protected void unset_confidentiality_level(Guid?objectId, ref string responseText) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } bool isNode = objectId.HasValue && CNController.is_node(paramsContainer.Tenant.Id, objectId.Value); bool isUser = !isNode; bool accessDenied = false; if (isUser) { accessDenied = !objectId.HasValue || !AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID); } else { accessDenied = !objectId.HasValue || ( !PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value) && !CNController.is_service_admin(paramsContainer.Tenant.Id, objectId.Value, paramsContainer.CurrentUserID.Value) && !CNController.is_node_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value, objectId.Value, null, null, null)); } if (accessDenied) { responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"; if (objectId.HasValue) { _save_error_log(Modules.Log.Action.UnsetConfidentialityLevel_PermissionFailed, objectId); } return; } bool succeed = objectId.HasValue && PrivacyController.unset_confidentiality_level(paramsContainer.Tenant.Id, objectId.Value, paramsContainer.CurrentUserID.Value); responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" : "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; //Save Log if (succeed) { LogController.save_log(paramsContainer.Tenant.Id, new Log() { UserID = paramsContainer.CurrentUserID.Value, Date = DateTime.Now, HostAddress = PublicMethods.get_client_ip(HttpContext.Current), HostName = PublicMethods.get_client_host_name(HttpContext.Current), Action = Modules.Log.Action.UnsetConfidentialityLevel, SubjectID = objectId, ModuleIdentifier = ModuleIdentifier.PRVC }); } //end of Save Log }
protected void check_authority(List <string> permissions, ref string responseText) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } if (permissions.Count == 0) { responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; return; } List <AccessRoleName> roles = new List <AccessRoleName>(); foreach (string str in permissions) { AccessRoleName rl = AccessRoleName.None; if (Enum.TryParse <AccessRoleName>(str, out rl) && rl != AccessRoleName.None) { roles.Add(rl); } } List <AccessRoleName> accessRoles = AuthorizationManager.has_right(roles, paramsContainer.CurrentUserID); responseText = "{" + string.Join(",", roles.Select( u => "\"" + u.ToString() + "\":" + accessRoles.Any(x => x == u).ToString().ToLower())) + "}"; }
protected void add_confidentiality_level(int?levelId, string title, ref string responseText) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID)) { responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"; _save_error_log(Modules.Log.Action.AddConfidentialityLevel_PermissionFailed, Guid.Empty); return; } Guid id = Guid.NewGuid(); string errorMessage = string.Empty; bool succeed = !levelId.HasValue ? false : PrivacyController.add_confidentiality_level(paramsContainer.Tenant.Id, id, levelId.Value, title, paramsContainer.CurrentUserID.Value, ref errorMessage); responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"" + ",\"Level\":" + (new ConfidentialityLevel() { ID = id, LevelID = levelId, Title = title }).toJson() + "}" : "{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}"; //Save Log if (succeed) { LogController.save_log(paramsContainer.Tenant.Id, new Log() { UserID = paramsContainer.CurrentUserID.Value, Date = DateTime.Now, HostAddress = PublicMethods.get_client_ip(HttpContext.Current), HostName = PublicMethods.get_client_host_name(HttpContext.Current), Action = Modules.Log.Action.AddConfidentialityLevel, SubjectID = id, Info = "{\"LevelID\":" + levelId.ToString() + ",\"Title\":\"" + Base64.encode(title) + "\"}", ModuleIdentifier = ModuleIdentifier.PRVC }); } //end of Save Log }
protected void remove_confidentiality_level(Guid?confidentialityId, ref string responseText) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } if (!AuthorizationManager.has_right(AccessRoleName.ManageConfidentialityLevels, paramsContainer.CurrentUserID)) { responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"; _save_error_log(Modules.Log.Action.RemoveConfidentialityLevel_PermissionFailed, confidentialityId); return; } string errorMessage = string.Empty; bool succeed = !confidentialityId.HasValue ? false : PrivacyController.remove_confidentiality_level(paramsContainer.Tenant.Id, confidentialityId.Value, paramsContainer.CurrentUserID.Value); responseText = succeed ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" : "{\"ErrorText\":\"" + (string.IsNullOrEmpty(errorMessage) ? Messages.OperationFailed.ToString() : errorMessage) + "\"}"; //Save Log if (succeed) { LogController.save_log(paramsContainer.Tenant.Id, new Log() { UserID = paramsContainer.CurrentUserID.Value, Date = DateTime.Now, HostAddress = PublicMethods.get_client_ip(HttpContext.Current), HostName = PublicMethods.get_client_host_name(HttpContext.Current), Action = Modules.Log.Action.RemoveConfidentialityLevel, SubjectID = confidentialityId, ModuleIdentifier = ModuleIdentifier.PRVC }); } //end of Save Log }
protected void handle_imported_file(DocFileInfo file, ref string responseText) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } if (!AuthorizationManager.has_right(AccessRoleName.DataImport, paramsContainer.CurrentUserID)) { responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"; return; } if (!file.exists(paramsContainer.Tenant.Id)) { responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; return; } XmlDocument xmlDoc = new XmlDocument(); try { using (MemoryStream stream = new MemoryStream(file.toByteArray(paramsContainer.Tenant.Id))) xmlDoc.Load(stream); } catch (Exception ex) { responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; return; } string docName = xmlDoc.DocumentElement.Name.ToLower(); bool result = false; switch (docName) { case "nodes": result = update_nodes(ref xmlDoc); break; case "nodeids": result = update_node_ids(ref xmlDoc); break; case "removenodes": result = remove_nodes(ref xmlDoc); break; case "users": result = update_users(ref xmlDoc); break; case "members": result = update_members(ref xmlDoc); break; case "experts": result = update_experts(ref xmlDoc); break; case "relations": result = update_relations(ref xmlDoc); break; case "authors": result = update_authors(ref xmlDoc); break; case "userconfidentialities": result = update_user_confidentialities(ref xmlDoc); break; case "permissions": result = update_permissions(ref xmlDoc); break; } responseText = result ? "{\"Succeed\":\"" + Messages.OperationCompletedSuccessfully + "\"}" : "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; }
protected bool check_object_type(List <Guid> objectIds, PrivacyObjectType objectType) { switch (objectType) { case PrivacyObjectType.None: case PrivacyObjectType.Node: case PrivacyObjectType.NodeType: { if (objectIds.Count != 1) { return(false); } bool isNodeType = objectType != PrivacyObjectType.Node && CNController.is_node_type(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count; bool isNode = !isNodeType && objectType != PrivacyObjectType.NodeType && CNController.is_node(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count; if (!isNodeType && !isNode) { return(false); } bool accessPermission = AuthorizationManager.has_right(AccessRoleName.ManageOntology, paramsContainer.CurrentUserID); if (!accessPermission) { accessPermission = CNController.is_service_admin(paramsContainer.Tenant.Id, objectIds[0], paramsContainer.CurrentUserID.Value); } if (!accessPermission && isNode) { accessPermission = CNController.is_node_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value, objectIds[0], null, null, null) || PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, objectIds[0], PrivacyObjectType.Node, PermissionType.Modify); } return(accessPermission); } case PrivacyObjectType.FAQCategory: return(QAController.is_faq_category(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count && (AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID) || QAController.is_workflow_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value, null))); case PrivacyObjectType.QAWorkFlow: return(QAController.is_workflow(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count && AuthorizationManager.has_right(AccessRoleName.ManageQA, paramsContainer.CurrentUserID)); case PrivacyObjectType.Poll: return(FGController.is_poll(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count && AuthorizationManager.has_right(AccessRoleName.ManagePolls, paramsContainer.CurrentUserID)); case PrivacyObjectType.Report: return(!objectIds.Any(u => !ReportUtilities.ReportIDs.Any(x => x.Value == u)) && PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value)); case PrivacyObjectType.FormElement: return(FGController.is_form_element(paramsContainer.Tenant.Id, objectIds).Count == objectIds.Count && AuthorizationManager.has_right(AccessRoleName.ManageForms, paramsContainer.CurrentUserID)); } return(false); }
protected void get_report(ModuleIdentifier moduleIdentifier, string reportName, bool excel, bool rtl, bool isPersian, ref Dictionary <string, string> dic, int pageNumber, int pageSize, ref string responseText, List <ReportParameter> parameters, string password) { //Privacy Check: OK if (!paramsContainer.GBEdit) { return; } bool isSystemAdmin = PublicMethods.is_system_admin(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value); Guid?reportId = ReportUtilities.get_report_id(moduleIdentifier, reportName); bool hasAccess = reportId.HasValue && (isSystemAdmin || AuthorizationManager.has_right(AccessRoleName.Reports, paramsContainer.CurrentUserID)); hasAccess = hasAccess && (isSystemAdmin || PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, reportId.Value, PrivacyObjectType.Report, PermissionType.View)); if (!hasAccess) { responseText = "{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"; return; } DataTable tbl = new DataTable(); string actions = string.Empty; Dictionary <string, string> columnsDic = new Dictionary <string, string>(); ReportsController.get_report(paramsContainer.Tenant.Id, moduleIdentifier, reportName, ref tbl, ref actions, ref columnsDic, parameters); int firstRow = excel ? 0 : (pageSize * (pageNumber - 1)); int lastRow = (excel ? tbl.Rows.Count : Math.Min(firstRow + pageSize, tbl.Rows.Count)) - 1; for (int c = 0; c < tbl.Columns.Count; ++c) { if (tbl.Columns[c].DataType != typeof(string) || tbl.Columns[c].ColumnName.IndexOf("_HTML") < 0) { continue; } tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_HTML", string.Empty); for (int r = firstRow; r <= lastRow; ++r) { if (tbl.Rows[r][c] != DBNull.Value && !string.IsNullOrEmpty((string)tbl.Rows[r][c])) { //tbl.Rows[r][c] = PublicMethods.markup2plaintext( //Expressions.replace((string)tbl.Rows[r][c], Expressions.Patterns.HTMLTag, " ")).Trim(); string str = (string)tbl.Rows[r][c]; str = Expressions.replace(str, Expressions.Patterns.HTMLTag, " "); str = PublicMethods.markup2plaintext(paramsContainer.Tenant.Id, str).Trim(); tbl.Rows[r][c] = str; } } } if (excel) { try { Dictionary <string, bool> usedColNames = new Dictionary <string, bool>(); foreach (string n in dic.Values) { usedColNames[n] = true; } for (int c = 0; c < tbl.Columns.Count; ++c) { if (columnsDic.ContainsKey(tbl.Columns[c].ColumnName)) { string colName = columnsDic[tbl.Columns[c].ColumnName]; int num = 1; while (true) { string tmpName = colName + (num <= 1 ? string.Empty : " (" + num.ToString() + ")"); if (!usedColNames.ContainsKey(tmpName)) { usedColNames[tmpName] = true; colName = tmpName; break; } else { ++num; } } tbl.Columns[c].ColumnName = colName; } bool isString = tbl.Columns[c].DataType == typeof(string); bool isDic = tbl.Columns[c].ColumnName.IndexOf("_Dic") >= 0; if (isString && isDic) { Dictionary <string, string> colDic = _get_dictionary(tbl.Columns[c].ColumnName); for (int r = 0; r < tbl.Rows.Count; ++r) { bool isNull = tbl.Rows[r].ItemArray[c] == DBNull.Value || tbl.Rows[r].ItemArray[c] == null; if (!isNull && colDic.ContainsKey((string)tbl.Rows[r].ItemArray[c])) { tbl.Rows[r][c] = colDic[(string)tbl.Rows[r].ItemArray[c]]; } } } if (isDic) { tbl.Columns[c].ColumnName = tbl.Columns[c].ColumnName.Replace("_Dic", string.Empty); } } //meta data for exported file Privacy p = !reportId.HasValue ? null : PrivacyController.get_settings(paramsContainer.Tenant.Id, reportId.Value); string confidentiality = p == null ? null : p.Confidentiality.Title; User currentUser = !paramsContainer.CurrentUserID.HasValue ? null : UsersController.get_user(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID.Value); if (currentUser == null) { currentUser = new User(); } DownloadedFileMeta meta = new DownloadedFileMeta(PublicMethods.get_client_ip(HttpContext.Current), currentUser.UserName, currentUser.FirstName, currentUser.LastName, confidentiality); //end of meta data for exported file string reportFileName = "Reports_" + PublicMethods.get_random_number().ToString(); ExcelUtilities.ExportToExcel(reportFileName, tbl, rtl, dic, password, meta); } catch (Exception ex) { responseText = "{\"ErrorText\":\"" + Messages.OperationFailed + "\"}"; LogController.save_error_log(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, "ExportReportToExcel", ex, ModuleIdentifier.RPT, LogLevel.Fatal); } return; } Dictionary <string, bool> isFloatDic = new Dictionary <string, bool>(); responseText = "{\"Columns\":["; for (int i = 0, lnt = tbl.Columns.Count; i < lnt; ++i) { object obj = null; for (int j = firstRow; j <= lastRow; ++j) { if (tbl.Rows[j][i] != DBNull.Value && tbl.Rows[j][i] != null && !string.IsNullOrEmpty(tbl.Rows[j][i].ToString())) { obj = tbl.Rows[j][i]; break; } } bool isNumber = false; bool isFloat = false; if (obj != null) { var objType = obj.GetType(); isNumber = objType == typeof(int) || objType == typeof(long) || objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal); isFloat = objType == typeof(float) || objType == typeof(double) || objType == typeof(decimal); } isFloatDic.Add(tbl.Columns[i].ColumnName, isFloat); string colTitle = columnsDic.ContainsKey(tbl.Columns[i].ColumnName) ? columnsDic[tbl.Columns[i].ColumnName] : tbl.Columns[i].ColumnName; responseText += (i == 0 ? string.Empty : ",") + "{\"ID\":\"" + tbl.Columns[i].ColumnName + "\",\"Title\":\"" + Base64.encode(colTitle) + "\",\"Encoded\":true" + ",\"IsNumber\":" + isNumber.ToString().ToLower() + "}"; } responseText += "],\"Total\":" + tbl.Rows.Count.ToString() + ",\"Rows\":["; for (int i = firstRow; i <= lastRow; ++i) { responseText += (i == firstRow ? string.Empty : ",") + "{"; for (int j = 0, _ln = tbl.Columns.Count; j < _ln; ++j) { if (isFloatDic[tbl.Columns[j].ColumnName]) { tbl.Rows[i].ItemArray[j] = Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2); } string strVal = tbl.Rows[i].ItemArray[j].GetType() == typeof(DateTime) ? PublicMethods.get_local_date((DateTime)tbl.Rows[i].ItemArray[j], true) : (isFloatDic[tbl.Columns[j].ColumnName] ? Math.Round(double.Parse((tbl.Rows[i].ItemArray[j] == DBNull.Value ? 0 : tbl.Rows[i].ItemArray[j]).ToString()), 2) : tbl.Rows[i].ItemArray[j]).ToString(); responseText += (j == 0 ? string.Empty : ",") + "\"" + tbl.Columns[j].ColumnName + "\":\"" + Base64.encode(strVal) + "\""; } responseText += "}"; } responseText += "],\"Actions\":" + (string.IsNullOrEmpty(actions) ? "{}" : actions) + "}"; }