Rev 62 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<%'===================================================================' Access Control General'===================================================================%><%'------------ VARIABLE DEFINITION -------------'------------ CONSTANTS DECLARATION -----------'------------ VARIABLE INIT -------------------objAccessControl.objOraSession = OraSession ' Create database link for orasessionobjAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabase'----------------------------------------------%><%'-----------------------------------------------------------------------------------------------------------------------------Sub LoginCheck ()If NOT objAccessControl.UserLogedIn ThenobjPMod.PersistInQryString ( aPersistList ) ' Get all persistant parametersIf NOT isPopupWindow ThenCall OpenInWindow ( "Login.asp?rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )ElseCall OpenInParentWindow ( "Login.asp?"& objPMod.ComposeURL() )Call CloseWindow()End IfEnd IfEnd Sub'-----------------------------------------------------------------------------------------------------------------------------Sub ApplicationRunlevelCheck()'--- Application Developer Override ---If objAccessControl.UserId = 0 OR objAccessControl.IsVisible ( "onApplicationOffline" ) ThenExit SubEnd If'---------------------------------------'-- Check if application is running --If NOT objAccessControl.IsApplicationRunning ThenIf NOT isPopupWindow ThenCall OpenInWindow ( "Login.asp?message=3&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )ElseCall OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() )Call CloseWindow()End IfEnd IfEnd Sub'-----------------------------------------------------------------------------------------------------------------------------Sub ApplicationAccessCheck ()'--- Built In Administrator Override ---If objAccessControl.UserId = 0 ThenExit SubEnd If'---------------------------------------'-- Check User access to this application ---If NOT objAccessControl.UserApplication ( APPLICATION_ID ) ThenIf NOT isPopupWindow ThenCall OpenInWindow ( "Login.asp?message=1&rfile="& SCRIPT_NAME & objPMod.ComposeURLWithout("rfile") )ElseCall OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )Call CloseWindow()End IfEnd IfEnd Sub'-----------------------------------------------------------------------------------------------------------------------------Sub LoadUserPermissions ( ByRef oAccessControl )Dim rsAccessControl' Exit if not logged inIf NOT oAccessControl.UserLogedIn Then Exit Sub'Try getting object from sessionIf IsArray(Session(enumUSER_STATIC_PERMISSIONS)) ThenCall oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) )Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) )Exit SubEnd IfOraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR' Load Static PermissionsOraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").ValueIf ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) ThenoAccessControl.LoadStaticPermissions rsAccessControl.GetRows()Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows()End IfrsAccessControl.Close' Load Data PermissionsOraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").ValueIf ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) ThenoAccessControl.LoadDataPermissions rsAccessControl.GetRows()Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows()End IfrsAccessControl.Close' --- Destroy ---Set rsAccessControl = nothingOraDatabase.Parameters.Remove "USER_ID"OraDatabase.Parameters.Remove "APP_ID"OraDatabase.Parameters.Remove "RECORD_SET"End Sub'-----------------------------------------------------------------------------------------------------------------------------Sub UpdateLoginSession ()Dim nTimeVal' Exit if not logged inIf NOT objAccessControl.UserLogedIn Then Exit Sub' Get time valuenTimeVal = CDbl(TIMER_VALUE)' Allow update only once per minuteIf Session( enumSESSION_LAST_REQUEST ) <> "" ThenIf CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit SubEnd If' Update database with last requestOraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBEROraSession.BeginTransOraDatabase.ExecuteSQL _" UPDATE USERS SET"&_" LAST_REQUEST = :TIME_VAL"&_" WHERE USER_ID = :USER_ID"OraSession.CommitTransOraDatabase.Parameters.Remove "USER_ID"OraDatabase.Parameters.Remove "TIME_VAL"' Save last request time to session variableSession( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal)End Sub'-----------------------------------------------------------------------------------------------------------------------------%><%'------------ RUN BEFORE CONTROL RENDER -------'--- Login Check ---Call LoginCheck ()'--- Load User Permissions ---Call LoadUserPermissions ( objAccessControl )'--- Application Permissions ---Call ApplicationAccessCheck()'--- Application Run level Check ---Call ApplicationRunlevelCheck ()'--- Update Login Session ---Call UpdateLoginSession ()'----------------------------------------------%><%'------------ RUN AFTER CONTROL RENDER --------'----------------------------------------------%>