| 119 |
ghuddy |
1 |
<%
|
|
|
2 |
'===================================================================
|
| 129 |
ghuddy |
3 |
' Access Control General
|
| 119 |
ghuddy |
4 |
'===================================================================
|
|
|
5 |
%>
|
|
|
6 |
<%
|
|
|
7 |
'------------ VARIABLE DEFINITION -------------
|
| 5061 |
dpurdie |
8 |
Dim bCanModifyProject ' Calculate once
|
| 119 |
ghuddy |
9 |
'------------ CONSTANTS DECLARATION -----------
|
|
|
10 |
'------------ VARIABLE INIT -------------------
|
| 5061 |
dpurdie |
11 |
objAccessControl.objOraSession = OraSession ' Create database link for orasession
|
| 129 |
ghuddy |
12 |
objAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase
|
| 5061 |
dpurdie |
13 |
bCanModifyProject = false ' Calculated later
|
| 119 |
ghuddy |
14 |
'----------------------------------------------
|
|
|
15 |
%>
|
|
|
16 |
<%
|
|
|
17 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
18 |
Sub ApplicationRunlevelCheck()
|
| 129 |
ghuddy |
19 |
|
|
|
20 |
'--- Application Developer Override ---
|
| 5061 |
dpurdie |
21 |
If objAccessControl.UserId = 0 OR canShowControl ( "onApplicationOffline" ) Then
|
| 129 |
ghuddy |
22 |
Exit Sub
|
|
|
23 |
End If
|
|
|
24 |
'---------------------------------------
|
|
|
25 |
|
|
|
26 |
'-- Check if application is running --
|
|
|
27 |
If NOT objAccessControl.IsApplicationRunning Then
|
|
|
28 |
If NOT isPopupWindow Then
|
|
|
29 |
Call OpenInWindow ( "Login.asp?message=3&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )
|
|
|
30 |
Else
|
|
|
31 |
Call OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() )
|
|
|
32 |
Call CloseWindow()
|
|
|
33 |
End If
|
|
|
34 |
End If
|
|
|
35 |
|
| 119 |
ghuddy |
36 |
End Sub
|
|
|
37 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
38 |
Sub ApplicationAccessCheck ()
|
| 129 |
ghuddy |
39 |
|
|
|
40 |
'--- Built In Administrator Override ---
|
|
|
41 |
If objAccessControl.UserId = 0 Then
|
|
|
42 |
Exit Sub
|
|
|
43 |
End If
|
|
|
44 |
'---------------------------------------
|
|
|
45 |
|
|
|
46 |
|
|
|
47 |
'-- Check User access to this application ---
|
|
|
48 |
If NOT objAccessControl.UserApplication ( APPLICATION_ID ) Then
|
|
|
49 |
If NOT isPopupWindow Then
|
|
|
50 |
Call OpenInWindow ( "Login.asp?message=1&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )
|
|
|
51 |
Else
|
|
|
52 |
Call OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )
|
|
|
53 |
Call CloseWindow()
|
|
|
54 |
End If
|
|
|
55 |
End If
|
|
|
56 |
|
| 119 |
ghuddy |
57 |
End Sub
|
|
|
58 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
59 |
Sub LoadUserPermissions ( ByRef oAccessControl )
|
| 129 |
ghuddy |
60 |
Dim rsAccessControl
|
|
|
61 |
|
|
|
62 |
' Exit if not logged in
|
|
|
63 |
If NOT oAccessControl.UserLogedIn Then Exit Sub
|
|
|
64 |
|
|
|
65 |
'Try getting object from session
|
| 5061 |
dpurdie |
66 |
' DevSystem - will not cache permissions in the Session Object
|
|
|
67 |
'
|
|
|
68 |
If NOT oAccessControl.isDevSystem() AND IsArray(Session(enumUSER_STATIC_PERMISSIONS)) Then
|
| 129 |
ghuddy |
69 |
Call oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) )
|
|
|
70 |
Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) )
|
|
|
71 |
Exit Sub
|
|
|
72 |
End If
|
|
|
73 |
|
| 5061 |
dpurdie |
74 |
OraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
75 |
OraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
76 |
OraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR
|
| 129 |
ghuddy |
77 |
|
|
|
78 |
' Load Static Permissions
|
|
|
79 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
80 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
81 |
|
|
|
82 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
83 |
oAccessControl.LoadStaticPermissions rsAccessControl.GetRows()
|
|
|
84 |
|
|
|
85 |
Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows()
|
|
|
86 |
|
|
|
87 |
End If
|
|
|
88 |
rsAccessControl.Close
|
|
|
89 |
|
|
|
90 |
' Load Data Permissions
|
|
|
91 |
OraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"
|
|
|
92 |
Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").Value
|
|
|
93 |
|
|
|
94 |
If ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) Then
|
|
|
95 |
oAccessControl.LoadDataPermissions rsAccessControl.GetRows()
|
|
|
96 |
|
|
|
97 |
Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows()
|
|
|
98 |
|
|
|
99 |
End If
|
|
|
100 |
rsAccessControl.Close
|
|
|
101 |
|
|
|
102 |
' --- Destroy ---
|
|
|
103 |
Set rsAccessControl = nothing
|
|
|
104 |
|
|
|
105 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
106 |
OraDatabase.Parameters.Remove "APP_ID"
|
|
|
107 |
OraDatabase.Parameters.Remove "RECORD_SET"
|
| 119 |
ghuddy |
108 |
End Sub
|
|
|
109 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
110 |
Sub UpdateLoginSession ()
|
| 129 |
ghuddy |
111 |
Dim nTimeVal
|
|
|
112 |
|
|
|
113 |
' Exit if not logged in
|
|
|
114 |
If NOT objAccessControl.UserLogedIn Then Exit Sub
|
|
|
115 |
|
|
|
116 |
' Get time value
|
|
|
117 |
nTimeVal = CDbl(TIMER_VALUE)
|
|
|
118 |
|
|
|
119 |
' Allow update only once per minute
|
|
|
120 |
If Session( enumSESSION_LAST_REQUEST ) <> "" Then
|
|
|
121 |
If CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit Sub
|
|
|
122 |
End If
|
|
|
123 |
|
|
|
124 |
' Update database with last request
|
|
|
125 |
OraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
126 |
OraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBER
|
|
|
127 |
|
|
|
128 |
objEH.TryORA ( OraSession )
|
|
|
129 |
On Error Resume Next
|
|
|
130 |
|
|
|
131 |
OraDatabase.ExecuteSQL _
|
|
|
132 |
" UPDATE USERS SET"&_
|
|
|
133 |
" LAST_REQUEST = :TIME_VAL"&_
|
|
|
134 |
" WHERE USER_ID = :USER_ID"
|
|
|
135 |
|
|
|
136 |
objEH.CatchORA ( OraSession )
|
|
|
137 |
|
|
|
138 |
OraDatabase.Parameters.Remove "USER_ID"
|
|
|
139 |
OraDatabase.Parameters.Remove "TIME_VAL"
|
|
|
140 |
|
|
|
141 |
' Save last request time to session variable
|
|
|
142 |
Session( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal)
|
| 119 |
ghuddy |
143 |
End Sub
|
|
|
144 |
'-----------------------------------------------------------------------------------------------------------------------------
|
| 5061 |
dpurdie |
145 |
'-----------------------------------------------------------------------------------------------------------------------------
|
|
|
146 |
' The folling function are wrappers around the general objAccessControl access function
|
|
|
147 |
' Pages shold ONLY use these access functions and not the lowerlevel ones
|
|
|
148 |
' Caveats:
|
|
|
149 |
' - Developer must know which access objects (controls) should be accessed in a project maner
|
|
|
150 |
' and which should be accessed in a global manner.
|
|
|
151 |
' Basically, use the ...InProject() variants for project based pages
|
|
|
152 |
'-------------------------------------------------
|
|
|
153 |
' Function: canShowControl
|
|
|
154 |
' Description: Determine if the named control should be shown
|
|
|
155 |
Function canShowControl (cname)
|
|
|
156 |
canShowControl = objAccessControl.IsDataVisible ("PROJECTS", DB_PROJ_ID, cname)
|
|
|
157 |
End Function
|
|
|
158 |
|
|
|
159 |
'-------------------------------------------------
|
|
|
160 |
' Function: canActionControl
|
|
|
161 |
' Description: Determine if the named control action can be performed
|
|
|
162 |
Function canActionControl (cname)
|
| 5590 |
dpurdie |
163 |
canActionControl = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, cname)
|
| 5061 |
dpurdie |
164 |
End Function
|
|
|
165 |
|
|
|
166 |
'-------------------------------------------------
|
|
|
167 |
' Function: canShowControlInProject
|
|
|
168 |
' Description: Determine if the named project-specific control should be shown
|
|
|
169 |
Function canShowControlInProject (cname)
|
|
|
170 |
canShowControlInProject = bCanModifyProject AND canShowControl(cname)
|
|
|
171 |
End Function
|
|
|
172 |
|
|
|
173 |
'-------------------------------------------------
|
|
|
174 |
' Function: canActionControlInProject
|
|
|
175 |
' Description: Determine if the named project-specific control action can be performed
|
|
|
176 |
Function canActionControlInProject (cname)
|
|
|
177 |
canActionControlInProject = bCanModifyProject AND canActionControl(cname)
|
|
|
178 |
End Function
|
|
|
179 |
|
|
|
180 |
'-------------------------------------------------
|
|
|
181 |
' Function: canActionInProject
|
|
|
182 |
' Description: Determine if the user can perform any action in the project
|
|
|
183 |
Function canActionInProject()
|
|
|
184 |
canActionInProject = bCanModifyProject
|
|
|
185 |
End Function
|
| 5071 |
dpurdie |
186 |
|
|
|
187 |
'-------------------------------------------------
|
|
|
188 |
' Function: controlDisabledInProject
|
|
|
189 |
' Description: Determine if the user can perform any action in the project
|
|
|
190 |
' Returns ' disabled' string suitable for inlcusion in HTML
|
|
|
191 |
|
|
|
192 |
Function controlDisabledInProject ( cname )
|
|
|
193 |
If canActionControlInProject ( cname ) Then
|
|
|
194 |
controlDisabledInProject = ""
|
|
|
195 |
Else
|
|
|
196 |
controlDisabledInProject = " disabled "
|
|
|
197 |
End If
|
|
|
198 |
End Function
|
|
|
199 |
|
| 5072 |
dpurdie |
200 |
'-------------------------------------------------
|
|
|
201 |
' Function: setActiveProject
|
|
|
202 |
' Description: Alters the current active project
|
|
|
203 |
' Normally this is automatically determined as a page is loaded, but some
|
|
|
204 |
' pages do not have this information.
|
|
|
205 |
' Returns the active project ID, before the change
|
|
|
206 |
|
|
|
207 |
Function setActiveProject(proj_id)
|
|
|
208 |
|
|
|
209 |
setActiveProject = DB_PROJ_ID
|
|
|
210 |
DB_PROJ_ID = proj_id
|
|
|
211 |
bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")
|
| 5103 |
dpurdie |
212 |
'--rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"
|
| 5072 |
dpurdie |
213 |
End Function
|
|
|
214 |
|
| 119 |
ghuddy |
215 |
%>
|
|
|
216 |
<%
|
|
|
217 |
'------------ RUN BEFORE CONTROL RENDER -------
|
|
|
218 |
|
|
|
219 |
|
|
|
220 |
'--- Load User Permissions ---
|
|
|
221 |
Call LoadUserPermissions ( objAccessControl )
|
| 5061 |
dpurdie |
222 |
bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")
|
|
|
223 |
'-- rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"
|
| 119 |
ghuddy |
224 |
|
|
|
225 |
'--- Application Run level Check ---
|
|
|
226 |
Call ApplicationRunlevelCheck ()
|
|
|
227 |
|
|
|
228 |
|
|
|
229 |
'--- Update Login Session ---
|
|
|
230 |
Call UpdateLoginSession ()
|
|
|
231 |
|
|
|
232 |
'----------------------------------------------
|
|
|
233 |
%>
|
|
|
234 |
<%
|
|
|
235 |
'------------ RUN AFTER CONTROL RENDER --------
|
|
|
236 |
'----------------------------------------------
|
| 129 |
ghuddy |
237 |
%>
|