Rev 5102 | Blame | Last modification | View Log | RSS feed
<%'===================================================================' Access Control General'===================================================================%><%'------------ VARIABLE DEFINITION -------------Dim bCanModifyProject ' Calculate once'------------ CONSTANTS DECLARATION -----------'------------ VARIABLE INIT -------------------objAccessControl.objOraSession = OraSession ' Create database link for orasessionobjAccessControl.objOraDatabase = OraDatabase ' Create database link for oradatabasebCanModifyProject = false ' Calculated later'----------------------------------------------%><%'-----------------------------------------------------------------------------------------------------------------------------Sub ApplicationRunlevelCheck()'--- Application Developer Override ---If objAccessControl.UserId = 0 OR canShowControl ( "onApplicationOffline" ) ThenExit SubEnd If'---------------------------------------'-- Check if application is running --If NOT objAccessControl.IsApplicationRunning ThenIf NOT isPopupWindow ThenCall OpenInWindow ( "Login.asp?message=3&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )ElseCall OpenInParentWindow ( "Login.asp?message=3&"& objPMod.ComposeURL() )Call CloseWindow()End IfEnd IfEnd Sub'-----------------------------------------------------------------------------------------------------------------------------Sub ApplicationAccessCheck ()'--- Built In Administrator Override ---If objAccessControl.UserId = 0 ThenExit SubEnd If'---------------------------------------'-- Check User access to this application ---If NOT objAccessControl.UserApplication ( APPLICATION_ID ) ThenIf NOT isPopupWindow ThenCall OpenInWindow ( "Login.asp?message=1&rfile="& scriptName & objPMod.ComposeURLWithout("rfile") )ElseCall OpenInParentWindow ( "Login.asp?message=1&"& objPMod.ComposeURL() )Call CloseWindow()End IfEnd IfEnd Sub'-----------------------------------------------------------------------------------------------------------------------------Sub LoadUserPermissions ( ByRef oAccessControl )Dim rsAccessControl' Exit if not logged inIf NOT oAccessControl.UserLogedIn Then Exit Sub'Try getting object from session' DevSystem - will not cache permissions in the Session Object'If NOT oAccessControl.isDevSystem() AND IsArray(Session(enumUSER_STATIC_PERMISSIONS)) ThenCall oAccessControl.LoadStaticPermissions ( Session(enumUSER_STATIC_PERMISSIONS) )Call oAccessControl.LoadDataPermissions ( Session(enumUSER_DATA_PERMISSIONS) )Exit SubEnd IfOraDatabase.Parameters.Add "USER_ID", oAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "APP_ID", APPLICATION_ID, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "RECORD_SET", NULL, ORAPARM_OUTPUT, ORATYPE_CURSOR' Load Static PermissionsOraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_STATIC_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").ValueIf ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) ThenoAccessControl.LoadStaticPermissions rsAccessControl.GetRows()Session(enumUSER_STATIC_PERMISSIONS) = rsAccessControl.GetRows()End IfrsAccessControl.Close' Load Data PermissionsOraDatabase.ExecuteSQL "BEGIN PK_SECURITY.GET_USER_DATA_PERMISSIONS ( :USER_ID, :APP_ID, :RECORD_SET ); END;"Set rsAccessControl = OraDatabase.Parameters("RECORD_SET").ValueIf ((NOT rsAccessControl.BOF) AND (NOT rsAccessControl.EOF)) ThenoAccessControl.LoadDataPermissions rsAccessControl.GetRows()Session(enumUSER_DATA_PERMISSIONS) = rsAccessControl.GetRows()End IfrsAccessControl.Close' --- Destroy ---Set rsAccessControl = nothingOraDatabase.Parameters.Remove "USER_ID"OraDatabase.Parameters.Remove "APP_ID"OraDatabase.Parameters.Remove "RECORD_SET"End Sub'-----------------------------------------------------------------------------------------------------------------------------Sub UpdateLoginSession ()Dim nTimeVal' Exit if not logged inIf NOT objAccessControl.UserLogedIn Then Exit Sub' Get time valuenTimeVal = CDbl(TIMER_VALUE)' Allow update only once per minuteIf Session( enumSESSION_LAST_REQUEST ) <> "" ThenIf CDbl( Session( enumSESSION_LAST_REQUEST ) ) = nTimeVal Then Exit SubEnd If' Update database with last requestOraDatabase.Parameters.Add "USER_ID", objAccessControl.UserId, ORAPARM_INPUT, ORATYPE_NUMBEROraDatabase.Parameters.Add "TIME_VAL", nTimeVal, ORAPARM_INPUT, ORATYPE_NUMBERobjEH.TryORA ( OraSession )On Error Resume NextOraDatabase.ExecuteSQL _" UPDATE USERS SET"&_" LAST_REQUEST = :TIME_VAL"&_" WHERE USER_ID = :USER_ID"objEH.CatchORA ( OraSession )OraDatabase.Parameters.Remove "USER_ID"OraDatabase.Parameters.Remove "TIME_VAL"' Save last request time to session variableSession( enumSESSION_LAST_REQUEST ) = CDbl(nTimeVal)End Sub'-----------------------------------------------------------------------------------------------------------------------------'-----------------------------------------------------------------------------------------------------------------------------' The folling function are wrappers around the general objAccessControl access function' Pages shold ONLY use these access functions and not the lowerlevel ones' Caveats:' - Developer must know which access objects (controls) should be accessed in a project maner' and which should be accessed in a global manner.' Basically, use the ...InProject() variants for project based pages'-------------------------------------------------' Function: canShowControl' Description: Determine if the named control should be shownFunction canShowControl (cname)canShowControl = objAccessControl.IsDataVisible ("PROJECTS", DB_PROJ_ID, cname)End Function'-------------------------------------------------' Function: canActionControl' Description: Determine if the named control action can be performedFunction canActionControl (cname)canActionControl = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, cname)End Function'-------------------------------------------------' Function: canShowControlInProject' Description: Determine if the named project-specific control should be shownFunction canShowControlInProject (cname)canShowControlInProject = bCanModifyProject AND canShowControl(cname)End Function'-------------------------------------------------' Function: canActionControlInProject' Description: Determine if the named project-specific control action can be performedFunction canActionControlInProject (cname)canActionControlInProject = bCanModifyProject AND canActionControl(cname)End Function'-------------------------------------------------' Function: canActionInProject' Description: Determine if the user can perform any action in the projectFunction canActionInProject()canActionInProject = bCanModifyProjectEnd Function'-------------------------------------------------' Function: controlDisabledInProject' Description: Determine if the user can perform any action in the project' Returns ' disabled' string suitable for inlcusion in HTMLFunction controlDisabledInProject ( cname )If canActionControlInProject ( cname ) ThencontrolDisabledInProject = ""ElsecontrolDisabledInProject = " disabled "End IfEnd Function'-------------------------------------------------' Function: setActiveProject' Description: Alters the current active project' Normally this is automatically determined as a page is loaded, but some' pages do not have this information.' Returns the active project ID, before the changeFunction setActiveProject(proj_id)setActiveProject = DB_PROJ_IDDB_PROJ_ID = proj_idbCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")'--rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"End Function%><%'------------ RUN BEFORE CONTROL RENDER -------'--- Load User Permissions ---Call LoadUserPermissions ( objAccessControl )bCanModifyProject = objAccessControl.IsDataActive ("PROJECTS", DB_PROJ_ID, "EditProjects")'-- rmDebug = rmDebug & "{"& DB_PROJ_ID & ":" & bCanModifyProject &"}"'--- Application Run level Check ---Call ApplicationRunlevelCheck ()'--- Update Login Session ---Call UpdateLoginSession ()'----------------------------------------------%><%'------------ RUN AFTER CONTROL RENDER --------'----------------------------------------------%>