private void CheckPositionAccess() { if (!CurrentPositionID.HasValue) { Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.QUERY)); } //Check to ensure the position exists and the current user has access if (Roles.IsUserInRole("Admin") == false && PositionBLL.VerifyPositionAccess(CurrentPosition) == false) { Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.AUTH)); } }
/// <summary> /// Page_Init checks to ensure that the query string is valid, the logged in user is an admin or equivalent, the given application is valid /// </summary> protected void Page_Init(object sender, EventArgs e) { if (currentApplication == null) { //if the current application does not have a database association, redirect to an error page Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.UNKNOWN)); } if (AdministrativeAccess) //Only allow in administrative access { //Check User Permissions if the user isn't an admin if (!Roles.IsUserInRole("Admin")) { if (PositionBLL.VerifyPositionAccess(currentApplication.AppliedPosition) == false) { //If the user does not have position access, redirect to the not authorized page Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.AUTH)); } } } else //Use committee rules { bool allowedAccess = false; bool reviewerAccess = false; CommitteeMemberBLL.CheckAccess(currentApplication.AppliedPosition, out allowedAccess, out reviewerAccess); if (!allowedAccess) { Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.AUTH)); } if (reviewerAccess) { gviewReferences.Columns[INT_REFERENCE_FILE_COLUMN].Visible = false; } } //Trace.Write("Valid user and application " + currentApplication.ID.ToString() + Environment.NewLine); }
private void DataBindExistingPosition() { //current position should not be null if (currentPosition == null) { Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.UNKNOWN)); } if (Roles.IsUserInRole("Admin") == false && PositionBLL.VerifyPositionAccess(currentPosition) == false) { Response.Redirect(RecruitmentConfiguration.ErrorPage(RecruitmentConfiguration.ErrorType.AUTH)); } //If we do, databind all of the fields on the form //Set the posted date to now txtDeadline.Text = currentPosition.Deadline.ToShortDateString(); txtPositionTitle.Text = currentPosition.PositionTitle; txtPositionNumber.Text = currentPosition.PositionNumber; txtHRRep.Text = currentPosition.HRRep; txtHRPhone.Text = currentPosition.HRPhone; txtHREmail.Text = currentPosition.HREmail; DepartmentList = new List <Department>(); foreach (Department d in currentPosition.Departments) { DepartmentList.Add(d); } gviewDepartments.DataSource = DepartmentList; gviewDepartments.DataBind(); if (currentPosition.Steps.Contains(ApplicationStepType.CurrentPosition)) { chkShowCurrentPosition.Checked = true; } if (currentPosition.Steps.Contains(ApplicationStepType.Education)) { chkShowEducation.Checked = true; } filePositionDescription.Visible = false; reqValPositionDescription.Visible = false; txtShortDescription.Text = currentPosition.ShortDescription; if (currentPosition.ReferenceTemplate != null) { txtReferenceTemplate.Text = currentPosition.ReferenceTemplate.TemplateText; } txtPublications.Text = currentPosition.NumPublications.ToString(); txtReferences.Text = currentPosition.NumReferences.ToString(); chkAllowApplications.Checked = currentPosition.AllowApps; chkAllowFaculty.Checked = currentPosition.FacultyView; chkPositionClosed.Checked = currentPosition.Closed; lbtnDownloadPositionDescription.Visible = true; litDownloadPositionDescription.Visible = true; ibtnReplacePositionDescription.Visible = true; if (currentPosition.SearchPlanFile != null) //legacy positions may have a null search plan { fileSearchPlan.Visible = false; reqValSearchPlan.Visible = false; lbtnDownloadSearchPlan.Visible = true; litDownloadSearchPlan.Visible = true; ibtnReplaceSearchPlan.Visible = true; } //Change the text of the position status literal and then submit button to represent an edit litPositionState.Text = "Edit Position"; btnModifyPosition.Text = "Update!"; }