diff --git a/PROMS/VEPROMS User Interface/dlgCheckedOutProcedure.cs b/PROMS/VEPROMS User Interface/dlgCheckedOutProcedure.cs index ac4d54b9..04ac6afa 100644 --- a/PROMS/VEPROMS User Interface/dlgCheckedOutProcedure.cs +++ b/PROMS/VEPROMS User Interface/dlgCheckedOutProcedure.cs @@ -62,7 +62,7 @@ namespace VEPROMS sb.AppendLine(string.Format("in a VEPROMS session on computer {0} that was started on {1}", MySessionInfo.MachineName, MySessionInfo.DTSDtart.ToString("MM/dd/yyyy @ HH:mm:ss"))); lblInfo.Text = sb.ToString(); if(MyProcedureInfo != null) - btnForce.Visible = MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(MyProcedureInfo.MyDocVersion) || (MyUserInfo.IsWriter(MyProcedureInfo.MyDocVersion) && MyOwnerInfo.OwnerItemID == MyProcedureInfo.ItemID); + btnForce.Visible = UserInfo.CanEdit(MyUserInfo,MyProcedureInfo.MyDocVersion) && MyOwnerInfo.OwnerItemID == MyProcedureInfo.ItemID; else btnForce.Visible = MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(MySectionInfo.MyProcedure.MyDocVersion); } diff --git a/PROMS/VEPROMS User Interface/frmVEPROMS.cs b/PROMS/VEPROMS User Interface/frmVEPROMS.cs index 3984e828..83621a8e 100644 --- a/PROMS/VEPROMS User Interface/frmVEPROMS.cs +++ b/PROMS/VEPROMS User Interface/frmVEPROMS.cs @@ -1140,6 +1140,9 @@ namespace VEPROMS } return true; } + + public UserInfo MyUserInfo = null; + public VersionWindowList MyVersionWindowList; public ContentInfo ci1; public ContentInfo ci2; @@ -1165,31 +1168,36 @@ namespace VEPROMS btnAdministrativeTools.Click += new EventHandler(btnAdministrativeTools_Click); btnAdmin.SubItems.Add(btnAdministrativeTools); //end batch refresh transitions - UserInfo ui = null; try { - ui = UserInfo.GetByUserID(VlnSettings.UserID); + MyUserInfo = UserInfo.GetByUserID(VlnSettings.UserID); } catch { MessageBox.Show("This database is not compatible with this version of PROMS. The PROMS program will terminate. Please contact Volian to assist in resolution."); Application.Exit(); } - if (ui == null) + if (MyUserInfo == null) { User u = User.MakeUser(VlnSettings.UserID, "", "", "", "", "", "", "", "", "", "", DateTime.Now, VlnSettings.UserID); Group g = Group.Get(securityRole); Membership.MakeMembership(u, g, null, ""); - ui = UserInfo.Get(u.UID); + MyUserInfo = UserInfo.Get(u.UID); } - ctrlAnnotationDetails.MyUserInfo = ui; - DisplayRO.MyUserInfo = ui; // set the user's security information in the properties RO panel - StepTabRibbon.MyUserInfo = ui; // set the user's security information in the ribbon - bool isVisible = ui.IsAdministrator(); + ctrlAnnotationDetails.MyUserInfo = MyUserInfo; + DisplayRO.MyUserInfo = MyUserInfo; // set the user's security information in the properties RO panel + StepTabRibbon.MyUserInfo = MyUserInfo; // set the user's security information in the ribbon + DisplayTransition.MyUserInfo = MyUserInfo; // set the user's security information in the Transition panel + DisplayTags.MyUserInfo = MyUserInfo; // set the user's security information in the Tags panel + DisplayHistory.MyUserInfo = MyUserInfo; // set the user's security information in the History panel + DisplayApplicability.MyUserInfo = MyUserInfo; // set the user's security information in the Applicability panel + StepRTB.MyUserInfo = MyUserInfo; // set the user's security information in the StepRTB + VlnFlexGrid.MyUserInfo = MyUserInfo; // set the user's security information in the VlnFlexGrid + bool isVisible = MyUserInfo.IsAdministrator(); btnManageSecurity.Visible = isVisible; btnUpdateFormats.Visible = isVisible; btnResetSecurity.Visible = isVisible; - btnAdministrativeTools.Visible = isVisible || HasSetAdministrator(ui); + btnAdministrativeTools.Visible = isVisible || HasSetAdministrator(MyUserInfo); tmrCloseTabItems = new Timer(); tmrCloseTabItems.Interval = 100; tmrCloseTabItems.Tick += new EventHandler(tmrCloseTabItems_Tick); @@ -2614,6 +2622,7 @@ namespace VEPROMS infoPanel.Expanded = true; infoTabs.SelectedTab = infotabTags; displayTags.MyEditItem = (SelectedStepTabPanel == null) ? null : SelectedStepTabPanel.MyStepPanel.SelectedEditItem; + displayTags.Mydvi = SelectedDVI; } #endregion #region InfoTabBookMarks @@ -2855,6 +2864,7 @@ namespace VEPROMS displayRO.MyRTB = args.MyEditItem.MyStepRTB; displayTags.MyEditItem = args.MyEditItem; + displayTags.Mydvi = SelectedDVI; displayBookMarks.MyEditItem = args.MyEditItem; displayHistory.MyEditItem = args.MyEditItem; @@ -2981,17 +2991,17 @@ namespace VEPROMS FolderInfo fi = vtn.VEObject as FolderInfo; if (fi != null) { - if (fi.FolderDocVersionCount > 0) - { - btnNew.Enabled = false; - return; - } + // Enable/disable the New button based on the user's security settings at the current folder level + // B2015-193 + btnNew.Enabled = UserInfo.CanCreateFolders(MyUserInfo, fi); + if (!btnNew.Enabled) return; // just return, user cannot add a new folder or workingdraft + // if at top, 'VEPROMS', folder and childfolders below this only // option is to create a new (sub)folder, i.e. no submenu items. - if (fi.ChildFolderCount > 0 && fi.MyParent == null) return; - //if (fi.ChildFolderCount == 0) // submenu folders/docversion - //{ - if (fi.MyParent != null) + if (fi.ChildFolderCount > 0 && fi.MyParent == null) return; + + // submenu folders/docversion + if (fi.MyParent != null && UserInfo.CanCreateFolders(MyUserInfo,fi)) { ButtonItem fldbbtn = new ButtonItem("fldbtn", "Folder Before"); ButtonItem fldabtn = new ButtonItem("fldabtn", "Folder After"); @@ -3003,25 +3013,38 @@ namespace VEPROMS ButtonItem fldbtn = new ButtonItem("fldbtn", "Folder"); btnNew.SubItems.Add(fldbtn); fldbtn.Click += new EventHandler(fldbtn_Click); - if (fi.ChildFolderCount == 0) + + // offer adding a Working Draft only if the folder has no sub-folders and there is not already a Working Draft node + if (fi.ChildFolderCount == 0 && fi.FolderDocVersionCount == 0) { ButtonItem dvbtn = new ButtonItem("dvbtn", "Working Draft"); btnNew.SubItems.Add(dvbtn); dvbtn.Click += new EventHandler(dvbtn_Click); } return; - //} } // DocVersions can only have procedures, so no sub-menu DocVersionInfo dvi = vtn.VEObject as DocVersionInfo; - if (dvi != null) return; + if (dvi != null) + { + if (!UserInfo.CanEdit(MyUserInfo, dvi)) + btnNew.Enabled = false; // reviewers cannot create a new procedure B2015-193 + return; + } // Procedures can have a section added or a new procedure before // or after. ProcedureInfo pi = vtn.VEObject as ProcedureInfo; if (pi != null) { + // if user is a reviewer then don't allow adding new procedures + // bug B2015-193 + if (!UserInfo.CanEdit(MyUserInfo, pi.MyDocVersion)) + { + btnNew.Enabled = false; + return; + } ButtonItem pbbtn = new ButtonItem("pfbtn", "Procedure Before"); ButtonItem pabtn = new ButtonItem("pabtn", "Procedure After"); ButtonItem sctbtn = new ButtonItem("sctbtn", "Section"); @@ -3039,6 +3062,13 @@ namespace VEPROMS SectionInfo si = vtn.VEObject as SectionInfo; if (si != null) { + // if user is a reviewer then don't allow adding new sections + // bug B2015-193 + if (!UserInfo.CanEdit(MyUserInfo, si.MyDocVersion)) + { + btnNew.Enabled = false; + return; + } ButtonItem sbbtn = new ButtonItem("sbbtn", "Section Before"); ButtonItem sabtn = new ButtonItem("sabtn", "Section After"); ButtonItem subbtn = new ButtonItem("subbtn", "SubSection"); @@ -3061,6 +3091,13 @@ namespace VEPROMS StepInfo stpi = vtn.VEObject as StepInfo; if (stpi != null) { + // if user is a reviewer then don't allow adding new procedures, sections, or steps + // bug B2015-193 + if (!UserInfo.CanEdit(MyUserInfo, stpi.MyDocVersion)) + { + btnNew.Enabled = false; + return; + } ButtonItem stpbbtn = new ButtonItem("stpbbtn", "New Step Before"); ButtonItem stpabtn = new ButtonItem("stpabtn", "New Step After"); btnNew.SubItems.Add(stpbbtn); @@ -3069,6 +3106,7 @@ namespace VEPROMS stpabtn.Click += new EventHandler(stpabtn_Click); return; } + btnNew.Enabled = false; // should not get this far, but just in case turn off the New button } void fldabtn_Click(object sender, EventArgs e) @@ -3143,6 +3181,7 @@ namespace VEPROMS private void infoPanel_Click(object sender, EventArgs e) { displayTags.MyEditItem = (SelectedStepTabPanel == null) ? null : SelectedStepTabPanel.MyStepPanel.SelectedEditItem; + displayTags.Mydvi = SelectedDVI; } //private void tv_SectionShouldClose(object sender, vlnTreeSectionInfoEventArgs args) //{ diff --git a/PROMS/VEPROMS.CSLA.Library/Extension/MultiUserExt.cs b/PROMS/VEPROMS.CSLA.Library/Extension/MultiUserExt.cs index 26357580..49a0029f 100644 --- a/PROMS/VEPROMS.CSLA.Library/Extension/MultiUserExt.cs +++ b/PROMS/VEPROMS.CSLA.Library/Extension/MultiUserExt.cs @@ -1055,6 +1055,22 @@ namespace VEPROMS.CSLA.Library #region UserInfo stuff public partial class UserInfo { + public static bool CanEdit(UserInfo myUserInfo, DocVersionInfo myDVI) + { + return myUserInfo!=null && myDVI!=null && (myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI) || myUserInfo.IsWriter(myDVI)); + } + public static bool CanEditROs(UserInfo myUserInfo, DocVersionInfo myDVI) + { + return myUserInfo != null && myDVI != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI) || myUserInfo.IsROEditor(myDVI); + } + public static bool CanCreateFolders(UserInfo myUserInfo, DocVersionInfo myDVI) + { + return myUserInfo != null && myDVI != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(myDVI); + } + public static bool CanCreateFolders(UserInfo myUserInfo, FolderInfo fi) + { + return myUserInfo != null && fi != null && myUserInfo.IsAdministrator() || myUserInfo.IsSetAdministrator(fi); + } public bool IsAdministrator() { if (this.UserMembershipCount == 0) diff --git a/PROMS/Volian.Controls.Library/DisplayApplicability.cs b/PROMS/Volian.Controls.Library/DisplayApplicability.cs index 5d5e999d..0e6bc96c 100644 --- a/PROMS/Volian.Controls.Library/DisplayApplicability.cs +++ b/PROMS/Volian.Controls.Library/DisplayApplicability.cs @@ -375,6 +375,14 @@ namespace Volian.Controls.Library ei.MyStepRTB.Focus(); } } + + private static UserInfo _MyUserInfo = null; + public static UserInfo MyUserInfo + { + get { return _MyUserInfo; } + set { _MyUserInfo = value; } + } + public DisplayApplicability() { InitializeComponent(); @@ -384,6 +392,7 @@ namespace Volian.Controls.Library void DisplayApplicability_VisibleChanged(object sender, EventArgs e) { MyItemInfo = MyItemInfo; + gpItem.Enabled = UserInfo.CanEdit(MyUserInfo,(MyItemInfo == null) ? null : MyItemInfo.MyDocVersion); //Can Change Applicability } } } diff --git a/PROMS/Volian.Controls.Library/DisplayHistory.cs b/PROMS/Volian.Controls.Library/DisplayHistory.cs index 11730074..bfa7a793 100644 --- a/PROMS/Volian.Controls.Library/DisplayHistory.cs +++ b/PROMS/Volian.Controls.Library/DisplayHistory.cs @@ -767,13 +767,22 @@ namespace Volian.Controls.Library { return VlnFlexGrid.ROTableUpdate(sender, args); } + + + private static UserInfo _MyUserInfo = null; + public static UserInfo MyUserInfo + { + get { return _MyUserInfo; } + set { _MyUserInfo = value; } + } + private void DisplayTagRTF(TreeNode tn) { if (tn.Tag != null) { if (tn.Tag is GridAuditInfo) { - btnRestore.Enabled = true; + btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore(); GridAuditInfo gai = tn.Tag as GridAuditInfo; myVFG.Visible = true; myVFG.BringToFront(); @@ -791,7 +800,7 @@ namespace Volian.Controls.Library } if (tn.Tag is ContentAuditInfo) { - btnRestore.Enabled = true; + btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore(); myVFG.Clear(); ContentAuditInfo cai = tn.Tag as ContentAuditInfo; GridAuditInfoList gail = GridAuditInfoList.Get(cai.ContentID); @@ -827,7 +836,7 @@ namespace Volian.Controls.Library } if (tn.Tag is ItemAuditInfo) { - btnRestore.Enabled = true; + btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore(); ItemAuditInfo iai = tn.Tag as ItemAuditInfo; ContentAuditInfoList cail = ContentAuditInfoList.Get(iai.ContentID); foreach (ContentAuditInfo cai in cail) @@ -842,7 +851,7 @@ namespace Volian.Controls.Library } if (tn.Tag is AnnotationAuditInfo) { - btnRestore.Enabled = true; + btnRestore.Enabled = UserInfo.CanEdit(MyUserInfo, MyProcedureInfo.MyDocVersion);//CanRestore(); AnnotationAuditInfo iai = tn.Tag as AnnotationAuditInfo; myRTB.Font = new Font("Arial", 12, FontStyle.Regular); myRTB.Rtf = iai.RtfText; diff --git a/PROMS/Volian.Controls.Library/DisplayRO.cs b/PROMS/Volian.Controls.Library/DisplayRO.cs index c8cd8585..21beea00 100644 --- a/PROMS/Volian.Controls.Library/DisplayRO.cs +++ b/PROMS/Volian.Controls.Library/DisplayRO.cs @@ -230,9 +230,9 @@ namespace Volian.Controls.Library //btnCancelRO.Enabled = ((_SavCurROLink != null) && chld.roid.Substring(0, 12).ToLower() != SavROLink.ROID.Substring(0, 12).ToLower()); string childroid = chld.roid.ToLower() + "0000"; childroid = childroid.Substring(0, 16); - btnSaveRO.Enabled = ((_SavCurROLink == null) || !(childroid.Equals(SavROLink.ROID.ToLower()))); + btnSaveRO.Enabled = UserInfo.CanEdit(MyUserInfo, Mydvi) && ((_SavCurROLink == null) || !(childroid.Equals(SavROLink.ROID.ToLower()))); //added security check (UserInfo.CanEdit) btnCancelRO.Enabled = ((_SavCurROLink != null) && childroid != SavROLink.ROID.ToLower()); - btnGoToRO.Enabled = CanEditROs(); // Writers and Reviewers cannot edit ROs (run the RO Editor) + btnGoToRO.Enabled = UserInfo.CanEditROs(MyUserInfo, Mydvi); // Writers and Reviewers cannot edit ROs (run the RO Editor) switch (chld.type) { case 1: // standard (regular) text RO type @@ -851,18 +851,11 @@ namespace Volian.Controls.Library #endregion // utils - private bool CanEditROs() - { - // Test to see if the user is allowed to run the RO Edior - // writers and reviewers are not allowed to run the RO Editor - return MyUserInfo.IsAdministrator() || MyUserInfo.IsSetAdministrator(Mydvi) || MyUserInfo.IsROEditor(Mydvi); - } - private string _SelectedRoidBeforeRoEditor = null; private void lbROId_DoubleClick(object sender, EventArgs e) { if (tvROFST.SelectedNode == null) return; - if (!CanEditROs()) return; // do not allow writers and reviews to run the RO Editor + if (!UserInfo.CanEditROs(MyUserInfo, Mydvi)) return; // do not allow writers and reviews to run the RO Editor if (VlnSettings.ReleaseMode.Equals("DEMO")) { MessageBox.Show("Referenced Object Editor not available in the Demo version.", "PROMS Demo Version");