void SetEditLinksAndVisibilityBasedOnPermissions(DataSet ds)
        {
            if (User != null && TabId != Null.NullInteger)
            {
                //Provide a permission aware EditLink as an additional column to the dataset
                var security = new ModuleSecurity(ModuleId, TabId,   Settings);
                var createdByColumnName = ColumnNameByDataType(ds, DataTypeNames.UDT_DataType_CreatedBy);

                ds.Tables[DataSetTableName.Data].Columns.Add(DataTableColumn.EditLink, typeof (string));

                var urlPattern = EditUrlPattern ?? Globals.NavigateURL(TabId, "edit", "mid=" + ModuleId, DataTableColumn.RowId + "={0}");

                foreach (DataRow row in ds.Tables[DataSetTableName.Data].Rows)
                {
                    var rowCreatorUserName = row[createdByColumnName].ToString();
                    var isRowOwner =
                        Convert.ToBoolean((rowCreatorUserName == User.Username) &&
                                          rowCreatorUserName != Definition.NameOfAnonymousUser);
                    if (security.IsAllowedToEditRow(isRowOwner))
                    {
                        row[DataTableColumn.EditLink] = string.Format(urlPattern, row[DataTableColumn.RowId]);
                    }
                }
                //Adjust visibility to actual permissions
                foreach (DataRow row in ds.Tables[DataSetTableName.Fields].Rows)
                {
                    row[FieldsTableColumn.Visible] = Convert.ToBoolean(row[FieldsTableColumn.Visible]) ||
                                                     (security.IsAllowedToSeeAllUserDefinedColumns() &&
                                                      (DataType.ByName(row[FieldsTableColumn.Type].ToString()).
                                                           IsUserDefinedField ||
                                                       Settings.ShowSystemColumns));
                }
            }
        }
예제 #2
0
        public EditControls(ModuleInstanceContext moduleContext)
        {
            _moduleContext = moduleContext;
            var isAdmin     = ModuleSecurity.IsAdministrator();
            var isAnonymous = Convert.ToBoolean(moduleContext.PortalSettings.UserId == -1);

            _inputFilterScript =
                Convert.ToBoolean(
                    !(isAdmin && !moduleContext.Settings[SettingName.ForceInputFiltering].AsBoolean()));
            _inputFilterTags =
                Convert.ToBoolean(!isAdmin &&
                                  (isAnonymous ||
                                   moduleContext.Settings[SettingName.ForceInputFiltering].AsBoolean()));
        }
예제 #3
0
        void InitViews()
        {
            var sec = new ModuleSecurity(ModuleId, TabId, new Components.Settings(Settings));

            switch (ModuleContext.Settings[SettingName.ListOrForm].AsString("Unknown"))
            {
                case "List":
                    LoadControlByKey("List");
                    break;
                case "Form":
                    if (Request.QueryString["show"].AsString() == "records" && sec.IsAllowedToViewList())
                    {
                        LoadControlByKey("List");
                    }
                    else
                    {
                        LoadControlByKey("Edit");
                    }
                    break;

                case "FormAndList":
                    LoadControlByKey("Edit");
                    if (sec.IsAllowedToViewList())
                    {
                        LoadControlByKey("List");
                    }
                    break;
                case "ListAndForm":
                    if (sec.IsAllowedToViewList())
                    {
                        LoadControlByKey("List");
                    }
                    LoadControlByKey("Edit");
                    break;
                default:
                    LoadControlByKey(IsNewModuleInstance() ? "TemplateList" : "List");
                    break;
            }
        }
예제 #4
0
        public void EnsureActionButton()
        {
            var useButtons = Settings.UseButtonsInForm;
            var sec = new ModuleSecurity(ModuleId, TabId, Settings );
            if (sec.IsAllowedToViewList() && Settings.OnlyFormIsShown )
            {
                var url = Globals.NavigateURL(TabId, "", "show=records");
                var title = Localization.GetString("List.Action", LocalResourceFile);
                cmdShowRecords.NavigateUrl = url;
                cmdShowRecords.Text = title;
                cmdShowRecords.Visible = useButtons;
            }

        }
예제 #5
0
        void BuildEditForm()
        {
            var fieldSettingsTable = FieldSettingsController.GetFieldSettingsTable(ModuleId);
            var editForm = new List<FormColumnInfo>();
            FormColumnInfo currentField;
            var security = new ModuleSecurity(ModuleContext);

            _editControls = new EditControls(ModuleContext);

            foreach (DataRow dr in Data.Tables[DataSetTableName.Fields].Rows)
            {
                var fieldTitle = dr[FieldsTableColumn.Title].AsString();
                var dataTypeName = dr[FieldsTableColumn.Type].AsString();
                var dataType = DataType.ByName(dataTypeName);

                var isColumnEditable =
                    Convert.ToBoolean((! dataType.SupportsHideOnEdit ||
                                       Convert.ToBoolean(dr[FieldsTableColumn.ShowOnEdit])) &&
                                      (! Convert.ToBoolean(dr[FieldsTableColumn.IsPrivate]) ||
                                       security.IsAllowedToEditAllColumns()));

                //If Column is hidden, the Fieldtype falls back to "String" as the related EditControl works perfect even if it is not visibile
                //EditControls of other user defined datatypes may use core controls (e.g. UrlControl or RTE) which are not rock solid regarding viewstate.
                if (! isColumnEditable && dataType.IsUserDefinedField)
                {
                    dataTypeName = "String";
                }

                currentField = new FormColumnInfo {IsUserDefinedField = dataType.IsUserDefinedField};

                if (dataType.IsSeparator)
                {
                    var fieldId = (int)dr[FieldsTableColumn.Id];
                    currentField.IsCollapsible = Data.Tables[DataSetTableName.FieldSettings].GetFieldSetting("IsCollapsible", fieldId).AsBoolean();
                    currentField.IsSeparator = true;
                    if (dr[FieldsTableColumn.Visible].AsBoolean())
                    {
                        currentField.Title = fieldTitle;
                    }
                    currentField.Visible = isColumnEditable;
                }
                else
                {
                    currentField.Help = dr[FieldsTableColumn.HelpText].AsString();
                    currentField.Title = dr[FieldsTableColumn.Title].AsString();
                    currentField.Required =
                        Convert.ToBoolean(dr[FieldsTableColumn.Required].AsBoolean() &&
                                          dataType.IsUserDefinedField);

                    //advanced Settings: Dynamic control
                    currentField.EditControl = _editControls.Add(dr[FieldsTableColumn.Title].AsString(),
                                                                dataTypeName, Convert.ToInt32(dr[FieldsTableColumn.Id]),
                                                                dr[FieldsTableColumn.HelpText].AsString(),
                                                                dr[FieldsTableColumn.Default].AsString(),
                                                                dr[FieldsTableColumn.Required].AsBoolean(),
                                                                dr[FieldsTableColumn.ValidationRule].AsString(),
                                                                dr[FieldsTableColumn.ValidationMessage].AsString(),
                                                                dr[FieldsTableColumn.EditStyle].AsString(),
                                                                dr[FieldsTableColumn.InputSettings].AsString(),
                                                                dr[FieldsTableColumn.OutputSettings].AsString(),
                                                                dr[FieldsTableColumn.NormalizeFlag].AsBoolean(),
                                                                dr[FieldsTableColumn.MultipleValues].AsBoolean(),
                                                                fieldSettingsTable,
                                                                this );
                    currentField.Visible = isColumnEditable;
                }
                editForm.Add(currentField);
            }

            if (CaptchaNeeded())
            {
                _ctlCaptcha = new CaptchaControl
                                  {
                                      ID = "Captcha",
                                      CaptchaWidth = Unit.Pixel(130),
                                      CaptchaHeight = Unit.Pixel(40),
                                      ToolTip = Localization.GetString("CaptchaToolTip", LocalResourceFile),
                                      ErrorMessage = Localization.GetString("CaptchaError", LocalResourceFile)
                                  };
                currentField = new FormColumnInfo
                                   {
                                       Title = Localization.GetString("Captcha", LocalResourceFile),
                                       EditControl = _ctlCaptcha,
                                       Visible = true,
                                       IsUserDefinedField = false
                                   };
                editForm.Add(currentField);
            }
            BuildCssForm(editForm);
            //Change captions of buttons in Form mode
            if (IsNewRow && Settings.ListOrForm.Contains("Form"))
            {
                cmdUpdate.Attributes["resourcekey"] = "cmdSend.Text";
     }
        }
예제 #6
0
 void CheckPermission(bool isUsersOwnItem = true)
 {
     var security = new ModuleSecurity(ModuleContext);
     if (
         !((! IsNewRow && security.IsAllowedToEditRow(isUsersOwnItem)) ||
           (IsNewRow && security.IsAllowedToAddRow() && (security.IsAllowedToAdministrateModule() || HasAddPermissonByQuota() ))))
     {
         if (IsNested())
         {
             cmdUpdate.Enabled = false;
         
             divForm.Visible = true;
         }
         else
         {
             Response.Redirect(Globals.NavigateURL(ModuleContext.TabId), true);
         }
     }
     else
     {
         _hasUpdatePermission = true;
     }
     _hasDeletePermission = Convert.ToBoolean(security.IsAllowedToDeleteRow(isUsersOwnItem) && ! IsNewRow);
     cmdDelete.Visible = _hasDeletePermission;
 }
예제 #7
0
        public void EnsureActionButton()
        {

            var modSecurity = new ModuleSecurity(ModuleContext);
            var useButtons = Settings.UseButtonsInForm ;

            if (Settings.OnlyFormIsShown )
            {
                var url = Globals.NavigateURL(ModuleContext.TabId);
                var title = Localization.GetString("BackToForm.Action", LocalResourceFile);

                ActionLink.NavigateUrl = url;
                ActionLink.Text = title;
                placeholderActions.Visible = useButtons;
            }
            else if (Settings.OnlyListIsShown && modSecurity.IsAllowedToAddRow() && SchemaIsDefined() &&
                     (modSecurity.IsAllowedToAdministrateModule() || HasAddPermissonByQuota()))
            {
                var url = ModuleContext.EditUrl();
                var title = Localization.GetString(ModuleActionType.AddContent, LocalResourceFile);

                ActionLink.NavigateUrl = url;
                ActionLink.Text = title;
                placeholderActions.Visible = useButtons;
            }
        }
예제 #8
0
 void ShowModuleMessage(string message)
 {
     var moduleControl = GetModuleControl();
     var modSecurity = new ModuleSecurity(ModuleContext);
     if (modSecurity.IsAllowedToAdministrateModule())
     {
          UI.Skins.Skin.AddModuleMessage(moduleControl, message,ModuleMessage.ModuleMessageType.YellowWarning);
     }
 }
예제 #9
0
 public void RaisePostBackEvent(string eventArgument)
 {
     var modSecurity = new ModuleSecurity(ModuleContext);
     if (eventArgument == "DeleteAll" && modSecurity.IsAllowedToAdministrateModule())
     {
         UdtController.DeleteRows();
         Response.Redirect(Globals.NavigateURL(ModuleContext.TabId), true);
     }
 }