| 2 |
rsolanki |
1 |
<%
|
|
|
2 |
'===================================================================
|
|
|
3 |
' Access Control General
|
|
|
4 |
'===================================================================
|
|
|
5 |
%>
|
|
|
6 |
<%
|
|
|
7 |
'------------ VARIABLE DEFINITION -------------
|
|
|
8 |
Dim rsAccessControl
|
|
|
9 |
'------------ CONSTANTS DECLARATION -----------
|
|
|
10 |
'------------ VARIABLE INIT -------------------
|
| 5299 |
dpurdie |
11 |
objAccessControl.objOraSession = OraSession ' Create database link for orasession
|
|
|
12 |
objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase
|
| 2 |
rsolanki |
13 |
'----------------------------------------------
|
|
|
14 |
%>
|
|
|
15 |
<%
|
|
|
16 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
17 |
Sub LoginCheck ()
|
|
|
18 |
If NOT objAccessControl.UserLogedIn Then
|
|
|
19 |
objPMod.PersistInQryString ( aPersistList ) ' Get all persistant parameters
|
|
|
20 |
|
|
|
21 |
If NOT isPopupWindow Then
|
|
|
22 |
Call OpenInWindow ( "Login.asp?rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )
|
|
|
23 |
Else
|
|
|
24 |
Call OpenInParentWindow ( "Login.asp?"& objPMod.ComposeURL() )
|
|
|
25 |
Call CloseWindow()
|
|
|
26 |
End If
|
|
|
27 |
|
|
|
28 |
End If
|
|
|
29 |
|
|
|
30 |
End Sub
|
|
|
31 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
32 |
Sub ApplicationAccessCheck ()
|
|
|
33 |
|
|
|
34 |
'--- Built In Administrator Override ---
|
|
|
35 |
If objAccessControl.UserId = 0 Then
|
|
|
36 |
Exit Sub
|
|
|
37 |
End If
|
|
|
38 |
'---------------------------------------
|
|
|
39 |
|
|
|
40 |
If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then
|
|
|
41 |
If NOT isPopupWindow Then
|
|
|
42 |
Call OpenInWindow ( "Login.asp?message=1&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )
|
|
|
43 |
Else
|
|
|
44 |
Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )
|
|
|
45 |
Call CloseWindow()
|
|
|
46 |
End If
|
|
|
47 |
End If
|
|
|
48 |
|
|
|
49 |
End Sub
|
|
|
50 |
'-----------------------------------------------------------------------------------------------------------------------------
|
| 5299 |
dpurdie |
51 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
52 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
53 |
' The folling function are wrappers around the general objAccessControl access function
|
|
|
54 |
' Pages shold ONLY use these access functions and not the lowerlevel ones
|
|
|
55 |
' Caveats:
|
|
|
56 |
' - Developer must know which access objects (controls) should be accessed in a project maner
|
|
|
57 |
' and which should be accessed in a global manner.
|
|
|
58 |
' Basically, use the ...InProject() variants for project based pages
|
|
|
59 |
'-------------------------------------------------
|
|
|
60 |
' Function: canShowControl
|
|
|
61 |
' Description: Determine if the named control should be shown
|
|
|
62 |
Function canShowControl (cname)
|
|
|
63 |
canShowControl = objAccessControl.IsDataVisible ("PROJECTS", -1, cname)
|
|
|
64 |
End Function
|
|
|
65 |
|
|
|
66 |
'-------------------------------------------------
|
|
|
67 |
' Function: canActionControl
|
|
|
68 |
' Description: Determine if the named control action can be performed
|
|
|
69 |
Function canActionControl (cname)
|
|
|
70 |
canActionControl = objAccessControl.IsDataActive ("PROJECTS", -1, cname)
|
|
|
71 |
End Function
|
|
|
72 |
|
| 2 |
rsolanki |
73 |
%>
|
|
|
74 |
<%
|
|
|
75 |
'------------ RUN BEFORE CONTROL RENDER -------
|
|
|
76 |
|
|
|
77 |
'--- Login Check ---
|
|
|
78 |
Call LoginCheck ()
|
|
|
79 |
|
|
|
80 |
'--- Application Permissions ---
|
|
|
81 |
Call ApplicationAccessCheck()
|
|
|
82 |
|
|
|
83 |
'----------------------------------------------
|
|
|
84 |
%>
|
|
|
85 |
<%
|
|
|
86 |
|
|
|
87 |
' TODO : Update next line with log on user id
|
|
|
88 |
OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
89 |
OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
90 |
OraDatabase.Parameters.Add "PAGE_NAME", SCRIPT_NAME, ORAPARM_INPUT, ORATYPE_VARCHAR2
|
|
|
91 |
|
|
|
92 |
|
|
|
93 |
' Load Static Permissions
|
|
|
94 |
Set rsAccessControl = OraDatabase.DbCreateDynaset( GetQuery ("AccessControlStaticPermissions.sql") , ORADYN_DEFAULT )
|
|
|
95 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
96 |
objAccessControl.LoadStaticPermissions rsAccessControl.GetRows()
|
|
|
97 |
|
|
|
98 |
End If
|
|
|
99 |
rsAccessControl.Close
|
|
|
100 |
|
|
|
101 |
|
|
|
102 |
' Load Data Permissions
|
|
|
103 |
Set rsAccessControl = OraDatabase.DbCreateDynaset( GetQuery ("AccessControlDataPermissions.sql") , ORADYN_DEFAULT )
|
|
|
104 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
105 |
objAccessControl.LoadDataPermissions rsAccessControl.GetRows()
|
|
|
106 |
|
|
|
107 |
End If
|
|
|
108 |
rsAccessControl.Close
|
|
|
109 |
|
|
|
110 |
|
|
|
111 |
'' Load Data Permission Variations
|
|
|
112 |
'Set rsAccessControl = OraDatabase.DbCreateDynaset( GetQuery ("AccessControlDataPermissionVariations.sql") , ORADYN_DEFAULT )
|
|
|
113 |
'If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
114 |
' objAccessControl.LoadDataPermissionVariations rsAccessControl.GetRows()
|
|
|
115 |
'
|
|
|
116 |
'End If
|
|
|
117 |
'rsAccessControl.Close
|
|
|
118 |
|
|
|
119 |
|
|
|
120 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
121 |
OraDatabase.Parameters.Remove "APP_ID"
|
|
|
122 |
OraDatabase.Parameters.Remove "PAGE_NAME"
|
|
|
123 |
%>
|
|
|
124 |
<%
|
|
|
125 |
'------------ RUN AFTER CONTROL RENDER --------
|
|
|
126 |
'----------------------------------------------
|
|
|
127 |
%>
|