<% '============================================================= '// '// Access Control '// '// version: 0.10 '// last modified: 14-Jul-2004 15:48 by Sasha Vukovic '============================================================= %> <% '--------------- Global Constants ---------------- Const enumSESSION_TIMEOUT = 60 Const enumLOGIN_TOKEN_SESSION = "AM_LOGIN_TOKEN" Const enumUSER_ID_SESSION = "AM_USER_ID" Const enumUSER_DETAILS_SESSION = "AM_USER_DETAILS" Const enumUSER_APPLICATIONS_SESSION = "AM_USER_APPLICATIONS" Const enumACCESS_MANAGER_EVENT_LOGON_SUCCESS = 1 Const enumACCESS_MANAGER_EVENT_LOGON_FAIL = -1 Const enumACCESS_MANAGER_EVENT_LOGOFF = 0 Const enumACCESS_MANAGER_EVENT_SESSION_EXPIRE = 2 '------------------------------------------------- Class AccessControl Private mobjStaticControl Private mobjRowPermissions Private mobjTablePermissions Private sSEPARATOR Public Property Get UserLogedIn () UserLogedIn = FALSE ' Check for Session Token If (Session(enumLOGIN_TOKEN_SESSION) <> "") AND NOT IsNull(Session(enumLOGIN_TOKEN_SESSION)) Then UserLogedIn = TRUE End If End Property Public Property Get UserId () UserId = Session(enumUSER_ID_SESSION) End Property Public Property Get UserName () UserName = Extract( "user_name", Session(enumUSER_DETAILS_SESSION) ) End Property Public Property Get FullName () FullName = Extract( "full_name", Session(enumUSER_DETAILS_SESSION) ) End Property Public Property Get UserEmail () UserEmail = Extract( "user_email", Session(enumUSER_DETAILS_SESSION) ) End Property Public Property Get LastVisit () LastVisit = Extract( "last_visit", Session(enumUSER_DETAILS_SESSION) ) End Property Public Property Get Domain () Domain = Extract( "domain", Session(enumUSER_DETAILS_SESSION) ) End Property Public Property Get isDevSystem() isDevSystem = FALSE If OraDatabase.DatabaseName = "RELMANU1" Then isDevSystem = TRUE End Property '----------------------------------------------------------------------------------------------------------------- Public Function UserApplication ( nAppId ) UserApplication = FALSE If InStr( sSEPARATOR & Session(enumUSER_APPLICATIONS_SESSION) & sSEPARATOR, sSEPARATOR & nAppId & sSEPARATOR) Then UserApplication = TRUE End If End Function '----------------------------------------------------------------------------------------------------------------- Public Function BeginRegion ( sControlObjName ) Response.write "" Response.write " " Response.write " " Response.write " " Response.write " " Response.write " " Response.write "

"& sControlObjName &"

" Response.write " " Response.write " " End Function '----------------------------------------------------------------------------------------------------------------- Public Function EndRegion ( sControlObjName ) Response.write " " Response.write "

" End Function '----------------------------------------------------------------------------------------------------------------- Private Function Extract( sField, sString ) Dim tempArr, tempSTR tempArr = Split( sString, sSEPARATOR ) tempSTR = Join( Filter( tempArr, sField &"=" ) ) ' Append "=" to field name to get e.g. "user_name=" Extract = Right( tempSTR, Len(tempSTR) - Len( sField &"=" )) ' Strip the filed name from value End Function '----------------------------------------------------------------------------------------------------------------- Private Function GetDataPermission ( sTableName, nRowId, nPermissionType ) Dim cPermissionValue '--- Get Row Permission --- cPermissionValue = mobjRowPermissions.Item ( Cstr( sTableName &"_"& nRowId &"_"& nPermissionType ) ) 'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", " If IsNull( cPermissionValue ) OR ( cPermissionValue = "" ) Then '--- Get Default Table Permission --- cPermissionValue = mobjTablePermissions.Item ( Cstr( sTableName &"_"& nPermissionType ) ) '--- Raise Exception if Table Default is not found --- If IsNull( cPermissionValue ) OR ( cPermissionValue = "" ) Then Err.Raise 8, "Default Table Permission is Not Found.", "sTableName="& sTableName &", nPermissionType="& nPermissionType Exit Function End If 'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", " End If '--- Return TRUE / FALSE --- GetDataPermission = FALSE If cPermissionValue = enumDB_YES Then GetDataPermission = TRUE End If End Function '----------------------------------------------------------------------------------------------------------------- Public Function IsDataVisible ( sTableName, nRowId ) IsDataVisible = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_VISIBLE ) End Function '----------------------------------------------------------------------------------------------------------------- Public Function IsDataActive ( sTableName, nRowId, sControlObjName ) IsDataActive = FALSE If IsActive ( sControlObjName ) Then IsDataActive = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_ACTIVE ) End If End Function '----------------------------------------------------------------------------------------------------------------- Public Function IsActive ( sControlObjName ) If mobjStaticControl.Item (Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_ACTIVE )) = enumDB_YES Then IsActive = TRUE Else IsActive = FALSE End If End Function '----------------------------------------------------------------------------------------------------------------- Public Function IsVisible ( sControlObjName ) If mobjStaticControl.Item (Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_VISIBLE )) = enumDB_YES Then IsVisible = TRUE Else IsVisible = FALSE End If End Function '----------------------------------------------------------------------------------------------------------------- Public Sub LoadDataPermissions ( aRows ) Dim numOfRows, rowNum Dim InxTableName, InxRefColumnVal, InxPermissionType, InxPermission InxTableName = 0 InxRefColumnVal = 1 InxPermissionType = 2 InxPermission = 3 numOfRows = UBound( aRows, 2 ) For rowNum = 0 To numOfRows If aRows( InxRefColumnVal, rowNum ) = 0 Then '--- Set Table Default Permission (i.e. "0" wildcard for "all records") --- mobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum ) Else '--- Set Row Permission --- mobjRowPermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxRefColumnVal, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum ) End If Next 'Response.write "mobjRowPermissions.Keys="& Join ( mobjRowPermissions.Keys, ", ") &"
" 'Response.write "mobjRowPermissions.Items="& Join ( mobjRowPermissions.Items, ", ") &"
" 'Response.write "mobjTablePermissions.Keys="& Join ( mobjTablePermissions.Keys, ", ") &"
" 'Response.write "mobjTablePermissions.Items="& Join ( mobjTablePermissions.Items, ", ") &"
" End Sub '----------------------------------------------------------------------------------------------------------------- Public Sub LoadDataPermissionVariations ( aRows ) Dim numOfRows, rowNum Dim InxTableName, InxRefColumnVal, InxPermissionType, InxPermission InxTableName = 0 InxRefColumnVal = 1 InxPermissionType = 2 InxPermission = 3 numOfRows = UBound( aRows, 2 ) For rowNum = 0 To numOfRows If mobjRowPermissions.Exists ( aRows( InxTableName, rowNum ) &"_"& enumDB_ALL_DATA &"_"& aRows( InxPermissionType, rowNum ) )Then mobjRowPermissions.Remove ( aRows( InxTableName, rowNum ) &"_"& enumDB_ALL_DATA &"_"& aRows( InxPermissionType, rowNum ) ) End If mobjRowPermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxRefColumnVal, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = CStr( aRows( InxPermission, rowNum ) ) If aRows( InxPermission, rowNum ) = enumDB_NO Then mobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = enumDB_YES Else mobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = enumDB_NO End If Next 'Response.write "mobjRowPermissions.Keys="& Join ( mobjRowPermissions.Keys, ", ") End Sub '----------------------------------------------------------------------------------------------------------------- Public Sub LoadStaticPermissions ( aRows ) Dim numOfRows, rowNum Dim InxObjName, InxPermissionType, InxPermission InxObjName = 0 InxPermissionType = 1 InxPermission = 2 numOfRows = UBound( aRows, 2 ) For rowNum = 0 To numOfRows mobjStaticControl.Add ( aRows( InxObjName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ), CStr( aRows( InxPermission, rowNum ) ) 'Response.write " "& aRows( InxObjName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) &"="& CStr( aRows( InxPermission, rowNum ) ) Next End Sub '----------------------------------------------------------------------------------------------------------------- Private Function AutoLogonUser ( sUserId ) Dim rsQry, query, is_Online AutoLogonUser = FALSE '--- Get if user is loged on from DB --- OraDatabase.Parameters.Add "USER_ID", sUserId, ORAPARM_INPUT, ORATYPE_NUMBER query = "SELECT usr.IS_ONLINE FROM USERS usr WHERE usr.USER_ID = :USER_ID" Set rsQry = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT ) If (NOT rsQry.BOF) AND (NOT rsQry.EOF) Then is_Online = rsQry("is_online") End If OraDatabase.Parameters.Remove "USER_ID" rsQry.Close Set rsQry = Nothing '--- Check if User is still Loged on --- If is_Online = "Y" Then Call SessionsAndCookieSetup ( sUserId ) End If End Function '----------------------------------------------------------------------------------------------------------------- Public Sub LogonUser ( sUserName, sUserPassword, ByRef oDBsession ) Dim rsQry, query, sMessage sMessage = NULL OraDatabase.Parameters.Add "USER_NAME", sUserName, ORAPARM_INPUT, ORATYPE_VARCHAR2 query = "SELECT usr.* FROM USERS usr WHERE usr.USER_NAME = :USER_NAME" Set rsQry = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT ) '--- Try Authenticating --- If (NOT rsQry.BOF) AND (NOT rsQry.EOF) Then ' User Found ! If rsQry("is_disabled") = enumDB_YES Then ' User Disabled ! sMessage = "Account "& sUserName &" is Disabled!" '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage ) '-- Raise Exception -- Err.Raise 8, sMessage, "" Else ' Proceed with authentication If Authenticated( sUserName, sUserPassword, rsQry("user_password"), rsQry("domain") ) Then ' Login OK. Call SessionsAndCookieSetup ( rsQry("user_id") ) ' Tag user login Call TagLogon ( rsQry ) End If End If Else ' User Not Found ! sMessage = "Account "& sUserName &" Not Found!" '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage ) '-- Raise Exception -- Err.Raise 8, sMessage, "Make sure your Username is correct
OR
Please go back and register if you are new user. " End If '-------------------------- OraDatabase.Parameters.Remove "USER_NAME" rsQry.Close() Set rsQry = Nothing End Sub '----------------------------------------------------------------------------------------------------------------- Public Sub LogoffUser () '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGOFF, UserName, NULL ) '-- Kill User Session -- Session.Abandon End Sub '----------------------------------------------------------------------------------------------------------------- Private Sub SessionsAndCookieSetup ( nUserId ) ' Store User details in session Call SetUserEnvironment ( nUserId ) ' Aquire Login Token for Single Application Session(enumLOGIN_TOKEN_SESSION) = Session.SessionID Session.Timeout = enumSESSION_TIMEOUT End Sub '----------------------------------------------------------------------------------------------------------------- Private Function Authenticated ( ByRef sUserName, ByRef sUserPassword, sDBUserPassword, sDBdomain ) Dim objLoginAuth, return, sMessage sMessage = NULL Authenticated = FALSE ' Hook for testing access control features ' Any login allowed to the Test Database ' If isDevSystem() Then Authenticated = TRUE '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL ) ElseIf NOT IsNull(sDBdomain) Then ' DOMAIN auth. Set objLoginAuth = Server.CreateObject("LoginAdmin.ImpersonateUser") return = -1 return = objLoginAuth.AuthenticateUser ( sUserName, sUserPassword, sDBdomain ) ' From MSDN System Error Codes ' 0 - The operation completed successfully. ' 1326 - Logon failure: unknown user name or bad password. ' 1385 - Logon failure: the user has not been granted the requested logon type at this computer. ' 1909 - The referenced account is currently locked out and may not be used to log on. Select Case return Case 0, 1385 'Login ok Authenticated = TRUE '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL ) Case 1909 sMessage = "Account "& sUserName &" at "& sDBdomain &" domain is currently locked!" '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage ) '-- Raise Exception -- Err.Raise 8, sMessage, "" Case Else sMessage = "Password is incorrect for "& sUserName &" at "& sDBdomain &" domain!" '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage ) '-- Raise Exception -- Err.Raise 8, sMessage, sDBdomain &" domain returns system error code "& return End Select Set objLoginAuth = Nothing Else ' LOCAL auth. If sUserPassword = sDBUserPassword Then 'Login ok Authenticated = TRUE '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL ) Else sMessage = "Password is incorrect for "& sUserName &"!" '-- Login Trail -- Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage ) '-- Raise Exception -- Err.Raise 8, sMessage, "Please try again and make sure you do not have Caps Lock on." End If End If End Function '----------------------------------------------------------------------------------------------------------------- Private Sub LoginTrail ( nEvent, sUserName, sMessage ) OraDatabase.Parameters.Add "EVENT_ENUM", nEvent, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "LOGIN_USER_NAME", sUserName, ORAPARM_INPUT, ORATYPE_VARCHAR2 OraDatabase.Parameters.Add "CLIENT_IP", Request.ServerVariables("REMOTE_ADDR"), ORAPARM_INPUT, ORATYPE_VARCHAR2 OraDatabase.Parameters.Add "APPLICATION_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "LOGIN_COMMENTS", sMessage, ORAPARM_INPUT, ORATYPE_VARCHAR2 OraSession.BeginTrans OraDatabase.ExecuteSQL _ "BEGIN pk_AMUtils.Log_Access ( :EVENT_ENUM, :LOGIN_USER_NAME, :CLIENT_IP, :APPLICATION_ID, :LOGIN_COMMENTS ); END;" OraSession.CommitTrans OraDatabase.Parameters.Remove "EVENT_ENUM" OraDatabase.Parameters.Remove "LOGIN_USER_NAME" OraDatabase.Parameters.Remove "CLIENT_IP" OraDatabase.Parameters.Remove "APPLICATION_ID" OraDatabase.Parameters.Remove "LOGIN_COMMENTS" End Sub '----------------------------------------------------------------------------------------------------------------- Private Sub TagLogon ( oRsQry ) oRsQry.Edit() oRsQry("is_online").Value = "Y" oRsQry("online_at").Value = Request.ServerVariables("REMOTE_ADDR") oRsQry.Update() End Sub '----------------------------------------------------------------------------------------------------------------- Private Sub SetUserEnvironment ( nUser_id ) Dim rsUser, query, tempSTR OraDatabase.Parameters.Add "USER_ID", nUser_id, ORAPARM_INPUT, ORATYPE_NUMBER '---- Get User Details ---- query = "SELECT usr.* FROM USERS usr WHERE usr.USER_ID = :USER_ID" Set rsUser = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT ) If (NOT rsUser.BOF) AND (NOT rsUser.EOF) Then Session(enumUSER_ID_SESSION) = rsUser("user_id") Session(enumUSER_DETAILS_SESSION) = _ "user_name="& rsUser("user_name") & sSEPARATOR &_ "full_name="& rsUser("full_name") & sSEPARATOR &_ "user_email="& rsUser("user_email") & sSEPARATOR &_ "last_visit="& rsUser("last_visit") & sSEPARATOR &_ "domain="& rsUser("domain") End If '---- Get User Applications ---- query = "SELECT ua.APP_ID FROM USER_APPLICATIONS ua WHERE ua.USER_ID = :USER_ID" Set rsUser = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT ) tempSTR = "" While (NOT rsUser.BOF) AND (NOT rsUser.EOF) tempSTR = tempSTR & sSEPARATOR & rsUser("app_id") rsUser.MoveNext() WEnd If tempSTR <> "" Then Session(enumUSER_APPLICATIONS_SESSION) = Right( tempSTR, Len(tempSTR) - Len(sSEPARATOR) ) 'Remove first separator Else Session(enumUSER_APPLICATIONS_SESSION) = 0 End If OraDatabase.Parameters.Remove "USER_ID" rsUser.Close() Set rsUser = Nothing End Sub '----------------------------------------------------------------------------------------------------------------- Private Sub Class_Initialize() '// Perform action on creation of object. e.g. Set myObj = New ThisClassName Set mobjStaticControl = CreateObject("Scripting.Dictionary") Set mobjTablePermissions = CreateObject("Scripting.Dictionary") Set mobjRowPermissions = CreateObject("Scripting.Dictionary") sSEPARATOR = "||" End Sub '----------------------------------------------------------------------------------------------------------------- Private Sub Class_Terminate() '// Perform action on object disposal. e.g. Set myObj = Nothing Set mobjStaticControl = Nothing Set mobjRowPermissions = Nothing Set mobjTablePermissions = Nothing End Sub '----------------------------------------------------------------------------------------------------------------- End Class %>