public AjaxForm GetRoleEditForm(Guid? roleID)
{
SecurityProvider.Role role;
if (roleID == null)
role = new SecurityProvider.Role();
else
{
role = SecurityProvider.Role.Load(roleID.Value);
if (role == null)
throw new AjaxException("The requested role does not exist in the database.");
if (role.Locked)
throw new AjaxException("This is a system role and cannot be modified.");
}
AjaxForm form = new AjaxForm("RoleEditForm");
form.RecordID = roleID;
AjaxFormFieldBlock block = new AjaxFormFieldBlock("RoleDetails", "Role Details");
block.Add(new AjaxFormInputField("Role Name",
"Name", 100, role.Locked, null, null, role.Name, null,
"function(value){{if(value.length==0) return 'A name is required'; return null;}}",
true, 0));
block.Add(new AjaxFormCheckboxField("Role is enabled", "Enabled", role.Enabled, role.Locked, null, null, false, 1));
block.Rank = 0;
form.FieldBlocks.Add(block);
List<Guid> roleDescendents = new List<Guid>();
IDbCommand cmd = Database.Main.CreateCommand("ListDescendentRoles", CommandType.StoredProcedure);
Database.Main.AddParameter(cmd, "@RoleID", role.RoleID);
DataSet ds = Database.Main.GetDataSet(cmd);
foreach (DataRow row in ds.Tables[0].Rows)
roleDescendents.Add((Guid)row["RoleID"]);
cmd = Database.Main.CreateCommand("ListRoleToRoleAssignmentStates", CommandType.StoredProcedure);
Database.Main.AddParameter(cmd, "@RoleID", role.RoleID);
ds = Database.Main.GetDataSet(cmd);
block = new AjaxFormFieldBlock("Roles", "Roles that this role should adopt");
block.Rank = 1;
int c = 0;
foreach (DataRow row in ds.Tables[0].Rows)
if (CurrentUser.HasPermission(row["RoleCode"].ToString()) && !roleDescendents.Contains((Guid)row["RoleID"]))
block.Add(new AjaxFormCheckboxField(
row["Name"].ToString(), row["RoleCode"].ToString(),
(bool)row["Inherited"], role.Locked, null, null, false, c++));
if (block.Count > 0)
form.FieldBlocks.Add(block);
cmd = Database.Main.CreateCommand("ListPermissionValuesForRole", CommandType.StoredProcedure);
Database.Main.AddParameter(cmd, "@RoleID", role.RoleID);
Database.Main.AddParameter(cmd, "@ShowAllPermissions", true);
ds = Database.Main.GetDataSet(cmd);
block = new AjaxFormFieldBlock("Permissions", "Permission Settings");
c = 0;
foreach (DataRow row in ds.Tables[0].Rows)
if (CurrentUser.HasPermission(row["PermissionTypeCode"].ToString()))
block.Add(new AjaxFormCheckboxField(
row["Description"].ToString(), row["PermissionTypeCode"].ToString(),
row["Value"] == DBNull.Value ? false : (bool)row["Value"], role.Locked, null, null, false, c++));
AjaxFormButtonGroup buttons = new AjaxFormButtonGroup();
block.Rank = 2;
buttons.Rank = 10000;
buttons.AddSubmitButton(null, "Save", "SecurityInterface.OnRoleSaved", null);
if (roleID != null)
if (!role.Locked) buttons.AddButton(null, "Delete", "SecurityInterface.DeleteRole('" + roleID.ToString() + "')");
buttons.AddButton(null, "Cancel", "$('security-permissionlist').innerHTML = '';");
block.Add(buttons);
if (block.Count > 0)
form.FieldBlocks.Add(block);
return form;
}
void OnSaveForm(AjaxFormSubmittedValues form)
{
switch (form.FormName)
{
case "UserEditForm":
if(!WebSecurity.CurrentUser.VerifyPermission(SecurityProvider.PermissionTypeCodes.UserAdministrator)) return;
AjaxFormSubmittedValues.Block block = form.Blocks["MainUserFields"];
string pw = block.Fields["Password"].Value;
bool enabled = block.Fields["Enabled"].Value == "True";
if (pw.Length == 0) pw = null;
SecurityProvider.User user;
if (form.RecordID == null)
{
user = new SecurityProvider.User(
WebsiteClient.ClientID,
block.Fields["Username"].Value,
pw,
block.Fields["FirstName"].Value,
block.Fields["Surname"].Value,
block.Fields["Email"].Value,
enabled,
false, false);
user.Save();
if (OnUserSaved != null)
OnUserSaved(form, user);
form.RecordID = user.UserID;
}
else
{
user = SecurityProvider.User.Load(form.RecordID.Value);
if (!CurrentUser.CanModifyUser(user))
throw new AjaxException("You don't have access to modify that user.");
user.Username = block.Fields["Username"].Value;
if (pw != null) user.Password = pw;
user.FirstName = block.Fields["FirstName"].Value;
user.Surname = block.Fields["Surname"].Value;
user.Email = block.Fields["Email"].Value;
user.Enabled = enabled;
user.Save();
if (OnUserSaved != null)
OnUserSaved(form, user);
if (user.Locked) return; // don't muck with permissions/roles
}
StringBuilder sql = new StringBuilder();
if (user.Username != CurrentUser.Username) // users can't alter their own permissions
{
if (form.Blocks.ContainsKey("Roles"))
foreach (KeyValuePair<string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Roles"].Fields)
if (WebSecurity.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role
if (kvp.Value.Value == "True")
sql.AppendFormat("exec AssignUserToRole '{0}', '{1}'\r\n", user.UserID, kvp.Value.Name.Replace("'", "''"));
if (form.Blocks.ContainsKey("Permissions"))
foreach (KeyValuePair<string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Permissions"].Fields)
if (WebSecurity.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role
if (kvp.Value.Value == "True")
sql.AppendFormat("exec AssignPermission '{0}', null, '{1}'\r\n", kvp.Value.Name.Replace("'", "''"), user.UserID);
if (sql.Length == 0) return;
user.RevokeRolesAndPermissions(); // revoke any pre-existing permissions/roles before we assign the new ones
Database.Main.CreateCommand(sql.ToString(), CommandType.Text).ExecuteNonQuery();
}
break;
case "RoleEditForm":
if (!WebSecurity.CurrentUser.VerifyPermission(SecurityProvider.PermissionTypeCodes.UserAdministrator)) return;
block = form.Blocks["RoleDetails"];
string name = block.Fields["Name"].Value;
enabled = block.Fields["Enabled"].Value == "True";
SecurityProvider.Role role;
if (form.RecordID == null)
{
role = new SecurityProvider.Role();
role.RoleCode = role.RoleID.ToString(); // role codes are only used by system roles
role.ClientID = defaultClient.ClientID;
}
else
{
role = SecurityProvider.Role.Load(form.RecordID.Value);
if (role == null) return;
if (role.Locked) return; // locked roles aren't supposed to be edited by users
}
role.Name = name;
role.Enabled = enabled;
((SecurityProvider)Core.Instance["SecurityProvider"]).SaveRole(role);
sql = new StringBuilder();
if (form.Blocks.ContainsKey("Roles"))
foreach (KeyValuePair<string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Roles"].Fields)
if (WebSecurity.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role
if (kvp.Value.Value == "True")
sql.AppendFormat("exec InheritRoleFrom '{0}', '{1}'\r\n", role.RoleID, kvp.Value.Name.Replace("'", "''"));
if (form.Blocks.ContainsKey("Permissions"))
foreach (KeyValuePair<string, AjaxFormSubmittedValues.Field> kvp in form.Blocks["Permissions"].Fields)
if (WebSecurity.CurrentUser.HasRole(kvp.Value.Name)) //make sure the logged in user has the right to assign this role
if (kvp.Value.Value == "True")
sql.AppendFormat("exec AssignPermission '{0}', null, '{1}'\r\n", kvp.Value.Name.Replace("'", "''"), role.RoleID);
role.RevokeRolesAndPermissions(); // revoke any pre-existing permissions/roles before we assign the new ones
if (sql.Length == 0) return;
Database.Main.CreateCommand(sql.ToString(), CommandType.Text).ExecuteNonQuery();
break;
}
}
