public override void populateGroups(string query, SortedList arrGTemp, SPWeb curWeb) { Guard.ArgumentIsNotNull(curWeb, nameof(curWeb)); Guard.ArgumentIsNotNull(arrGTemp, nameof(arrGTemp)); Guard.ArgumentIsNotNull(query, nameof(query)); var dataSet = new DataSet(); var newTimeSheet = false; SPSecurity.RunWithElevatedPrivileges( delegate { var requestedUser = Page.Request["duser"]; var resourceName = string.Empty; if (!string.IsNullOrWhiteSpace(requestedUser)) { if (SharedFunctions.canUserImpersonate(username, requestedUser, site.RootWeb, out resourceName)) { username = requestedUser; } } Action <int, string, SqlConnection, DataSet> fillDataSet = (value, cmdText, sql, dataSet1) => { using (var sqlCommand = new SqlCommand(cmdText, sql) { CommandType = CommandType.StoredProcedure }) { sqlCommand.Parameters.AddWithValue(IdUserName, username); sqlCommand.Parameters.AddWithValue(IdSiteGuid, site.ID); sqlCommand.Parameters.AddWithValue(IdPeriod, value); using (var dataAdapter = new SqlDataAdapter(sqlCommand)) { dataAdapter.Fill(dataSet1); } } }; try { SqlConnection(curWeb, fillDataSet, ref dataSet, ref newTimeSheet); } catch (Exception exception) { DiagTrace.WriteLine(exception); } ProcessDataRow(arrGTemp, curWeb, dataSet, newTimeSheet); }); }
public override void getParams(SPWeb curWeb) { base.getParams(curWeb); isTimesheet = true; string strPeriod = Request["period"]; workType = Request["workType"]; period = int.Parse(strPeriod); //base.inEditMode = true; SPSecurity.RunWithElevatedPrivileges(delegate() { string requestedUser = Page.Request["duser"]; string resname = ""; if (requestedUser != null && requestedUser != "") { if (SharedFunctions.canUserImpersonate(username, requestedUser, site.RootWeb, out resname)) { username = requestedUser; } } }); gridname = "mywork" + gridname; if (workType == "1" || (workType == "4" && Request["allowOther"] == "true")) { if (inEditMode) { filterfield = "IsAssignment"; filtervalue = "False"; } else { filterfield = "IsAssignment"; filtervalue = "0' OR IsAssignment='"; } } }
protected void Page_Load(object sender, EventArgs e) { string strAction = Request["action"]; string period = Request["period"]; Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Expires = -1; data = ""; string fEmail = SPContext.Current.Web.CurrentUser.Email; SPSite site = SPContext.Current.Site; //using () { //using () SPWeb web = SPContext.Current.Web; { try { SqlConnection cn = null; SPSecurity.RunWithElevatedPrivileges(delegate() { cn = new SqlConnection(EPMLiveCore.CoreFunctions.getConnectionString(site.WebApplication.Id)); cn.Open(); string requestedUser = Page.Request["duser"]; if (requestedUser != null && requestedUser != "") { if (SharedFunctions.canUserImpersonate(username, requestedUser, SPContext.Current.Site.RootWeb, out resName)) { username = requestedUser; } else { impFailed = true; } } bool.TryParse(EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveTSLiveHours"), out liveHours); }); if (impFailed) { data = "Error: Impersonation Failed"; } else { if (cn != null) { SqlCommand cmd; int iperiod; SqlDataReader dr; switch (strAction) { case "deleteTS": if (web.CurrentUser.IsSiteAdmin) { string[] tsuids = Request["ts_uids"].Split(','); foreach (string tsuidData in tsuids) { cmd = new SqlCommand("DELETE FROM TSTIMESHEET where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", tsuidData); cmd.ExecuteNonQuery(); } data = "Success"; } else { data = "Error: Access Denied"; } break; case "closePeriod": cmd = new SqlCommand("update tsperiod set locked=1 where period_id=@periodid and site_id=@siteid", cn); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.Parameters.AddWithValue("@periodid", period); cmd.ExecuteNonQuery(); data = period; break; case "openPeriod": cmd = new SqlCommand("update tsperiod set locked=0 where period_id=@periodid and site_id=@siteid", cn); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.Parameters.AddWithValue("@periodid", period); cmd.ExecuteNonQuery(); data = period; break; case "submitTime": cmd = new SqlCommand("update TSTIMESHEET set submitted=1,approval_status=0,lastmodifiedbyu=@u,lastmodifiedbyn=@n where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", Request["ts_uid"]); cmd.Parameters.AddWithValue("@u", SPContext.Current.Web.CurrentUser.LoginName); cmd.Parameters.AddWithValue("@n", SPContext.Current.Web.CurrentUser.Name); cmd.ExecuteNonQuery(); SPSecurity.RunWithElevatedPrivileges(delegate() { SPWeb tweb = SPContext.Current.Web; { SharedFunctions.processResources(cn, Request["ts_uid"], tweb, username); } }); if (EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveTSDisableApprovals").ToLower() == "true") { approve(Request["ts_uid"], SPContext.Current.Web, Request["Period"]); } else { string actualWork = ""; //SPSecurity.RunWithElevatedPrivileges(delegate() //{ // actualWork = EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveTSActualWork"); //}); //if (actualWork != "") //{ if (!liveHours) { data = SharedFunctions.processActualWork(cn, Request["ts_uid"], site, false, true); } //} } if (data == "") { data = "Success"; } cmd = new SqlCommand("select ts_item_uid,web_uid,list_uid,item_id,project from TSITEM where TS_UID=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", Request["ts_uid"]); DataSet ds = new DataSet(); SqlDataAdapter da = new SqlDataAdapter(cmd); da.Fill(ds); SPList pList = null; SPWeb iWeb = null; SPList iList = null; Guid webGuid = Guid.Empty; Guid listGuid = Guid.Empty; foreach (DataRow dataRow in ds.Tables[0].Rows) { try { Guid wGuid = new Guid(dataRow["WEB_UID"].ToString()); Guid lGuid = new Guid(dataRow["LIST_UID"].ToString()); if (webGuid != wGuid) { if (iWeb != null) { iWeb.Close(); iWeb = site.OpenWeb(wGuid); } else { iWeb = site.OpenWeb(wGuid); } webGuid = iWeb.ID; } if (listGuid != lGuid) { iList = iWeb.Lists[lGuid]; try { pList = SharedFunctions.getProjectCenterList(iList); } catch { } listGuid = iList.ID; } SPListItem li = iList.GetItemById(int.Parse(dataRow["ITEM_ID"].ToString())); SharedFunctions.processMeta(iWeb, iList, li, new Guid(dataRow["ts_item_uid"].ToString()), dataRow["project"].ToString(), cn, pList); } catch { } } break; case "unsubmitTime": cmd = new SqlCommand("update TSTIMESHEET set submitted=0,approval_status=0,lastmodifiedbyu=@u,lastmodifiedbyn=@n where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", Request["ts_uid"]); cmd.Parameters.AddWithValue("@u", SPContext.Current.Web.CurrentUser.LoginName); cmd.Parameters.AddWithValue("@n", SPContext.Current.Web.CurrentUser.Name); cmd.ExecuteNonQuery(); if (EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveTSDisableApprovals").ToLower() == "true" && !liveHours) { data = SharedFunctions.processActualWork(cn, Request["ts_uid"], site, true, true); } if (data == "") { data = "Success"; } break; case "deletePeriod": cmd = new SqlCommand("delete from tsperiod where period_id=@periodid and site_id=@siteid", cn); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.Parameters.AddWithValue("@periodid", period); cmd.ExecuteNonQuery(); data = "Success"; break; case "addPeriod": cmd = new SqlCommand("select top 1 period_id from tsperiod where site_id=@siteid order by period_id desc", cn); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); dr = cmd.ExecuteReader(); iperiod = 1; if (dr.Read()) { iperiod = dr.GetInt32(0) + 1; } dr.Close(); cmd = new SqlCommand("insert into tsperiod (period_start,period_end,period_id,site_id) values (@periodstart,@periodend,@period_id,@siteid)", cn); cmd.Parameters.AddWithValue("@periodstart", Request["start"]); cmd.Parameters.AddWithValue("@periodend", Request["end"]); cmd.Parameters.AddWithValue("@period_id", iperiod); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.ExecuteNonQuery(); data = "Success"; break; case "addPeriods": var periods = JsonConvert.DeserializeObject <List <Dictionary <string, string> > >(Request[JsonDataParameter]); var createdIds = CreatePeriods(cn, periods); data = string.Format("Success,{0},{1}", strAction, string.Join(",", createdIds)); break; case "addType": cmd = new SqlCommand("select top 1 tstype_id from tstype where site_uid=@siteid order by tstype_id desc", cn); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); dr = cmd.ExecuteReader(); iperiod = 1; if (dr.Read()) { iperiod = dr.GetInt32(0) + 1; } dr.Close(); cmd = new SqlCommand("insert into tstype (tstype_id,tstype_name,site_uid) values (@tstype_id,@tstype_name,@siteid)", cn); cmd.Parameters.AddWithValue("@tstype_name", Request["typename"]); cmd.Parameters.AddWithValue("@tstype_id", iperiod); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.ExecuteNonQuery(); data = "Success"; break; case "editType": cmd = new SqlCommand("update tstype set tstype_name = @tstype_name where tstype_id=@tstype_id and site_uid=@siteid", cn); cmd.Parameters.AddWithValue("@tstype_name", Request["typename"]); cmd.Parameters.AddWithValue("@tstype_id", Request["typeid"]); cmd.Parameters.AddWithValue("@siteid", SPContext.Current.Site.ID); cmd.ExecuteNonQuery(); data = "Success"; break; case "approveTS": { approve(Request["ts_uids"].ToString(), SPContext.Current.Web, Request["Period"]); if (data == "") { data = "Success"; } } break; case "rejectTS": { string[] tsuids = Request["ts_uids"].Split(','); foreach (string tsuidData in tsuids) { string[] tsuid = tsuidData.Split('|'); cmd = new SqlCommand("update TSTIMESHEET set approval_status=2,approval_notes=@notes where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", tsuid[0]); cmd.Parameters.AddWithValue("@notes", tsuid[1]); cmd.ExecuteNonQuery(); data += SharedFunctions.processActualWork(cn, tsuid[0], site, true, true); } if (data == "") { data = "Success"; } } break; case "unlockTS": { string[] tsuids = Request["ts_uids"].Split(','); foreach (string tsuidData in tsuids) { string[] tsuid = tsuidData.Split('|'); cmd = new SqlCommand("update TSTIMESHEET set approval_status=0 where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", tsuid[0]); cmd.ExecuteNonQuery(); } data = "Success"; } break; case "rejectEmail": { string[] tsuids = Request["ts_uids"].Split(','); foreach (string tsuid in tsuids) { cmd = new SqlCommand("select username,approval_notes,period_start,period_end from vwTSApprovalNotes where ts_uid=@ts_uid", cn); cmd.Parameters.AddWithValue("@ts_uid", tsuid); dr = cmd.ExecuteReader(); if (dr.Read()) { string username = dr.GetString(0); string notes = dr.GetString(1); try { SPUser user = web.AllUsers[username]; if (user.Email != "") { System.Net.Mail.MailMessage mailMsg = new MailMessage(); mailMsg.From = new MailAddress(fEmail); mailMsg.To.Add(new MailAddress(user.Email)); mailMsg.Subject = web.Title + " Timesheet approval notice"; mailMsg.Body = "Your timesheet for period (" + dr.GetDateTime(2).ToShortDateString() + " - " + dr.GetDateTime(3).ToShortDateString() + ") has been rejected:<br>" + notes; mailMsg.IsBodyHtml = true; mailMsg.BodyEncoding = System.Text.Encoding.UTF8; mailMsg.Priority = MailPriority.Normal; // Configure the mail server SmtpClient smtpClient = new SmtpClient(); SPAdministrationWebApplication spWebAdmin = Microsoft.SharePoint.Administration.SPAdministrationWebApplication.Local; string sMailSvr = spWebAdmin.OutboundMailServiceInstance.Server.Name; smtpClient.Host = sMailSvr; smtpClient.Send(mailMsg); } } catch { } } dr.Close(); } } data = "Success"; break; case "autoadd": //string flagfield = ""; string lists = ""; SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite uSite = SPContext.Current.Site) { //flagfield = EPMLiveCore.CoreFunctions.getConfigSetting(uSite.RootWeb, "EPMLiveTSFlag"); lists = EPMLiveCore.CoreFunctions.getConfigSetting(uSite.RootWeb, "EPMLiveTSLists"); } }); autoAdd(cn, Request["ts_uid"], web, lists); data = "Success"; break; case "approvePM": { string[] tsitemuids = Request["tsitemuids"].Split(','); foreach (string tsitemuid in tsitemuids) { //string[] tsuid = tsuidData.Split('|'); cmd = new SqlCommand("update tsitem set approval_status=1 where ts_item_uid=@tsitemuid", cn); cmd.Parameters.AddWithValue("@tsitemuid", tsitemuid); cmd.ExecuteNonQuery(); } data = "Success"; } break; case "rejectPM": { string[] tsitemuids = Request["tsitemuids"].Split(','); foreach (string tsitemuid in tsitemuids) { //string[] tsuid = tsuidData.Split('|'); cmd = new SqlCommand("update tsitem set approval_status=2 where ts_item_uid=@tsitemuid", cn); cmd.Parameters.AddWithValue("@tsitemuid", tsitemuid); cmd.ExecuteNonQuery(); } } data = "Success"; break; default: data = "Error: Invalid Command"; break; } ; } } } catch (Exception ex) { data = "Error: " + ex.Message; } } } }
protected void Page_Load(object sender, EventArgs e) { Guid webGuid = new Guid(); Guid siteGuid = new Guid(); Guid listGuid = new Guid(); SPWeb iWeb = null; SPSite iSite = null; SPList iList = null; SPList pList = null; byte[] encodedDataAsBytes = System.Convert.FromBase64String(Request["columns"]); strFields = System.Text.ASCIIEncoding.ASCII.GetString(encodedDataAsBytes).Split('\n'); if (Request["ids"] != null) { Response.ContentType = "text/xml"; Response.ContentEncoding = System.Text.Encoding.UTF8; string[] ids = Request["ids"].Split(','); output = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><data>"; SPSecurity.RunWithElevatedPrivileges(delegate() { cn = new SqlConnection(EPMLiveCore.CoreFunctions.getConnectionString(SPContext.Current.Site.WebApplication.Id)); cn.Open(); try { nonworklist = SPContext.Current.Web.Site.RootWeb.Lists[EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Web.Site.RootWeb, "EPMLiveTSNonWork")].ID; } catch { } string requestedUser = Page.Request["duser"]; if (requestedUser != null && requestedUser != "") { if (SharedFunctions.canUserImpersonate(username, requestedUser, SPContext.Current.Site.RootWeb, out resName)) { username = requestedUser; } else { impFailed = true; } } dayDefs = EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveDaySettings").Split('|'); bool.TryParse(EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Site.RootWeb, "EPMLiveTSLiveHours"), out liveHours); }); if (impFailed) { output += "<action type='error100'>Unable to impersonate for: " + Request["duser"] + "</action>"; } else { SqlCommand cmd = new SqlCommand("SELECT tstype_id,tstype_name from TSTYPE where site_uid=@site_id", cn); cmd.CommandType = CommandType.Text; cmd.Parameters.AddWithValue("@site_id", SPContext.Current.Site.ID); SqlDataReader dr = cmd.ExecuteReader(); if (dr.HasRows) { timeeditor = true; } dr.Close(); if (EPMLiveCore.CoreFunctions.getConfigSetting(SPContext.Current.Web.Site.RootWeb, "EPMLiveTSAllowNotes").ToLower() == "true") { timeeditor = true; } if (cn.State == ConnectionState.Open) { foreach (string id in ids) { if (id != "") { string webId; string listId; string siteId; SaveHelper.ParseSiteFromRequest(Request, id, out webId, out listId, out siteId); if (!string.IsNullOrWhiteSpace(webId) && !string.IsNullOrWhiteSpace(listId) && !string.IsNullOrWhiteSpace(siteId)) { try { SaveHelper.PopulateGuidData( webId, listId, siteId, list => pList = SharedFunctions.getProjectCenterList(list), ref siteGuid, ref iWeb, ref iSite, ref webGuid, ref listGuid, ref iList); } catch (Exception ex) { output += "<action type='error100'>Item: " + Request[id + "_title"].ToString() + " Message: " + ex.Message + "</action>"; } if (iWeb != null) { string status = ""; try { status = Request[id + "_!nativeeditor_status"].ToString(); } catch { } processItem(id, iWeb, iList, pList); if (liveHours) { processLiveHours(id, listGuid, iList); } if (status != "deleted" && bool.Parse(Request["edit"])) { processWssItem(id, iWeb, iList); } } } } } } SqlCommand cmd1 = new SqlCommand("UPDATE TSTIMESHEET set approval_status=0,lastmodifiedbyu=@u,lastmodifiedbyn=@n where ts_uid=@TS_UID", cn); cmd1.Parameters.AddWithValue("@TS_UID", tsuid); cmd1.Parameters.AddWithValue("@u", SPContext.Current.Web.CurrentUser.LoginName); cmd1.Parameters.AddWithValue("@n", SPContext.Current.Web.CurrentUser.Name); cmd1.ExecuteNonQuery(); SharedFunctions.processResources(cn, tsuid, SPContext.Current.Web, username); } cn.Close(); output += "<action type='settsuid' tsuid='" + tsuid + "'/>"; output += "</data>"; } }