Volian/SourceCode
8
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Use static function to check user’s security level

Browse Source 
Pass user security info to the panels, fix security related issues on the V button (B2015-188, B2015-193)
Added static functions to check the user’s security level
Use static function to check user’s security level in allowing applicability changes
Use static function to check user’s security level in enabling Inserting and RO and in Editing an RO
This commit is contained in:
John Jenko 2015-12-09 21:01:13 +00:00
parent 0159fc2955
commit d8f7b0619c
6 changed files with 102 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
PROMS/VEPROMS User Interface/dlgCheckedOutProcedure.cs
View File

@ -62,7 +62,7 @@ namespace VEPROMS
sb.AppendLine(string.Format("in a VEPROMS session on computer {0} that was started on {1}", MySessionInfo.MachineName, MySessionInfo.DTSDtart.ToString("MM/dd/yyyy @ HH:mm:ss")));
lblInfo.Text = sb.ToString();
if(MyProcedureInfo != null)
btnForce.Visible = MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(MyProcedureInfo.MyDocVersion) || (MyUserInfo.IsWriter(MyProcedureInfo.MyDocVersion) && MyOwnerInfo.OwnerItemID == MyProcedureInfo.ItemID);
btnForce.Visible = UserInfo.CanEdit(MyUserInfo,MyProcedureInfo.MyDocVersion) && MyOwnerInfo.OwnerItemID == MyProcedureInfo.ItemID;
else
btnForce.Visible = MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(MySectionInfo.MyProcedure.MyDocVersion);
}

81
PROMS/VEPROMS User Interface/frmVEPROMS.cs
View File

@ -1140,6 +1140,9 @@ namespace VEPROMS
}
return true;
}
public UserInfo MyUserInfo = null;
public VersionWindowList MyVersionWindowList;
public ContentInfo ci1;
public ContentInfo ci2;
@ -1165,31 +1168,36 @@ namespace VEPROMS
btnAdministrativeTools.Click += new EventHandler(btnAdministrativeTools_Click);
btnAdmin.SubItems.Add(btnAdministrativeTools);
//end batch refresh transitions
UserInfo ui = null;
try
{
ui = UserInfo.GetByUserID(VlnSettings.UserID);
MyUserInfo = UserInfo.GetByUserID(VlnSettings.UserID);
}
catch
{
MessageBox.Show("This database is not compatible with this version of PROMS. The PROMS program will terminate. Please contact Volian to assist in resolution.");
Application.Exit();
}
if (ui == null)
if (MyUserInfo == null)
{
User u = User.MakeUser(VlnSettings.UserID, "", "", "", "", "", "", "", "", "", "", DateTime.Now, VlnSettings.UserID);
Group g = Group.Get(securityRole);
Membership.MakeMembership(u, g, null, "");
ui = UserInfo.Get(u.UID);
MyUserInfo = UserInfo.Get(u.UID);
}
ctrlAnnotationDetails.MyUserInfo = ui;
DisplayRO.MyUserInfo = ui; // set the user's security information in the properties RO panel
StepTabRibbon.MyUserInfo = ui; // set the user's security information in the ribbon
bool isVisible = ui.IsAdministrator();
ctrlAnnotationDetails.MyUserInfo = MyUserInfo;
DisplayRO.MyUserInfo = MyUserInfo; // set the user's security information in the properties RO panel
StepTabRibbon.MyUserInfo = MyUserInfo; // set the user's security information in the ribbon
DisplayTransition.MyUserInfo = MyUserInfo; // set the user's security information in the Transition panel
DisplayTags.MyUserInfo = MyUserInfo; // set the user's security information in the Tags panel
DisplayHistory.MyUserInfo = MyUserInfo; // set the user's security information in the History panel
DisplayApplicability.MyUserInfo = MyUserInfo; // set the user's security information in the Applicability panel
StepRTB.MyUserInfo = MyUserInfo; // set the user's security information in the StepRTB
VlnFlexGrid.MyUserInfo = MyUserInfo; // set the user's security information in the VlnFlexGrid
bool isVisible = MyUserInfo.IsAdministrator();
btnManageSecurity.Visible = isVisible;
btnUpdateFormats.Visible = isVisible;
btnResetSecurity.Visible = isVisible;
btnAdministrativeTools.Visible = isVisible || HasSetAdministrator(ui);
btnAdministrativeTools.Visible = isVisible || HasSetAdministrator(MyUserInfo);
tmrCloseTabItems = new Timer();
tmrCloseTabItems.Interval = 100;
tmrCloseTabItems.Tick += new EventHandler(tmrCloseTabItems_Tick);
@ -2614,6 +2622,7 @@ namespace VEPROMS
infoPanel.Expanded = true;
infoTabs.SelectedTab = infotabTags;
displayTags.MyEditItem = (SelectedStepTabPanel == null) ? null : SelectedStepTabPanel.MyStepPanel.SelectedEditItem;
displayTags.Mydvi = SelectedDVI;
}
#endregion
#region InfoTabBookMarks
@ -2855,6 +2864,7 @@ namespace VEPROMS
displayRO.MyRTB = args.MyEditItem.MyStepRTB;
displayTags.MyEditItem = args.MyEditItem;
displayTags.Mydvi = SelectedDVI;
displayBookMarks.MyEditItem = args.MyEditItem;
displayHistory.MyEditItem = args.MyEditItem;
@ -2981,17 +2991,17 @@ namespace VEPROMS
FolderInfo fi = vtn.VEObject as FolderInfo;
if (fi != null)
{
if (fi.FolderDocVersionCount > 0)
{
btnNew.Enabled = false;
return;
}
// Enable/disable the New button based on the user's security settings at the current folder level
// B2015-193
btnNew.Enabled = UserInfo.CanCreateFolders(MyUserInfo, fi);
if (!btnNew.Enabled) return; // just return, user cannot add a new folder or workingdraft
// if at top, 'VEPROMS', folder and childfolders below this only
// option is to create a new (sub)folder, i.e. no submenu items.
if (fi.ChildFolderCount > 0 && fi.MyParent == null) return;
//if (fi.ChildFolderCount == 0) // submenu folders/docversion
//{
if (fi.MyParent != null)
if (fi.ChildFolderCount > 0 && fi.MyParent == null) return;
// submenu folders/docversion
if (fi.MyParent != null && UserInfo.CanCreateFolders(MyUserInfo,fi))
{
ButtonItem fldbbtn = new ButtonItem("fldbtn", "Folder Before");
ButtonItem fldabtn = new ButtonItem("fldabtn", "Folder After");
@ -3003,25 +3013,38 @@ namespace VEPROMS
ButtonItem fldbtn = new ButtonItem("fldbtn", "Folder");
btnNew.SubItems.Add(fldbtn);
fldbtn.Click += new EventHandler(fldbtn_Click);
if (fi.ChildFolderCount == 0)
// offer adding a Working Draft only if the folder has no sub-folders and there is not already a Working Draft node
if (fi.ChildFolderCount == 0 && fi.FolderDocVersionCount == 0)
{
ButtonItem dvbtn = new ButtonItem("dvbtn", "Working Draft");
btnNew.SubItems.Add(dvbtn);
dvbtn.Click += new EventHandler(dvbtn_Click);
}
return;
//}
}
// DocVersions can only have procedures, so no sub-menu
DocVersionInfo dvi = vtn.VEObject as DocVersionInfo;
if (dvi != null) return;
if (dvi != null)
{
if (!UserInfo.CanEdit(MyUserInfo, dvi))
btnNew.Enabled = false; // reviewers cannot create a new procedure B2015-193
return;
}
// Procedures can have a section added or a new procedure before
// or after.
ProcedureInfo pi = vtn.VEObject as ProcedureInfo;
if (pi != null)
{
// if user is a reviewer then don't allow adding new procedures
// bug B2015-193
if (!UserInfo.CanEdit(MyUserInfo, pi.MyDocVersion))
{
btnNew.Enabled = false;
return;
}
ButtonItem pbbtn = new ButtonItem("pfbtn", "Procedure Before");
ButtonItem pabtn = new ButtonItem("pabtn", "Procedure After");
ButtonItem sctbtn = new ButtonItem("sctbtn", "Section");
@ -3039,6 +3062,13 @@ namespace VEPROMS
SectionInfo si = vtn.VEObject as SectionInfo;
if (si != null)
{
// if user is a reviewer then don't allow adding new sections
// bug B2015-193
if (!UserInfo.CanEdit(MyUserInfo, si.MyDocVersion))
{
btnNew.Enabled = false;
return;
}
ButtonItem sbbtn = new ButtonItem("sbbtn", "Section Before");
ButtonItem sabtn = new ButtonItem("sabtn", "Section After");
ButtonItem subbtn = new ButtonItem("subbtn", "SubSection");
@ -3061,6 +3091,13 @@ namespace VEPROMS
StepInfo stpi = vtn.VEObject as StepInfo;
if (stpi != null)
{
// if user is a reviewer then don't allow adding new procedures, sections, or steps
// bug B2015-193
if (!UserInfo.CanEdit(MyUserInfo, stpi.MyDocVersion))
{
btnNew.Enabled = false;
return;
}
ButtonItem stpbbtn = new ButtonItem("stpbbtn", "New Step Before");
ButtonItem stpabtn = new ButtonItem("stpabtn", "New Step After");
btnNew.SubItems.Add(stpbbtn);
@ -3069,6 +3106,7 @@ namespace VEPROMS
stpabtn.Click += new EventHandler(stpabtn_Click);
return;
}
btnNew.Enabled = false; // should not get this far, but just in case turn off the New button
}
void fldabtn_Click(object sender, EventArgs e)
@ -3143,6 +3181,7 @@ namespace VEPROMS
private void infoPanel_Click(object sender, EventArgs e)
{
displayTags.MyEditItem = (SelectedStepTabPanel == null) ? null : SelectedStepTabPanel.MyStepPanel.SelectedEditItem;
displayTags.Mydvi = SelectedDVI;
}
//private void tv_SectionShouldClose(object sender, vlnTreeSectionInfoEventArgs args)
//{

16
PROMS/VEPROMS.CSLA.Library/Extension/MultiUserExt.cs
View File

@ -1055,6 +1055,22 @@ namespace VEPROMS.CSLA.Library
#region UserInfo stuff
public partial class UserInfo
{
public static bool CanEdit(UserInfo myUserInfo, DocVersionInfo myDVI)
{
return myUserInfo!=null && myDVI!=null && (myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI) || myUserInfo.IsWriter(myDVI));
}
public static bool CanEditROs(UserInfo myUserInfo, DocVersionInfo myDVI)
{
return myUserInfo != null && myDVI != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI) || myUserInfo.IsROEditor(myDVI);
}
public static bool CanCreateFolders(UserInfo myUserInfo, DocVersionInfo myDVI)
{
return myUserInfo != null && myDVI != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI);
}
public static bool CanCreateFolders(UserInfo myUserInfo, FolderInfo fi)
{
return myUserInfo != null && fi != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(fi);
}
public bool IsAdministrator()
{
if (this.UserMembershipCount == 0)

9
PROMS/Volian.Controls.Library/DisplayApplicability.cs
View File

@ -375,6 +375,14 @@ namespace Volian.Controls.Library
ei.MyStepRTB.Focus();
}
}
private static UserInfo _MyUserInfo = null;
public static UserInfo MyUserInfo
{
get { return _MyUserInfo; }
set { _MyUserInfo = value; }
}
public DisplayApplicability()
{
InitializeComponent();
@ -384,6 +392,7 @@ namespace Volian.Controls.Library
void DisplayApplicability_VisibleChanged(object sender, EventArgs e)
{
MyItemInfo = MyItemInfo;
gpItem.Enabled = UserInfo.CanEdit(MyUserInfo,(MyItemInfo == null) ? null : MyItemInfo.MyDocVersion); //Can Change Applicability
}
}
}

17
PROMS/Volian.Controls.Library/DisplayHistory.cs
View File

@ -767,13 +767,22 @@ namespace Volian.Controls.Library
{
return VlnFlexGrid.ROTableUpdate(sender, args);
}
private static UserInfo _MyUserInfo = null;
public static UserInfo MyUserInfo
{
get { return _MyUserInfo; }
set { _MyUserInfo = value; }
}
private void DisplayTagRTF(TreeNode tn)
{
if (tn.Tag != null)
{
if (tn.Tag is GridAuditInfo)
{
btnRestore.Enabled = true;
btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore();
GridAuditInfo gai = tn.Tag as GridAuditInfo;
myVFG.Visible = true;
myVFG.BringToFront();
@ -791,7 +800,7 @@ namespace Volian.Controls.Library
}
if (tn.Tag is ContentAuditInfo)
{
btnRestore.Enabled = true;
btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore();
myVFG.Clear();
ContentAuditInfo cai = tn.Tag as ContentAuditInfo;
GridAuditInfoList gail = GridAuditInfoList.Get(cai.ContentID);
@ -827,7 +836,7 @@ namespace Volian.Controls.Library
}
if (tn.Tag is ItemAuditInfo)
{
btnRestore.Enabled = true;
btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore();
ItemAuditInfo iai = tn.Tag as ItemAuditInfo;
ContentAuditInfoList cail = ContentAuditInfoList.Get(iai.ContentID);
foreach (ContentAuditInfo cai in cail)
@ -842,7 +851,7 @@ namespace Volian.Controls.Library
}
if (tn.Tag is AnnotationAuditInfo)
{
btnRestore.Enabled = true;
btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore();
AnnotationAuditInfo iai = tn.Tag as AnnotationAuditInfo;
myRTB.Font = new Font("Arial", 12, FontStyle.Regular);
myRTB.Rtf = iai.RtfText;

13
PROMS/Volian.Controls.Library/DisplayRO.cs
View File

@ -230,9 +230,9 @@ namespace Volian.Controls.Library
//btnCancelRO.Enabled = ((_SavCurROLink != null) && chld.roid.Substring(0, 12).ToLower() != SavROLink.ROID.Substring(0, 12).ToLower());
string childroid = chld.roid.ToLower() + "0000";
childroid = childroid.Substring(0, 16);
btnSaveRO.Enabled = ((_SavCurROLink == null) || !(childroid.Equals(SavROLink.ROID.ToLower())));
btnSaveRO.Enabled = UserInfo.CanEdit(MyUserInfo, Mydvi) && ((_SavCurROLink == null) || !(childroid.Equals(SavROLink.ROID.ToLower()))); //added security check (UserInfo.CanEdit)
btnCancelRO.Enabled = ((_SavCurROLink != null) && childroid != SavROLink.ROID.ToLower());
btnGoToRO.Enabled = CanEditROs(); // Writers and Reviewers cannot edit ROs (run the RO Editor)
btnGoToRO.Enabled = UserInfo.CanEditROs(MyUserInfo, Mydvi); // Writers and Reviewers cannot edit ROs (run the RO Editor)
switch (chld.type)
{
case 1: // standard (regular) text RO type
@ -851,18 +851,11 @@ namespace Volian.Controls.Library
#endregion // utils
private bool CanEditROs()
{
// Test to see if the user is allowed to run the RO Edior
// writers and reviewers are not allowed to run the RO Editor
return MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(Mydvi) || MyUserInfo.IsROEditor(Mydvi);
}
private string _SelectedRoidBeforeRoEditor = null;
private void lbROId_DoubleClick(object sender, EventArgs e)
{
if (tvROFST.SelectedNode == null) return;
if (!CanEditROs()) return; // do not allow writers and reviews to run the RO Editor
if (!UserInfo.CanEditROs(MyUserInfo, Mydvi)) return; // do not allow writers and reviews to run the RO Editor
if (VlnSettings.ReleaseMode.Equals("DEMO"))
{
MessageBox.Show("Referenced Object Editor not available in the Demo version.", "PROMS Demo Version");