissions.PermTakesDates(perm))
            {
                return(true);
            }
            //Include CEMT users, as a CEMT user could be logged in when this is checked.
            DateTime dateLimit = GetDateLimit(perm, curUser.GetGroups(true).Select(x => x.UserGroupNum).ToList());

            if (date > dateLimit)          //authorized
            {
                return(true);
            }
            //Prevents certain bugs when 1/1/1 dates are passed in and compared----------------------------------------------
            //Handling of min dates.  There might be others, but we have to handle them individually to avoid introduction of bugs.
            if (perm == Permissions.ClaimDelete ||      //older versions did not have SecDateEntry
                perm == Permissions.ClaimSentEdit ||              //no date sent was entered before setting claim received
                perm == Permissions.ProcComplEdit ||              //a completed procedure with a min date.
                perm == Permissions.ProcComplEditLimited ||              //because ProcComplEdit was in this list
                perm == Permissions.ProcExistingEdit ||              //a completed EO or EC procedure with a min date.
                perm == Permissions.InsPayEdit ||              //a claim payment with no date.
                perm == Permissions.InsWriteOffEdit ||              //older versions did not have SecDateEntry or DateEntryC
                perm == Permissions.TreatPlanEdit ||
                perm == Permissions.AdjustmentEdit ||
                perm == Permissions.CommlogEdit ||              //usually from a conversion
                perm == Permissions.ProcDelete ||              //because older versions did not set the DateEntryC.
                perm == Permissions.ImageDelete ||              //In case an image has a creation date of DateTime.MinVal.
                perm == Permissions.PerioEdit ||              //In case perio chart exam has a creation date of DateTime.MinValue.
                perm == Permissions.PreAuthSentEdit)                 //older versions did not have SecDateEntry
            {
                if (date.Year < 1880 && dateLimit.Year < 1880)
                {
                    return(true);
                }
            }
            if (!suppressMessage)
            {
                throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n"
                                    + GroupPermissions.GetDesc(perm) + "\r\n" + Lans.g("Security", "Date limitation"));
            }
            return(false);
        }
コード例 #4
0
ファイル: Security.cs プロジェクト: steev90/opendental
        ///<summary>Will throw an error if not authorized and message not suppressed.</summary>
        public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage, long userGroupNum)
        {
            //No need to check RemotingRole; no call to db.
            if (!GroupPermissions.HasPermission(userGroupNum, perm))
            {
                if (!suppressMessage)
                {
                    throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm));
                }
                return(false);
            }
            if (perm == Permissions.AccountingCreate || perm == Permissions.AccountingEdit)
            {
                if (date <= PrefC.GetDate(PrefName.AccountingLockDate))
                {
                    if (!suppressMessage)
                    {
                        throw new Exception(Lans.g("Security", "Locked by Administrator."));
                    }
                    return(false);
                }
            }
            //Check the global security lock------------------------------------------------------------------------------------
            //the list below is NOT the list of permissions that take dates. See GroupPermissions.PermTakesDates().
            if (perm == Permissions.AdjustmentCreate ||
                perm == Permissions.AdjustmentEdit ||
                perm == Permissions.PaymentCreate ||
                perm == Permissions.PaymentEdit ||
                perm == Permissions.ProcComplCreate ||
                perm == Permissions.ProcComplEdit
                //|| perm==Permissions.ImageDelete
                || perm == Permissions.InsPayCreate ||
                perm == Permissions.InsPayEdit ||
                perm == Permissions.SheetEdit ||
                perm == Permissions.CommlogEdit
                )
            {
                //If the global lock is date-based:
                if (date.Year > 1 &&          //if a valid date was passed in
                    date <= PrefC.GetDate(PrefName.SecurityLockDate))                       //and that date is earlier than the lock
                {
                    if (PrefC.GetBool(PrefName.SecurityLockIncludesAdmin) ||                //if admins are locked out too
                        !GroupPermissions.HasPermission(userGroupNum, Permissions.SecurityAdmin))                          //or is not an admin
                    {
                        if (!suppressMessage)
                        {
                            throw new Exception(Lans.g("Security", "Locked by Administrator before ") + PrefC.GetDate(PrefName.SecurityLockDate).ToShortDateString());
                        }
                        return(false);
                    }
                }
                //If the global lock is days-based:
                if (date.Year > 1 &&          //if a valid date was passed in
                    PrefC.GetInt(PrefName.SecurityLockDays) > 0 &&
                    date <= DateTime.Today.AddDays(-PrefC.GetInt(PrefName.SecurityLockDays)))                       //and that date is earlier than the lock
                {
                    if (PrefC.GetBool(PrefName.SecurityLockIncludesAdmin) ||                //if admins are locked out too
                        !GroupPermissions.HasPermission(userGroupNum, Permissions.SecurityAdmin))                          //or is not an admin
                    {
                        if (!suppressMessage)
                        {
                            throw new Exception(Lans.g("Security", "Locked by Administrator before ") + PrefC.GetInt(PrefName.SecurityLockDays).ToString() + " days.");
                        }
                        return(false);
                    }
                }
            }
            //Check date/days limits on individual permission----------------------------------------------------------------
            if (!GroupPermissions.PermTakesDates(perm))
            {
                return(true);
            }
            DateTime dateLimit = GetDateLimit(perm, userGroupNum);

            if (date > dateLimit)          //authorized
            {
                return(true);
            }
            //Prevents certain bugs when 1/1/1 dates are passed in and compared----------------------------------------------
            //Handling of min dates.  There might be others, but we have to handle them individually to avoid introduction of bugs.
            if (perm == Permissions.ClaimSentEdit ||      //no date sent was entered before setting claim received
                perm == Permissions.ProcComplEdit ||              //a completed procedure with a min date.
                perm == Permissions.InsPayEdit ||              //a claim payment with no date.
                perm == Permissions.TreatPlanEdit ||
                perm == Permissions.AdjustmentEdit ||
                perm == Permissions.CommlogEdit ||              //usually from a conversion
                perm == Permissions.ProcDelete)                 //because older versions did not set the DateEntryC.
            {
                if (date.Year < 1880 && dateLimit.Year < 1880)
                {
                    return(true);
                }
            }
            if (!suppressMessage)
            {
                throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n"
                                    + GroupPermissions.GetDesc(perm) + "\r\n" + Lans.g("Security", "Date limitation"));
            }
            return(false);
        }