protected void get_confidentiality_level_users(Guid?confidentialityId,
string searchText, int?count, long?lowerBoundary, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
return;
}
long totalCount = 0;
List <User> users = !confidentialityId.HasValue ? new List <User>() :
UsersController.get_users(paramsContainer.Tenant.Id,
PrivacyController.get_confidentiality_level_user_ids(paramsContainer.Tenant.Id,
confidentialityId.Value, searchText, count, lowerBoundary, ref totalCount));
responseText = "{\"TotalCount\":" + totalCount.ToString() +
",\"Users\":[" + ProviderUtil.list_to_string <string>(users.Select(
u => "{\"UserID\":\"" + u.UserID.ToString() + "\"" +
",\"UserName\":\"" + Base64.encode(u.UserName) + "\"" +
",\"FirstName\":\"" + Base64.encode(u.FirstName) + "\"" +
",\"LastName\":\"" + Base64.encode(u.LastName) + "\"" +
",\"ProfileImageURL\":\"" + DocumentUtilities.get_personal_image_address(
paramsContainer.Tenant.Id, u.UserID.Value) + "\"" +
"}"
).ToList()) + "]" +
"}";
}
protected void unset_confidentiality_level(Guid?objectId, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
bool isNode = objectId.HasValue && CNController.is_node(paramsContainer.Tenant.Id, objectId.Value);
bool isUser = !isNode;
bool accessDenied = false;
if (isUser)
{
accessDenied = !objectId.HasValue ||
!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID);
}
else
{
accessDenied = !objectId.HasValue || (
!PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value) &&
!CNController.is_service_admin(paramsContainer.Tenant.Id,
objectId.Value, paramsContainer.CurrentUserID.Value) &&
!CNController.is_node_admin(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID.Value, objectId.Value, null, null, null));
}
if (accessDenied)
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
if (objectId.HasValue)
{
_save_error_log(Modules.Log.Action.UnsetConfidentialityLevel_PermissionFailed, objectId);
}
return;
}
bool succeed = objectId.HasValue && PrivacyController.unset_confidentiality_level(paramsContainer.Tenant.Id,
objectId.Value, paramsContainer.CurrentUserID.Value);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.UnsetConfidentialityLevel,
SubjectID = objectId,
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void get_confidentiality_level(Guid?objectId, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
Privacy p = !objectId.HasValue ? new Privacy() :
PrivacyController.get_settings(paramsContainer.Tenant.Id, objectId.Value);
responseText = p.Confidentiality.toJson();
}
protected void get_confidentiality_levels(ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
List <ConfidentialityLevel> levels = PrivacyController.get_confidentiality_levels(paramsContainer.Tenant.Id)
.OrderBy(u => u.LevelID).ToList();
responseText = "{\"Levels\":[" + string.Join(",", levels.Select(u => u.toJson())) + "]}";
}
protected void get_audience(List <Guid> objectIds, PrivacyObjectType objectType, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
bool accessDenied = objectIds.Count == 0 || !check_object_type(objectIds, objectType);
Dictionary <Guid, List <Audience> > audience = accessDenied ? new Dictionary <Guid, List <Audience> >() :
PrivacyController.get_audience(paramsContainer.Tenant.Id, objectIds);
Dictionary <Guid, List <DefaultPermission> > defaultPermissions = accessDenied ? new Dictionary <Guid, List <DefaultPermission> >() :
PrivacyController.get_default_permissions(paramsContainer.Tenant.Id, objectIds);
List <Privacy> settings = accessDenied ? new List <Privacy>() :
PrivacyController.get_settings(paramsContainer.Tenant.Id, objectIds);
objectIds.ForEach(u => {
if (!settings.Any(x => x.ObjectID == u))
{
settings.Add(new Privacy()
{
ObjectID = u
});
}
});
settings.ForEach(s => {
if (audience.ContainsKey(s.ObjectID.Value))
{
s.Audience = audience[s.ObjectID.Value];
}
if (defaultPermissions.ContainsKey(s.ObjectID.Value))
{
s.DefaultPermissions = defaultPermissions[s.ObjectID.Value];
}
});
List <ConfidentialityLevel> levels = PrivacyController.get_confidentiality_levels(paramsContainer.Tenant.Id);
responseText = "{\"ConfidentialityLevels\":[" + string.Join(",", levels.Select(x => x.toJson())) + "]" +
",\"Items\":{" + string.Join(",", settings.Where(x => x.ObjectID.HasValue)
.Select(u => "\"" + u.ObjectID.ToString() + "\":" + u.toJson())) + "}" +
(!accessDenied ? string.Empty : ",\"ErrorText\":\"" + Messages.AccessDenied + "\"") +
"}";
}
protected void add_confidentiality_level(int?levelId, string title, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
_save_error_log(Modules.Log.Action.AddConfidentialityLevel_PermissionFailed, Guid.Empty);
return;
}
Guid id = Guid.NewGuid();
string errorMessage = string.Empty;
bool succeed = !levelId.HasValue ? false :
PrivacyController.add_confidentiality_level(paramsContainer.Tenant.Id, id, levelId.Value, title,
paramsContainer.CurrentUserID.Value, ref errorMessage);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"" +
",\"Level\":" + (new ConfidentialityLevel()
{
ID = id, LevelID = levelId, Title = title
}).toJson() + "}" :
"{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.AddConfidentialityLevel,
SubjectID = id,
Info = "{\"LevelID\":" + levelId.ToString() + ",\"Title\":\"" + Base64.encode(title) + "\"}",
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void set_audience(List <Privacy> items, PrivacyObjectType objectType, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (items.Count != 0 &&
!check_object_type(items.Where(x => x.ObjectID.HasValue).Select(u => u.ObjectID.Value).ToList(), objectType))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
if (items.Count == 1 && items[0].ObjectID.HasValue)
{
_save_error_log(Modules.Log.Action.SetPrivacyAudience_PermissionFailed, items[0].ObjectID);
}
return;
}
bool result = paramsContainer.CurrentUserID.HasValue &&
PrivacyController.set_audience(paramsContainer.Tenant.Id, items, paramsContainer.CurrentUserID.Value);
responseText = result ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
//Save Log
if (result && items.Count == 1)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.SetPrivacyAudience,
SubjectID = items[0].ObjectID,
Info = items[0].toJson(),
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected void remove_confidentiality_level(Guid?confidentialityId, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID))
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
_save_error_log(Modules.Log.Action.RemoveConfidentialityLevel_PermissionFailed, confidentialityId);
return;
}
string errorMessage = string.Empty;
bool succeed = !confidentialityId.HasValue ? false :
PrivacyController.remove_confidentiality_level(paramsContainer.Tenant.Id,
confidentialityId.Value, paramsContainer.CurrentUserID.Value);
responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" :
"{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}";
//Save Log
if (succeed)
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID.Value,
Date = DateTime.Now,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.RemoveConfidentialityLevel,
SubjectID = confidentialityId,
ModuleIdentifier = ModuleIdentifier.PRVC
});
}
//end of Save Log
}
protected bool check_object_type(List <Guid> objectIds, PrivacyObjectType objectType)
{
switch (objectType)
{
case PrivacyObjectType.None:
case PrivacyObjectType.Node:
case PrivacyObjectType.NodeType:
{
if (objectIds.Count != 1)
{
return(false);
}
bool isNodeType = objectType != PrivacyObjectType.Node &&
CNController.is_node_type(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count;
bool isNode = !isNodeType && objectType != PrivacyObjectType.NodeType &&
CNController.is_node(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count;
if (!isNodeType && !isNode)
{
return(false);
}
bool accessPermission =
AuthorizationManager.has_right(AccessRoleName.ManageOntology, paramsContainer.CurrentUserID);
if (!accessPermission)
{
accessPermission = CNController.is_service_admin(paramsContainer.Tenant.Id,
objectIds[0], paramsContainer.CurrentUserID.Value);
}
if (!accessPermission && isNode)
{
accessPermission = CNController.is_node_admin(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID.Value, objectIds[0], null, null, null) ||
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
objectIds[0], PrivacyObjectType.Node, PermissionType.Modify);
}
return(accessPermission);
}
case PrivacyObjectType.FAQCategory:
return(QAController.is_faq_category(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
(AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID) ||
QAController.is_workflow_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value, null)));
case PrivacyObjectType.QAWorkFlow:
return(QAController.is_workflow(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID));
case PrivacyObjectType.Poll:
return(FGController.is_poll(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManagePolls, paramsContainer.CurrentUserID));
case PrivacyObjectType.Report:
return(!objectIds.Any(u => !ReportUtilities.ReportIDs.Any(x => x.Value == u)) &&
PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value));
case PrivacyObjectType.FormElement:
return(FGController.is_form_element(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count &&
AuthorizationManager.has_right(AccessRoleName.ManageForms, paramsContainer.CurrentUserID));
}
return(false);
}
protected void check_access(List <Guid> objectIds, PrivacyObjectType objectType,
List <PermissionType> permissions, ref string responseText)
{
//Privacy Check: OK
if (!paramsContainer.GBView)
{
return;
}
if (permissions.Count > 0)
{
permissions = permissions.Where(p => p != PermissionType.None).ToList();
}
Dictionary <Guid, List <PermissionType> > results = objectType == PrivacyObjectType.None ?
new Dictionary <Guid, List <PermissionType> >() : (permissions.Count == 0 ?
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, objectIds, objectType) :
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, objectIds, objectType, permissions));
responseText = "{" + string.Join(",", results.Keys.Select(
k => "\"" + k + "\":[" + string.Join(",", results[k].Select(p => "\"" + p.ToString() + "\"")) + "]")) + "}";
}
public void ProcessRequest(HttpContext context)
{
//Privacy Check: OK
paramsContainer = new ParamsContainer(context, nullTenantResponse: true);
if (!paramsContainer.ApplicationID.HasValue)
{
return;
}
string responseText = string.Empty;
string command = PublicMethods.parse_string(context.Request.Params["Command"], false);
if (string.IsNullOrEmpty(command))
{
return;
}
Guid currentUserId = paramsContainer.CurrentUserID.HasValue ? paramsContainer.CurrentUserID.Value : Guid.Empty;
Guid fileId = string.IsNullOrEmpty(context.Request.Params["FileID"]) ? Guid.Empty : Guid.Parse(context.Request.Params["FileID"]);
DocFileInfo file = DocumentsController.get_file(paramsContainer.Tenant.Id, fileId);
if (file == null)
{
paramsContainer.return_response(PublicConsts.BadRequestResponse);
return;
}
bool isTemporary =
PublicMethods.parse_string(HttpContext.Current.Request.Params["Category"], false).ToLower() == "temporary";
bool hasAccess = isTemporary || PublicMethods.is_system_admin(paramsContainer.Tenant.Id, currentUserId);
PrivacyObjectType pot = file.OwnerType == FileOwnerTypes.Node ? PrivacyObjectType.Node : PrivacyObjectType.None;
hasAccess = hasAccess || PrivacyController.check_access(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID, file.OwnerID.Value, pot, PermissionType.View);
if (!hasAccess && currentUserId != Guid.Empty &&
CNController.is_node(paramsContainer.Tenant.Id, file.OwnerID.Value))
{
bool isCreator = false, isContributor = false, isExpert = false, isMember = false, isAdminMember = false,
isServiceAdmin = false, isAreaAdmin = false, perCreatorLevel = false;
CNController.get_user2node_status(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value,
file.OwnerID.Value, ref isCreator, ref isContributor, ref isExpert, ref isMember, ref isAdminMember,
ref isServiceAdmin, ref isAreaAdmin, ref perCreatorLevel);
hasAccess = isServiceAdmin || isAreaAdmin || isCreator || isContributor || isExpert || isMember;
}
if (!hasAccess)
{
paramsContainer.return_response("{\"ErrorText\":\"" + Messages.AccessDenied.ToString() + "\"}");
}
if (isTemporary)
{
file.FolderName = FolderNames.TemporaryFiles;
}
else
{
file.refresh_folder_name();
}
if (!file.exists(paramsContainer.Tenant.Id))
{
_return_response(ref responseText);
}
DocFileInfo destFile = new DocFileInfo()
{
FileID = file.FileID, FolderName = FolderNames.PDFImages
};
switch (command)
{
case "Convert2Image":
convert2image(file,
PublicMethods.parse_string(context.Request.Params["PS"]),
destFile,
PublicMethods.parse_bool(context.Request.Params["Repair"]), ref responseText);
_return_response(ref responseText);
return;
case "GetPagesCount":
get_pages_count(file,
PublicMethods.parse_string(context.Request.Params["PS"]),
destFile, ref responseText);
_return_response(ref responseText);
return;
case "GetPage":
get_page(PublicMethods.parse_int(context.Request.Params["Page"], 1), destFile);
return;
}
paramsContainer.return_response(PublicConsts.BadRequestResponse);
}
private static List <SearchDoc> process_search_results(Guid applicationId, List <SearchDoc> listDocs,
Guid?currentUserId, ref List <SearchDoc> toBeRemoved, int count)
{
List <DocFileInfo> files = new List <DocFileInfo>();
Dictionary <SearchDocType, List <Guid> > existingObjs = get_existing_ids(applicationId, listDocs, ref files);
listDocs.Where(doc => files.Any(u => u.FileID == doc.ID)).ToList().ForEach(doc =>
{
doc.FileInfo = files.Where(u => u.FileID == doc.ID).FirstOrDefault();
});
List <Guid> existingIds = new List <Guid>();
//Remove not existing docs
foreach (SearchDoc sd in listDocs)
{
if (!existingObjs.Any(x => x.Value.Any(z => z == sd.ID)))
{
toBeRemoved.Add(sd);
}
}
//end of Remove not existing docs
List <Guid> granted = new List <Guid>();
//Check access to nodes
List <Guid> nodeIdsToCheckAccess = new List <Guid>();
List <Guid> idsToCheckAccess = new List <Guid>();
if (existingObjs.ContainsKey(SearchDocType.Node))
{
nodeIdsToCheckAccess.AddRange(existingObjs[SearchDocType.Node]);
}
if (existingObjs.ContainsKey(SearchDocType.File))
{
existingObjs[SearchDocType.File].ForEach(f =>
{
SearchDoc fl = listDocs.Where(x => x.ID == f && x.FileInfo != null &&
x.FileInfo.OwnerNodeID.HasValue).FirstOrDefault();
if (fl == null)
{
return;
}
if (!nodeIdsToCheckAccess.Any(a => a == fl.FileInfo.OwnerNodeID))
{
nodeIdsToCheckAccess.Add(fl.FileInfo.OwnerNodeID.Value);
}
if (fl.FileInfo.OwnerID.HasValue && fl.FileInfo.OwnerID != fl.FileInfo.OwnerNodeID)
{
if (!idsToCheckAccess.Any(a => a == fl.FileInfo.OwnerID))
{
idsToCheckAccess.Add(fl.FileInfo.OwnerID.Value);
}
}
if (fl.FileInfo.OwnerID.HasValue && fl.FileInfo.OwnerID != fl.FileInfo.OwnerNodeID &&
!idsToCheckAccess.Any(a => a == fl.FileInfo.OwnerID))
{
idsToCheckAccess.Add(fl.FileInfo.OwnerID.Value);
}
});
}
List <PermissionType> pts = new List <PermissionType>();
pts.Add(PermissionType.View);
pts.Add(PermissionType.ViewAbstract);
pts.Add(PermissionType.Download);
Dictionary <Guid, List <PermissionType> > ps = PrivacyController.check_access(applicationId,
currentUserId, nodeIdsToCheckAccess, PrivacyObjectType.Node, pts);
granted.AddRange(ps.Keys.Where(
k => ps[k].Any(p => p == PermissionType.ViewAbstract || p == PermissionType.View)));
List <Guid> grantedFileOwners = PrivacyController.check_access(applicationId,
currentUserId, idsToCheckAccess, PrivacyObjectType.None, PermissionType.View);
listDocs.Where(d => d.SearchDocType == SearchDocType.File && d.FileInfo != null &&
d.FileInfo.OwnerNodeID.HasValue).ToList().ForEach(doc =>
{
Guid ndId = doc.FileInfo.OwnerNodeID.Value;
bool isGranted = ps.ContainsKey(ndId) && ps[ndId].Any(u => u == PermissionType.View) &&
ps[ndId].Any(u => u == PermissionType.Download);
if (isGranted && doc.FileInfo.OwnerID.HasValue && doc.FileInfo.OwnerID != ndId &&
!grantedFileOwners.Any(o => o == doc.FileInfo.OwnerID))
{
isGranted = false;
}
doc.AccessIsDenied = !isGranted;
});
//end of Check access to nodes
//Check access to other objects
List <Guid> ids = new List <Guid>();
existingObjs.Keys.Where(x => x != SearchDocType.Node).ToList()
.ForEach(u => ids.AddRange(existingObjs[u]));
granted.AddRange(PrivacyController.check_access(applicationId,
currentUserId, ids, PrivacyObjectType.None, PermissionType.View));
//end of Check access to other objects
//Check permissions
bool forceCheckPermission = RaaiVanSettings.IndexUpdate.CheckPermissions(applicationId);
existingObjs.Keys.ToList().ForEach(k =>
{
existingObjs[k].ForEach(id =>
{
SearchDoc doc = listDocs.Where(d => d.ID == id).FirstOrDefault();
if (doc == null)
{
return;
}
bool isGranted = doc.AccessIsDenied.HasValue && doc.AccessIsDenied.Value ?
false : granted.Any(x => x == id);
if (!isGranted)
{
doc.AccessIsDenied = true;
}
if (isGranted || !forceCheckPermission)
{
existingIds.Add(id);
}
});
});
//end of Check permissions
return(listDocs.Where(doc => existingIds.Any(x => x == doc.ID))
.Take(Math.Min(count, listDocs.Count)).ToList());
}
public void ProcessRequest(HttpContext context)
{
//Privacy Check: OK
paramsContainer = new ParamsContainer(context, nullTenantResponse: false);
Guid fileId = string.IsNullOrEmpty(context.Request.Params["FileID"]) ?
Guid.Empty : Guid.Parse(context.Request.Params["FileID"]);
if (fileId == Guid.Empty && !Guid.TryParse(context.Request.Params["ATTFID"], out fileId))
{
fileId = Guid.Empty;
}
string category = PublicMethods.parse_string(context.Request.Params["Category"], false);
bool isTemporary = category.ToLower() == FolderNames.TemporaryFiles.ToString().ToLower();
bool? addFooter = PublicMethods.parse_bool(context.Request.Params["Meta"]);
Guid? coverId = PublicMethods.parse_guid(context.Request.Params["CoverID"]);
string pdfPassword = PublicMethods.parse_string(context.Request.Params["PS"]);
List <FolderNames> freeFolders = new[] {
FolderNames.ProfileImages,
FolderNames.HighQualityProfileImage,
FolderNames.CoverPhoto,
FolderNames.HighQualityCoverPhoto,
FolderNames.Icons,
FolderNames.HighQualityIcon,
FolderNames.ApplicationIcons,
FolderNames.HighQualityApplicationIcon,
FolderNames.Pictures
}.ToList();
bool isFreeFolder = !string.IsNullOrEmpty(category) && freeFolders.Any(f => f.ToString().ToLower() == category.ToLower());
if (isFreeFolder)
{
FolderNames fn = freeFolders.Where(u => u.ToString().ToLower() == category.ToLower()).FirstOrDefault();
DocFileInfo pic =
new DocFileInfo()
{
FileID = fileId, Extension = "jpg", FileName = fileId.ToString(), FolderName = fn
};
send_file(pic, false);
}
if (!paramsContainer.ApplicationID.HasValue)
{
paramsContainer.return_response(PublicConsts.NullTenantResponse);
return;
}
if (isTemporary)
{
string ext = PublicMethods.parse_string(context.Request.Params["Extension"]);
DocFileInfo temp = new DocFileInfo()
{
FileID = fileId,
Extension = ext,
FileName = fileId.ToString(),
FolderName = FolderNames.TemporaryFiles
};
send_file(temp, false);
}
else
{
DocFileInfo AttachFile = DocumentsController.get_file(paramsContainer.Tenant.Id, fileId);
if (AttachFile == null)
{
paramsContainer.return_response("{\"ErrorText\":\"" + Messages.AccessDenied + "\"}");
return;
}
PrivacyObjectType pot = AttachFile.OwnerType == FileOwnerTypes.Node ?
PrivacyObjectType.Node : PrivacyObjectType.None;
DocFileInfo ownerNode = !AttachFile.FileID.HasValue ? null :
DocumentsController.get_file_owner_node(paramsContainer.Tenant.Id, AttachFile.FileID.Value);
if (ownerNode != null)
{
AttachFile.OwnerNodeID = ownerNode.OwnerNodeID;
AttachFile.OwnerNodeName = ownerNode.OwnerNodeName;
AttachFile.OwnerNodeType = ownerNode.OwnerNodeType;
}
bool accessDenied =
!PrivacyController.check_access(paramsContainer.Tenant.Id,
paramsContainer.CurrentUserID, AttachFile.OwnerID.Value, pot, PermissionType.View) &&
!(
paramsContainer.CurrentUserID.HasValue &&
new CNAPI()
{
paramsContainer = this.paramsContainer
}
._is_admin(paramsContainer.Tenant.Id, AttachFile.OwnerID.Value,
paramsContainer.CurrentUserID.Value, CNAPI.AdminLevel.Creator, false)
);
if (accessDenied)
{
//Save Log
try
{
LogController.save_log(paramsContainer.Tenant.Id, new Log()
{
UserID = paramsContainer.CurrentUserID,
HostAddress = PublicMethods.get_client_ip(HttpContext.Current),
HostName = PublicMethods.get_client_host_name(HttpContext.Current),
Action = Modules.Log.Action.Download_AccessDenied,
SubjectID = fileId,
Info = "{\"Error\":\"" + Base64.encode(Messages.AccessDenied.ToString()) + "\"}",
ModuleIdentifier = ModuleIdentifier.DCT
});
}
catch { }
//end of Save Log
paramsContainer.return_response("{\"ErrorText\":\"" + Messages.AccessDenied + "\"}");
return;
}
AttachFile.refresh_folder_name();
string ext = AttachFile == null || string.IsNullOrEmpty(AttachFile.Extension) ? string.Empty :
AttachFile.Extension.ToLower();
bool isImage = ext == "jpg" || ext == "jpeg" || ext == "png" || ext == "gif" || ext == "bmp";
if (string.IsNullOrEmpty(AttachFile.Extension) || AttachFile.Extension.ToLower() != "pdf")
{
coverId = null;
}
bool dl = !isImage || PublicMethods.parse_bool(context.Request.Params["dl"], defaultValue: true) == true;
string contentType = !dl && isImage?PublicMethods.get_mime_type_by_extension(ext) : null;
send_file(AttachFile, !isImage, addPDFCover: true,
addPDFFooter: addFooter.HasValue && addFooter.Value,
coverId: coverId,
pdfPassword: pdfPassword,
contentType: contentType,
isAttachment: dl);
}
}
protected void get_report(ModuleIdentifier moduleIdentifier, string reportName, bool excel, bool rtl,
bool isPersian, ref Dictionary <string, string> dic, int pageNumber, int pageSize, ref string responseText,
List <ReportParameter> parameters, string password)
{
//Privacy Check: OK
if (!paramsContainer.GBEdit)
{
return;
}
bool isSystemAdmin =
PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value);
Guid?reportId = ReportUtilities.get_report_id(moduleIdentifier, reportName);
bool hasAccess = reportId.HasValue && (isSystemAdmin ||
AuthorizationManager.has_right(AccessRoleName.Reports, paramsContainer.CurrentUserID));
hasAccess = hasAccess && (isSystemAdmin ||
PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
reportId.Value, PrivacyObjectType.Report, PermissionType.View));
if (!hasAccess)
{
responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}";
return;
}
DataTable tbl = new DataTable();
string actions = string.Empty;
Dictionary <string, string> columnsDic = new Dictionary <string, string>();
ReportsController.get_report(paramsContainer.Tenant.Id,
moduleIdentifier, reportName, ref tbl, ref actions, ref columnsDic, parameters);
int firstRow = excel ? 0 : (pageSize * (pageNumber - 1));
int lastRow = (excel ? tbl.Rows.Count : Math.Min(firstRow + pageSize, tbl.Rows.Count)) - 1;
for (int c = 0; c < tbl.Columns.Count; ++c)
{
if (tbl.Columns[c].DataType != typeof(string) || tbl.Columns[c].ColumnName.IndexOf("_HTML") < 0)
{
continue;
}
tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_HTML", string.Empty);
for (int r = firstRow; r <= lastRow; ++r)
{
if (tbl.Rows[r][c] != DBNull.Value && !string.IsNullOrEmpty((string)tbl.Rows[r][c]))
{
//tbl.Rows[r][c] = PublicMethods.markup2plaintext(
//Expressions.replace((string)tbl.Rows[r][c], Expressions.Patterns.HTMLTag, " ")).Trim();
string str = (string)tbl.Rows[r][c];
str = Expressions.replace(str, Expressions.Patterns.HTMLTag, " ");
str = PublicMethods.markup2plaintext(paramsContainer.Tenant.Id, str).Trim();
tbl.Rows[r][c] = str;
}
}
}
if (excel)
{
try
{
Dictionary <string, bool> usedColNames = new Dictionary <string, bool>();
foreach (string n in dic.Values)
{
usedColNames[n] = true;
}
for (int c = 0; c < tbl.Columns.Count; ++c)
{
if (columnsDic.ContainsKey(tbl.Columns[c].ColumnName))
{
string colName = columnsDic[tbl.Columns[c].ColumnName];
int num = 1;
while (true)
{
string tmpName = colName + (num <= 1 ? string.Empty : " (" + num.ToString() + ")");
if (!usedColNames.ContainsKey(tmpName))
{
usedColNames[tmpName] = true;
colName = tmpName;
break;
}
else
{
++num;
}
}
tbl.Columns[c].ColumnName = colName;
}
bool isString = tbl.Columns[c].DataType == typeof(string);
bool isDic = tbl.Columns[c].ColumnName.IndexOf("_Dic") >= 0;
if (isString && isDic)
{
Dictionary <string, string> colDic = _get_dictionary(tbl.Columns[c].ColumnName);
for (int r = 0; r < tbl.Rows.Count; ++r)
{
bool isNull = tbl.Rows[r].ItemArray[c] == DBNull.Value || tbl.Rows[r].ItemArray[c] == null;
if (!isNull && colDic.ContainsKey((string)tbl.Rows[r].ItemArray[c]))
{
tbl.Rows[r][c] = colDic[(string)tbl.Rows[r].ItemArray[c]];
}
}
}
if (isDic)
{
tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_Dic", string.Empty);
}
}
//meta data for exported file
Privacy p = !reportId.HasValue ? null :
PrivacyController.get_settings(paramsContainer.Tenant.Id, reportId.Value);
string confidentiality = p == null ? null : p.Confidentiality.Title;
User currentUser = !paramsContainer.CurrentUserID.HasValue ? null :
UsersController.get_user(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value);
if (currentUser == null)
{
currentUser = new User();
}
DownloadedFileMeta meta = new DownloadedFileMeta(PublicMethods.get_client_ip(HttpContext.Current),
currentUser.UserName, currentUser.FirstName, currentUser.LastName, confidentiality);
//end of meta data for exported file
string reportFileName = "Reports_" + PublicMethods.get_random_number().ToString();
ExcelUtilities.ExportToExcel(reportFileName, tbl, rtl, dic, password, meta);
}
catch (Exception ex)
{
responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}";
LogController.save_error_log(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID,
"ExportReportToExcel", ex, ModuleIdentifier.RPT, LogLevel.Fatal);
}
return;
}
Dictionary <string, bool> isFloatDic = new Dictionary <string, bool>();
responseText = "{\"Columns\":[";
for (int i = 0, lnt = tbl.Columns.Count; i < lnt; ++i)
{
object obj = null;
for (int j = firstRow; j <= lastRow; ++j)
{
if (tbl.Rows[j][i] != DBNull.Value && tbl.Rows[j][i] != null && !string.IsNullOrEmpty(tbl.Rows[j][i].ToString()))
{
obj = tbl.Rows[j][i];
break;
}
}
bool isNumber = false;
bool isFloat = false;
if (obj != null)
{
var objType = obj.GetType();
isNumber = objType == typeof(int) || objType == typeof(long) ||
objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal);
isFloat = objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal);
}
isFloatDic.Add(tbl.Columns[i].ColumnName, isFloat);
string colTitle = columnsDic.ContainsKey(tbl.Columns[i].ColumnName) ?
columnsDic[tbl.Columns[i].ColumnName] : tbl.Columns[i].ColumnName;
responseText += (i == 0 ? string.Empty : ",") + "{\"ID\":\"" + tbl.Columns[i].ColumnName +
"\",\"Title\":\"" + Base64.encode(colTitle) + "\",\"Encoded\":true" +
",\"IsNumber\":" + isNumber.ToString().ToLower() + "}";
}
responseText += "],\"Total\":" + tbl.Rows.Count.ToString() + ",\"Rows\":[";
for (int i = firstRow; i <= lastRow; ++i)
{
responseText += (i == firstRow ? string.Empty : ",") + "{";
for (int j = 0, _ln = tbl.Columns.Count; j < _ln; ++j)
{
if (isFloatDic[tbl.Columns[j].ColumnName])
{
tbl.Rows[i].ItemArray[j] =
Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2);
}
string strVal = tbl.Rows[i].ItemArray[j].GetType() == typeof(DateTime) ?
PublicMethods.get_local_date((DateTime)tbl.Rows[i].ItemArray[j], true) :
(isFloatDic[tbl.Columns[j].ColumnName] ?
Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2) :
tbl.Rows[i].ItemArray[j]).ToString();
responseText += (j == 0 ? string.Empty : ",") + "\"" + tbl.Columns[j].ColumnName + "\":\"" + Base64.encode(strVal) + "\"";
}
responseText += "}";
}
responseText += "],\"Actions\":" + (string.IsNullOrEmpty(actions) ? "{}" : actions) + "}";
}
