public static LoginResult AttemptLogin(IOwinContext owinContext, string username, string password) { LoginResult result = new LoginResult(); bool authenticated = check_password(username, password); if (authenticated) { SQLString sql = new SQLString("select us_id, us_username, us_org from users where us_username = @us"); sql = sql.AddParameterWithValue("us", username); DataRow dr = DbUtil.get_datarow(sql); if (dr != null) { Security.SignIn(owinContext, username); result.Success = true; result.ErrorMessage = string.Empty; } else { // How could this happen? If someday the authentication // method uses, say LDAP, then check_password could return // true, even though there's no user in the database"; result.Success = false; result.ErrorMessage = "User not found in database"; } } else { result.Success = false; result.ErrorMessage = "Invalid User or Password."; } return result; }
public static int get_bugid_from_subject(ref string subject) { int bugid = 0; // Try to parse out the bugid from the subject line string bugidString = Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"); int pos = subject.IndexOf(bugidString); if (pos >= 0) { // position of colon pos = subject.IndexOf(":", pos); pos++; // position of close paren int pos2 = subject.IndexOf(")", pos); if (pos2 > pos) { string bugid_string_temp = subject.Substring(pos, pos2 - pos); if (Util.is_int(bugid_string_temp)) { bugid = Convert.ToInt32(bugid_string_temp); } } } // maybe a deleted bug? if (bugid != 0) { var sql = new SQLString("select count(1) from bugs where bg_id = @bg"); sql = sql.AddParameterWithValue("bg", Convert.ToString(bugid)); int bug_count = (int)btnet.DbUtil.execute_scalar(sql); if (bug_count != 1) { subject = subject.Replace(bugidString, "WAS #:"); bugid = 0; } } return bugid; }
/////////////////////////////////////////////////////////////////////// public static DataRow get_user_datarow_maybe_using_from_addr(Message message, string from_addr, string username) { DataRow dr = null; var sql = new SQLString( @" select us_id, us_admin, us_username, us_org, og_other_orgs_permission_level, isnull(us_forced_project,0) us_forced_project from users inner join orgs on us_org = og_id where us_username = @us"); // Create a new user from the "from" email address string btnet_service_username = Util.get_setting("CreateUserFromEmailAddressIfThisUsername", ""); if (!string.IsNullOrEmpty(from_addr) && username == btnet_service_username) { from_addr = get_from_addr(message); // See if there's already a username that matches this email address username = Email.simplify_email_address(from_addr); // Does a user with this email already exist? sql = sql.AddParameterWithValue("us", username); // We maybe found [email protected], so let's use him as the user instead of the btnet_service.exe user dr = btnet.DbUtil.get_datarow(sql); // We didn't find the user, so let's create him, using the email address as the username. if (dr == null) { bool use_domain_as_org_name = Util.get_setting("UseEmailDomainAsNewOrgNameWhenCreatingNewUser", "0") == "1"; btnet.User.copy_user( username, username, "", "", "", // first, last, signature 0, // salt Guid.NewGuid().ToString(), // random value for password, Util.get_setting("CreateUsersFromEmailTemplate", "[error - missing user template]"), use_domain_as_org_name); // now that we have created a user, try again dr = btnet.DbUtil.get_datarow(sql); } } else { // Use the btnet_service.exe user as the username sql = sql.AddParameterWithValue("$us", username.Replace("'", "''")); dr = btnet.DbUtil.get_datarow(sql); } return dr; }
public IHttpActionResult Post([FromBody] BugFromEmail bugFromEmail) { if (bugFromEmail != null && ModelState.IsValid) { if (bugFromEmail.ShortDescription == null) { bugFromEmail.ShortDescription = ""; } else if (bugFromEmail.ShortDescription.Length > 200) { bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200); } Message mimeMessage = null; if (!string.IsNullOrEmpty(bugFromEmail.Message)) { mimeMessage = Mime.GetMimeMessage(bugFromEmail.Message); bugFromEmail.Comment = Mime.get_comment(mimeMessage); string headers = Mime.get_headers_for_comment(mimeMessage); if (headers != "") { bugFromEmail.Comment = string.Format("{0}{1}{2}", headers, Environment.NewLine, bugFromEmail.Comment); } bugFromEmail.FromAddress = Mime.get_from_addr(mimeMessage); } else { if (bugFromEmail.Comment == null) { bugFromEmail.Comment = string.Empty; } } // Even though btnet_service.exe has already parsed out the bugid, // we can do a better job here with SharpMimeTools.dll string subject = ""; if (mimeMessage != null) { subject = Mime.get_subject(mimeMessage); if (subject != "[No Subject]") { bugFromEmail.BugId = Mime.get_bugid_from_subject(ref subject); } bugFromEmail.CcAddress = Mime.get_cc(mimeMessage); } SQLString sql; if (bugFromEmail.BugId != 0) { // Check if the bug is still in the database // No comment can be added to merged or deleted bugids // In this case a new bug is created, this to prevent possible loss of information sql = new SQLString(@"select count(bg_id) from bugs where bg_id = @id"); sql = sql.AddParameterWithValue("id", Convert.ToString(bugFromEmail.BugId)); if (Convert.ToInt32(DbUtil.execute_scalar(sql)) == 0) { bugFromEmail.BugId = 0; } } // Either insert a new bug or append a commment to existing bug // based on presence, absence of bugid if (bugFromEmail.BugId == 0) { // insert a new bug if (mimeMessage != null) { // in case somebody is replying to a bug that has been deleted or merged subject = subject.Replace(Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:"), "PREVIOUS:"); bugFromEmail.ShortDescription = subject; if (bugFromEmail.ShortDescription.Length > 200) { bugFromEmail.ShortDescription = bugFromEmail.ShortDescription.Substring(0, 200); } } DataRow defaults = Bug.get_bug_defaults(); // If you didn't set these from the query string, we'll give them default values if (!bugFromEmail.ProjectId.HasValue || bugFromEmail.ProjectId == 0) { bugFromEmail.ProjectId = (int)defaults["pj"]; } bugFromEmail.OrganizationId = bugFromEmail.OrganizationId ?? User.Identity.GetOrganizationId(); bugFromEmail.CategoryId = bugFromEmail.CategoryId ?? (int)defaults["ct"]; bugFromEmail.PriorityId = bugFromEmail.PriorityId ?? (int)defaults["pr"]; bugFromEmail.StatusId = bugFromEmail.StatusId ?? (int)defaults["st"]; bugFromEmail.UdfId = bugFromEmail.UdfId ?? (int)defaults["udf"]; // but forced project always wins if (User.Identity.GetForcedProjectId() != 0) { bugFromEmail.ProjectId = User.Identity.GetForcedProjectId(); } Bug.NewIds newIds = Bug.insert_bug( bugFromEmail.ShortDescription, User.Identity, "", // tags bugFromEmail.ProjectId.Value, bugFromEmail.OrganizationId.Value, bugFromEmail.CategoryId.Value, bugFromEmail.PriorityId.Value, bugFromEmail.StatusId.Value, bugFromEmail.AssignedTo ?? 0, bugFromEmail.UdfId.Value, bugFromEmail.Comment, bugFromEmail.Comment, bugFromEmail.FromAddress, bugFromEmail.CcAddress, "text/plain", false, // internal only null, // custom columns false); // suppress notifications for now - wait till after the attachments if (mimeMessage != null) { Mime.add_attachments(mimeMessage, newIds.bugid, newIds.postid, User.Identity); Email.auto_reply(newIds.bugid, bugFromEmail.FromAddress, bugFromEmail.ShortDescription, bugFromEmail.ProjectId.Value); } else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0) { Stream stream = new MemoryStream(bugFromEmail.Attachment); Bug.insert_post_attachment( User.Identity, newIds.bugid, stream, bugFromEmail.Attachment.Length, bugFromEmail.AttachmentFileName ?? string.Empty, bugFromEmail.AttachmentDescription ?? string.Empty, bugFromEmail.AttachmentContentType ?? string.Empty, -1, // parent false, // internal_only false); // don't send notification yet } // your customizations Bug.apply_post_insert_rules(newIds.bugid); Bug.send_notifications(Bug.INSERT, newIds.bugid, User.Identity); WhatsNew.add_news(newIds.bugid, bugFromEmail.ShortDescription, "added", User.Identity); return Ok(newIds.bugid); } else // update existing bug { string statusResultingFromIncomingEmail = Util.get_setting("StatusResultingFromIncomingEmail", "0"); if (statusResultingFromIncomingEmail != "0") { sql = new SQLString(@"update bugs set bg_status = @st where bg_id = @bg "); sql = sql.AddParameterWithValue("st", statusResultingFromIncomingEmail); sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId); DbUtil.execute_nonquery(sql); } sql = new SQLString("select bg_short_desc from bugs where bg_id = @bg"); sql = sql.AddParameterWithValue("bg", bugFromEmail.BugId); DataRow dr2 = DbUtil.get_datarow(sql); // Add a comment to existing bug. int postid = Bug.insert_comment( bugFromEmail.BugId, User.Identity.GetUserId(), // (int) dr["us_id"], bugFromEmail.Comment, bugFromEmail.Comment, bugFromEmail.FromAddress, bugFromEmail.CcAddress, "text/plain", false); // internal only if (mimeMessage != null) { Mime.add_attachments(mimeMessage, bugFromEmail.BugId, postid, User.Identity); } else if (bugFromEmail.Attachment != null && bugFromEmail.Attachment.Length > 0) { Stream stream = new MemoryStream(bugFromEmail.Attachment); Bug.insert_post_attachment( User.Identity, bugFromEmail.BugId, stream, bugFromEmail.Attachment.Length, bugFromEmail.AttachmentFileName ?? string.Empty, bugFromEmail.AttachmentDescription ?? string.Empty, bugFromEmail.AttachmentContentType ?? string.Empty, -1, // parent false, // internal_only false); // don't send notification yet } Bug.send_notifications(Bug.UPDATE, bugFromEmail.BugId, User.Identity); WhatsNew.add_news(bugFromEmail.BugId, (string)dr2["bg_short_desc"], "updated", User.Identity); return Ok(bugFromEmail.BugId); } } else { return BadRequest(ModelState); } }
public static bool check_password(string username, string password) { var sql = new SQLString(@" select us_username, us_id, us_password, isnull(us_salt,0) us_salt, us_active from users where us_username = @username"); sql = sql.AddParameterWithValue("username", username); DataRow dr = btnet.DbUtil.get_datarow(sql); if (dr == null) { Util.write_to_log("Unknown user " + username + " attempted to login."); return false; } int us_active = (int)dr["us_active"]; if (us_active == 0) { Util.write_to_log("Inactive user " + username + " attempted to login."); return false; } bool authenticated = false; LinkedList<DateTime> failed_attempts = null; // Too many failed attempts? // We'll only allow N in the last N minutes. failed_attempts = (LinkedList<DateTime>)HttpRuntime.Cache[username]; if (failed_attempts != null) { // Don't count attempts older than N minutes ago. int minutes_ago = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsMinutes", "10")); int failed_attempts_allowed = Convert.ToInt32(btnet.Util.get_setting("FailedLoginAttemptsAllowed", "10")); DateTime n_minutes_ago = DateTime.Now.AddMinutes(-1 * minutes_ago); while (true) { if (failed_attempts.Count > 0) { if (failed_attempts.First.Value < n_minutes_ago) { Util.write_to_log("removing stale failed attempt for " + username); failed_attempts.RemoveFirst(); } else { break; } } else { break; } } // how many failed attempts in last N minutes? Util.write_to_log("failed attempt count for " + username + ":" + Convert.ToString(failed_attempts.Count)); if (failed_attempts.Count > failed_attempts_allowed) { Util.write_to_log("Too many failed login attempts in too short a time period: " + username); return false; } // Save the list of attempts HttpRuntime.Cache[username] = failed_attempts; } if (btnet.Util.get_setting("AuthenticateUsingLdap", "0") == "1") { authenticated = check_password_with_ldap(username, password); } else { authenticated = check_password_with_db(username, password, dr); } if (authenticated) { // clear list of failed attempts if (failed_attempts != null) { failed_attempts.Clear(); HttpRuntime.Cache[username] = failed_attempts; } btnet.Util.update_most_recent_login_datetime((int)dr["us_id"]); return true; } else { if (failed_attempts == null) { failed_attempts = new LinkedList<DateTime>(); } // Record a failed login attempt. failed_attempts.AddLast(DateTime.Now); HttpRuntime.Cache[username] = failed_attempts; return false; } }
public static void auto_reply(int bugid, string from_addr, string short_desc, int projectid) { string auto_reply_text = Util.get_setting("AutoReplyText", ""); if (auto_reply_text == "") return; auto_reply_text = auto_reply_text.Replace("$BUGID$", Convert.ToString(bugid)); var sql = new SQLString(@"select pj_pop3_email_from from projects where pj_id = @pj"); sql = sql.AddParameterWithValue("pj", Convert.ToString(projectid)); object project_email = btnet.DbUtil.execute_scalar(sql); if (project_email == null) { btnet.Util.write_to_log("skipping auto reply because project email is blank"); return; } string project_email_string = Convert.ToString(project_email); if (project_email_string == "") { btnet.Util.write_to_log("skipping auto reply because project email is blank"); return; } // To avoid an infinite loop of replying to emails and then having to reply to the replies! if (project_email_string.ToLower() == from_addr.ToLower()) { btnet.Util.write_to_log("skipping auto reply because from address is same as project email:" + project_email_string); return; } string outgoing_subject = short_desc + " (" + Util.get_setting("TrackingIdString", "DO NOT EDIT THIS:") + Convert.ToString(bugid) + ")"; bool use_html_format = (btnet.Util.get_setting("AutoReplyUseHtmlEmailFormat", "0") == "1"); // commas cause trouble string cleaner_from_addr = from_addr.Replace(",", " "); Email.send_email(// 4 args cleaner_from_addr, // we are responding TO the address we just received email FROM project_email_string, "", // cc outgoing_subject, auto_reply_text, use_html_format ? MailFormat.Html : MailFormat.Text); }
private IEnumerable<IHit<object>> GetHitsFilteredBySecurity(ISearchResponse<object> response, IIdentity identity) { //NOTE: The search response will contain all bugs, but the current user might not have access to some of the bugs in the search response. // This method filters the list of hits based on the list of bugs that the user has access to in the system. // This is not an optimal solution but was considered the best approach given the current security filtering approach in bug tracker //TODO: Change this once the security approach has been redesigned. var sql = new SQLString(@"SELECT bg_id FROM bugs WHERE $ALTER_HERE"); sql = Util.alter_sql_per_project_permissions(sql, identity); DataSet ds = DbUtil.get_dataset(sql); HashSet<int> visibleBugIds = new HashSet<int>( ds.Tables[0].AsEnumerable().Select(d => Convert.ToInt32(d["bg_id"])).ToArray()); return response.Hits.Where(h => visibleBugIds.Contains(Convert.ToInt32(h.Id))); }
public static ClaimsIdentity GetIdentity(string username) { SQLString sql = new SQLString(@" select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups, u.us_use_fckeditor, u.us_forced_project, u.us_email, org.*, isnull(u.us_forced_project, 0 ) us_forced_project, proj.pu_permission_level, isnull(proj.pu_admin, 0) pu_admin, u.us_admin from users u inner join orgs org on u.us_org = org.og_id left outer join project_user_xref proj on proj.pu_project = u.us_forced_project and proj.pu_user = u.us_id where us_username = @us and u.us_active = 1"); sql = sql.AddParameterWithValue("us", username); DataRow dr = btnet.DbUtil.get_datarow(sql); var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"]; var claims = new List<Claim> { new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])), new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])), new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])), new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])), new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)), new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)), new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["og_can_only_see_own_reported"] == 1)), new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int) dr["og_can_use_reports"] == 1)), new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int) dr["og_can_edit_reports"] == 1)), new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)), new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int) dr["og_can_delete_bug"] == 1)), new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int) dr["og_can_merge_bugs"] == 1)), new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int) dr["og_can_mass_edit_bugs"] == 1)), new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int) dr["og_can_assign_to_internal_users"] == 1)), new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int) dr["og_can_edit_and_delete_posts"] == 1)), new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int) dr["og_can_edit_tasks"] == 1)), new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int) dr["og_can_view_tasks"] == 1)), new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])), new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])), new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])), new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])), new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])), new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])), new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])), new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])), new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int) dr["us_enable_bug_list_popups"] == 1)), new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int) dr["og_can_search"] == 1)), new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int) dr["og_external_user"] == 1)), new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int) dr["us_use_fckeditor"] == 1)) }; bool canAdd = true; int permssionLevel = dr["pu_permission_level"] == DBNull.Value ? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2")) : (int)dr["pu_permission_level"]; // if user is forced to a specific project, and doesn't have // at least reporter permission on that project, than user // can't add bugs int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"]; if (forcedProjectId != 0) { if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None) { canAdd = false; } } claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd))); claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId))); int tagsPermissionLevel; if (Util.get_setting("EnableTags", "0") == "1") { tagsPermissionLevel = (int)dr["og_tags_field_permission_level"]; } else { tagsPermissionLevel = PermissionLevel.None; } claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel))); if ((int)dr["us_admin"] == 1) { claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin)); } else { if ((int)dr["project_admin"] > 0) { claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin)); } } claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User)); return new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role); }
/// <summary> /// Index of re-index the bug matching the specified id /// </summary> /// <param name="bugId">The id of the bug to index</param> public void IndexBug(int bugId) { try { Util.write_to_log("started updating search index"); var sql = new SQLString(@" select bg_id, isnull(bg_tags,'') tags, bg_reported_date, isnull(st_name,'') status, bg_short_desc as [desc] from bugs left outer join statuses on st_id = bg_status where bg_id = @bugid"); sql = sql.AddParameterWithValue("bugid", Convert.ToString(bugId)); DataRow bugRow = DbUtil.get_datarow(sql); sql = new SQLString(@" select bp_id, isnull(bp_comment_search,bp_comment) [text] , bp_date from bug_posts where bp_type <> 'update' and bp_hidden_from_external_users = 0 and bp_bug = @bugId"); sql.AddParameterWithValue("bugId", bugId.ToString()); DataSet bugPosts = DbUtil.get_dataset(sql); IndexBug(bugRow, bugPosts.Tables[0]); Util.write_to_log("done updating search index"); } catch (Exception e) { Util.write_to_log("exception updating search index: " + e.Message); Util.write_to_log(e.StackTrace); } }
public static ClaimsIdentity GetIdentity(string username) { SQLString sql = new SQLString(@" select u.us_id, u.us_username, u.us_org, u.us_bugs_per_page, u.us_enable_bug_list_popups, u.us_use_fckeditor, u.us_forced_project, u.us_email, org.*, isnull(u.us_forced_project, 0 ) us_forced_project, proj.pu_permission_level, isnull(proj.pu_admin, 0) pu_admin, u.us_admin from users u inner join orgs org on u.us_org = org.og_id left outer join project_user_xref proj on proj.pu_project = u.us_forced_project and proj.pu_user = u.us_id where us_username = @us and u.us_active = 1"); sql = sql.AddParameterWithValue("us", username); DataRow dr = btnet.DbUtil.get_datarow(sql); var bugsPerPage = dr["us_bugs_per_page"] == DBNull.Value ? 10 : (int)dr["us_bugs_per_page"]; var claims = new List <Claim> { new Claim(BtnetClaimTypes.UserId, Convert.ToString(dr["us_id"])), new Claim(ClaimTypes.Name, Convert.ToString(dr["us_username"])), new Claim(ClaimTypes.Email, Convert.ToString(dr["us_email"])), new Claim(BtnetClaimTypes.OrganizationId, Convert.ToString(dr["us_org"])), new Claim(BtnetClaimTypes.BugsPerPage, Convert.ToString(bugsPerPage)), new Claim(BtnetClaimTypes.EnablePopUps, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)), new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["og_can_only_see_own_reported"] == 1)), new Claim(BtnetClaimTypes.CanUseReports, Convert.ToString((int)dr["og_can_use_reports"] == 1)), new Claim(BtnetClaimTypes.CanEditReports, Convert.ToString((int)dr["og_can_edit_reports"] == 1)), new Claim(BtnetClaimTypes.CanEditAndDeleteBugs, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)), new Claim(BtnetClaimTypes.CanDeleteBugs, Convert.ToString((int)dr["og_can_delete_bug"] == 1)), new Claim(BtnetClaimTypes.CanMergeBugs, Convert.ToString((int)dr["og_can_merge_bugs"] == 1)), new Claim(BtnetClaimTypes.CanMassEditBugs, Convert.ToString((int)dr["og_can_mass_edit_bugs"] == 1)), new Claim(BtnetClaimTypes.CanAssignToInternalUsers, Convert.ToString((int)dr["og_can_assign_to_internal_users"] == 1)), new Claim(BtnetClaimTypes.CanEditAndDeletePosts, Convert.ToString((int)dr["og_can_edit_and_delete_posts"] == 1)), new Claim(BtnetClaimTypes.CanEditTasks, Convert.ToString((int)dr["og_can_edit_tasks"] == 1)), new Claim(BtnetClaimTypes.CanViewTasks, Convert.ToString((int)dr["og_can_view_tasks"] == 1)), new Claim(BtnetClaimTypes.OtherOrgsPermissionLevel, Convert.ToString(dr["og_other_orgs_permission_level"])), new Claim(BtnetClaimTypes.CategoryFieldPermissionLevel, Convert.ToString(dr["og_category_field_permission_level"])), new Claim(BtnetClaimTypes.PriorityFieldPermissionLevel, Convert.ToString(dr["og_priority_field_permission_level"])), new Claim(BtnetClaimTypes.ProjectFieldPermissionLevel, Convert.ToString(dr["og_project_field_permission_level"])), new Claim(BtnetClaimTypes.StatusFieldPermissionLevel, Convert.ToString(dr["og_status_field_permission_level"])), new Claim(BtnetClaimTypes.AssignedToFieldPermissionLevel, Convert.ToString(dr["og_assigned_to_field_permission_level"])), new Claim(BtnetClaimTypes.OrgFieldPermissionLevel, Convert.ToString(dr["og_org_field_permission_level"])), new Claim(BtnetClaimTypes.UdfFieldPermissionLevel, Convert.ToString(dr["og_udf_field_permission_level"])), new Claim(BtnetClaimTypes.CanOnlySeeOwnReportedBugs, Convert.ToString((int)dr["us_enable_bug_list_popups"] == 1)), new Claim(BtnetClaimTypes.CanSearch, Convert.ToString((int)dr["og_can_search"] == 1)), new Claim(BtnetClaimTypes.IsExternalUser, Convert.ToString((int)dr["og_external_user"] == 1)), new Claim(BtnetClaimTypes.UseFCKEditor, Convert.ToString((int)dr["us_use_fckeditor"] == 1)) }; bool canAdd = true; int permssionLevel = dr["pu_permission_level"] == DBNull.Value ? Convert.ToInt32(Util.get_setting("DefaultPermissionLevel", "2")) : (int)dr["pu_permission_level"]; // if user is forced to a specific project, and doesn't have // at least reporter permission on that project, than user // can't add bugs int forcedProjectId = dr["us_forced_project"] == DBNull.Value ? 0 : (int)dr["us_forced_project"]; if (forcedProjectId != 0) { if (permssionLevel == PermissionLevel.ReadOnly || permssionLevel == PermissionLevel.None) { canAdd = false; } } claims.Add(new Claim(BtnetClaimTypes.CanAddBugs, Convert.ToString(canAdd))); claims.Add(new Claim(BtnetClaimTypes.ForcedProjectId, Convert.ToString(forcedProjectId))); int tagsPermissionLevel; if (Util.get_setting("EnableTags", "0") == "1") { tagsPermissionLevel = (int)dr["og_tags_field_permission_level"]; } else { tagsPermissionLevel = PermissionLevel.None; } claims.Add(new Claim(BtnetClaimTypes.TagsFieldPermissionLevel, Convert.ToString(tagsPermissionLevel))); if ((int)dr["us_admin"] == 1) { claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.Admin)); } else { if ((int)dr["project_admin"] > 0) { claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.ProjectAdmin)); } } claims.Add(new Claim(ClaimTypes.Role, BtnetRoles.User)); return(new ClaimsIdentity(claims, "ApplicationCookie", ClaimTypes.Name, ClaimTypes.Role)); }
/*根据员工编号和员工登陆密码判断登陆信息是否正确*/ public bool CheckLogin(string username, string password) { string sqlString = "select * from [employeeInfo] where employeeNo=" + SQLString.GetQuotedString(username); DataSet employeeInfoDs = DBOperation.GetDataSet(DBOperation.CONN_STRING_NON_DTC, CommandType.Text, sqlString, null); if (employeeInfoDs.Tables[0].Rows.Count == 0) { this.errMessage = "对不起,不存在该员工的帐号信息!"; return(false); } else { if (employeeInfoDs.Tables[0].Rows[0]["employeePassword"].ToString() != password) { this.errMessage = "对不起,员工的密码不正确!"; return(false); } } return(true); }
protected void btSaveNew_Click(object sender, EventArgs e) { //建立QID DataReceiver myReceiver = new DataReceiver(); strQID = strUserID + "_Q_" + myReceiver.getNowTime(); System.Threading.Thread.Sleep(1000); strAID = strUserID + "_A_" + myReceiver.getNowTime(); //儲存題目 clsTextQuestion myText = new clsTextQuestion(); string strQTextContent = txtQuestionData.Text; string strATextContent = txtAnswerData.Text; strQTextContent = strQTextContent.Replace("<", "<"); strQTextContent = strQTextContent.Replace(">", ">"); strATextContent = strATextContent.Replace("<", "<"); strATextContent = strATextContent.Replace(">", ">"); myText.saveQuestionAnswer(strQID, strAID, strQTextContent, strATextContent, strUserID, strPaperID, strGroupDivisionID, strGroupID, hiddenQuestionMode.Value); //儲存問題難易度 int iQuestionLevel = AuthoringTool.QuestionEditLevel.QuestionLevel.QuestionLevelName_SELECT_QuestionLevel(ddlQuestionLevel.SelectedValue); AuthoringTool.QuestionEditLevel.QuestionLevel.INSERT_QuestionLevel(strQID, iQuestionLevel); //儲存問題的病徵 AuthoringTool.QuestionEditLevel.QuestionLevel.QuestionLevel_INSERT_QuestionSymptoms(strQID, ddlSymptoms.SelectedValue); //如果是Specific題目則需儲存一筆資料至Paper_Content if (hiddenQuestionMode.Value == "Specific") { int intContentSeq = myReceiver.getPaperContentMaxSeq(strPaperID) + 1; SQLString mySQL = new SQLString(); mySQL.SaveToQuestionContent(strPaperID, strQID, "0", "2", hiddenQuestionMode.Value, intContentSeq.ToString()); } //若從編輯考卷來,直接將問題新增至考卷裡 蕭凱 2014/3/25 if (hiddenPreOpener.Value == "SelectPaperMode" && hiddenQuestionMode.Value != "Specific") { SQLString mySQL = new SQLString(); //取得考卷題數 string strSeq = Convert.ToString(myReceiver.getPaperContentMaxSeq(strPaperID) + 1); mySQL.SaveToQuestionContent(strPaperID, strQID, "0", "2", "General", strSeq); Session.Remove("PreOpener"); } //Redirect至下一個網頁 string strSystemFunction = ""; if (Session["SystemFunction"] != null) { strSystemFunction = Session["SystemFunction"].ToString(); } switch (strSystemFunction) { case "EditPaper": Response.Redirect("Paper_OtherQuestion.aspx?Opener=Paper_TextQuestionEditor"); break; case "EditQuestion": if (Request.QueryString["QID"] != null) { Response.Redirect("Paper_QuestionViewNew.aspx?Opener=Paper_TextQuestionEditor"); } else { Response.Redirect("Paper_QuestionMain.aspx?Opener=Paper_TextQuestionEditor"); } break; case "PreviewPaper": if (hiddenPreOpener.Value == "SelectPaperMode") { Response.Redirect("Paper_MainPage.aspx?Opener=SelectPaperMode&cCaseID=" + strCaseID + "&cSectionName=" + strSectionName + "&cPaperID=" + strPaperID); } else { Response.Redirect("Paper_MainPage.aspx?Opener=Paper_TextQuestionEditor"); } break; default: Response.Redirect("Paper_QuestionMain.aspx?Opener=Paper_TextQuestionEditor"); break; } }
/// <summary> /// 接收參數 /// </summary> private void getParametor() { //UserID if (Session["UserID"] != null) { strUserID = Session["UserID"].ToString(); } //strUserID = "swakevin"; //CaseID if (Session["CaseID"] != null) { strCaseID = Session["CaseID"].ToString(); hiddenCaseID.Value = Session["CaseID"].ToString(); } //Division if (Session["DivisionID"] != null) { strDivisionID = Session["DivisionID"].ToString(); } //ClinicNum if (Session["ClinicNum"] != null) { strClinicNum = Session["ClinicNum"].ToString(); } //SectionName if (Session["SectionName"] != null) { strSectionName = Session["SectionName"].ToString(); } hfPaperID.Value = ""; //PaperID if (Session["PaperID"] != null) { strPaperID = Session["PaperID"].ToString(); hfPaperID.Value = strPaperID; } else { SQLString mySQL = new SQLString(); strPaperID = mySQL.getPaperIDFromCase(strCaseID, strClinicNum.ToString(), strSectionName); hfPaperID.Value = strPaperID; } //strPaperID = "wyt20060510150619"; //Opener if (Request.QueryString["Opener"] != null) { hiddenOpener.Value = Request.QueryString["Opener"].ToString(); } //QuestionMode if (Session["QuestionMode"] != null) { hiddenQuestionMode.Value = Session["QuestionMode"].ToString(); } //hiddenQuestionMode.Value = "General"; //PresentType if (Session["PresentType"] != null) { hiddenPresentType.Value = Session["PresentType"].ToString(); } //Edit method if (Session["EditMode"] != null) { hiddenEditMode.Value = Session["EditMode"].ToString(); } //ModifyType if (Session["ModifyType"] != null) { hiddenModifyType.Value = Session["ModifyType"].ToString(); } //bModify if (Session["bModify"] != null) { bModify = Convert.ToBoolean(Session["bModify"]); } //PreOpener if (Session["PreOpener"] != null) { if (Request.QueryString["Opener"] != null) { if (Request.QueryString["Opener"].ToString() == "Paper_MainPage") { hiddenPreOpener.Value = Session["PreOpener"].ToString(); } else { hiddenPreOpener.Value = ""; } } } //QID if (!IsPostBack) { Session["TextQuestionQID"] = null; } if (Request.QueryString["QID"] != null) { strQID = Request.QueryString["QID"].ToString(); //把QID的題目內容寫入txtData中 string strQuestion = DataReceiver.QuestionAnswer_Question_SELECT_Question(strQID); string strQuestionAnswer = DataReceiver.getTextQuestionContentByQID(strQID); if (this.IsPostBack == false) { txtQuestionData.Text = strQuestion; txtAnswerData.Text = strQuestionAnswer.Split('$')[1]; } } else { //若不用session把strQID暫存,則postback後會有第二個strQID產生,則特徵listbox會被自動刷新,讀取不到使用者所選的特徵值 //朱君 2012/12/18 if (Session["TextQuestionQID"] != null) { strQID = Session["TextQuestionQID"].ToString(); } else { //建立QID DataReceiver myReceiver = new DataReceiver(); strQID = strUserID + "_Q_" + myReceiver.getNowTime(); Session["TextQuestionQID"] = strQID; } } //AID if (Request.QueryString["AID"] != null) { //暫存AID以防止PostBack後AID會改變 老詹 2013/09/09 if (ViewState["TextQuestionAID"] == null) { strAID = Request.QueryString["AID"].ToString(); } else { strAID = ViewState["TextQuestionAID"].ToString(); } //把QID的題目答案寫入txtEdit中 string strAnswer = DataReceiver.QuestionAnswer_Answer_SELECT_Answer(strQID, strAID); if (this.IsPostBack == false) { txtAnswerData.Text = strAnswer; } } else { //建立AID DataReceiver myReceiver = new DataReceiver(); System.Threading.Thread.Sleep(1000); strAID = strUserID + "_A_" + myReceiver.getNowTime(); } //GroupID if (Request.QueryString["GroupID"] != null) { strGroupID = Request.QueryString["GroupID"].ToString(); hfGroupID.Value = strGroupID; hfGroupSerialNum.Value = DataReceiver.getQuestionGroupSerialNumByQuestionGroupID(strGroupID).ToString(); if (Session["GroupID"] != null) { Session["GroupID"] = strGroupID; } else { Session.Add("GroupID", strGroupID); } } else { SQLString sqlstring = new SQLString(); strGroupID = sqlstring.GetQuestionGroupIDByQID(strQID); hfGroupID.Value = strGroupID; hfGroupSerialNum.Value = DataReceiver.getQuestionGroupSerialNumByQuestionGroupID(strGroupID).ToString(); if (Session["GroupID"] != null) { Session["GroupID"] = strGroupID; } else { Session.Add("GroupID", strGroupID); } } //GroupDivisionID if (strGroupID != null) { if (strGroupID.Trim().Length > 0) { DataReceiver myReceiver = new DataReceiver(); strGroupDivisionID = myReceiver.getGroupDivisionID(strGroupID); if (Session["GroupDivisionID"] != null) { Session["GroupDivisionID"] = strGroupDivisionID; } else { Session.Add("GroupDivisionID", strGroupDivisionID); } } } }