WebSVN – DevTools – Diff – /ManagerSuite/Production_Manager/trunk/class/classAccessControl.asp

 <%
 '=============================================================
 '//
 '//                  Access Control
+'//     This class is agnostic of the appliaction and could be common
+'//     to all Manager Suite tools
 '//
 '=============================================================
 %>
+<SCRIPT LANGUAGE="VBScript" RUNAT=SERVER SRC="../common/DictDump.vbs"></SCRIPT>
 <%
 '--------------- Global Constants ----------------
-Const enumSESSION_TIMEOUT = 200      ' Minutes
+Const enumSESSION_TIMEOUT = 600      ' Minutes
 Const enumSESSION_LAST_REQUEST = "AM_SESSION_LAST_REQUEST"
 Const enumLOGIN_TOKEN_SESSION = "AM_LOGIN_TOKEN"
 Const enumUSER_ID_SESSION = "AM_USER_ID"
 Const enumUSER_DETAILS_SESSION = "AM_USER_DETAILS"
 Const enumUSER_APPLICATIONS_SESSION = "AM_USER_APPLICATIONS"
 Const enumUSER_STATIC_PERMISSIONS = "AM_USER_STATIC_PERMISSIONS"
 Const enumUSER_DATA_PERMISSIONS = "AM_USER_DATA_PERMISSIONS"
 Const enumUSER_TEMP_VARIABLE = "AM_USER_TEMP_VARIABLE"
 Const enumACCESS_MANAGER_EVENT_LOGON_SUCCESS  = 1
-Const enumACCESS_MANAGER_EVENT_LOGON_FAIL       = -1
+Const enumACCESS_MANAGER_EVENT_LOGON_FAIL     = -1
 Const enumACCESS_MANAGER_EVENT_LOGOFF         = 0
 Const enumACCESS_MANAGER_EVENT_SESSION_EXPIRE = 2
 '-------------------------------------------------
 Class AccessControl
    Private mobjStaticControl
    Private mobjRowPermissions
    Private mobjTablePermissions
    Private sSEPARATOR
    Private mbIsApplicationRunning
+   Public  bDebug
    Public Property Let objOraDatabase ( ByRef oOraDatabase )
       Set moOraDatabase = oOraDatabase
    End Property
          UserApplication = TRUE
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
+   Public Sub dumpAll()
+    Response.Write "<br>Pretty Dictionary mobjStaticControl<pre>"
+    Response.Write DICToutput(mobjStaticControl)
+    Response.Write "</pre><br>Pretty Dictionary mobjRowPermissions<pre>"
+    Response.Write DICToutput(mobjRowPermissions)
+    Response.Write "</pre><br>Pretty Dictionary mobjTablePermissions<pre>"
+    Response.Write DICToutput(mobjTablePermissions)
+    Response.Write "</pre><br>End"
+   End Sub
+   Private Sub RR(txt)
+      If  bDebug Then
+        Response.Write "<br>" & txt
+      End If
+   End Sub
+   '-----------------------------------------------------------------------------------------------------------------
    Public Function BeginRegion ( sControlObjName )
       Response.write "<table width='100%'  border='0' cellspacing='0' cellpadding='1'>"
       Response.write "  <tr>"
       Response.write "    <td bgcolor='#FF0000'>&nbsp;<a href='#' class='body_linkw'><b>"& sControlObjName &"</b></a>&nbsp;</td>"
       Response.write "  </tr>"
    Private Function Extract( sField, sString )
       Dim tempArr, tempSTR
       tempArr = Split( sString, sSEPARATOR )
       tempSTR = Join( Filter( tempArr, sField &"=" ) )   ' Append "=" to field name to get e.g. "user_name="
+      If tempSTR <> "" Then
-      Extract = Right( tempSTR, Len(tempSTR) - Len( sField &"=" ))   ' Strip the fieled name from value
+        Extract = Right( tempSTR, Len(tempSTR) - Len( sField &"=" ))   ' Strip the fieled name from value
+      Else
+        Extract = ""
+      End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
-   Private Function GetDataPermission ( sTableName, nRowId, nPermissionType )
+   Private Function GetDataPermission ( sTableName, nRowId, nPermissionType, sControlObjName )
       Dim cPermissionValue
+      Dim key : key = Cstr( sTableName &"_"& nRowId &"_"& sControlObjName &"_"& nPermissionType )
       '--- Get Row Permission ---
+      cPermissionValue = ""
-      cPermissionValue = mobjRowPermissions.Item ( Cstr( sTableName &"_"& nRowId &"_"& nPermissionType ) )
+      If mobjRowPermissions.Exists( key ) Then
-      'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", "
+        cPermissionValue = mobjRowPermissions.Item ( key )
+      End If
       If IsNull( cPermissionValue )  OR  ( cPermissionValue = "" ) Then
          '--- Get Default Table Permission ---
-         cPermissionValue = mobjTablePermissions.Item ( Cstr( sTableName &"_"& nPermissionType ) )
+          Dim pkey : pkey = Cstr( sTableName &"_"& sControlObjName &"_"& nPermissionType )
-         '--- Raise Exception if Table Default is not found ---
+          cPermissionValue = ""
-         'If IsNull( cPermissionValue )  OR  ( cPermissionValue = "" ) Then
+          If mobjTablePermissions.Exists( pkey ) Then
-         '   Err.Raise 8, "Default Table Permission is Not Found.", "sTableName="& sTableName &", nPermissionType="& nPermissionType
+            cPermissionValue = mobjTablePermissions.Item ( pkey )
-         '   Exit Function
-         'End If
+          End If
-         'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", "
       End If
       '--- Return TRUE / FALSE ---
       GetDataPermission = FALSE
       If cPermissionValue = enumDB_YES Then
          GetDataPermission = TRUE
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    Public Function IsDataVisible ( sTableName, nRowId, sControlObjName )
       IsDataVisible = FALSE
-      If IsVisible ( sControlObjName ) Then
-         IsDataVisible = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_VISIBLE )
+      If IsVisible ( sControlObjName ) OR GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_VISIBLE, sControlObjName ) Then
+          IsDataVisible = TRUE
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    Public Function IsDataActive ( sTableName, nRowId, sControlObjName )
       IsDataActive = FALSE
-      If IsActive ( sControlObjName ) Then
+      If IsActive ( sControlObjName ) OR GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_ACTIVE, sControlObjName ) Then
-         IsDataActive = TRUE
+          IsDataActive = TRUE
-      Else
-         IsDataActive = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_ACTIVE )
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    Public Function IsActive ( sControlObjName )
-      If ( mobjStaticControl.Item (Cstr( sControlObjName &"_"&  enumDB_PERMISSION_TYPE_ACTIVE )) = enumDB_YES )   OR   ( IsNull(sControlObjName) )Then
+      Dim key : key = Cstr( sControlObjName &"_"&  enumDB_PERMISSION_TYPE_ACTIVE )
-         IsActive = TRUE
+      IsActive = FALSE
-      Else
+      If mobjStaticControl.Exists(key) Then
+          If ( mobjStaticControl.Item (key) = enumDB_YES )   OR   ( IsNull(sControlObjName) )Then
-         IsActive = FALSE
+             IsActive = TRUE
+          End If
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    Public Function IsVisible ( sControlObjName )
-      If mobjStaticControl.Item (Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_VISIBLE )) = enumDB_YES Then
+      Dim key : key = Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_VISIBLE )
-         IsVisible = TRUE
-      Else
          IsVisible = FALSE
+      If mobjStaticControl.Exists(key) Then
+          If mobjStaticControl.Item (key) = enumDB_YES Then
+             IsVisible = TRUE
+        End If
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    ' This function is used for HTML conponents that support attribute "disabled". i.e. Button, dropdown, etc.
    Public Function IsComponentDisabled ( sControlObjName )
       End If
    End Function
    '-----------------------------------------------------------------------------------------------------------------
    Public Sub LoadDataPermissions ( aRows )
       Dim numOfRows, rowNum
-      Dim InxTableName, InxRefColumnVal, InxPermissionType, InxPermission
+      Dim InxTableName, InxRefColumnVal, InxPermissionType, InxPermission, InxControl
+      Dim TableName, RefColumnVal, PermissionType, Permission, Control
+      Dim key
       InxTableName      = 0
-      InxRefColumnVal      = 1
+      InxRefColumnVal   = 1
-      InxPermissionType   = 2
+      InxPermissionType = 2
-      InxPermission      = 3
+      InxPermission     = 3
+      InxControl        = 4
+      ' Nothing to do ifthere is no data
+      If IsNull(aRows) OR IsEmpty(aRows) Then
+          Exit Sub
+      End If
       numOfRows = UBound( aRows, 2 )
       For rowNum = 0 To numOfRows
+          TableName         =  aRows( InxTableName, rowNum )
+          RefColumnVal      =  aRows( InxRefColumnVal, rowNum )
+          PermissionType    =  aRows( InxPermissionType, rowNum )
+          Permission        =  aRows( InxPermission, rowNum )
+          Control           =  aRows( InxControl, rowNum )
-         If aRows( InxRefColumnVal, rowNum ) = 0 Then
+         If RefColumnVal = 0 Then
             '--- Set Table Default Permission (i.e. "0" wildcard for "all records") ---
+            key = TableName  & "_" & Control & "_" & PermissionType
+            '
+            ' Data appears to be wrong and useless
+            ' Don't populate this table
-            mobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum )
+            'mobjTablePermissions.Item ( key ) = Permission
          Else
             '--- Set Row Permission ---
-            mobjRowPermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxRefColumnVal, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum )
+            key = TableName  & "_" & RefColumnVal & "_" & Control & "_" & PermissionType
+            mobjRowPermissions.Item ( key ) = Permission
          End If
       Next
-      'Response.write "mobjRowPermissions.Keys="& Join ( mobjRowPermissions.Keys, ", ") &"<br>"
+    'Response.Write "</pre><br>Pretty Dictionary mobjRowPermissions<pre>"
-      'Response.write "mobjRowPermissions.Items="& Join ( mobjRowPermissions.Items, ", ") &"<br>"
+    'Response.Write DICToutput(mobjRowPermissions)
-      'Response.write "mobjTablePermissions.Keys="& Join ( mobjTablePermissions.Keys, ", ") &"<br>"
+    'Response.Write "</pre><br>Pretty Dictionary mobjTablePermissions<pre>"
-      'Response.write "mobjTablePermissions.Items="& Join ( mobjTablePermissions.Items, ", ") &"<br>"
+    'Response.Write DICToutput(mobjTablePermissions)
+    'Response.write "</pre>"
    End Sub
    '-----------------------------------------------------------------------------------------------------------------
    Public Sub LoadDataPermissionVariations ( aRows )
       Dim numOfRows, rowNum
       Dim InxTableName, InxRefColumnVal, InxPermissionType, InxPermission
    End Sub
    '-----------------------------------------------------------------------------------------------------------------
    Public Sub LoadStaticPermissions ( aRows )
       Dim numOfRows, rowNum
       Dim InxObjName, InxPermissionType, InxPermission
+      Dim dKey, dValue
       InxObjName          = 0
       InxPermissionType   = 1
-      InxPermission      = 2
+      InxPermission       = 2
       numOfRows = UBound( aRows, 2 )
       For rowNum = 0 To numOfRows
-         'Response.write " "& aRows( InxObjName, rowNum ) &"_"&  aRows( InxPermissionType, rowNum ) &"="& CStr( aRows( InxPermission, rowNum ) ) &"<br>"
+        dKey = aRows( InxObjName, rowNum ) &"_"&  aRows( InxPermissionType, rowNum )
-         'Response.write "--"& mobjStaticControl.Count &"<br>"
+        dValue = CStr( aRows( InxPermission, rowNum ) )
-         mobjStaticControl.Add ( aRows( InxObjName, rowNum ) &"_"&  aRows( InxPermissionType, rowNum ) ), CStr( aRows( InxPermission, rowNum ) )
+        mobjStaticControl.Add ( dKey ), dValue
       Next
+      'Response.Write "<br>Pretty Dictionary LoadStaticPermissions mobjStaticControl<pre>"
+      'Response.Write DICToutput(mobjStaticControl)
+      'Response.Write "</pre>"
    End Sub
    '-----------------------------------------------------------------------------------------------------------------
    Private Function AutoLogonUser ( sUserId )
       Dim rsQry, query, is_Online
       '-- Kill Any pervious User Permissions stored in session --
       Session.Contents.Remove(enumUSER_STATIC_PERMISSIONS)
       Session.Contents.Remove(enumUSER_DATA_PERMISSIONS)
-      '--- Get if user is loged on from DB ---
+      '--- Get if user is logged on from DB ---
       moOraDatabase.Parameters.Add "USER_ID",  sUserId, ORAPARM_INPUT, ORATYPE_NUMBER
       query = "SELECT usr.IS_ONLINE  FROM USERS usr  WHERE usr.USER_ID = :USER_ID"
       Set rsQry = moOraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT )
       Set mobjTablePermissions = CreateObject("Scripting.Dictionary")
       Set mobjRowPermissions = CreateObject("Scripting.Dictionary")
       mbIsApplicationRunning = NULL   ' The state of application
       sSEPARATOR = "||"
+      bDebug = false
    End Sub
    '-----------------------------------------------------------------------------------------------------------------
    Private Sub Class_Terminate()
       '// Perform action on object disposal. e.g. Set myObj = Nothing
       Set mobjTablePermissions = Nothing
    End Sub
    '-----------------------------------------------------------------------------------------------------------------
 End Class
-%>
 %>

Subversion Repositories DevTools

(root)/ManagerSuite/Production_Manager/trunk/class/classAccessControl.asp @ 5065 – Rev 4014 → 5065