/// <summary> /// get the list of access permissions to database tables for the user /// </summary> /// <param name="AUserID"></param> /// <returns></returns> public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID) { SUserTableAccessPermissionTable ReturnValue; TDBTransaction ReadTransaction; Boolean NewTransaction = false; try { ReadTransaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.Serializable, out NewTransaction); if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ReadTransaction) > 0) { ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ReadTransaction); } else { ReturnValue = new SUserTableAccessPermissionTable(); } } finally { if (NewTransaction) { DBAccess.GDBAccessObj.CommitTransaction(); TLogging.LogAtLevel(8, "TTableAccessPermissionManager.LoadTableAccessPermissions: committed own transaction."); } } return(ReturnValue); }
/// <summary> /// get the list of access permissions to database tables for the user /// </summary> /// <param name="AUserID"></param> /// <returns></returns> public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID) { SUserTableAccessPermissionTable ReturnValue; TDBTransaction ReadTransaction; Boolean NewTransaction = false; try { ReadTransaction = DBAccess.GDBAccessObj.GetNewOrExistingTransaction(IsolationLevel.Serializable, out NewTransaction); if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ReadTransaction) > 0) { ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ReadTransaction); } else { ReturnValue = new SUserTableAccessPermissionTable(); } } finally { if (NewTransaction) { DBAccess.GDBAccessObj.CommitTransaction(); TLogging.LogAtLevel(8, "TTableAccessPermissionManager.LoadTableAccessPermissions: committed own transaction."); } } return ReturnValue; }
/// <summary> /// tells if the user has the given permission to the given table /// </summary> /// <param name="APermission"></param> /// <param name="ADBTable"></param> /// <returns></returns> public Boolean IsTableAccessOK(TTableAccessPermission APermission, String ADBTable) { Boolean ReturnValue; SUserTableAccessPermissionRow FoundTableRow; DataRow[] FoundDataRows = FUserTableAccessPermissionDT.Select( SUserTableAccessPermissionTable.GetTableNameDBName() + " = '" + ADBTable + "'"); if (FoundDataRows.Length != 0) { ReturnValue = true; FoundTableRow = (SUserTableAccessPermissionRow)FoundDataRows[0]; switch (APermission) { case TTableAccessPermission.tapINQUIRE: if (!FoundTableRow.CanInquire) { ReturnValue = false; } break; case TTableAccessPermission.tapMODIFY: if (!FoundTableRow.CanModify) { ReturnValue = false; } break; case TTableAccessPermission.tapCREATE: if (!FoundTableRow.CanCreate) { ReturnValue = false; } break; case TTableAccessPermission.tapDELETE: if (!FoundTableRow.CanDelete) { ReturnValue = false; } break; } } else { ReturnValue = false; } return(ReturnValue); }
/// <summary> /// get the list of access permissions to database tables for the user /// </summary> /// <param name="AUserID"></param> /// <param name="ATransaction">Instantiated DB Transaction.</param> /// <returns></returns> public static SUserTableAccessPermissionTable LoadTableAccessPermissions(String AUserID, TDBTransaction ATransaction) { SUserTableAccessPermissionTable ReturnValue; if (SUserTableAccessPermissionAccess.CountViaSUser(AUserID, ATransaction) > 0) { ReturnValue = SUserTableAccessPermissionAccess.LoadViaSUser(AUserID, ATransaction); } else { ReturnValue = new SUserTableAccessPermissionTable(); } return(ReturnValue); }
/// <summary> /// constructor /// </summary> /// <param name="AIdentity"></param> /// <param name="AGroups"></param> /// <param name="AUserTableAccessPermissions"></param> /// <param name="AModuleAccess"></param> /// <param name="AFunctions"></param> /// <param name="ARoles"></param> public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity, SUserGroupTable AGroups, SUserTableAccessPermissionTable AUserTableAccessPermissions, String[] AModuleAccess, String[] AFunctions, String[] ARoles) : base() { if (AIdentity == null) { throw new ArgumentNullException("AIdentity", "Argument must not be null"); } FIdentity = AIdentity; FGroupsDT = AGroups; FUserTableAccessPermissionDT = AUserTableAccessPermissions; FModuleAccess = AModuleAccess; FFunctions = AFunctions; FRoles = ARoles; // Prepare Arrays for fast BinarySearch if (FModuleAccess != null) { System.Array.Sort(FModuleAccess); } if (FRoles != null) { System.Array.Sort(FRoles); } if (FFunctions != null) { System.Array.Sort(FFunctions); } // Default LoginMessage is not defined FLoginMessage = null; }
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName, string AModulePermissions) { TDBTransaction ReadTransaction = null; TDBTransaction SubmitChangesTransaction = null; bool UserExists = false; bool SubmissionOK = false; // TODO: check permissions. is the current user allowed to create other users? SUserTable userTable = new SUserTable(); SUserRow newUser = userTable.NewRowTyped(); newUser.UserId = AUsername; newUser.FirstName = AFirstName; newUser.LastName = AFamilyName; if (AUsername.Contains("@")) { newUser.EmailAddress = AUsername; newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")). Replace(".", string.Empty). Replace("_", string.Empty).ToUpper(); } // Check whether the user that we are asked to create already exists DBAccess.GDBAccessObj.BeginAutoReadTransaction(IsolationLevel.ReadCommitted, ref ReadTransaction, delegate { if (SUserAccess.Exists(newUser.UserId, ReadTransaction)) { TLogging.Log("Cannot create new user as a user with User Name '" + newUser.UserId + "' already exists!"); UserExists = true; } }); if (UserExists) { return(false); } userTable.Rows.Add(newUser); string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false); if (UserAuthenticationMethod == "OpenPetraDBSUser") { if (APassword.Length > 0) { newUser.PasswordSalt = PasswordHelper.GetNewPasswordSalt(); newUser.PasswordHash = PasswordHelper.GetPasswordHash(APassword, newUser.PasswordSalt); newUser.PasswordNeedsChange = true; } } else { try { IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod); if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName)) { newUser = null; } } catch (Exception e) { TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString()); return(false); } } if (newUser != null) { DBAccess.GDBAccessObj.BeginAutoTransaction(IsolationLevel.Serializable, ref SubmitChangesTransaction, ref SubmissionOK, delegate { SUserAccess.SubmitChanges(userTable, SubmitChangesTransaction); List <string> modules = new List <string>(); if (AModulePermissions == DEMOMODULEPERMISSIONS) { modules.Add("PTNRUSER"); modules.Add("FINANCE-1"); ALedgerTable theLedgers = ALedgerAccess.LoadAll(SubmitChangesTransaction); foreach (ALedgerRow ledger in theLedgers.Rows) { modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000")); } } else { string[] modulePermissions = AModulePermissions.Split(new char[] { ',' }); foreach (string s in modulePermissions) { if (s.Trim().Length > 0) { modules.Add(s.Trim()); } } } SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable(); foreach (string module in modules) { SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped(); moduleAccessPermissionRow.UserId = newUser.UserId; moduleAccessPermissionRow.ModuleId = module; moduleAccessPermissionRow.CanAccess = true; moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow); } SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, SubmitChangesTransaction); // TODO: table permissions should be set by the module list // TODO: add p_data_label... tables here so user can generally have access string[] tables = new string[] { "p_bank", "p_church", "p_family", "p_location", "p_organisation", "p_partner", "p_partner_location", "p_partner_type", "p_person", "p_unit", "p_venue", "p_data_label", "p_data_label_lookup", "p_data_label_lookup_category", "p_data_label_use", "p_data_label_value_partner", }; SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable(); foreach (string table in tables) { SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped(); tableAccessPermissionRow.UserId = newUser.UserId; tableAccessPermissionRow.TableName = table; tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow); } SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, SubmitChangesTransaction); SubmissionOK = true; }); return(true); } return(false); }
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName, string AModulePermissions) { TDBTransaction ReadTransaction = null; TDBTransaction SubmitChangesTransaction = null; bool UserExists = false; bool SubmissionOK = false; // TODO: check permissions. is the current user allowed to create other users? SUserTable userTable = new SUserTable(); SUserRow newUser = userTable.NewRowTyped(); newUser.UserId = AUsername; newUser.FirstName = AFirstName; newUser.LastName = AFamilyName; if (AUsername.Contains("@")) { newUser.EmailAddress = AUsername; newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")). Replace(".", string.Empty). Replace("_", string.Empty).ToUpper(); } // Check whether the user that we are asked to create already exists DBAccess.GDBAccessObj.BeginAutoReadTransaction(IsolationLevel.ReadCommitted, ref ReadTransaction, delegate { if (SUserAccess.Exists(newUser.UserId, ReadTransaction)) { TLogging.Log("Cannot create new user as a user with User Name '" + newUser.UserId + "' already exists!"); UserExists = true; } }); if (UserExists) { return false; } userTable.Rows.Add(newUser); string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false); if (UserAuthenticationMethod == "OpenPetraDBSUser") { if (APassword.Length > 0) { newUser.PasswordSalt = PasswordHelper.GetNewPasswordSalt(); newUser.PasswordHash = PasswordHelper.GetPasswordHash(APassword, newUser.PasswordSalt); newUser.PasswordNeedsChange = true; } } else { try { IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod); if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName)) { newUser = null; } } catch (Exception e) { TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString()); return false; } } if (newUser != null) { DBAccess.GDBAccessObj.BeginAutoTransaction(IsolationLevel.Serializable, ref SubmitChangesTransaction, ref SubmissionOK, delegate { SUserAccess.SubmitChanges(userTable, SubmitChangesTransaction); List <string>modules = new List <string>(); if (AModulePermissions == DEMOMODULEPERMISSIONS) { modules.Add("PTNRUSER"); modules.Add("FINANCE-1"); ALedgerTable theLedgers = ALedgerAccess.LoadAll(SubmitChangesTransaction); foreach (ALedgerRow ledger in theLedgers.Rows) { modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000")); } } else { string[] modulePermissions = AModulePermissions.Split(new char[] { ',' }); foreach (string s in modulePermissions) { if (s.Trim().Length > 0) { modules.Add(s.Trim()); } } } SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable(); foreach (string module in modules) { SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped(); moduleAccessPermissionRow.UserId = newUser.UserId; moduleAccessPermissionRow.ModuleId = module; moduleAccessPermissionRow.CanAccess = true; moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow); } SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, SubmitChangesTransaction); // TODO: table permissions should be set by the module list string[] tables = new string[] { "p_bank", "p_church", "p_family", "p_location", "p_organisation", "p_partner", "p_partner_location", "p_partner_type", "p_person", "p_unit", "p_venue" }; SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable(); foreach (string table in tables) { SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped(); tableAccessPermissionRow.UserId = newUser.UserId; tableAccessPermissionRow.TableName = table; tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow); } SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, SubmitChangesTransaction); SubmissionOK = true; }); return true; } return false; }
/// <summary> /// constructor /// </summary> /// <param name="AIdentity"></param> /// <param name="AGroups"></param> /// <param name="AUserTableAccessPermissions"></param> /// <param name="AModuleAccess"></param> public TPetraPrincipal(System.Security.Principal.IIdentity AIdentity, SUserGroupTable AGroups, SUserTableAccessPermissionTable AUserTableAccessPermissions, String[] AModuleAccess) : this(AIdentity, AGroups, AUserTableAccessPermissions, AModuleAccess, null, null) { }
public static bool CreateUser(string AUsername, string APassword, string AFirstName, string AFamilyName, string AModulePermissions, string AClientComputerName, string AClientIPAddress, TDBTransaction ATransaction = null) { TDataBase DBConnectionObj = DBAccess.GetDBAccessObj(ATransaction); TDBTransaction ReadWriteTransaction = null; bool SeparateDBConnectionEstablished = false; bool NewTransaction; bool SubmissionOK = false; // TODO: check permissions. is the current user allowed to create other users? SUserTable userTable = new SUserTable(); SUserRow newUser = userTable.NewRowTyped(); newUser.UserId = AUsername; newUser.FirstName = AFirstName; newUser.LastName = AFamilyName; if (AUsername.Contains("@")) { newUser.EmailAddress = AUsername; newUser.UserId = AUsername.Substring(0, AUsername.IndexOf("@")). Replace(".", string.Empty). Replace("_", string.Empty).ToUpper(); } if (DBConnectionObj == null) { // ATransaction was null and GDBAccess is also null: we need to establish a DB Connection manually here! DBConnectionObj = DBAccess.SimpleEstablishDBConnection("CreateUser"); SeparateDBConnectionEstablished = true; } ReadWriteTransaction = DBConnectionObj.GetNewOrExistingTransaction( IsolationLevel.Serializable, out NewTransaction, "CreateUser"); try { // Check whether the user that we are asked to create already exists if (SUserAccess.Exists(newUser.UserId, ReadWriteTransaction)) { TLogging.Log("Cannot create new user because a user with User Name '" + newUser.UserId + "' already exists!"); return(false); } newUser.PwdSchemeVersion = TPasswordHelper.CurrentPasswordSchemeNumber; userTable.Rows.Add(newUser); string UserAuthenticationMethod = TAppSettingsManager.GetValue("UserAuthenticationMethod", "OpenPetraDBSUser", false); if (UserAuthenticationMethod == "OpenPetraDBSUser") { if (APassword.Length > 0) { SetNewPasswordHashAndSaltForUser(newUser, APassword, AClientComputerName, AClientIPAddress, ReadWriteTransaction); if (AModulePermissions != TMaintenanceWebConnector.DEMOMODULEPERMISSIONS) { newUser.PasswordNeedsChange = true; } } } else { try { IUserAuthentication auth = TUserManagerWebConnector.LoadAuthAssembly(UserAuthenticationMethod); if (!auth.CreateUser(AUsername, APassword, AFirstName, AFamilyName)) { newUser = null; } } catch (Exception e) { TLogging.Log("Problem loading user authentication method " + UserAuthenticationMethod + ": " + e.ToString()); return(false); } } if (newUser != null) { SUserAccess.SubmitChanges(userTable, ReadWriteTransaction); List <string> modules = new List <string>(); if (AModulePermissions == DEMOMODULEPERMISSIONS) { modules.Add("PTNRUSER"); modules.Add("FINANCE-1"); ALedgerTable theLedgers = ALedgerAccess.LoadAll(ReadWriteTransaction); foreach (ALedgerRow ledger in theLedgers.Rows) { modules.Add("LEDGER" + ledger.LedgerNumber.ToString("0000")); } } else { string[] modulePermissions = AModulePermissions.Split(new char[] { ',' }); foreach (string s in modulePermissions) { if (s.Trim().Length > 0) { modules.Add(s.Trim()); } } } SUserModuleAccessPermissionTable moduleAccessPermissionTable = new SUserModuleAccessPermissionTable(); foreach (string module in modules) { SUserModuleAccessPermissionRow moduleAccessPermissionRow = moduleAccessPermissionTable.NewRowTyped(); moduleAccessPermissionRow.UserId = newUser.UserId; moduleAccessPermissionRow.ModuleId = module; moduleAccessPermissionRow.CanAccess = true; moduleAccessPermissionTable.Rows.Add(moduleAccessPermissionRow); } SUserModuleAccessPermissionAccess.SubmitChanges(moduleAccessPermissionTable, ReadWriteTransaction); // TODO: table permissions should be set by the module list // TODO: add p_data_label... tables here so user can generally have access string[] tables = new string[] { "p_bank", "p_church", "p_family", "p_location", "p_organisation", "p_partner", "p_partner_location", "p_partner_type", "p_person", "p_unit", "p_venue", "p_data_label", "p_data_label_lookup", "p_data_label_lookup_category", "p_data_label_use", "p_data_label_value_partner", }; SUserTableAccessPermissionTable tableAccessPermissionTable = new SUserTableAccessPermissionTable(); foreach (string table in tables) { SUserTableAccessPermissionRow tableAccessPermissionRow = tableAccessPermissionTable.NewRowTyped(); tableAccessPermissionRow.UserId = newUser.UserId; tableAccessPermissionRow.TableName = table; tableAccessPermissionTable.Rows.Add(tableAccessPermissionRow); } SUserTableAccessPermissionAccess.SubmitChanges(tableAccessPermissionTable, ReadWriteTransaction); TUserAccountActivityLog.AddUserAccountActivityLogEntry(newUser.UserId, TUserAccountActivityLog.USER_ACTIVITY_USER_RECORD_CREATED, String.Format(Catalog.GetString("The user record for the new user {0} got created by user {1}. "), newUser.UserId, UserInfo.GUserInfo.UserID) + String.Format(ResourceTexts.StrRequestCallerInfo, AClientComputerName, AClientIPAddress), ReadWriteTransaction); SubmissionOK = true; return(true); } } finally { if (NewTransaction) { if (SubmissionOK) { ReadWriteTransaction.DataBaseObj.CommitTransaction(); } else { ReadWriteTransaction.DataBaseObj.RollbackTransaction(); } if (SeparateDBConnectionEstablished) { DBConnectionObj.CloseDBConnection(); } } } return(false); }