public ActionResult GetMenuUtente(string UIDUSER)
{
SecurityBLL sec = new SecurityBLL();
List <MenuModel> menu = sec.CreateMenuModel(UIDUSER);
return(PartialView("GetMenuUtentePartial", menu));
}
public ActionResult SalvaMenuUtente(string UIDUSER, int[] idMenu)
{
SecurityBLL sec = new SecurityBLL();
sec.SalvaMenuUtente(UIDUSER, idMenu);
return(null);
}
public ActionResult LeftMenu()
{
SecurityBLL sec = new SecurityBLL();
List <MenuModel> menu = sec.CreateMenuModel(ConnectedUser);
return(PartialView(menu));
}
public ActionResult Login(Models.LoginModel model)
{
if (ModelState.IsValid)
{
SecurityBLL security = new SecurityBLL();
string token = security.VerifyUser(model.UserId.ToUpper().Trim(), model.Password.ToUpper().Trim(), ClientIPAddress);
if (string.IsNullOrWhiteSpace(token))
{
ModelState.AddModelError(string.Empty, "User not found.");
return(View(model));
}
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
token,
DateTime.Now,
DateTime.Now.AddMinutes(30),
false,
"User"
);
string formsCookieStr = FormsAuthentication.Encrypt(ticket);
HttpCookie formsCookie = new HttpCookie(FormsAuthentication.FormsCookieName, formsCookieStr);
HttpContext.Response.Cookies.Add(formsCookie);
return(RedirectToAction("Index", "Home"));
}
ModelState.AddModelError(string.Empty, "User or password incorrect.");
return(View(model));
}
protected void VerificaAbilitazioneUtenteConUscita(int IDMENU)
{
SecurityBLL sec = new SecurityBLL();
if (!sec.VerificaAbilitazioneUtente(IDMENU, ConnectedUser))
{
RedirectToAction("LogOut", "Account");
}
}
// GET: Impostazioni
public ActionResult AbilitaMenu()
{
VerificaAbilitazioneUtenteConUscita(8);
SecurityBLL sec = new SecurityBLL();
List <RWListItem> utenti = sec.FillUtenti();
ViewData.Add("ListaUtenti", utenti);
return(View());
}
protected void AddOutImageButton_Click(object sender, EventArgs e)
{
string[] ListOfUsersToDeleteFromRol;
ListOfUsersToDeleteFromRol = GetUserIDs(InRoleListBox);
if (ListOfUsersToDeleteFromRol == null)
{
SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageUsersNoSelected);
return;
}
string userType = "Normal";
bool CanDeleteCurrentUserFromRole = true;
CanDeleteCurrentUserFromRole =
SecurityBLL.CanDeleteUserFromRole(ListOfUsersToDeleteFromRol, HttpContext.Current.User.Identity.Name, RoleDropDownList.SelectedValue, ref userType);
if (CanDeleteCurrentUserFromRole)
{
if (ListOfUsersToDeleteFromRol != null && ListOfUsersToDeleteFromRol.Length > 0)
{
Roles.RemoveUsersFromRole(ListOfUsersToDeleteFromRol, RoleDropDownList.Text);
foreach (String UserDeleted in ListOfUsersToDeleteFromRol)
{
try
{
UserBLL.DeleteUserInRoles(UserDeleted, RoleDropDownList.Text);
log.Debug("El Usuario " + UserDeleted + " ha sido eliminado del Rol " + RoleDropDownList.Text + ".");
SystemMessages.DisplaySystemMessage(string.Format(Resources.SecurityData.MessageDeletedRoleUser, UserDeleted, RoleDropDownList.Text));
}
catch
{
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.SecurityData.MessageErrorDeleteRoleUser, UserDeleted, RoleDropDownList.Text));
}
}
}
else
{
SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageNoUsersInList);
}
}
else
{
if (userType == "Normal")
{
log.Error("No se puede eliminar el Usuario " + HttpContext.Current.User.Identity.Name + " del rol " + RoleDropDownList.SelectedValue + " porque es el útimo con privilegios administrativos");
SystemMessages.DisplaySystemWarningMessage(string.Format(Resources.SecurityData.MessageWarningDeleteAdministrativeUser, HttpContext.Current.User.Identity.Name, RoleDropDownList.SelectedValue));
}
else if (userType == "Admin")
{
log.Error("No se puede eliminar el Usuario " + ConfigurationManager.AppSettings.Get("AdminUser") + " del Rol " + RoleDropDownList.SelectedValue + " porque es el útimo grupo con privilegios de administración y es el Administrador del Sistema");
SystemMessages.DisplaySystemWarningMessage(string.Format(Resources.SecurityData.MessageWarningDeleteAdminUser, ConfigurationManager.AppSettings.Get("AdminUser"), RoleDropDownList.SelectedValue));
}
}
BindData();
}
public void Init(T2SDKWrap t2SDKWrap)
{
lock (_locker)
{
_loginBLL = new LoginSyncBLL(t2SDKWrap);
_accountBLL = new AccountBLL(t2SDKWrap);
_securityBLL = new SecurityBLL(t2SDKWrap);
_querySyncBLL = new UFX.impl.QuerySyncBLL(t2SDKWrap);
_withdrawSyncBLL = new UFX.impl.WithdrawSyncBLL(t2SDKWrap);
_UFXMessageHandlerFactory = new UFXMessageHandlerFactory();
}
}
protected void AddInImageButton_Click(object sender, EventArgs e)
{
string[] ListOfUsersToAddToRol;
ListOfUsersToAddToRol = GetUserIDs(OutRoleListBox);
if (ListOfUsersToAddToRol != null && ListOfUsersToAddToRol.Length > 0)
{
if (RoleDropDownList.Text == Resources.SecurityData.NoneRoleItem)
{
foreach (String UserAdded in ListOfUsersToAddToRol)
{
string[] AllRoles = Roles.GetAllRoles();
foreach (String Rol in AllRoles)
{
if (Roles.IsUserInRole(UserAdded, Rol))
{
bool CanDeleteCurrentUserFromRole = true;
string userType = "Normal";
CanDeleteCurrentUserFromRole = SecurityBLL.CanDeleteUserFromRole(ListOfUsersToAddToRol, HttpContext.Current.User.Identity.Name, Rol, ref userType);
if (CanDeleteCurrentUserFromRole)
{
Roles.RemoveUserFromRole(UserAdded, Rol);
UserBLL.DeleteUserInRoles(UserAdded, Rol);
}
else
{
log.Error("No se puede eliminar el Usuario " + HttpContext.Current.User.Identity.Name + " del rol " + RoleDropDownList.SelectedValue + " porque es el útimo con privilegios administrativos");
SystemMessages.DisplaySystemMessage(string.Format(Resources.SecurityData.MessageWarningDeleteAdministrativeUser, HttpContext.Current.User.Identity.Name, RoleDropDownList.SelectedValue));
}
}
}
}
}
else
{
Roles.AddUsersToRole(ListOfUsersToAddToRol, RoleDropDownList.Text);
foreach (String UserAdded in ListOfUsersToAddToRol)
{
UserBLL.InsertUserInRoles(UserAdded, RoleDropDownList.Text);
log.Debug("El Usuario " + UserAdded + " ha sido adicionado al Rol " + RoleDropDownList.Text + ".");
SystemMessages.DisplaySystemMessage(string.Format(Resources.SecurityData.MessageUserRegisteredInRole, UserAdded, RoleDropDownList.Text));
}
}
}
else
{
SystemMessages.DisplaySystemMessage(Resources.SecurityData.MessageUsersNoSelected);
}
BindData();
}
public static bool IsUserAuthorizedPermission(string permissionMnemonic)
{
bool allowPermission = false;
string[] rolesAllowed = null;
try
{
rolesAllowed = SecurityBLL.GetRolesForPermission(permissionMnemonic);
if (rolesAllowed != null)
{
foreach (string s in rolesAllowed)
{
if (IsUserInThisRole(s))
{
// User is in some authorized role. Allow him to continue.
return(true);
}
}
}
}
catch (Exception e)
{
log.Error("Cannot get roles allowed for a specific permission.", e);
log.Debug("Cannot get roles allowed for a specific permission. IsUserAuthorizedOperation from LoginSecurity");
}
if (allowPermission == false)
{
try
{
if (IsCurrentUserAllowedToPerformPermission(permissionMnemonic))
{
return(true);
}
}
catch (Exception q)
{
log.Error("Cannot verify if the current user is allowed to perform the given permission.", q);
log.Debug("Cannot verify if the current user is allowed to perform the given permission. IsUserAuthorizedOperation from LoginSecurity");
}
}
return(allowPermission);
}
public string GetMenus()
{
AuthenUserMD logonUser = null;
if (Session["LOGINUSER"] != null)
{
logonUser = (AuthenUserMD)Session["LOGINUSER"];
}
if (logonUser != null)
{
string loginName = logonUser.LOGINNAME;
SecurityBLL secBLL = new SecurityBLL();
DataTable dt = secBLL.GetUserMenus(loginName);
return BuildMenuJasonString(dt);
}
else
{
return string.Empty;
}
}
public MainController(MainForm mainForm, T2SDKWrap t2SDKWrap)
{
this._t2SDKWrap = t2SDKWrap;
this._strategyBLL = new StrategyBLL2(this._t2SDKWrap);
this._securityBLL = new SecurityBLL(this._t2SDKWrap);
this._arbitrageBLL = new ArbitrageBLL(this._t2SDKWrap);
//var accounts = LoginManager.Instance.Accounts;
//foreach (var account in accounts)
//{
// _arbitrageBLL.QueryInstance(account);
//}
//_arbitrageBLL.QueryMonitorItem();
//Console.WriteLine("===========查询委托证券 开始==============");
//_securityBLL.QueryEntrust();
//Console.WriteLine("===========查询委托证券 结束==============");
_strategyBLL.QueryTrading();
this._mainForm = mainForm;
this._mainForm.MainController = this;
}
public UFXQuerySecurityDealBLL()
{
_securityBLL = UFXBLLManager.Instance.SecurityBLL;
}
protected void UserGridView_SelectedIndexChanged(object sender, EventArgs e)
{
if (UserGridView.SelectedDataKey == null)
{
return;
}
string userName = (string)UserGridView.SelectedDataKey.Value;
if (string.IsNullOrEmpty(userName))
{
return;
}
if (OperationHiddenField.Value == "EDIT")
{
Session["USERID"] = userName;
Response.Redirect("~/Security/EditUser.aspx");
}
else if (OperationHiddenField.Value == "DELETE")
{
try
{
//Verificar que no sea el admin
if (!SecurityBLL.CanDeleteUser(userName))
{
SystemMessages.DisplaySystemMessage(Resources.UserData.MessageWarningDeleteAdmin);
return;
}
User theUser = UserBLL.GetUserByUsername(userName);
UserBLL.DeleteUserRecord(theUser.UserId);
Membership.DeleteUser(userName);
SystemMessages.DisplaySystemMessage(Resources.UserData.MessageDeletedUser);
}
catch (Exception exc)
{
SystemMessages.DisplaySystemErrorMessage(exc.Message);
return;
}
UserGridView.DataBind();
}
else if (OperationHiddenField.Value == "BLOCK")
{
try
{
MembershipUser theUser = Membership.GetUser(userName);
if (theUser == null)
{
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageErrorGetMembership, userName));
return;
}
if (!theUser.IsLockedOut)
{
SystemMessages.DisplaySystemWarningMessage(string.Format(Resources.UserData.MessageWarningUserUnlocked, userName));
return;
}
theUser.UnlockUser();
Membership.UpdateUser(theUser);
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessageUnlockedUser, userName));
UserGridView.DataBind();
}
catch (Exception exc)
{
log.Error("Error en UnlockUser para userName: "******"RESET")
{
try
{
MembershipUser theUser = Membership.GetUser(userName);
if (theUser == null)
{
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessageErrorGetMembership, userName));
return;
}
string password = theUser.ResetPassword();
if (!string.IsNullOrEmpty(password))
{
string toMail = theUser.Email;
List <EmailFileParameter> theParams = new List <EmailFileParameter>();
theParams.Add(new EmailFileParameter("UserName", userName));
theParams.Add(new EmailFileParameter("Password", password));
EmailUtilities.SendEmailFile(Resources.Files.ResetPassword, Resources.UserData.SubjectResetPassword, userName, toMail, theParams);
SystemMessages.DisplaySystemMessage(string.Format(Resources.UserData.MessagePasswordReset, userName));
}
else
{
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageWarningResetPassword, userName));
}
}
catch (Exception exc)
{
log.Error("Error en ResetPassword para userName: " + userName, exc);
SystemMessages.DisplaySystemErrorMessage(string.Format(Resources.UserData.MessageErrorResetPassword, userName));
}
}
}
public AjaxController(SecurityBLL stub)
{
secBLL = stub;
}
public AjaxController()
{
secBLL = new SecurityBLL();
}
public UFXBasketEntrustBLL()
{
_securityBLL = UFXBLLManager.Instance.SecurityBLL;
}
protected bool VerificaAbilitazioneUtente(int IDMENU)
{
SecurityBLL sec = new SecurityBLL();
return(sec.VerificaAbilitazioneUtente(IDMENU, ConnectedUser));
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
if (controllerName == "Account")
{
return;
}
switch (controllerName)
{
case "Home":
case "Impostazioni":
case "Menu":
case "PVD":
case "Galvanica":
case "Verniciatura":
case "Magazzino":
case "MailDispatcher":
case "RvlDocumenti":
case "Preserie":
case "Trasferimenti":
case "Preziosi":
case "Video":
case "ALE":
HttpCookie coockie = filterContext.RequestContext.HttpContext.Request.Cookies[FormsAuthentication.FormsCookieName];
if (coockie == null)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
else
{
try
{
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(coockie.Value);
string token = ticket.Name;
TokenModel tokenModel = SecurityBLL.GetTokenModel(token);
if (tokenModel == null)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
if (tokenModel.IpAddress != ClientIPAddress)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
ConnectedUser = tokenModel.User;
}
catch
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary {
{ "controller", "Account" }, { "action", "Login" }
});
}
}
break;
}
}
public UFXWithdrawBLL()
{
_securityBLL = UFXBLLManager.Instance.SecurityBLL;
_timeOut = SettingManager.Instance.Get().UFXSetting.Timeout;
}
public UFXEntrustBLL()
{
_securityBLL = BLLManager.Instance.SecurityBLL;
_tradeCommandBLL = new TradeCommandBLL();
}
/// <summary>
/// 初始化当前请求页面的功能权限
/// </summary>
protected void InitialUserFunction()
{
if (!IsPostBack)
{
string path = Request.AppRelativeCurrentExecutionFilePath;
if (string.Compare("~/Pages/Common/Login.aspx", path, true) != 0 && string.Compare("~/Pages/Common/Default.aspx", path, true) != 0)
{
//**add by zdh
if (LogonUser == null)
{
Response.Redirect("~/Pages/Common/OverTime.htm");//子页面的session超时时,进入系统超时页面
}
//**end
//获取当前请求页面中,没有权限的功能清单
DataTable dtNoFunctions = new SecurityBLL().GetUserNoFunctions(this.LogonUser.LOGINNAME, path);
foreach (DataRow dr in dtNoFunctions.Rows)
{
string controlID = dr["CONTROL_ID"].ToString().Trim();
string controlType = dr["CATEGORY_TYPE"].ToString().Trim();
string propertyName = dr["PROPERTY_NAME"].ToString().Trim();
string propertyValue = dr["PROPERTY_VALUE"].ToString().Trim();
Control ctl = this.Controls[0].FindControl(controlID);
if (ctl != null)
{
switch (controlType)
{
case "0": //一般控件
ctl.Visible = false;
break;
case "1": //JQGrid
Trirand.Web.UI.WebControls.JQGrid grid = ctl as Trirand.Web.UI.WebControls.JQGrid;
if (propertyName.ToUpper() == "BUTTON") //JQGrid的按钮处理
{
if (grid.ToolBarSettings.AddText == propertyValue)
{
grid.ToolBarSettings.ShowAddButton = false;
}
else if (grid.ToolBarSettings.EditText == propertyValue)
{
grid.ToolBarSettings.ShowEditButton = false;
}
else if (grid.ToolBarSettings.DeleteText == propertyValue)
{
grid.ToolBarSettings.ShowDeleteButton = false;
}
else if (grid.ToolBarSettings.RefreshText == propertyValue)
{
grid.ToolBarSettings.ShowRefreshButton = false;
}
else if (grid.ToolBarSettings.SearchText == propertyValue)
{
grid.ToolBarSettings.ShowSearchButton = false;
}
else if (grid.ToolBarSettings.ViewText == propertyValue)
{
grid.ToolBarSettings.ShowViewRowDetailsButton = false;
}
else
{
foreach (Trirand.Web.UI.WebControls.JQGridToolBarButton cb in grid.ToolBarSettings.CustomButtons)
{
if (cb.Text == propertyValue)
{
grid.ToolBarSettings.CustomButtons[0].Visible = false;
break;
}
}
}
//switch (propertyValue)
//{
// case "添加":
// grid.ToolBarSettings.ShowAddButton = false;
// break;
// case "编辑":
// grid.ToolBarSettings.ShowEditButton = false;
// break;
// case "删除":
// grid.ToolBarSettings.ShowDeleteButton = false;
// break;
// case "刷新":
// grid.ToolBarSettings.ShowRefreshButton = false;
// break;
// case "查找":
// grid.ToolBarSettings.ShowSearchButton = false;
// break;
// case "查看":
// grid.ToolBarSettings.ShowViewRowDetailsButton = false;
// break;
// case "行内-添加":
// grid.ToolBarSettings.ShowInlineAddButton = false;
// break;
// case "行内-取消":
// grid.ToolBarSettings.ShowInlineCancelButton = false;
// break;
// case "行内-删除":
// grid.ToolBarSettings.ShowInlineDeleteButton = false;
// break;
// case "行内-编辑":
// grid.ToolBarSettings.ShowInlineEditButton = false;
// break;
// default: //自定义按钮处理
// foreach (Trirand.Web.UI.WebControls.JQGridToolBarButton cb in grid.ToolBarSettings.CustomButtons)
// {
// if (cb.Text == propertyValue)
// {
// grid.ToolBarSettings.CustomButtons[0].Visible = false;
// break;
// }
// }
// break;
//}
}
else if (propertyName.ToUpper() == "COLUMN") //JQGrid的列
{
foreach (Trirand.Web.UI.WebControls.JQGridColumn col in grid.Columns)
{
if (col.HeaderText == propertyValue)
{
col.Visible = false;
break;
}
}
}
break;
case "2": //GridView
GridView grd = ctl as GridView;
foreach (DataControlField col in grd.Columns)
{
if (col.HeaderText == propertyValue)
{
col.Visible = false;
break;
}
}
break;
case "3": //UserControl
ctl.Visible = false;
break;
default:
break;
}
}
}
}
}
}
public UFXQueryMultipleHoldingBLL()
{
_securityBLL = UFXBLLManager.Instance.SecurityBLL;
_timeOut = SettingManager.Instance.Get().UFXSetting.Timeout;
}
public UFXQueryFuturesEntrustBLL()
{
this._securityBLL = UFXBLLManager.Instance.SecurityBLL;
}
public static bool IsCurrentUserAllowedToPerformPermission(string userName, string permissionMnemonic)
{
return(SecurityBLL.IsUserAllowedToPerformPermission(userName, permissionMnemonic));
}
