private bool IsGeneric(string sRequestType, int nRequestType, string sNameSpacePrefix, out string sRequestRootTagName)
{
sRequestRootTagName = "requestdetails";
bool bIsGeneric = false;
try
{
string sIsGeneric = String.Empty;
if (nRequestType == -1)
{
sIsGeneric = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/@isgeneric", sRequestType));
}
else
{
sIsGeneric = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[typevalue=\"{0}\"]/@isgeneric", nRequestType));
}
bIsGeneric = (sIsGeneric.ToLower() == "yes" || sIsGeneric.ToLower() == "true");
sRequestRootTagName = bIsGeneric ? "genericrequestdetails/analysisparams" : "requestdetails";
}
catch (Exception ex)
{
}
sRequestRootTagName = sNameSpacePrefix + ":" + sRequestRootTagName.Replace("/", string.Format("/{0}:", sNameSpacePrefix));
sRequestRootTagName = sRequestRootTagName.Replace(string.Format("{0}:@", sNameSpacePrefix), "@");
return(bIsGeneric);
}
protected override void SelectTemplate(BaseRequest reqInfo, bool bIsInline, int nTemplateID, int createdBy, ref int ProfileID, ref string templateXML, ref int directManagerID, ref int createUserAsID, ref int nReqID)
{
#region Select approval template Details
TemplateDBOperations templateOps = new TemplateDBOperations();
bool PersistObjectOwner = true;
string strOperation = "Role Assignment/Revocation";
string reqPayload = string.Empty;
try
{
strOperation = XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/templateselection[@required=\"yes\"]/operation", reqInfo.sRequestType));
}
catch (Exception)
{
}
if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty)
{
reqPayload = reqInfo.RequestDetails;
}
else
{
reqPayload = reqInfo.GenericRequestDetails;
}
if (bIsInline)
{
templateOps.SelectTemplate(reqInfo.applicationScope, reqPayload, strOperation, false, false, out templateXML);
}
else
{
templateOps.SelectTemplateForRequest(reqInfo.applicationScope, createdBy, reqPayload, strOperation, nTemplateID, PersistObjectOwner, true, out templateXML);
}
try
{
#region Get Manager and User ID
GetManagerAndUserId(reqInfo, ref ProfileID, ref directManagerID, ref createUserAsID);
#endregion Get Manager and User ID
#region Validate Request Completion
ValidateGenericRequestCompletion(reqInfo.ApplicationID, templateXML, reqInfo.GenericRequestDetails, reqInfo.nRequestType);
#endregion
}
catch (Exception Bex)
{
throw Bex;
}
#endregion
}
private void GetManagerAndUserId(BaseRequest reqInfo, ref int ProfileID, ref int directManagerID, ref int createUserAsID)
{
#region Get Manager and User ID
//Retrieve User and Manager IDs
directManagerID = -1;
ProfileID = 0;
string requestNS = "http://www.approva.net/ApprovalRequest.xsd";
string sRequestDetailsXml = String.Empty;
if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty)
{
sRequestDetailsXml = reqInfo.RequestDetails;
}
else
{
sRequestDetailsXml = reqInfo.GenericRequestDetails;
}
if (sRequestDetailsXml != null && sRequestDetailsXml != String.Empty)
{
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(sRequestDetailsXml);
XmlNamespaceManager nsmgr1 = new XmlNamespaceManager(xmlDoc.NameTable);
nsmgr1.AddNamespace("apns", requestNS);
string sRequestRootTagName = String.Empty;
bool bIsGeneric = IsGeneric(reqInfo.sRequestType, "apns", out sRequestRootTagName);
try
{
string sAssigneeProfileIDXPath = "requestdetails/roleassignment/users/user/id";
string sTmp = XmlDocumentHelper.GetNodeValue(base.xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/templateselection[@required=\"yes\"]/assigneeProfileIDXPath", reqInfo.sRequestType));
if (sTmp != String.Empty)
{
sAssigneeProfileIDXPath = sTmp;
}
sAssigneeProfileIDXPath = "apns:" + sAssigneeProfileIDXPath.Replace("/", "/apns:");
sAssigneeProfileIDXPath = sAssigneeProfileIDXPath.Replace("/apns:@", "/@");
//XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan
ProfileID = Convert.ToInt32(xmlDoc.SelectSingleNode(sAssigneeProfileIDXPath, nsmgr1).InnerText);
}
catch { }
//get the node from all possible cases and update database where profile id = -1
//XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan
XmlNode directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:userstoadd/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1);
if (directManagerNode == null)
{
directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:userstomodify/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1);
}
if (directManagerNode == null)
{
directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:createusersas/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1);
}
if (directManagerNode == null)
{
directManagerNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:roleassignment/apns:users/apns:user/apns:directmanager", sRequestRootTagName), nsmgr1);
}
if (directManagerNode != null)
{
directManagerID = System.Convert.ToInt32(directManagerNode.InnerText);
}
//XML come from directly Database Table which is validated with Xslt template before inserting into the Database table . So no need to change the code.-CWE-643- Not a Issue-Appscan
XmlNode createUserAsNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:createusersas/apns:user/apns:id", sRequestRootTagName), nsmgr1);
//select Create User As userid for create request as option
if (createUserAsNode != null)
{
try
{
GetAppPrincipalIDForBRID(reqInfo.ApplicationID, System.Convert.ToInt32(createUserAsNode.InnerText), out createUserAsID);
}
catch
{
createUserAsNode.InnerText = "-1";
//CWE-643- Not a Issue-Appscan
XmlNode roleassignmentNode = xmlDoc.SelectSingleNode(string.Format("{0}/apns:roleassignment", sRequestRootTagName), nsmgr1);
if (roleassignmentNode != null)
{
XmlNode userstoaddNode = xmlDoc.CreateNode(XmlNodeType.Element, "userstoadd", requestNS);
userstoaddNode.InnerXml = createUserAsNode.ParentNode.ParentNode.InnerXml;
roleassignmentNode.ParentNode.InsertAfter(userstoaddNode, roleassignmentNode);
roleassignmentNode.ParentNode.RemoveChild(createUserAsNode.ParentNode.ParentNode);
if (reqInfo.GenericRequestDetails == null || reqInfo.GenericRequestDetails == string.Empty)
{
reqInfo.RequestDetails = xmlDoc.OuterXml;
}
else
{
reqInfo.GenericRequestDetails = xmlDoc.OuterXml;
}
}
else
{
throw;
}
}
}
}
#endregion Get Manager and User ID
}
protected void GetRequestInfoFromRequestXml(XmlNode xmlRequestNode, out BaseRequest reqInfo)
{
XmlNodeList nodeList = xmlRequestNode.ChildNodes;
reqInfo = new BaseRequest();
XmlNamespaceManager nsmgr = new XmlNamespaceManager(xmlRequestNode.OwnerDocument.NameTable);
nsmgr.AddNamespace("apns", xmlRequestNode.NamespaceURI);
foreach (XmlNode node in nodeList)
{
switch (node.Name.ToLower())
{
case "id":
reqInfo.id = System.Convert.ToInt32(node.InnerText);
break;
case "name":
reqInfo.name = HttpUtility.HtmlEncode((string)node.InnerText);
break;
case "description":
reqInfo.description = HttpUtility.HtmlEncode((string)node.InnerText);
break;
case "type":
reqInfo.sRequestType = node.InnerText;
reqInfo.nRequestType = Convert.ToInt32(XmlDocumentHelper.GetNodeValue(xmlDocReq, null, string.Format("/approvalrequests/request[@type=\"{0}\"]/typevalue", node.InnerText)));
break;
case "status":
reqInfo.requestStatus = RequestStatus.Draft;
if ((string)node.InnerText != String.Empty)
{
RequestStatus reqStatus = (RequestStatus)(Enum.Parse(reqInfo.requestStatus.GetType(), (string)node.InnerText));
reqInfo.requestStatus = reqStatus;
}
break;
case "priority":
reqInfo.requestPriority = RequestPriority.Normal;
if ((string)node.InnerText != String.Empty)
{
RequestPriority reqPriority = (RequestPriority)(Enum.Parse(reqInfo.requestPriority.GetType(), (string)node.InnerText));
reqInfo.requestPriority = reqPriority;
}
break;
case "applicationid":
reqInfo.ApplicationID = System.Convert.ToInt32(node.InnerText);
break;
case "applicationname":
reqInfo.applicationname = node.InnerText;
break;
case "format":
reqInfo.requestFormat = RequestFormat.NoConstraints;
if ((string)node.InnerText != String.Empty)
{
RequestFormat reqFormat = (RequestFormat)(Enum.Parse(reqInfo.requestFormat.GetType(), (string)node.InnerText));
reqInfo.requestFormat = reqFormat;
}
break;
case "applicationscope":
reqInfo.applicationScope = (string)node.OuterXml;
if (reqInfo.applicationname == null || reqInfo.applicationname == String.Empty)
{
reqInfo.applicationname = node.SelectSingleNode("apns:scope[@name='firstlevelscope']/apns:scopevalue", nsmgr).InnerText;
}
break;
case "requestdetails":
reqInfo.RequestDetails = (string)node.OuterXml;
break;
case "approvaltemplatedetails":
reqInfo.approvalTemplateDetails = (string)node.OuterXml;
break;
case "lastapprovedon":
reqInfo.lastApprovedOn = System.Convert.ToDateTime((string)node.InnerText);
break;
case "expiration":
reqInfo.expiration = System.Convert.ToDateTime((string)node.InnerText);
break;
case "requestedon":
if (node.InnerText != String.Empty)
{
reqInfo.requestedOn = System.Convert.ToDateTime(node.InnerText);
}
break;
case "lastupdatedon":
if (node.InnerText != String.Empty)
{
reqInfo.lastUpdatedOn = System.Convert.ToDateTime(node.InnerText);
}
break;
case "lastupdatedby":
reqInfo.lastUpdatedBy = (string)node.InnerText;
break;
case "totalstages":
reqInfo.totalStages = System.Convert.ToInt32(node.InnerText);
break;
case "currentstage":
reqInfo.currentStage = System.Convert.ToInt32(node.InnerText);
break;
case "templateautoapprovalflag":
reqInfo.templateAutoApprovalFlag = System.Convert.ToInt32(node.InnerText);
break;
case "templateautocompletionflag":
reqInfo.templateAutoCompletionFlag = System.Convert.ToInt32(node.InnerText);
break;
case "templateid":
reqInfo.templateID = System.Convert.ToInt32(node.InnerText);
break;
case "liveverify":
reqInfo.liveverify = System.Convert.ToInt32(node.InnerText);
break;
case "requestactivationtime":
reqInfo.requestActivationTime = System.Convert.ToDateTime((string)node.InnerText);
break;
//START: Code change to support Generic Request
/* Fill the 'GenericRequestDetails' with the content of <genericrequestdetails>
*/
case "genericrequestdetails":
reqInfo.GenericRequestDetails = (string)node.OuterXml;
break;
default: break;
}
}
}
