private void butOK_Click(object sender, System.EventArgs e) { Userod selectedUser = (Userod)listUser.SelectedItem; if (selectedUser.Password != "") { if (!Userods.CheckPassword(textPassword.Text, selectedUser.Password)) { MsgBox.Show(this, "Incorrect password"); return; } //if (selectedUser.UserGroupNum == 1) this works to elevate privs to admin if (GroupPermissions.HasPermission(selectedUser.UserGroupNum, Permissions.AnesthesiaControlMeds)) { DialogResult = DialogResult.OK; Security.CurUser = (Userod)listUser.SelectedItem; return; } else { MessageBox.Show(this, "You must be an administrator to unlock this action"); } return; } }
///<summary>Checks to see if current user is authorized. It also checks any date restrictions. If not authorized, it gives a Message box saying so and returns false.</summary> public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage) { if (Security.CurUser != null && GroupPermissions.HasPermission(Security.CurUser.UserGroupNum, perm)) { if (GroupPermissions.PermTakesDates(perm)) { DateTime dateLimit = GetDateLimit(perm, Security.CurUser.UserGroupNum); if (date <= dateLimit) //not authorized { if (!suppressMessage) { MessageBox.Show(Lan.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm) + "\r\n" + Lan.g("Security", "Date limitation")); } return(false); } return(true); } //doesn't take a date return(true); } if (!suppressMessage) { MessageBox.Show(Lan.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm)); } return(false); }
private void FillList() { UserGroups.RefreshCache(); listGroups.Items.Clear(); _listUserGroups = UserGroups.GetWhere(x => IsAdminMode || !GroupPermissions.HasPermission(x.UserGroupNum, Permissions.SecurityAdmin, 0)); for (int i = 0; i < _listUserGroups.Count; i++) { listGroups.Items.Add(_listUserGroups[i].Description); } }
///<summary>Gives the current usergroup all permissions. There should only be one usergroup selected when this is called. Throws exceptions.</summary> public void SetAll() { if (_listUserGroupNums.Count != 1) { throw new Exception("SetAll may not be called when multiple usergroups are selected."); } GroupPermission perm; for (int i = 0; i < Enum.GetNames(typeof(Permissions)).Length; i++) { if (i == (int)Permissions.SecurityAdmin || i == (int)Permissions.StartupMultiUserOld || i == (int)Permissions.StartupSingleUserOld || i == (int)Permissions.EhrKeyAdd) { continue; } perm = GroupPermissions.GetPerm(_listUserGroupNums.First(), (Permissions)i); if (perm == null) { perm = new GroupPermission(); perm.PermType = (Permissions)i; perm.UserGroupNum = _listUserGroupNums.First(); try { GroupPermissions.Insert(perm); } catch (Exception ex) { MessageBox.Show(ex.Message); } } } //add all the report permissions as well List <DisplayReport> _listDisplayReportAll = DisplayReports.GetAll(false); foreach (DisplayReport report in _listDisplayReportAll) { if (GroupPermissions.HasPermission(_listUserGroupNums.First(), Permissions.Reports, report.DisplayReportNum)) { continue; //don't bother creating or adding the permission if the usergroup already has it. } perm = new GroupPermission(); perm.NewerDate = DateTime.MinValue; perm.NewerDays = 0; perm.PermType = Permissions.Reports; perm.UserGroupNum = _listUserGroupNums.First(); perm.FKey = report.DisplayReportNum; try { GroupPermissions.Insert(perm); } catch (Exception ex) { MessageBox.Show(ex.Message); } } FillTreePerm(); }
private void butAdjustQtys_Click(object sender, EventArgs e) { Userod curUser = Security.CurUser; if (GroupPermissions.HasPermission(curUser.UserGroupNum, Permissions.AnesthesiaControlMeds)) { FormAnesthMedsEdit FormA = new FormAnesthMedsEdit(); AnesthMedsInventory med = new AnesthMedsInventory(); med.IsNew = true; FormA.ShowDialog(); return; } else { MessageBox.Show(Lan.g(this, "You must be an administrator to unlock this action")); return; } }
private void FormGlobalSecurity_Load(object sender, EventArgs e) { textLogOffAfterMinutes.Text = PrefC.GetInt(PrefName.SecurityLogOffAfterMinutes).ToString(); checkAllowLogoffOverride.Checked = PrefC.GetBool(PrefName.SecurityLogOffAllowUserOverride); checkPasswordsMustBeStrong.Checked = PrefC.GetBool(PrefName.PasswordsMustBeStrong); checkPasswordsStrongIncludeSpecial.Checked = PrefC.GetBool(PrefName.PasswordsStrongIncludeSpecial); checkPasswordForceWeakToStrong.Checked = PrefC.GetBool(PrefName.PasswordsWeakChangeToStrong); checkTimecardSecurityEnabled.Checked = PrefC.GetBool(PrefName.TimecardSecurityEnabled); checkCannotEditOwn.Checked = PrefC.GetBool(PrefName.TimecardUsersDontEditOwnCard); checkCannotEditOwn.Enabled = checkTimecardSecurityEnabled.Checked; checkDomainLoginEnabled.Checked = PrefC.GetBool(PrefName.DomainLoginEnabled); textDomainLoginPath.ReadOnly = !checkDomainLoginEnabled.Checked; textDomainLoginPath.Text = PrefC.GetString(PrefName.DomainLoginPath); checkLogOffWindows.Checked = PrefC.GetBool(PrefName.SecurityLogOffWithWindows); checkUserNameManualEntry.Checked = PrefC.GetBool(PrefName.UserNameManualEntry); if (PrefC.GetDate(PrefName.BackupReminderLastDateRun).ToShortDateString() == DateTime.MaxValue.AddMonths(-1).ToShortDateString()) { checkDisableBackupReminder.Checked = true; } if (PrefC.GetInt(PrefName.SecurityLockDays) > 0) { textDaysLock.Text = PrefC.GetInt(PrefName.SecurityLockDays).ToString(); } if (PrefC.GetDate(PrefName.SecurityLockDate).Year > 1880) { textDateLock.Text = PrefC.GetDate(PrefName.SecurityLockDate).ToShortDateString(); } if (PrefC.GetBool(PrefName.CentralManagerSecurityLock)) { butChange.Enabled = false; labelGlobalDateLockDisabled.Visible = true; } List <UserGroup> listGroupsNotAdmin = UserGroups.GetList().FindAll(x => !GroupPermissions.HasPermission(x.UserGroupNum, Permissions.SecurityAdmin, 0)); for (int i = 0; i < listGroupsNotAdmin.Count; i++) { comboGroups.Items.Add(listGroupsNotAdmin[i].Description, listGroupsNotAdmin[i]); if (PrefC.GetLong(PrefName.DefaultUserGroup) == listGroupsNotAdmin[i].UserGroupNum) { comboGroups.SelectedIndex = i; } } }
private void gridAnesthMedsInventory_CellDoubleClick(object sender, ODGridClickEventArgs e) { Userod curUser = Security.CurUser; if (GroupPermissions.HasPermission(curUser.UserGroupNum, Permissions.AnesthesiaControlMeds)) { FormAnesthMedsEdit FormME = new FormAnesthMedsEdit(); FormME.Med = listAnestheticMeds[e.Row]; FormME.ShowDialog(); if (FormME.DialogResult == DialogResult.OK) { FillGrid(); } return; } else { MessageBox.Show(Lan.g(this, "You must be an administrator with rights to control anesthetic medication inventory levels to unlock this action")); return; } }
///<summary>Checks to see if current user is authorized. It also checks any date restrictions. If not authorized, it gives a Message box saying so and returns false.</summary> public static bool IsAuthorized(Permissions perm, DateTime date, bool suppressMessage) { if (Security.CurUser == null || !GroupPermissions.HasPermission(Security.CurUser.UserGroupNum, perm)) { if (!suppressMessage) { MessageBox.Show(Lan.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm)); } return(false); } if (perm == Permissions.AccountingCreate || perm == Permissions.AccountingEdit) { if (date <= PrefB.GetDate("AccountingLockDate")) { if (!suppressMessage) { MessageBox.Show(Lan.g("Security", "Locked by Administrator.")); } return(false); } } if (!GroupPermissions.PermTakesDates(perm)) { return(true); } DateTime dateLimit = GetDateLimit(perm, Security.CurUser.UserGroupNum); if (date > dateLimit) //authorized { return(true); } if (!suppressMessage) { MessageBox.Show(Lan.g("Security", "Not authorized for") + "\r\n" + GroupPermissions.GetDesc(perm) + "\r\n" + Lan.g("Security", "Date limitation")); } return(false); }
///<summary>Toggles permissions based on the node the user has clicked. ///Will do nothing if in Read-Only mode or more than one usergroup is selected.</summary> private void treePermissions_MouseDown(object sender, System.Windows.Forms.MouseEventArgs e) { if (ReadOnly || _listUserGroupNums.Count != 1) { return; } _clickedPermNode = treePermissions.GetNodeAt(e.X, e.Y); if (_clickedPermNode == null) { return; } //Do nothing if the user didn't click on a check box. if (_clickedPermNode.Parent == null) //level 1 { if (e.X < 5 || e.X > 17) { return; } } else if (_clickedPermNode.Parent.Parent == null) //level 2 { if (e.X < 24 || e.X > 36) { return; } } else if (_clickedPermNode.Parent.Parent.Parent == null) //level 3 { if (e.X < 43 || e.X > 55) { return; } } //User clicked on a check box. Do stuff. if (_clickedPermNode.ImageIndex == 1) //unchecked, so need to add a permission { GroupPermission perm = new GroupPermission(); perm.PermType = (Permissions)_clickedPermNode.Tag; perm.UserGroupNum = _listUserGroupNums.First(); if (GroupPermissions.PermTakesDates(perm.PermType)) { perm.IsNew = true; //Call an event that bubbles back up to the calling Form. The event returns a dialog result so we know how to continue here. DialogResult result = GroupPermissionChecked?.Invoke(sender, new SecurityEventArgs(perm)) ?? DialogResult.Cancel; if (result == DialogResult.Cancel) { treePermissions.EndUpdate(); return; } } else if (perm.PermType == Permissions.Reports) //Reports permission is being checked. //Call an event that bubbles back up to the calling Form. The event returns a dialog result so we know how to continue here. { DialogResult result = ReportPermissionChecked?.Invoke(sender, new SecurityEventArgs(perm)) ?? DialogResult.Cancel; if (result == DialogResult.Cancel) { treePermissions.EndUpdate(); return; } } else { try { GroupPermissions.Insert(perm); SecurityLogs.MakeLogEntry(Permissions.SecurityAdmin, 0, "Permission '" + perm.PermType + "' granted to '" + UserGroups.GetGroup(perm.UserGroupNum).Description + "'"); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } if (perm.PermType.In(Permissions.ProcComplEdit, Permissions.ProcExistingEdit)) { //Adding ProcComplEdit full, so add ProcComplEditlimited too. //Do the same for EO and EC procs GroupPermission permLimited = GroupPermissions.GetPerm(_listUserGroupNums.First(), Permissions.ProcComplEditLimited); if (permLimited == null) { GroupPermissions.RefreshCache(); //refresh NewerDays/Date to add the same for ProcComplEditLimited perm = GroupPermissions.GetPerm(_listUserGroupNums.First(), perm.PermType); permLimited = new GroupPermission(); permLimited.NewerDate = perm.NewerDate; permLimited.NewerDays = perm.NewerDays; permLimited.UserGroupNum = perm.UserGroupNum; permLimited.PermType = Permissions.ProcComplEditLimited; try { GroupPermissions.Insert(permLimited); SecurityLogs.MakeLogEntry(Permissions.SecurityAdmin, 0, "Permission '" + perm.PermType + "' granted to '" + UserGroups.GetGroup(perm.UserGroupNum).Description + "'"); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } } } else if (_clickedPermNode.ImageIndex == 2) //checked, so need to delete the perm { try { GroupPermissions.RemovePermission(_listUserGroupNums.First(), (Permissions)_clickedPermNode.Tag); SecurityLogs.MakeLogEntry(Permissions.SecurityAdmin, 0, "Permission '" + _clickedPermNode.Tag + "' revoked from '" + UserGroups.GetGroup(_listUserGroupNums.First()).Description + "'"); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } if ((Permissions)_clickedPermNode.Tag == Permissions.ProcComplEditLimited) { //Deselecting ProcComplEditLimted, deselect ProcComplEdit and ProcExistingEdit permissions if present. List <Permissions> listPermissions = new List <Permissions>(); if (GroupPermissions.HasPermission(_listUserGroupNums.First(), Permissions.ProcComplEdit, 0)) { listPermissions.Add(Permissions.ProcComplEdit); } if (GroupPermissions.HasPermission(_listUserGroupNums.First(), Permissions.ProcExistingEdit, 0)) { listPermissions.Add(Permissions.ProcExistingEdit); } listPermissions.ForEach(x => { try { GroupPermissions.RemovePermission(_listUserGroupNums.First(), x); SecurityLogs.MakeLogEntry(Permissions.SecurityAdmin, 0, "Permission '" + _clickedPermNode.Tag + "' revoked from '" + UserGroups.GetGroup(_listUserGroupNums.First()).Description + "'"); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } }); } } else if (_clickedPermNode.ImageIndex == 3) //Partially checked (currently only applies to Reports permission) { try { GroupPermissions.RemovePermission(_listUserGroupNums.First(), (Permissions)_clickedPermNode.Tag); SecurityLogs.MakeLogEntry(Permissions.SecurityAdmin, 0, "Permission '" + _clickedPermNode.Tag + "' revoked from '" + UserGroups.GetGroup(_listUserGroupNums.First()).Description + "'"); } catch (Exception ex) { MessageBox.Show(ex.Message); return; } } if ((Permissions)_clickedPermNode.Tag == Permissions.AccountProcsQuickAdd) { string programName = PrefC.GetString(PrefName.SoftwareName); MsgBox.Show(this, programName + " needs to be restarted on workstations before the changes will take place."); } FillTreePerm(); }