<% '=================================================================== ' Access Control General '=================================================================== %> <% '------------ VARIABLE DEFINITION ------------- Dim bCanModifyProject ' Calculate once '------------ CONSTANTS DECLARATION ----------- '------------ VARIABLE INIT ------------------- objAccessControl.objOraSession = OraSession ' Create database link for orasession objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase bCanModifyProject = false ' Calculated later '---------------------------------------------- %> <% '----------------------------------------------------------------------------------------------------------------------------- Sub ApplicationRunlevelCheck() '--- Application Developer Override --- If objAccessControl.UserId = 0 OR canShowControl ( "onApplicationOffline" ) Then Exit Sub End If '--------------------------------------- '-- Check if application is running -- If NOT objAccessControl.IsApplicationRunning Then If NOT isPopupWindow Then Call OpenInWindow ( "Login.asp?message=3&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") ) Else Call OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() ) Call CloseWindow() End If End If End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub ApplicationAccessCheck () '--- Built In Administrator Override --- If objAccessControl.UserId = 0 Then Exit Sub End If '--------------------------------------- '-- Check User access to this application --- If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then If NOT isPopupWindow Then Call OpenInWindow ( "Login.asp?message=1&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") ) Else Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() ) Call CloseWindow() End If End If End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub LoadUserPermissions ( ByRef oAccessControl ) Dim rsAccessControl ' Exit if not logged in If NOT oAccessControl.UserLogedIn Then Exit Sub 'Try getting object from session ' DevSystem - will not cache permissions in the Session Object ' ' Now fully disabled ' Permissions always read fromthe database ' Session variables are a bit sucky ' Permission changes are effective immediatetly 'If NOT oAccessControl.isDevSystem() AND IsArray(Session(enumUSER_STATIC_PERMISSIONS)) Then ' Call oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) ) ' Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) ) ' Exit Sub 'End If OraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR ' Load Static Permissions OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;" Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then oAccessControl.LoadStaticPermissions rsAccessControl.GetRows() ' Nolonger save in session 'Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows() End If rsAccessControl.Close ' Load Data Permissions OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;" Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then oAccessControl.LoadDataPermissions rsAccessControl.GetRows() ' Nolonger save in session 'Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows() End If rsAccessControl.Close ' --- Destroy --- Set rsAccessControl = nothing OraDatabase.Parameters.Remove "USER_ID" OraDatabase.Parameters.Remove "APP_ID" OraDatabase.Parameters.Remove "RECORD_SET" End Sub '----------------------------------------------------------------------------------------------------------------------------- Sub UpdateLoginSession () Dim nTimeVal ' Exit if not logged in If NOT objAccessControl.UserLogedIn Then Exit Sub ' Get time value nTimeVal = CDbl(TIMER_VALUE) ' Allow update only once per minute If Session( enumSESSION_LAST_REQUEST ) <> "" Then If CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit Sub End If ' Update database with last request OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER OraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBER objEH.TryORA ( OraSession ) On Error Resume Next OraDatabase.ExecuteSQL _ " UPDATE USERS SET"&_ " LAST_REQUEST = :TIME_VAL"&_ " WHERE USER_ID = :USER_ID" objEH.CatchORA ( OraSession ) OraDatabase.Parameters.Remove "USER_ID" OraDatabase.Parameters.Remove "TIME_VAL" ' Save last request time to session variable Session( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal) End Sub '----------------------------------------------------------------------------------------------------------------------------- '----------------------------------------------------------------------------------------------------------------------------- ' The folling function are wrappers around the general objAccessControl access function ' Pages shold ONLY use these access functions and not the lowerlevel ones ' Caveats: ' - Developer must know which access objects (controls) should be accessed in a project maner ' and which should be accessed in a global manner. ' Basically, use the ...InProject() variants for project based pages '------------------------------------------------- ' Function: canShowControl ' Description: Determine if the named control should be shown Function canShowControl (cname) canShowControl = objAccessControl.IsDataVisible ("PROJECTS", DB_PROJ_ID, cname) End Function '------------------------------------------------- ' Function: canActionControl ' Description: Determine if the named control action can be performed Function canActionControl (cname) canActionControl = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, cname) End Function '------------------------------------------------- ' Function: canShowControlInProject ' Description: Determine if the named project-specific control should be shown Function canShowControlInProject (cname) canShowControlInProject = bCanModifyProject AND canShowControl(cname) End Function '------------------------------------------------- ' Function: canActionControlInProject ' Description: Determine if the named project-specific control action can be performed Function canActionControlInProject (cname) canActionControlInProject = bCanModifyProject AND canActionControl(cname) End Function '------------------------------------------------- ' Function: canActionInProject ' Description: Determine if the user can perform any action in the project Function canActionInProject() canActionInProject = bCanModifyProject End Function '------------------------------------------------- ' Function: controlDisabledInProject ' Description: Determine if the user can perform any action in the project ' Returns ' disabled' string suitable for inlcusion in HTML Function controlDisabledInProject ( cname ) If canActionControlInProject ( cname ) Then controlDisabledInProject = "" Else controlDisabledInProject = " disabled " End If End Function '------------------------------------------------- ' Function: setActiveProject ' Description: Alters the current active project ' Normally this is automatically determined as a page is loaded, but some ' pages do not have this information. ' Returns the active project ID, before the change Function setActiveProject(proj_id) setActiveProject = DB_PROJ_ID DB_PROJ_ID = proj_id bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects") '--rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}" End Function %> <% '------------ RUN BEFORE CONTROL RENDER ------- '--- Load User Permissions --- Call LoadUserPermissions ( objAccessControl ) bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects") '-- rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}" '--- Application Run level Check --- Call ApplicationRunlevelCheck () '--- Update Login Session --- Call UpdateLoginSession () '---------------------------------------------- %> <% '------------ RUN AFTER CONTROL RENDER -------- '---------------------------------------------- %>