<% '=================================================================== ' Access Control General '=================================================================== %> <% '------------ VARIABLE DEFINITION ------------- '------------ CONSTANTS DECLARATION ----------- '------------ VARIABLE INIT ------------------- objAccessControl.objOraSession = OraSession ' Create database link for orasession objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase '---------------------------------------------- %> <% '----------------------------------------------------------------------------------------------------------------------------- Sub LoginCheck () If NOT objAccessControl.UserLogedIn Then objPMod.PersistInQryString ( aPersistList ) ' Get all persistant parameters If NOT isPopupWindow Then Call OpenInWindow ( "Login.asp?rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") ) Else Call OpenInParentWindow ( "Login.asp?"& objPMod.ComposeURL() ) Call CloseWindow() End If End If End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub ApplicationRunlevelCheck() '--- Application Developer Override --- If objAccessControl.UserId = 0 OR objAccessControl.IsVisible ( "onApplicationOffline" ) Then Exit Sub End If '--------------------------------------- '-- Check if application is running -- If NOT objAccessControl.IsApplicationRunning Then If NOT isPopupWindow Then Call OpenInWindow ( "Login.asp?message=3&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") ) Else Call OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() ) Call CloseWindow() End If End If End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub ApplicationAccessCheck () '--- Built In Administrator Override --- If objAccessControl.UserId = 0 Then Exit Sub End If '--------------------------------------- '-- Check User access to this application --- If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then If NOT isPopupWindow Then Call OpenInWindow ( "Login.asp?message=1&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") ) Else Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() ) Call CloseWindow() End If End If End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub LoadUserPermissions ( ByRef oAccessControl ) Dim rsAccessControl ' Exit if not logged in If NOT oAccessControl.UserLogedIn Then Exit Sub 'Try getting object from session If IsArray(Session(enumUSER_STATIC_PERMISSIONS)) Then Call oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) ) Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) ) Exit Sub End If OraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR ' Load Static Permissions OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;" Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then oAccessControl.LoadStaticPermissions rsAccessControl.GetRows() Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows() End If rsAccessControl.Close ' Load Data Permissions OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;" Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then oAccessControl.LoadDataPermissions rsAccessControl.GetRows() Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows() End If rsAccessControl.Close ' --- Destroy --- Set rsAccessControl = nothing OraDatabase.Parameters.Remove "USER_ID" OraDatabase.Parameters.Remove "APP_ID" OraDatabase.Parameters.Remove "RECORD_SET" End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub UpdateLoginSession () Dim nTimeVal ' Exit if not logged in If NOT objAccessControl.UserLogedIn Then Exit Sub ' Get time value nTimeVal = CDbl(TIMER_VALUE) ' Allow update only once per minute If Session( enumSESSION_LAST_REQUEST ) <> "" Then If CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit Sub End If ' Update database with last request OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBER OraSession.BeginTrans OraDatabase.ExecuteSQL _ " UPDATE USERS SET"&_ " LAST_REQUEST = :TIME_VAL"&_ " WHERE USER_ID = :USER_ID" OraSession.CommitTrans OraDatabase.Parameters.Remove "USER_ID" OraDatabase.Parameters.Remove "TIME_VAL" ' Save last request time to session variable Session( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal) End Sub '----------------------------------------------------------------------------------------------------------------------------- %> <% '------------ RUN BEFORE CONTROL RENDER ------- '--- Login Check --- Call LoginCheck () '--- Load User Permissions --- Call LoadUserPermissions ( objAccessControl ) '--- Application Permissions --- Call ApplicationAccessCheck() '--- Application Run level Check --- Call ApplicationRunlevelCheck () '--- Update Login Session --- Call UpdateLoginSession () '---------------------------------------------- %> <% '------------ RUN AFTER CONTROL RENDER -------- '---------------------------------------------- %>