| 119 |
ghuddy |
1 |
<%
|
|
|
2 |
'===================================================================
|
| 129 |
ghuddy |
3 |
' Access Control General
|
| 119 |
ghuddy |
4 |
'===================================================================
|
|
|
5 |
%>
|
|
|
6 |
<%
|
|
|
7 |
'------------ VARIABLE DEFINITION -------------
|
| 5061 |
dpurdie |
8 |
Dim bCanModifyProject ' Calculate once
|
| 119 |
ghuddy |
9 |
'------------ CONSTANTS DECLARATION -----------
|
|
|
10 |
'------------ VARIABLE INIT -------------------
|
| 5061 |
dpurdie |
11 |
objAccessControl.objOraSession = OraSession ' Create database link for orasession
|
| 129 |
ghuddy |
12 |
objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase
|
| 5061 |
dpurdie |
13 |
bCanModifyProject = false ' Calculated later
|
| 119 |
ghuddy |
14 |
'----------------------------------------------
|
|
|
15 |
%>
|
|
|
16 |
<%
|
|
|
17 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
18 |
Sub ApplicationRunlevelCheck()
|
| 129 |
ghuddy |
19 |
|
|
|
20 |
'--- Application Developer Override ---
|
| 5061 |
dpurdie |
21 |
If objAccessControl.UserId = 0 OR canShowControl ( "onApplicationOffline" ) Then
|
| 129 |
ghuddy |
22 |
Exit Sub
|
|
|
23 |
End If
|
|
|
24 |
'---------------------------------------
|
|
|
25 |
|
|
|
26 |
'-- Check if application is running --
|
|
|
27 |
If NOT objAccessControl.IsApplicationRunning Then
|
|
|
28 |
If NOT isPopupWindow Then
|
|
|
29 |
Call OpenInWindow ( "Login.asp?message=3&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )
|
|
|
30 |
Else
|
|
|
31 |
Call OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() )
|
|
|
32 |
Call CloseWindow()
|
|
|
33 |
End If
|
|
|
34 |
End If
|
|
|
35 |
|
| 119 |
ghuddy |
36 |
End Sub
|
|
|
37 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
38 |
Sub ApplicationAccessCheck ()
|
| 129 |
ghuddy |
39 |
|
|
|
40 |
'--- Built In Administrator Override ---
|
|
|
41 |
If objAccessControl.UserId = 0 Then
|
|
|
42 |
Exit Sub
|
|
|
43 |
End If
|
|
|
44 |
'---------------------------------------
|
|
|
45 |
|
|
|
46 |
|
|
|
47 |
'-- Check User access to this application ---
|
| 6052 |
dpurdie |
48 |
If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then
|
| 129 |
ghuddy |
49 |
If NOT isPopupWindow Then
|
|
|
50 |
Call OpenInWindow ( "Login.asp?message=1&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )
|
|
|
51 |
Else
|
|
|
52 |
Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )
|
|
|
53 |
Call CloseWindow()
|
|
|
54 |
End If
|
|
|
55 |
End If
|
|
|
56 |
|
| 119 |
ghuddy |
57 |
End Sub
|
|
|
58 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
59 |
Sub LoadUserPermissions ( ByRef oAccessControl )
|
| 129 |
ghuddy |
60 |
Dim rsAccessControl
|
|
|
61 |
|
|
|
62 |
' Exit if not logged in
|
|
|
63 |
If NOT oAccessControl.UserLogedIn Then Exit Sub
|
|
|
64 |
|
|
|
65 |
'Try getting object from session
|
| 5061 |
dpurdie |
66 |
' DevSystem - will not cache permissions in the Session Object
|
|
|
67 |
'
|
| 129 |
ghuddy |
68 |
|
| 7568 |
dpurdie |
69 |
' Now fully disabled
|
|
|
70 |
' Permissions always read fromthe database
|
|
|
71 |
' Session variables are a bit sucky
|
|
|
72 |
' Permission changes are effective immediatetly
|
|
|
73 |
|
|
|
74 |
'If NOT oAccessControl.isDevSystem() AND IsArray(Session(enumUSER_STATIC_PERMISSIONS)) Then
|
|
|
75 |
' Call oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) )
|
|
|
76 |
' Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) )
|
|
|
77 |
' Exit Sub
|
|
|
78 |
'End If
|
|
|
79 |
|
| 5061 |
dpurdie |
80 |
OraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
81 |
OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
82 |
OraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR
|
| 129 |
ghuddy |
83 |
|
|
|
84 |
' Load Static Permissions
|
|
|
85 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
86 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
87 |
|
|
|
88 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
89 |
oAccessControl.LoadStaticPermissions rsAccessControl.GetRows()
|
|
|
90 |
|
| 7568 |
dpurdie |
91 |
' Nolonger save in session
|
|
|
92 |
'Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows()
|
| 129 |
ghuddy |
93 |
|
|
|
94 |
End If
|
|
|
95 |
rsAccessControl.Close
|
|
|
96 |
|
|
|
97 |
' Load Data Permissions
|
|
|
98 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
99 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
100 |
|
|
|
101 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
102 |
oAccessControl.LoadDataPermissions rsAccessControl.GetRows()
|
|
|
103 |
|
| 7568 |
dpurdie |
104 |
' Nolonger save in session
|
|
|
105 |
'Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows()
|
| 129 |
ghuddy |
106 |
|
|
|
107 |
End If
|
|
|
108 |
rsAccessControl.Close
|
|
|
109 |
|
|
|
110 |
' --- Destroy ---
|
|
|
111 |
Set rsAccessControl = nothing
|
|
|
112 |
|
|
|
113 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
114 |
OraDatabase.Parameters.Remove "APP_ID"
|
|
|
115 |
OraDatabase.Parameters.Remove "RECORD_SET"
|
| 119 |
ghuddy |
116 |
End Sub
|
|
|
117 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
118 |
Sub UpdateLoginSession ()
|
| 129 |
ghuddy |
119 |
Dim nTimeVal
|
|
|
120 |
|
|
|
121 |
' Exit if not logged in
|
|
|
122 |
If NOT objAccessControl.UserLogedIn Then Exit Sub
|
|
|
123 |
|
|
|
124 |
' Get time value
|
|
|
125 |
nTimeVal = CDbl(TIMER_VALUE)
|
|
|
126 |
|
|
|
127 |
' Allow update only once per minute
|
|
|
128 |
If Session( enumSESSION_LAST_REQUEST ) <> "" Then
|
|
|
129 |
If CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit Sub
|
|
|
130 |
End If
|
|
|
131 |
|
|
|
132 |
' Update database with last request
|
|
|
133 |
OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
134 |
OraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
135 |
|
|
|
136 |
objEH.TryORA ( OraSession )
|
|
|
137 |
On Error Resume Next
|
|
|
138 |
|
|
|
139 |
OraDatabase.ExecuteSQL _
|
|
|
140 |
" UPDATE USERS SET"&_
|
|
|
141 |
" LAST_REQUEST = :TIME_VAL"&_
|
|
|
142 |
" WHERE USER_ID = :USER_ID"
|
|
|
143 |
|
|
|
144 |
objEH.CatchORA ( OraSession )
|
|
|
145 |
|
|
|
146 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
147 |
OraDatabase.Parameters.Remove "TIME_VAL"
|
|
|
148 |
|
|
|
149 |
' Save last request time to session variable
|
|
|
150 |
Session( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal)
|
| 119 |
ghuddy |
151 |
End Sub
|
|
|
152 |
'-----------------------------------------------------------------------------------------------------------------------------
|
| 5061 |
dpurdie |
153 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
154 |
' The folling function are wrappers around the general objAccessControl access function
|
|
|
155 |
' Pages shold ONLY use these access functions and not the lowerlevel ones
|
|
|
156 |
' Caveats:
|
|
|
157 |
' - Developer must know which access objects (controls) should be accessed in a project maner
|
|
|
158 |
' and which should be accessed in a global manner.
|
|
|
159 |
' Basically, use the ...InProject() variants for project based pages
|
|
|
160 |
'-------------------------------------------------
|
|
|
161 |
' Function: canShowControl
|
|
|
162 |
' Description: Determine if the named control should be shown
|
|
|
163 |
Function canShowControl (cname)
|
|
|
164 |
canShowControl = objAccessControl.IsDataVisible ("PROJECTS", DB_PROJ_ID, cname)
|
|
|
165 |
End Function
|
|
|
166 |
|
|
|
167 |
'-------------------------------------------------
|
|
|
168 |
' Function: canActionControl
|
|
|
169 |
' Description: Determine if the named control action can be performed
|
|
|
170 |
Function canActionControl (cname)
|
| 5590 |
dpurdie |
171 |
canActionControl = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, cname)
|
| 5061 |
dpurdie |
172 |
End Function
|
|
|
173 |
|
|
|
174 |
'-------------------------------------------------
|
|
|
175 |
' Function: canShowControlInProject
|
|
|
176 |
' Description: Determine if the named project-specific control should be shown
|
|
|
177 |
Function canShowControlInProject (cname)
|
|
|
178 |
canShowControlInProject = bCanModifyProject AND canShowControl(cname)
|
|
|
179 |
End Function
|
|
|
180 |
|
|
|
181 |
'-------------------------------------------------
|
|
|
182 |
' Function: canActionControlInProject
|
|
|
183 |
' Description: Determine if the named project-specific control action can be performed
|
|
|
184 |
Function canActionControlInProject (cname)
|
|
|
185 |
canActionControlInProject = bCanModifyProject AND canActionControl(cname)
|
|
|
186 |
End Function
|
|
|
187 |
|
|
|
188 |
'-------------------------------------------------
|
|
|
189 |
' Function: canActionInProject
|
|
|
190 |
' Description: Determine if the user can perform any action in the project
|
|
|
191 |
Function canActionInProject()
|
|
|
192 |
canActionInProject = bCanModifyProject
|
|
|
193 |
End Function
|
| 5071 |
dpurdie |
194 |
|
|
|
195 |
'-------------------------------------------------
|
|
|
196 |
' Function: controlDisabledInProject
|
|
|
197 |
' Description: Determine if the user can perform any action in the project
|
|
|
198 |
' Returns ' disabled' string suitable for inlcusion in HTML
|
|
|
199 |
|
|
|
200 |
Function controlDisabledInProject ( cname )
|
|
|
201 |
If canActionControlInProject ( cname ) Then
|
|
|
202 |
controlDisabledInProject = ""
|
|
|
203 |
Else
|
|
|
204 |
controlDisabledInProject = " disabled "
|
|
|
205 |
End If
|
|
|
206 |
End Function
|
|
|
207 |
|
| 5072 |
dpurdie |
208 |
'-------------------------------------------------
|
|
|
209 |
' Function: setActiveProject
|
|
|
210 |
' Description: Alters the current active project
|
|
|
211 |
' Normally this is automatically determined as a page is loaded, but some
|
|
|
212 |
' pages do not have this information.
|
|
|
213 |
' Returns the active project ID, before the change
|
|
|
214 |
|
|
|
215 |
Function setActiveProject(proj_id)
|
|
|
216 |
|
|
|
217 |
setActiveProject = DB_PROJ_ID
|
|
|
218 |
DB_PROJ_ID = proj_id
|
|
|
219 |
bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")
|
| 5103 |
dpurdie |
220 |
'--rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"
|
| 5072 |
dpurdie |
221 |
End Function
|
|
|
222 |
|
| 119 |
ghuddy |
223 |
%>
|
|
|
224 |
<%
|
|
|
225 |
'------------ RUN BEFORE CONTROL RENDER -------
|
|
|
226 |
|
|
|
227 |
|
|
|
228 |
'--- Load User Permissions ---
|
|
|
229 |
Call LoadUserPermissions ( objAccessControl )
|
| 5061 |
dpurdie |
230 |
bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")
|
|
|
231 |
'-- rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"
|
| 119 |
ghuddy |
232 |
|
|
|
233 |
'--- Application Run level Check ---
|
|
|
234 |
Call ApplicationRunlevelCheck ()
|
|
|
235 |
|
|
|
236 |
'--- Update Login Session ---
|
|
|
237 |
Call UpdateLoginSession ()
|
|
|
238 |
|
|
|
239 |
'----------------------------------------------
|
|
|
240 |
%>
|
|
|
241 |
<%
|
|
|
242 |
'------------ RUN AFTER CONTROL RENDER --------
|
|
|
243 |
'----------------------------------------------
|
| 129 |
ghuddy |
244 |
%>
|