///<summary></summary> public static long Insert(GroupPermission gp) { if (RemotingClient.RemotingRole == RemotingRole.ClientWeb) { gp.GroupPermNum = Meth.GetLong(MethodBase.GetCurrentMethod(), gp); return(gp.GroupPermNum); } if (gp.NewerDate.Year > 1880 && gp.NewerDays > 0) { throw new Exception(Lans.g("GroupPermissions", "Date or days can be set, but not both.")); } if (!GroupPermissions.PermTakesDates(gp.PermType)) { if (gp.NewerDate.Year > 1880 || gp.NewerDays > 0) { throw new Exception(Lans.g("GroupPermissions", "This type of permission may not have a date or days set.")); } } if (gp.PermType == Permissions.SecurityAdmin) { //Make sure there are no hidden users in the group that is about to get the Security Admin permission. string command = "SELECT COUNT(*) FROM userod " + "INNER JOIN usergroupattach ON usergroupattach.UserNum=userod.UserNum " + "WHERE userod.IsHidden=1 " + "AND usergroupattach.UserGroupNum=" + gp.UserGroupNum; int count = PIn.Int(Db.GetCount(command)); if (count != 0) //there are hidden users in this group { throw new Exception(Lans.g("FormSecurity", "The Security Admin permission cannot be given to a user group with hidden users.")); } } return(Crud.GroupPermissionCrud.Insert(gp)); }
///<summary></summary> public static void Update(GroupPermission gp) { if (RemotingClient.RemotingRole == RemotingRole.ClientWeb) { Meth.GetVoid(MethodBase.GetCurrentMethod(), gp); return; } if (gp.NewerDate.Year > 1880 && gp.NewerDays > 0) { throw new Exception(Lans.g("GroupPermissions", "Date or days can be set, but not both.")); } if (!GroupPermissions.PermTakesDates(gp.PermType)) { if (gp.NewerDate.Year > 1880 || gp.NewerDays > 0) { throw new Exception(Lans.g("GroupPermissions", "This type of permission may not have a date or days set.")); } } Crud.GroupPermissionCrud.Update(gp); }
///<summary>Will throw an error if not authorized and message not suppressed.</summary> public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage, bool suppressLockDateMessage, Userod curUser, long procCodeNum, double procFee, long sheetDefNum, long fKey) { //No need to check RemotingRole; no call to db. date = date.Date; //Remove the time portion of date so we can compare strictly as a date later. //Check eConnector permission first. if (IsValidEServicePermission(perm)) { return(true); } if (!GroupPermissions.HasPermission(curUser, perm, fKey)) { if (!suppressMessage) { throw new Exception(Lans.g("Security", "Not authorized.") + "\r\n" + Lans.g("Security", "A user with the SecurityAdmin permission must grant you access for") + ":\r\n" + GroupPermissions.GetDesc(perm)); } return(false); } if (perm == Permissions.AccountingCreate || perm == Permissions.AccountingEdit) { if (date <= PrefC.GetDate(PrefName.AccountingLockDate)) { if (!suppressMessage && !suppressLockDateMessage) { throw new Exception(Lans.g("Security", "Locked by Administrator.")); } return(false); } } //Check the global security lock------------------------------------------------------------------------------------ if (IsGlobalDateLock(perm, date, suppressMessage || suppressLockDateMessage, procCodeNum, procFee, sheetDefNum)) { return(false); } //Check date/days limits on individual permission---------------------------------------------------------------- if (!GroupPermissions.PermTakesDates(perm)) { return(true); } //Include CEMT users, as a CEMT user could be logged in when this is checked. DateTime dateLimit = GetDateLimit(perm, curUser.GetGroups(true).Select(x => x.UserGroupNum).ToList()); if (date > dateLimit) //authorized { return(true); } //Prevents certain bugs when 1/1/1 dates are passed in and compared---------------------------------------------- //Handling of min dates. There might be others, but we have to handle them individually to avoid introduction of bugs. if (perm == Permissions.ClaimDelete || //older versions did not have SecDateEntry perm == Permissions.ClaimSentEdit || //no date sent was entered before setting claim received perm == Permissions.ProcComplEdit || //a completed procedure with a min date. perm == Permissions.ProcComplEditLimited || //because ProcComplEdit was in this list perm == Permissions.ProcExistingEdit || //a completed EO or EC procedure with a min date. perm == Permissions.InsPayEdit || //a claim payment with no date. perm == Permissions.InsWriteOffEdit || //older versions did not have SecDateEntry or DateEntryC perm == Permissions.TreatPlanEdit || perm == Permissions.AdjustmentEdit || perm == Permissions.CommlogEdit || //usually from a conversion perm == Permissions.ProcDelete || //because older versions did not set the DateEntryC. perm == Permissions.ImageDelete || //In case an image has a creation date of DateTime.MinVal. perm == Permissions.PerioEdit || //In case perio chart exam has a creation date of DateTime.MinValue. perm == Permissions.PreAuthSentEdit) //older versions did not have SecDateEntry { if (date.Year < 1880 && dateLimit.Year < 1880) { return(true); } } if (!suppressMessage) { throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm) + "\r\n" + Lans.g("Security", "Date limitation")); } return(false); }
///<summary>Will throw an error if not authorized and message not suppressed.</summary> public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage, long userGroupNum) { //No need to check RemotingRole; no call to db. if (!GroupPermissions.HasPermission(userGroupNum, perm)) { if (!suppressMessage) { throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm)); } return(false); } if (perm == Permissions.AccountingCreate || perm == Permissions.AccountingEdit) { if (date <= PrefC.GetDate(PrefName.AccountingLockDate)) { if (!suppressMessage) { throw new Exception(Lans.g("Security", "Locked by Administrator.")); } return(false); } } //Check the global security lock------------------------------------------------------------------------------------ //the list below is NOT the list of permissions that take dates. See GroupPermissions.PermTakesDates(). if (perm == Permissions.AdjustmentCreate || perm == Permissions.AdjustmentEdit || perm == Permissions.PaymentCreate || perm == Permissions.PaymentEdit || perm == Permissions.ProcComplCreate || perm == Permissions.ProcComplEdit //|| perm==Permissions.ImageDelete || perm == Permissions.InsPayCreate || perm == Permissions.InsPayEdit || perm == Permissions.SheetEdit || perm == Permissions.CommlogEdit ) { //If the global lock is date-based: if (date.Year > 1 && //if a valid date was passed in date <= PrefC.GetDate(PrefName.SecurityLockDate)) //and that date is earlier than the lock { if (PrefC.GetBool(PrefName.SecurityLockIncludesAdmin) || //if admins are locked out too !GroupPermissions.HasPermission(userGroupNum, Permissions.SecurityAdmin)) //or is not an admin { if (!suppressMessage) { throw new Exception(Lans.g("Security", "Locked by Administrator before ") + PrefC.GetDate(PrefName.SecurityLockDate).ToShortDateString()); } return(false); } } //If the global lock is days-based: if (date.Year > 1 && //if a valid date was passed in PrefC.GetInt(PrefName.SecurityLockDays) > 0 && date <= DateTime.Today.AddDays(-PrefC.GetInt(PrefName.SecurityLockDays))) //and that date is earlier than the lock { if (PrefC.GetBool(PrefName.SecurityLockIncludesAdmin) || //if admins are locked out too !GroupPermissions.HasPermission(userGroupNum, Permissions.SecurityAdmin)) //or is not an admin { if (!suppressMessage) { throw new Exception(Lans.g("Security", "Locked by Administrator before ") + PrefC.GetInt(PrefName.SecurityLockDays).ToString() + " days."); } return(false); } } } //Check date/days limits on individual permission---------------------------------------------------------------- if (!GroupPermissions.PermTakesDates(perm)) { return(true); } DateTime dateLimit = GetDateLimit(perm, userGroupNum); if (date > dateLimit) //authorized { return(true); } //Prevents certain bugs when 1/1/1 dates are passed in and compared---------------------------------------------- //Handling of min dates. There might be others, but we have to handle them individually to avoid introduction of bugs. if (perm == Permissions.ClaimSentEdit || //no date sent was entered before setting claim received perm == Permissions.ProcComplEdit || //a completed procedure with a min date. perm == Permissions.InsPayEdit || //a claim payment with no date. perm == Permissions.TreatPlanEdit || perm == Permissions.AdjustmentEdit || perm == Permissions.CommlogEdit || //usually from a conversion perm == Permissions.ProcDelete) //because older versions did not set the DateEntryC. { if (date.Year < 1880 && dateLimit.Year < 1880) { return(true); } } if (!suppressMessage) { throw new Exception(Lans.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm) + "\r\n" + Lans.g("Security", "Date limitation")); } return(false); }