Rev 3943 | Rev 5299 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
<%'============================================================='//'// Access Control'//'// version: 0.10'// last modified: 14-Jul-2004 15:48 by Sasha Vukovic'=============================================================%><%'--------------- Global Constants ----------------Const enumSESSION_TIMEOUT = 60Const enumLOGIN_TOKEN_SESSION = "AM_LOGIN_TOKEN"Const enumUSER_ID_SESSION = "AM_USER_ID"Const enumUSER_DETAILS_SESSION = "AM_USER_DETAILS"Const enumUSER_APPLICATIONS_SESSION = "AM_USER_APPLICATIONS"Const enumACCESS_MANAGER_EVENT_LOGON_SUCCESS = 1Const enumACCESS_MANAGER_EVENT_LOGON_FAIL = -1Const enumACCESS_MANAGER_EVENT_LOGOFF = 0Const enumACCESS_MANAGER_EVENT_SESSION_EXPIRE = 2'-------------------------------------------------Class AccessControlPrivate mobjStaticControlPrivate mobjRowPermissionsPrivate mobjTablePermissionsPrivate sSEPARATORPublic Property Get UserLogedIn ()UserLogedIn = FALSE' Check for Session TokenIf (Session(enumLOGIN_TOKEN_SESSION) <> "") AND NOT IsNull(Session(enumLOGIN_TOKEN_SESSION)) ThenUserLogedIn = TRUEEnd IfEnd PropertyPublic Property Get UserId ()UserId = Session(enumUSER_ID_SESSION)End PropertyPublic Property Get UserName ()UserName = Extract( "user_name", Session(enumUSER_DETAILS_SESSION) )End PropertyPublic Property Get FullName ()FullName = Extract( "full_name", Session(enumUSER_DETAILS_SESSION) )End PropertyPublic Property Get UserEmail ()UserEmail = Extract( "user_email", Session(enumUSER_DETAILS_SESSION) )End PropertyPublic Property Get LastVisit ()LastVisit = Extract( "last_visit", Session(enumUSER_DETAILS_SESSION) )End PropertyPublic Property Get Domain ()Domain = Extract( "domain", Session(enumUSER_DETAILS_SESSION) )End PropertyPublic Property Get isDevSystem()isDevSystem = InStr(OraDatabase.DatabaseName,"RELMANU1") > 0End Property'-----------------------------------------------------------------------------------------------------------------Public Function UserApplication ( nAppId )UserApplication = FALSEIf InStr( sSEPARATOR & Session(enumUSER_APPLICATIONS_SESSION) & sSEPARATOR, sSEPARATOR & nAppId & sSEPARATOR) ThenUserApplication = TRUEEnd IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Function BeginRegion ( sControlObjName )Response.write "<table width='100%' border='0' cellspacing='0' cellpadding='1'>"Response.write " <tr>"Response.write " <td bgcolor='#FF0000'> <a href='#' class='body_linkw'><b>"& sControlObjName &"</b></a> </td>"Response.write " </tr>"Response.write " <tr>"Response.write " <td bgcolor='#FF0000'>"Response.write " <table width='100%' border='0' cellspacing='0' cellpadding='0'>"Response.write " <tr><td bgcolor='#FFFFFF'>"End Function'-----------------------------------------------------------------------------------------------------------------Public Function EndRegion ( sControlObjName )Response.write " </td></tr></table>"Response.write " </td></tr>"Response.write "</table>"End Function'-----------------------------------------------------------------------------------------------------------------Private Function Extract( sField, sString )Dim tempArr, tempSTRtempArr = Split( sString, sSEPARATOR )tempSTR = Join( Filter( tempArr, sField &"=" ) ) ' Append "=" to field name to get e.g. "user_name="Extract = Right( tempSTR, Len(tempSTR) - Len( sField &"=" )) ' Strip the filed name from valueEnd Function'-----------------------------------------------------------------------------------------------------------------Private Function GetDataPermission ( sTableName, nRowId, nPermissionType )Dim cPermissionValue'--- Get Row Permission ---cPermissionValue = mobjRowPermissions.Item ( Cstr( sTableName &"_"& nRowId &"_"& nPermissionType ) )'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", "If IsNull( cPermissionValue ) OR ( cPermissionValue = "" ) Then'--- Get Default Table Permission ---cPermissionValue = mobjTablePermissions.Item ( Cstr( sTableName &"_"& nPermissionType ) )'--- Raise Exception if Table Default is not found ---If IsNull( cPermissionValue ) OR ( cPermissionValue = "" ) ThenErr.Raise 8, "Default Table Permission is Not Found.", "sTableName="& sTableName &", nPermissionType="& nPermissionTypeExit FunctionEnd If'Response.write " VALUE="& cPermissionValue &" for "& sTableName &" "& nRowId &" "& nPermissionType &", "End If'--- Return TRUE / FALSE ---GetDataPermission = FALSEIf cPermissionValue = enumDB_YES ThenGetDataPermission = TRUEEnd IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Function IsDataVisible ( sTableName, nRowId )IsDataVisible = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_VISIBLE )End Function'-----------------------------------------------------------------------------------------------------------------Public Function IsDataActive ( sTableName, nRowId, sControlObjName )IsDataActive = FALSEIf IsActive ( sControlObjName ) ThenIsDataActive = GetDataPermission ( sTableName, nRowId, enumDB_PERMISSION_TYPE_ACTIVE )End IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Function IsActive ( sControlObjName )If mobjStaticControl.Item (Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_ACTIVE )) = enumDB_YES ThenIsActive = TRUEElseIsActive = FALSEEnd IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Function IsVisible ( sControlObjName )If mobjStaticControl.Item (Cstr( sControlObjName &"_"& enumDB_PERMISSION_TYPE_VISIBLE )) = enumDB_YES ThenIsVisible = TRUEElseIsVisible = FALSEEnd IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Sub LoadDataPermissions ( aRows )Dim numOfRows, rowNumDim InxTableName, InxRefColumnVal, InxPermissionType, InxPermissionInxTableName = 0InxRefColumnVal = 1InxPermissionType = 2InxPermission = 3numOfRows = UBound( aRows, 2 )For rowNum = 0 To numOfRowsIf aRows( InxRefColumnVal, rowNum ) = 0 Then'--- Set Table Default Permission (i.e. "0" wildcard for "all records") ---mobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum )Else'--- Set Row Permission ---mobjRowPermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxRefColumnVal, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = aRows( InxPermission, rowNum )End IfNext'Response.write "mobjRowPermissions.Keys="& Join ( mobjRowPermissions.Keys, ", ") &"<br>"'Response.write "mobjRowPermissions.Items="& Join ( mobjRowPermissions.Items, ", ") &"<br>"'Response.write "mobjTablePermissions.Keys="& Join ( mobjTablePermissions.Keys, ", ") &"<br>"'Response.write "mobjTablePermissions.Items="& Join ( mobjTablePermissions.Items, ", ") &"<br>"End Sub'-----------------------------------------------------------------------------------------------------------------Public Sub LoadDataPermissionVariations ( aRows )Dim numOfRows, rowNumDim InxTableName, InxRefColumnVal, InxPermissionType, InxPermissionInxTableName = 0InxRefColumnVal = 1InxPermissionType = 2InxPermission = 3numOfRows = UBound( aRows, 2 )For rowNum = 0 To numOfRowsIf mobjRowPermissions.Exists ( aRows( InxTableName, rowNum ) &"_"& enumDB_ALL_DATA &"_"& aRows( InxPermissionType, rowNum ) )ThenmobjRowPermissions.Remove ( aRows( InxTableName, rowNum ) &"_"& enumDB_ALL_DATA &"_"& aRows( InxPermissionType, rowNum ) )End IfmobjRowPermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxRefColumnVal, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = CStr( aRows( InxPermission, rowNum ) )If aRows( InxPermission, rowNum ) = enumDB_NO ThenmobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = enumDB_YESElsemobjTablePermissions.Item ( aRows( InxTableName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ) = enumDB_NOEnd IfNext'Response.write "mobjRowPermissions.Keys="& Join ( mobjRowPermissions.Keys, ", ")End Sub'-----------------------------------------------------------------------------------------------------------------Public Sub LoadStaticPermissions ( aRows )Dim numOfRows, rowNumDim InxObjName, InxPermissionType, InxPermissionInxObjName = 0InxPermissionType = 1InxPermission = 2numOfRows = UBound( aRows, 2 )For rowNum = 0 To numOfRowsmobjStaticControl.Add ( aRows( InxObjName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) ), CStr( aRows( InxPermission, rowNum ) )'Response.write " "& aRows( InxObjName, rowNum ) &"_"& aRows( InxPermissionType, rowNum ) &"="& CStr( aRows( InxPermission, rowNum ) )NextEnd Sub'-----------------------------------------------------------------------------------------------------------------Private Function AutoLogonUser ( sUserId )Dim rsQry, query, is_OnlineAutoLogonUser = FALSE'--- Get if user is loged on from DB ---OraDatabase.Parameters.Add "USER_ID", sUserId, ORAPARM_INPUT, ORATYPE_NUMBERquery = "SELECT usr.IS_ONLINE FROM USERS usr WHERE usr.USER_ID = :USER_ID"Set rsQry = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT )If (NOT rsQry.BOF) AND (NOT rsQry.EOF) Thenis_Online = rsQry("is_online")End IfOraDatabase.Parameters.Remove "USER_ID"rsQry.CloseSet rsQry = Nothing'--- Check if User is still Loged on ---If is_Online = "Y" ThenCall SessionsAndCookieSetup ( sUserId )End IfEnd Function'-----------------------------------------------------------------------------------------------------------------Public Sub LogonUser ( sUserName, sUserPassword, ByRef oDBsession )Dim rsQry, query, sMessagesMessage = NULLOraDatabase.Parameters.Add "USER_NAME", sUserName, ORAPARM_INPUT, ORATYPE_VARCHAR2query = "SELECT usr.* FROM USERS usr WHERE usr.USER_NAME = :USER_NAME"Set rsQry = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT )'--- Try Authenticating ---If (NOT rsQry.BOF) AND (NOT rsQry.EOF) Then' User Found !If rsQry("is_disabled") = enumDB_YES Then' User Disabled !sMessage = "Account <b>"& sUserName &"</b> is Disabled!"'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage )'-- Raise Exception --Err.Raise 8, sMessage, ""Else' Proceed with authenticationIf Authenticated( sUserName, sUserPassword, rsQry("user_password"), rsQry("domain") ) Then' Login OK.Call SessionsAndCookieSetup ( rsQry("user_id") )' Tag user loginCall TagLogon ( rsQry )End IfEnd IfElse' User Not Found !sMessage = "Account <b>"& sUserName &"</b> Not Found!"'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage )'-- Raise Exception --Err.Raise 8, sMessage, "Make sure your Username is correct <br>OR <br>Please go back and register if you are new user. "End If'--------------------------OraDatabase.Parameters.Remove "USER_NAME"rsQry.Close()Set rsQry = NothingEnd Sub'-----------------------------------------------------------------------------------------------------------------Public Sub LogoffUser ()'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGOFF, UserName, NULL )'-- Kill User Session --Session.AbandonEnd Sub'-----------------------------------------------------------------------------------------------------------------Private Sub SessionsAndCookieSetup ( nUserId )' Store User details in sessionCall SetUserEnvironment ( nUserId )' Aquire Login Token for Single ApplicationSession(enumLOGIN_TOKEN_SESSION) = Session.SessionIDSession.Timeout = enumSESSION_TIMEOUTEnd Sub'-----------------------------------------------------------------------------------------------------------------Private Function Authenticated ( ByRef sUserName, ByRef sUserPassword, sDBUserPassword, sDBdomain )Dim objLoginAuth, return, sMessagesMessage = NULLAuthenticated = FALSE' Hook for testing access control features' Any login allowed to the Test Database'If isDevSystem() ThenAuthenticated = TRUE'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL )ElseIf NOT IsNull(sDBdomain) Then' DOMAIN auth.Set objLoginAuth = Server.CreateObject("LoginAdmin.ImpersonateUser")return = -1return = objLoginAuth.AuthenticateUser ( sUserName, sUserPassword, sDBdomain )' From MSDN System Error Codes' 0 - The operation completed successfully.' 1326 - Logon failure: unknown user name or bad password.' 1385 - Logon failure: the user has not been granted the requested logon type at this computer.' 1909 - The referenced account is currently locked out and may not be used to log on.Select Case returnCase 0, 1385'Login okAuthenticated = TRUE'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL )Case 1909sMessage = "Account <b>"& sUserName &"</b> at "& sDBdomain &" domain is currently locked!"'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage )'-- Raise Exception --Err.Raise 8, sMessage, ""Case ElsesMessage = "Password is incorrect for <b>"& sUserName &"</b> at "& sDBdomain &" domain!"'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage )'-- Raise Exception --Err.Raise 8, sMessage, sDBdomain &" domain returns system error code "& returnEnd SelectSet objLoginAuth = NothingElse' LOCAL auth.If sUserPassword = sDBUserPassword Then'Login okAuthenticated = TRUE'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_SUCCESS, sUserName, NULL )ElsesMessage = "Password is incorrect for <b>"& sUserName &"</b>!"'-- Login Trail --Call LoginTrail ( enumACCESS_MANAGER_EVENT_LOGON_FAIL, sUserName, sMessage )'-- Raise Exception --Err.Raise 8, sMessage, "Please try again and make sure you do not have Caps Lock on."End IfEnd IfEnd Function'-----------------------------------------------------------------------------------------------------------------Private Sub LoginTrail ( nEvent, sUserName, sMessage )OraDatabase.Parameters.Add "EVENT_ENUM", nEvent, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "LOGIN_USER_NAME", sUserName, ORAPARM_INPUT, ORATYPE_VARCHAR2OraDatabase.Parameters.Add "CLIENT_IP", Request.ServerVariables("REMOTE_ADDR"), ORAPARM_INPUT, ORATYPE_VARCHAR2OraDatabase.Parameters.Add "APPLICATION_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "LOGIN_COMMENTS", sMessage, ORAPARM_INPUT, ORATYPE_VARCHAR2OraSession.BeginTransOraDatabase.ExecuteSQL _"BEGIN pk_AMUtils.Log_Access ( :EVENT_ENUM, :LOGIN_USER_NAME, :CLIENT_IP, :APPLICATION_ID, :LOGIN_COMMENTS ); END;"OraSession.CommitTransOraDatabase.Parameters.Remove "EVENT_ENUM"OraDatabase.Parameters.Remove "LOGIN_USER_NAME"OraDatabase.Parameters.Remove "CLIENT_IP"OraDatabase.Parameters.Remove "APPLICATION_ID"OraDatabase.Parameters.Remove "LOGIN_COMMENTS"End Sub'-----------------------------------------------------------------------------------------------------------------Private Sub TagLogon ( oRsQry )oRsQry.Edit()oRsQry("is_online").Value = "Y"oRsQry("online_at").Value = Request.ServerVariables("REMOTE_ADDR")oRsQry.Update()End Sub'-----------------------------------------------------------------------------------------------------------------Private Sub SetUserEnvironment ( nUser_id )Dim rsUser, query, tempSTROraDatabase.Parameters.Add "USER_ID", nUser_id, ORAPARM_INPUT, ORATYPE_NUMBER'---- Get User Details ----query = "SELECT usr.* FROM USERS usr WHERE usr.USER_ID = :USER_ID"Set rsUser = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT )If (NOT rsUser.BOF) AND (NOT rsUser.EOF) ThenSession(enumUSER_ID_SESSION) = rsUser("user_id")Session(enumUSER_DETAILS_SESSION) = _"user_name="& rsUser("user_name") & sSEPARATOR &_"full_name="& rsUser("full_name") & sSEPARATOR &_"user_email="& rsUser("user_email") & sSEPARATOR &_"last_visit="& rsUser("last_visit") & sSEPARATOR &_"domain="& rsUser("domain")End If'---- Get User Applications ----query = "SELECT ua.APP_ID FROM USER_APPLICATIONS ua WHERE ua.USER_ID = :USER_ID"Set rsUser = OraDatabase.DbCreateDynaset( query , ORADYN_DEFAULT )tempSTR = ""While (NOT rsUser.BOF) AND (NOT rsUser.EOF)tempSTR = tempSTR & sSEPARATOR & rsUser("app_id")rsUser.MoveNext()WEndIf tempSTR <> "" ThenSession(enumUSER_APPLICATIONS_SESSION) = Right( tempSTR, Len(tempSTR) - Len(sSEPARATOR) ) 'Remove first separatorElseSession(enumUSER_APPLICATIONS_SESSION) = 0End IfOraDatabase.Parameters.Remove "USER_ID"rsUser.Close()Set rsUser = NothingEnd Sub'-----------------------------------------------------------------------------------------------------------------Private Sub Class_Initialize()'// Perform action on creation of object. e.g. Set myObj = New ThisClassNameSet mobjStaticControl = CreateObject("Scripting.Dictionary")Set mobjTablePermissions = CreateObject("Scripting.Dictionary")Set mobjRowPermissions = CreateObject("Scripting.Dictionary")sSEPARATOR = "||"End Sub'-----------------------------------------------------------------------------------------------------------------Private Sub Class_Terminate()'// Perform action on object disposal. e.g. Set myObj = NothingSet mobjStaticControl = NothingSet mobjRowPermissions = NothingSet mobjTablePermissions = NothingEnd Sub'-----------------------------------------------------------------------------------------------------------------End Class%>