protected void Page_Load(object sender, EventArgs e) { //Set authenticatedToken to resource search control ResourceDetailView.AuthenticatedToken = Session[Constants.AuthenticationTokenKey] as AuthenticatedToken; if (!IsPostBack) { DeleteButton.Attributes.Add("OnClick", "javascript: return confirm('" + Resources.Resources.ConfirmDeleteResource + "');"); ResourceDetailView.ResourceId = ResourceId; if (ResourceDetailView.ResourceId != Guid.Empty && ResourceDetailView.AuthenticatedToken != null) { //Check whether use is authorize to delete the resource. If not then make Delete buttion invisible. using (ResourceDataAccess dataAccess = new ResourceDataAccess()) { if (!dataAccess.AuthorizeUser(ResourceDetailView.AuthenticatedToken, UserResourcePermissions.Delete, ResourceDetailView.ResourceId)) { DeleteButton.Visible = false; } } } else { DeleteButton.Visible = false; } } }
private ICollection <ScholarlyWork> FilterResourcesBasedOnPermissions(AuthenticatedToken token, string userPermission, ICollection <ScholarlyWork> resourceList) { List <ScholarlyWork> filteredResources = new List <ScholarlyWork>(); if (token != null && resourceList != null && resourceList.Count > 0) { using (ResourceDataAccess dataAccess = new ResourceDataAccess()) { if (UserResourcePermissions.Create.Equals(userPermission)) { if (dataAccess.HasCreatePermission(token)) { foreach (ScholarlyWork scholWork in resourceList) { bool isAuthorized = true; foreach (Contact contact in scholWork.Authors.Union(scholWork.Editors)) { Contact cFound = dataAccess.GetResources <Contact>(ResourceStringComparison.Equals, contact.Title).FirstOrDefault(); if (cFound != null && !dataAccess.AuthorizeUser(token, userPermission, cFound.Id)) { isAuthorized = false; break; } } if (isAuthorized) { filteredResources.Add(scholWork); } } } } else { foreach (ScholarlyWork scholWork in resourceList) { if (dataAccess.AuthorizeUser(token, userPermission, scholWork.Id)) { filteredResources.Add(scholWork); } } } } } return(filteredResources); }
/// <summary> /// Delete given resource from database. /// </summary> /// <param name="sender">sender</param> /// <param name="e">Event Args</param> protected void DeleteButton_OnClick(object sender, EventArgs e) { using (ResourceDataAccess dataAccess = new ResourceDataAccess()) { if (ResourceDetailView.ResourceId != Guid.Empty) { Resource resource = dataAccess.GetResource(ResourceDetailView.ResourceId); bool isAuthorized = resource is CategoryNode? dataAccess.AuthorizeUserForDeletePermissionOnCategory(ResourceDetailView.AuthenticatedToken, resource.Id) : dataAccess.AuthorizeUser(ResourceDetailView.AuthenticatedToken, UserResourcePermissions.Delete, resource.Id); if (isAuthorized) { bool isDeleted = resource is CategoryNode? dataAccess.DeleteCategoryNodeWithHierarchy(ResourceDetailView.ResourceId) : dataAccess.DeleteResource(ResourceDetailView.ResourceId); //Delete resource if (isDeleted) { DeleteButton.Visible = false; ResourceDetailView.Visible = false; //Show Delete successful message MessageLabel.ForeColor = System.Drawing.Color.Black; MessageLabel.Text = Resources.Resources.AlertRecordDelerted; if (OnSuccessfulDelete != null) { OnSuccessfulDelete(this, new EventArgs()); } } else { //Show delete failure message MessageLabel.ForeColor = System.Drawing.Color.Red; MessageLabel.Text = Resources.Resources.AlertResourceDelertedError; } } else { //Show delete failure message MessageLabel.ForeColor = System.Drawing.Color.Red; if (resource is CategoryNode) { MessageLabel.Text = Resources.Resources.MsgUnauthorizeAccessDeleteCategory; } else { MessageLabel.Text = string.Format(CultureInfo.InvariantCulture, Resources.Resources.MsgUnAuthorizeAccess, UserResourcePermissions.Delete); } } } } }
void ResourceListView_OnDeleteButtonClicked(object sender, DeleteEventArgs e) { if (e.EntityIdList != null && e.EntityIdList.Count > 0) { using (ResourceDataAccess resourceDAL = new ResourceDataAccess(this.CreateContext())) { if (IsSecurityAwareControl) { Collection <Guid> resourceIdsToBeDeleted = new Collection <Guid>(); foreach (Guid resId in e.EntityIdList.ToList()) { Resource resource = resourceDAL.GetResource(resId); if (resource != null) { resourceIdsToBeDeleted.Add(resource.Id); CategoryNode categoryNodeobject = resource as CategoryNode; bool isCategoryNode = false; if (categoryNodeobject != null) { isCategoryNode = true; } if (IsSecurityAwareControl && AuthenticatedToken != null) { bool isAuthorized = isCategoryNode ? resourceDAL.AuthorizeUserForDeletePermissionOnCategory(AuthenticatedToken, resId) : resourceDAL.AuthorizeUser(AuthenticatedToken, UserResourcePermissions.Delete, resId); if (!isAuthorized) { if (isCategoryNode) { throw new UnauthorizedAccessException(GlobalResource.UnauthorizedAccessExceptionCategoryDelete); } else { throw new UnauthorizedAccessException(string.Format(CultureInfo.InvariantCulture, GlobalResource.UnauthorizedAccessException, UserResourcePermissions.Delete)); } } } if (isCategoryNode) { UpdateEntityListWithCategoryNodes(categoryNodeobject, resourceIdsToBeDeleted); } } } resourceDAL.DeleteResources(resourceIdsToBeDeleted); } } //Refresh data source for current page. Refresh(); //If page count is changed and Data fetched is empty then try to fetch last page IList entityList = ResourceListView.DataSource as IList; if ((entityList == null || entityList.Count == 0) && ResourceListView.TotalRecords > 0) { ResourceListView.PageIndex = Convert.ToInt32(Math.Ceiling((double)ResourceListView.TotalRecords / ResourceListView.PageSize)) - 1; Refresh(); } } }
protected void Page_Load(object sender, EventArgs e) { Control startNavigationTemplate = Wizard1.FindControl(_templateContainerID) as Control; if (startNavigationTemplate != null) { Button stepNextButton = startNavigationTemplate.FindControl(_stepNextButtonId) as Button; if (stepNextButton != null) { stepNextButton.Text = Resources.Resources.BibTexImportStep1NextButtonText; } } // This is required to avoid "PageRequestManagerParserErrorException" exception with update panel // because there is rendering problem with update panel. Control stepNavigationTemplate = Wizard1.FindControl(_stepNavTemplateContainerID) as Control; if (stepNavigationTemplate != null) { Button step2ImportButton = stepNavigationTemplate.FindControl(_step2ImportButton) as Button; if (step2ImportButton != null) { step2ImportButton.Text = Resources.Resources.BibTexImportStep2ButtonText; } } Guid guid = Guid.Empty; this.HideError(); if (!this.IsPostBack) { LocalizePage(); } bool isValidGuid = true; if (Request.QueryString[_queryStringKey] != null) { try { guid = new Guid(Request.QueryString[_queryStringKey]); } catch (FormatException) { this.DisplayError(Resources.Resources.InvalidResource); isValidGuid = false; } catch (OverflowException) { this.DisplayError(Resources.Resources.InvalidResource); isValidGuid = false; } } else if (guid == Guid.Empty) { this.DisplayError(Resources.Resources.BibtexImportMissinfId); isValidGuid = false; } if (isValidGuid) { using (ResourceDataAccess resourceDAL = new ResourceDataAccess()) { _scholarlyWorkObj = (ScholarlyWork)resourceDAL.GetResource(guid); AuthenticatedToken token = Session[Constants.AuthenticationTokenKey] as AuthenticatedToken; //if user is not having update permission on the subject resource then throw exception. if (!resourceDAL.AuthorizeUser(token, UserResourcePermissions.Update, _scholarlyWorkObj.Id)) { throw new UnauthorizedAccessException(string.Format(CultureInfo.InstalledUICulture, Resources.Resources.MsgUnAuthorizeAccess, UserResourcePermissions.Update)); } if (_scholarlyWorkObj != null) { _scholarlyWorkObj.Cites.Load(); } else { // Handle scenario which is "a resource deleted by one user and another user operating on the resource". this.DisplayError(Resources.Resources.ResourceNotFound); this._isResExist = false; } } if (!IsPostBack && this.Wizard1.ActiveStepIndex == 0) { if (_scholarlyWorkObj == null) { this.DisplayError(Resources.Resources.ResourceNotFound); } else { ResourceTitleLabel.InnerText = Resources.Resources.ResourceLabelTitleText; LabelImportResourceTitle.Text = FitString(_scholarlyWorkObj.Title, 40); LabelImportResourceTitle.NavigateUrl = _resourceDetailUrl + _scholarlyWorkObj.Id; } } } }