private static void CheckRight(DummyFileInfoWrapper fileInfo, string action)
{
bool isActionAllowed = false;
int userId = Security.CurrentUser.UserID;
if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
{
// Extract forumNodeId
int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Find incidentId by ForumNodeId
string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
int incidentId = int.Parse(forumContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Incident.CanRead(incidentId);
break;
case "Write":
isActionAllowed = Incident.CanUpdate(incidentId);
break;
}
}
else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
{
// Extract documentVersionId
int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Document.CanRead(documentId);
break;
case "Write":
isActionAllowed = Document.CanAddVersion(documentId);
break;
}
}
else
{
isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId, action);
//retVal = FileStorage.CanUserRead(Security.CurrentUser.UserID, fileInfo.ContainerKey, fileInfo.ParrentDirectoryId);
}
if (!isActionAllowed)
{
throw new HttpException(403, "Operation '" + action + "' is forbidden.");
}
}
private string GetLink()
{
int task_id = -1;
int doc_id = -1;
int issue_id = -1;
int ProjectId = -1;
using (IDataReader reader = Mediachase.IBN.Business.ToDo.GetToDo(ToDoID, false))
{
if (reader.Read())
{
if (reader["ProjectId"] != DBNull.Value)
{
ProjectId = (int)reader["ProjectId"];
}
if (reader["TaskId"] != DBNull.Value)
{
task_id = (int)reader["TaskId"];
}
if (reader["DocumentId"] != DBNull.Value)
{
doc_id = (int)reader["DocumentId"];
}
if (reader["IncidentId"] != DBNull.Value)
{
issue_id = (int)reader["IncidentId"];
}
}
}
string link = "";
if (task_id > 0 && Task.CanRead(task_id))
{
link = String.Format("../Tasks/TaskView.aspx?TaskId={0}", task_id);
}
else if (doc_id > 0 && Document.CanRead(doc_id))
{
link = String.Format("../Documents/DocumentView.aspx?DocumentId={0}", doc_id);
}
else if (issue_id > 0 && Incident.CanRead(issue_id))
{
link = String.Format("../Incidents/IncidentView.aspx?IncidentId={0}", issue_id);
}
else if (ProjectId > 0 && Project.CanRead(ProjectId))
{
link = String.Format("../Projects/ProjectView.aspx?ProjectId={0}", ProjectId);
}
else
{
link = "../Workspace/default.aspx?Btab=Workspace";
}
return(link);
}
private static bool CheckFileStorageRight(FileInfo fileInfo, string action, int userId)
{
bool isActionAllowed = false;
if (fileInfo.ContainerKey.StartsWith("ForumNodeId_"))
{
// Extract forumNodeId
int forumNodeId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Find incidentId by ForumNodeId
string forumContainerKey = ForumThreadNodeInfo.GetOwnerContainerKey(forumNodeId);
int incidentId = int.Parse(forumContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Incident.CanRead(incidentId);
break;
case "Write":
isActionAllowed = Incident.CanUpdate(incidentId);
break;
}
}
else if (fileInfo.ContainerKey.StartsWith("DocumentVers_"))
{
// Extract documentVersionId
int documentId = int.Parse(fileInfo.ContainerKey.Split('_')[1]);
// Check Security
switch (action)
{
case "Read":
isActionAllowed = Document.CanRead(documentId);
break;
case "Write":
isActionAllowed = Document.CanAddVersion(documentId);
break;
}
}
else
{
isActionAllowed = FileStorage.CanUserRunAction(userId, fileInfo.ContainerKey, fileInfo.ParentDirectoryId, action);
}
return(isActionAllowed);
}
private void BindValues()
{
using (IDataReader rdr = ToDo.GetToDo(ToDoID))
{
/// ToDoId, ProjectId, ProjectTitle, IncidentId, IncidentTitle, StatusId,
/// DocumentId, DocumentTitle, CompleteDocument, CreatorId, ManagerId, CompletedBy,
/// Title, Description, CreationDate, StartDate, FinishDate,
/// ActualFinishDate, PriorityId, PriorityName, PercentCompleted, IsActual,
/// CompletionTypeId, IsCompleted, CompletionTypeName, MustBeConfirmed,
/// ReasonId, TaskId, CompleteTask, TaskTitle, ProjectCode
if (rdr.Read())
{
lblTitle.Text = "";
string timeline = "";
if (rdr["StartDate"] != DBNull.Value)
{
timeline += ((DateTime)rdr["StartDate"]).ToShortDateString() + " " + ((DateTime)rdr["StartDate"]).ToShortTimeString();
}
else
{
timeline += LocRM.GetString("NotSet");
}
timeline += " - ";
if (rdr["FinishDate"] != DBNull.Value)
{
timeline += ((DateTime)rdr["FinishDate"]).ToShortDateString() + " " + ((DateTime)rdr["FinishDate"]).ToShortTimeString();
}
else
{
timeline += LocRM.GetString("NotSet");
}
lblTimeline.Text = timeline;
if (Configuration.ProjectManagementEnabled && rdr["ProjectId"] != DBNull.Value)
{
string projectPostfix = CHelper.GetProjectNumPostfix((int)rdr["ProjectId"], (string)rdr["ProjectCode"]);
if (Project.CanRead((int)rdr["ProjectId"]) && !Security.CurrentUser.IsExternal)
{
lblTitle.Text = String.Format(CultureInfo.InvariantCulture,
"<a href='../Projects/ProjectView.aspx?ProjectId={0}' title='{1}'>{2}{3}</a> \\ ",
rdr["ProjectId"].ToString(),
LocRM.GetString("Project"),
rdr["ProjectTitle"].ToString(),
projectPostfix);
}
else
{
lblTitle.Text = String.Format(CultureInfo.InvariantCulture,
"<span title='{0}'>{1}{2}<span> \\ ",
LocRM.GetString("Project"),
rdr["ProjectTitle"].ToString(),
projectPostfix);
}
}
if (rdr["IncidentId"] != DBNull.Value)
{
if (Incident.CanRead((int)rdr["IncidentId"]) && !Security.CurrentUser.IsExternal)
{
lblTitle.Text += String.Format("<a href='../Incidents/IncidentView.aspx?IncidentId={0}' title='{2}'>{1} (#{0})</a> \\ ", rdr["IncidentId"].ToString(), rdr["IncidentTitle"].ToString(), LocRM.GetString("Issue"));
}
else
{
lblTitle.Text += String.Format("<span title='{1}'>{0} (#{2})<span> \\ ", rdr["IncidentTitle"].ToString(), LocRM.GetString("Issue"), rdr["IncidentId"].ToString());
}
}
else if (rdr["TaskId"] != DBNull.Value)
{
if (Task.CanRead((int)rdr["TaskId"]) && !Security.CurrentUser.IsExternal)
{
lblTitle.Text += String.Format("<a href='../Tasks/TaskView.aspx?TaskId={0}' title='{2}'>{1} (#{0})</a> \\ ", rdr["TaskId"].ToString(), rdr["TaskTitle"].ToString(), LocRM.GetString("Task"));
}
else
{
lblTitle.Text += String.Format("<span title='{1}'>{0} (#{2})</span> \\ ", rdr["TaskTitle"].ToString(), LocRM.GetString("Task"), rdr["TaskId"].ToString());
}
}
else if (rdr["DocumentId"] != DBNull.Value)
{
if (Document.CanRead((int)rdr["DocumentId"]) && !Security.CurrentUser.IsExternal)
{
lblTitle.Text += String.Format("<a href='../Documents/DocumentView.aspx?DocumentId={0}' title='{2}'>{1}</a> \\ ", rdr["DocumentId"].ToString(), rdr["DocumentTitle"].ToString(), LocRM.GetString("Document"));
}
else
{
lblTitle.Text += String.Format("<span title='{1}'>{0}</span> \\ ", rdr["DocumentTitle"].ToString(), LocRM.GetString("Document"));
}
}
lblTitle.Text += String.Format("{0} (#{1})", rdr["Title"].ToString(), ToDoID);
lblState.ForeColor = Util.CommonHelper.GetStateColor((int)rdr["StateId"]);
lblState.Text = rdr["StateName"].ToString();
if ((int)rdr["StateId"] == (int)ObjectStates.Active || (int)rdr["StateId"] == (int)ObjectStates.Overdue)
{
lblState.Text += String.Format(" ({0} %)", rdr["PercentCompleted"].ToString());
}
lblPriority.Text = rdr["PriorityName"].ToString() + " " + LocRM.GetString("Priority").ToLower();
lblPriority.ForeColor = Util.CommonHelper.GetPriorityColor((int)rdr["PriorityId"]);
lblPriority.Visible = PortalConfig.CommonToDoAllowViewPriorityField;
if (rdr["Description"] != DBNull.Value)
{
string txt = CommonHelper.parsetext(rdr["Description"].ToString(), false);
if (PortalConfig.ShortInfoDescriptionLength > 0 && txt.Length > PortalConfig.ShortInfoDescriptionLength)
{
txt = txt.Substring(0, PortalConfig.ShortInfoDescriptionLength) + "...";
}
lblDescription.Text = txt;
}
}
}
}
private static bool CheckRights(SystemEventTypes eventType, ObjectTypes objectType, ObjectTypes relObjectType, int?objectId, int?relObjectId, Guid?objectUid, int userId)
{
// если нужна дополнительная проверка в зависимости от типа события, то её нужно делать здесь
bool retval = false;
if (relObjectType == ObjectTypes.File_FileStorage && relObjectId != null)
{
FileInfo fileInfo = null;
//Получаем оригинальный файл
using (IDataReader reader = Mediachase.IBN.Database.ControlSystem.DBFile.GetById(0, relObjectId.Value))
{
if (reader.Read())
{
fileInfo = new Mediachase.IBN.Business.ControlSystem.FileInfo(reader);
}
}
if (fileInfo != null)
{
return(CheckFileStorageRight(fileInfo, "Read", userId));
}
}
switch (objectType)
{
case ObjectTypes.ToDo:
retval = ToDo.CanRead(objectId.Value, userId);
break;
case ObjectTypes.CalendarEntry:
retval = CalendarEntry.CanRead(objectId.Value, userId);
break;
case ObjectTypes.Document:
retval = Document.CanRead(objectId.Value, userId);
break;
case ObjectTypes.Issue:
retval = Incident.CanRead(objectId.Value, userId);
break;
case ObjectTypes.List:
retval = ListInfoBus.CanRead(objectId.Value, userId);
break;
case ObjectTypes.Project:
retval = Project.CanRead(objectId.Value, userId);
break;
case ObjectTypes.Task:
retval = Task.CanRead(objectId.Value, userId);
break;
case ObjectTypes.IssueRequest:
retval = IssueRequest.CanUse(userId);
break;
case ObjectTypes.User:
retval = Security.IsUserInGroup(userId, InternalSecureGroups.Administrator);
break;
case ObjectTypes.Assignment:
AssignmentEntity entity = (AssignmentEntity)BusinessManager.Load(AssignmentEntity.ClassName, (PrimaryKeyId)objectUid);
if (entity != null && entity.OwnerDocumentId.HasValue)
{
retval = Document.CanRead(entity.OwnerDocumentId.Value, userId);
}
break;
default:
// Для остальных временно разрешаем любой доступ
retval = true;
break;
}
return(retval);
}
