| 13 |
rsolanki |
1 |
<%
|
|
|
2 |
'===================================================================
|
|
|
3 |
' Access Control General
|
|
|
4 |
'===================================================================
|
|
|
5 |
%>
|
|
|
6 |
<%
|
|
|
7 |
'------------ VARIABLE DEFINITION -------------
|
|
|
8 |
'------------ CONSTANTS DECLARATION -----------
|
|
|
9 |
'------------ VARIABLE INIT -------------------
|
|
|
10 |
objAccessControl.objOraSession = OraSession ' Create database link for orasession
|
|
|
11 |
objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase
|
|
|
12 |
'----------------------------------------------
|
|
|
13 |
%>
|
|
|
14 |
<%
|
|
|
15 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
16 |
Sub LoginCheck ()
|
|
|
17 |
If NOT objAccessControl.UserLogedIn Then
|
|
|
18 |
objPMod.PersistInQryString ( aPersistList ) ' Get all persistant parameters
|
|
|
19 |
|
|
|
20 |
If NOT isPopupWindow Then
|
|
|
21 |
Call OpenInWindow ( "Login.asp?rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )
|
|
|
22 |
Else
|
|
|
23 |
Call OpenInParentWindow ( "Login.asp?"& objPMod.ComposeURL() )
|
|
|
24 |
Call CloseWindow()
|
|
|
25 |
End If
|
|
|
26 |
|
|
|
27 |
End If
|
|
|
28 |
|
|
|
29 |
End Sub
|
|
|
30 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
31 |
Sub ApplicationRunlevelCheck()
|
|
|
32 |
|
|
|
33 |
'--- Application Developer Override ---
|
|
|
34 |
If objAccessControl.UserId = 0 OR objAccessControl.IsVisible ( "onApplicationOffline" ) Then
|
|
|
35 |
Exit Sub
|
|
|
36 |
End If
|
|
|
37 |
'---------------------------------------
|
|
|
38 |
|
|
|
39 |
'-- Check if application is running --
|
|
|
40 |
If NOT objAccessControl.IsApplicationRunning Then
|
|
|
41 |
If NOT isPopupWindow Then
|
|
|
42 |
Call OpenInWindow ( "Login.asp?message=3&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )
|
|
|
43 |
Else
|
|
|
44 |
Call OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() )
|
|
|
45 |
Call CloseWindow()
|
|
|
46 |
End If
|
|
|
47 |
End If
|
|
|
48 |
|
|
|
49 |
End Sub
|
|
|
50 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
51 |
Sub ApplicationAccessCheck ()
|
|
|
52 |
|
|
|
53 |
'--- Built In Administrator Override ---
|
|
|
54 |
If objAccessControl.UserId = 0 Then
|
|
|
55 |
Exit Sub
|
|
|
56 |
End If
|
|
|
57 |
'---------------------------------------
|
|
|
58 |
|
|
|
59 |
|
|
|
60 |
'-- Check User access to this application ---
|
|
|
61 |
If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then
|
|
|
62 |
If NOT isPopupWindow Then
|
|
|
63 |
Call OpenInWindow ( "Login.asp?message=1&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )
|
|
|
64 |
Else
|
|
|
65 |
Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )
|
|
|
66 |
Call CloseWindow()
|
|
|
67 |
End If
|
|
|
68 |
End If
|
|
|
69 |
|
|
|
70 |
End Sub
|
|
|
71 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
72 |
Sub LoadUserPermissions ( ByRef oAccessControl )
|
|
|
73 |
Dim rsAccessControl
|
|
|
74 |
|
|
|
75 |
' Exit if not logged in
|
|
|
76 |
If NOT oAccessControl.UserLogedIn Then Exit Sub
|
|
|
77 |
|
|
|
78 |
|
|
|
79 |
'Try getting object from session
|
|
|
80 |
If IsArray(Session(enumUSER_STATIC_PERMISSIONS)) Then
|
|
|
81 |
Call oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) )
|
|
|
82 |
Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) )
|
|
|
83 |
Exit Sub
|
|
|
84 |
End If
|
|
|
85 |
|
|
|
86 |
|
|
|
87 |
OraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
88 |
OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
89 |
OraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR
|
|
|
90 |
|
|
|
91 |
|
|
|
92 |
' Load Static Permissions
|
|
|
93 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
94 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
95 |
|
|
|
96 |
|
|
|
97 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
98 |
oAccessControl.LoadStaticPermissions rsAccessControl.GetRows()
|
|
|
99 |
|
|
|
100 |
Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows()
|
|
|
101 |
|
|
|
102 |
End If
|
|
|
103 |
rsAccessControl.Close
|
|
|
104 |
|
|
|
105 |
|
|
|
106 |
' Load Data Permissions
|
|
|
107 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
108 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
109 |
|
|
|
110 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
111 |
oAccessControl.LoadDataPermissions rsAccessControl.GetRows()
|
|
|
112 |
|
|
|
113 |
Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows()
|
|
|
114 |
|
|
|
115 |
End If
|
|
|
116 |
rsAccessControl.Close
|
|
|
117 |
|
|
|
118 |
|
|
|
119 |
' --- Destroy ---
|
|
|
120 |
Set rsAccessControl = nothing
|
|
|
121 |
|
|
|
122 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
123 |
OraDatabase.Parameters.Remove "APP_ID"
|
|
|
124 |
OraDatabase.Parameters.Remove "RECORD_SET"
|
|
|
125 |
End Sub
|
|
|
126 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
127 |
Sub UpdateLoginSession ()
|
|
|
128 |
Dim nTimeVal
|
|
|
129 |
|
|
|
130 |
|
|
|
131 |
' Exit if not logged in
|
|
|
132 |
If NOT objAccessControl.UserLogedIn Then Exit Sub
|
|
|
133 |
|
|
|
134 |
|
|
|
135 |
' Get time value
|
|
|
136 |
nTimeVal = CDbl(TIMER_VALUE)
|
|
|
137 |
|
|
|
138 |
|
|
|
139 |
|
|
|
140 |
' Allow update only once per minute
|
|
|
141 |
If Session( enumSESSION_LAST_REQUEST ) <> "" Then
|
|
|
142 |
If CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit Sub
|
|
|
143 |
End If
|
|
|
144 |
|
|
|
145 |
|
|
|
146 |
|
|
|
147 |
' Update database with last request
|
|
|
148 |
OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
149 |
OraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
150 |
|
|
|
151 |
OraSession.BeginTrans
|
|
|
152 |
|
|
|
153 |
OraDatabase.ExecuteSQL _
|
|
|
154 |
" UPDATE USERS SET"&_
|
|
|
155 |
" LAST_REQUEST = :TIME_VAL"&_
|
|
|
156 |
" WHERE USER_ID = :USER_ID"
|
|
|
157 |
|
|
|
158 |
OraSession.CommitTrans
|
|
|
159 |
|
|
|
160 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
161 |
OraDatabase.Parameters.Remove "TIME_VAL"
|
|
|
162 |
|
|
|
163 |
|
|
|
164 |
|
|
|
165 |
' Save last request time to session variable
|
|
|
166 |
Session( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal)
|
|
|
167 |
|
|
|
168 |
|
|
|
169 |
End Sub
|
|
|
170 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
171 |
%>
|
|
|
172 |
<%
|
|
|
173 |
'------------ RUN BEFORE CONTROL RENDER -------
|
|
|
174 |
|
|
|
175 |
'--- Login Check ---
|
|
|
176 |
Call LoginCheck ()
|
|
|
177 |
|
|
|
178 |
'--- Load User Permissions ---
|
|
|
179 |
Call LoadUserPermissions ( objAccessControl )
|
|
|
180 |
|
|
|
181 |
'--- Application Permissions ---
|
|
|
182 |
Call ApplicationAccessCheck()
|
|
|
183 |
|
|
|
184 |
'--- Application Run level Check ---
|
|
|
185 |
Call ApplicationRunlevelCheck ()
|
|
|
186 |
|
|
|
187 |
'--- Update Login Session ---
|
|
|
188 |
Call UpdateLoginSession ()
|
|
|
189 |
|
|
|
190 |
'----------------------------------------------
|
|
|
191 |
%>
|
|
|
192 |
<%
|
|
|
193 |
'------------ RUN AFTER CONTROL RENDER --------
|
|
|
194 |
'----------------------------------------------
|
|
|
195 |
%>
|