Пример #1
0
        private bool IsForbidden(CS505Project1.Domains.TableAction tableAction)
        {
            //Get UserID:
            int userId = GetUserId(tableAction.user_name);

            //If attempting insert:
            if (tableAction.operation == Domains.Operation_Type.INSERT)
            {
                string        query  = string.Format(query_ISFORBIDDENTOINSERT, userId, tableAction.table_name);
                List <string> result = GetRecords(query);
                if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0"))
                {
                    return(false); //not forbidden
                }
                else
                {
                    return(true);
                }
            }
            else if (tableAction.operation == Domains.Operation_Type.SELECT)
            {
                string        query  = string.Format(query_ISFORBIDDENTOSELECT, userId, tableAction.table_name);
                List <string> result = GetRecords(query);
                if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0"))
                {
                    return(false); //not forbidden
                }
                else
                {
                    return(true);
                }
            }
            return(true);
        }
Пример #2
0
 ///Verifies that a table action can be performed (if it cannot be performed
 ///either due to it not being permitted, or worse, it is forbidden, we throw an exception
 ///telling the user the reason for revoking the action).
 public void CanPerformTableAction(CS505Project1.Domains.TableAction tableAction)
 {
     if (IsPermitted(tableAction))
     {
         return;
     }
     else
     {
         //Check forbidden list
         if (IsForbidden(tableAction))
         {
             //Todo: LOG or notify the DBA or CSO
             throw new Exception("ERROR: This action has been FORBIDDEN for this user.\nTHIS ATTEMPT HAS BEEN REPORTED TO THE DBA/CSO", null);
         }
         else
         {
             throw new Exception("Sorry: User is not permitted to perform this action.", null);
         }
     }
 }
Пример #3
0
        private bool IsPermitted(CS505Project1.Domains.TableAction tableAction)
        {
            //CurrentUser tries to read/write to a table
            //Form permission around attempted action:
            //They want to READ from "clients"
            //check in permitted table for user_name='CurrentUser' and table_name='clients'

            //Get UserID:
            int userId = GetUserId(tableAction.user_name);

            //If attempting insert:
            if (tableAction.operation == Domains.Operation_Type.INSERT)
            {
                string        query  = string.Format(query_ISPERMITTEDTOINSERT, userId, tableAction.table_name);
                List <string> result = GetRecords(query);
                if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0"))
                {
                    return(false); //not permitted
                }
                else
                {
                    return(true);
                }
            }
            else if (tableAction.operation == Domains.Operation_Type.SELECT)
            {
                string        query  = string.Format(query_ISPERMITTEDTOSELECT, userId, tableAction.table_name);
                List <string> result = GetRecords(query);
                if (result.Count == 0 || string.IsNullOrEmpty(result[0]) || (result[0] == "0"))
                {
                    return(false); //not permitted
                }
                else
                {
                    return(true);
                }
            }
            return(false);
        }