Menu
▾
▴
[tcdb-devel] SF.net SVN: tcdb: [273] Website
|
From: <ro...@us...> - 2006-08-04 21:21:43
|
Revision: 273 Author: rouquin Date: 2006-08-04 14:21:34 -0700 (Fri, 04 Aug 2006) ViewCVS: http://svn.sourceforge.net/tcdb/?rev=273&view=rev Log Message: ----------- Did a bunch of rights work on the administration branch. Tested as a VAS Administrator. Modified Paths: -------------- Website/Administration.aspx Website/Includes/ActionItems.ascx Website/Includes/ActionItems.ascx.cs Website/Includes/AdministrationTree.ascx.cs Website/Includes/UserSettings.ascx Website/Includes/UserSettings.ascx.cs Modified: Website/Administration.aspx =================================================================== --- Website/Administration.aspx 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Administration.aspx 2006-08-04 21:21:34 UTC (rev 273) @@ -1,23 +1,13 @@ <%@ Page Language="C#" MasterPageFile="~/TCDB.master" AutoEventWireup="true" Title="TCDB: Administration" %> <%@ Register Src="~/Includes/AdministrationTree.ascx" TagPrefix="admin" TagName="Tree" %> +<%@ Register Src="~/Includes/Administration.ascx" TagPrefix="admin" TagName="Nav" %> + <asp:Content ID="TreeContent" ContentPlaceHolderID="TreeContentPlaceHolder" runat="Server"> <admin:Tree runat="server" ID="Tree" /> </asp:Content> <asp:Content ID="MainContent" ContentPlaceHolderID="MainContentPlaceHolder" runat="Server"> - <div class="pictureMenu"> - <% if (TCDB.Common.Constants.IS_DEV_ENV) - { %> - <asp:LinkButton ID="newProduct" runat="server" PostBackUrl="~/Product.aspx?mode=new">New Product</asp:LinkButton> <% } %> - <div class="button"> - <asp:LinkButton ID="newUser" runat="server" PostBackUrl="~/UserSettings.aspx?mode=new"> - <asp:Image ID="newUserIcon" runat="server" SkinID="newUserImage" AlternateText="New User" />New - User</asp:LinkButton></div> - <div class="button"> - <asp:LinkButton ID="userRole" runat="server" PostBackUrl="~/AdminRole.aspx"> - <asp:Image ID="userRoleIcon" runat="server" SkinID="userRoleImage" AlternateText="User Roles" />User - Roles</asp:LinkButton></div> - </div> + <admin:Nav runat="server" ID="Nav" /> </asp:Content> <asp:Content ID="NotesContent" ContentPlaceHolderID="NotesContentPlaceHolder" runat="Server"> </asp:Content> Modified: Website/Includes/ActionItems.ascx =================================================================== --- Website/Includes/ActionItems.ascx 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Includes/ActionItems.ascx 2006-08-04 21:21:34 UTC (rev 273) @@ -216,9 +216,7 @@ </div> <div class="item"> <label> - Assigned To:</label><asp:DropDownList ID="assignedTo" runat="server" DataSourceID="UserDataSource" - DataTextField="fullName" DataValueField="userID" SelectedValue='<%# Bind("assignedID") %>' - OnDataBound="assignedTo_DataBound"> + Assigned To:</label><asp:DropDownList ID="assignedTo" runat="server" SelectedValue='<%# Bind("assignedID") %>' OnInit="assignedTo_Init"> </asp:DropDownList> </div> </div> @@ -302,9 +300,8 @@ ToolTip='<%# Bind("creatorID") %>'></asp:Label></div> <div class="item"> <label> - Assigned To:</label><asp:DropDownList ID="assignedTo" runat="server" DataSourceID="UserDataSource" - DataTextField="fullName" DataValueField="userID" AppendDataBoundItems="True" - SelectedValue='<%# Bind("assignedID") %>' OnDataBound="assignedTo_DataBound"> + Assigned To:</label><asp:DropDownList ID="assignedTo" runat="server" + SelectedValue='<%# Bind("assignedID") %>' OnInit="assignedTo_Init"> </asp:DropDownList></div> </div> <div class="end"> Modified: Website/Includes/ActionItems.ascx.cs =================================================================== --- Website/Includes/ActionItems.ascx.cs 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Includes/ActionItems.ascx.cs 2006-08-04 21:21:34 UTC (rev 273) @@ -368,13 +368,6 @@ !(ai.CREATOR.ID == m_user.ID && m_user.HasRight("status_created_ai", productID)))) dateFinished.Enabled = false; } - protected void assignedTo_DataBound(object sender, EventArgs e) - { - DropDownList assignedTo = (DropDownList)ActionItemsView.FindControl("assignedTo"); - - if (!m_user.HasRight("create_other_ai", Constants.PRODUCT_ANYID)) - assignedTo.Enabled = false; - } protected void NewButton_Init(object sender, EventArgs e) { LinkButton newBtn = (LinkButton)sender; @@ -403,4 +396,41 @@ !(ai.CREATOR.ID == m_user.ID && m_user.HasRight("delete_created_ai", productID))) deleteBtn.Visible = false; } + protected void assignedTo_Init(object sender, EventArgs e) + { + DropDownList assignedTo = (DropDownList)sender; + + if (!m_user.HasRight("create_other_ai", Constants.PRODUCT_ANYID)) + { + assignedTo.Enabled = false; + assignedTo.Items.Add(new ListItem(m_user.FULLNAME, m_user.ID.ToString())); + } + else + { + assignedTo.Enabled = true; + + tcdbDataSetTableAdapters.db_productsTableAdapter pAdapter = new tcdbDataSetTableAdapters.db_productsTableAdapter(); + tcdbDataSet.db_productsDataTable pTable = pAdapter.GetData(true, null); + tcdbDataSetTableAdapters.db_roleProductUserTableAdapter rpuAdapter = new tcdbDataSetTableAdapters.db_roleProductUserTableAdapter(); + + foreach (tcdbDataSet.db_productsRow pRow in pTable) + { + if (m_user.HasRight("create_other_ai",pRow.productID)) + { + tcdbDataSet.db_roleProductUserDataTable rpuTable = rpuAdapter.GetData(null, pRow.productID, true); + + int lastID = -1; + foreach (tcdbDataSet.db_roleProductUserRow rpuRow in rpuTable) + { + if (lastID == rpuRow.userID) + continue; + lastID = rpuRow.userID; + + assignedTo.Items.Add(new ListItem(rpuRow.fullName, rpuRow.userID.ToString())); + } + } + } + + } + } } Modified: Website/Includes/AdministrationTree.ascx.cs =================================================================== --- Website/Includes/AdministrationTree.ascx.cs 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Includes/AdministrationTree.ascx.cs 2006-08-04 21:21:34 UTC (rev 273) @@ -21,7 +21,7 @@ protected void Page_Load(object sender, EventArgs e) { if (!m_user.ISAUTHENTICATED) { return; } - if (!m_user.HasRight("view_admin", Constants.PRODUCT_ANYID)) + if (this.Visible && !m_user.HasRight("view_admin", Constants.PRODUCT_ANYID)) Response.Redirect("~/Assignments.aspx?" + Constants.CODE_USER + "=" + m_user.ID); } @@ -56,23 +56,26 @@ { foreach (tcdbDataSet.db_productsRow row in productTable) { - // Create the new node. - TreeNode newNode = new TreeNode(); - newNode.Text = "<product>" + row.name + "</product>"; - newNode.Value = row.productID.ToString(); + if (m_user.HasRight("view_product", row.productID)) + { + // Create the new node. + TreeNode newNode = new TreeNode(); + newNode.Text = "<product>" + row.name + "</product>"; + newNode.Value = row.productID.ToString(); - // Set the PopulateOnDemand property to true so that the child nodes can be - // dynamically populated. - newNode.PopulateOnDemand = true; + // Set the PopulateOnDemand property to true so that the child nodes can be + // dynamically populated. + newNode.PopulateOnDemand = true; - // Set additional properties for the node. - newNode.SelectAction = TreeNodeSelectAction.Expand; - newNode.NavigateUrl = "~/Product.aspx?" + Constants.CODE_PRODUCT + "=" + newNode.Value; + // Set additional properties for the node. + newNode.SelectAction = TreeNodeSelectAction.Expand; + newNode.NavigateUrl = "~/Product.aspx?" + Constants.CODE_PRODUCT + "=" + newNode.Value; - // Add the new node to the ChildNodes collection of the parent node. - parent.ChildNodes.Add(newNode); - if (nodes.Contains(newNode.ValuePath)) - newNode.Expand(); + // Add the new node to the ChildNodes collection of the parent node. + parent.ChildNodes.Add(newNode); + if (nodes.Contains(newNode.ValuePath)) + newNode.Expand(); + } } } } @@ -361,6 +364,7 @@ tcdbDataSetTableAdapters.db_roleProductUserTableAdapter userAdapter = new tcdbDataSetTableAdapters.db_roleProductUserTableAdapter(); tcdbDataSet.db_roleProductUserDataTable userTable = userAdapter.GetData(null, Convert.ToInt32(parent.Parent.Value), true); int lastID = -1; + int productID = Convert.ToInt32(parent.Parent.Value); foreach (tcdbDataSet.db_roleProductUserRow row in userTable) { @@ -369,15 +373,18 @@ else lastID = row.userID; - // Create the new node. - TreeNode newNode = new TreeNode(); - newNode.Text = row.fullName; - newNode.Value = row.userID.ToString(); ; - newNode.PopulateOnDemand = true; - newNode.SelectAction = TreeNodeSelectAction.Expand; - newNode.NavigateUrl = "~/UserSettings.aspx?"+Constants.CODE_USER+"=" + newNode.Value; - parent.ChildNodes.Add(newNode); - newNode.Expand(); + if (m_user.HasRight("view_other_settings", productID)) + { + // Create the new node. + TreeNode newNode = new TreeNode(); + newNode.Text = row.fullName; + newNode.Value = row.userID.ToString(); ; + newNode.PopulateOnDemand = true; + newNode.SelectAction = TreeNodeSelectAction.Expand; + newNode.NavigateUrl = "~/UserSettings.aspx?" + Constants.CODE_PRODUCT + "=" + productID + "&" + Constants.CODE_USER + "=" + newNode.Value; + parent.ChildNodes.Add(newNode); + newNode.Expand(); + } } } protected void BuildAllUserList(TreeNode parent) Modified: Website/Includes/UserSettings.ascx =================================================================== --- Website/Includes/UserSettings.ascx 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Includes/UserSettings.ascx 2006-08-04 21:21:34 UTC (rev 273) @@ -92,11 +92,8 @@ runat="server" ID="newLabel" OnLoad="newLabel_Load"> | </asp:Label> <asp:LinkButton ID="Edit" runat="server" CommandName="Edit" OnInit="Edit_Init">Edit User</asp:LinkButton><asp:Label runat="server" ID="editLabel" OnLoad="editLabel_Load"> | </asp:Label> - <% if (TCDB.Common.Constants.IS_DEV_ENV) - { %> <asp:LinkButton ID="editConfig" runat="server" CommandName="editConfig" OnCommand="editConfig" OnInit="editConfig_Init">Preferences</asp:LinkButton> - <% } %> <asp:Label runat="server" ID="deleteLabel" OnLoad="deleteLabel_Load"> | </asp:Label><asp:LinkButton ID="Delete" runat="server" CommandName="Delete" OnLoad="deleteButton_Load">Delete</asp:LinkButton> </div> @@ -309,9 +306,9 @@ <asp:LinkButton ID="UpdateCancelButton" runat="server" CausesValidation="False" CommandName="Cancel" Text="Cancel" /> | <asp:LinkButton ID="sync" runat="server" Text="Sync with AD" OnCommand="SyncWithAD" /> - <!-- + <asp:Label ID="passwordLbl" runat="server" Text="Password: "></asp:Label><asp:TextBox - ID="passwordBox" runat="server" TextMode="Password"></asp:TextBox>--> + ID="passwordBox" runat="server" TextMode="Password"></asp:TextBox> </div> <div class="right"> </div> Modified: Website/Includes/UserSettings.ascx.cs =================================================================== --- Website/Includes/UserSettings.ascx.cs 2006-08-04 19:31:36 UTC (rev 272) +++ Website/Includes/UserSettings.ascx.cs 2006-08-04 21:21:34 UTC (rev 273) @@ -20,21 +20,31 @@ { private static ILog m_logg = LogManager.GetLogger("Page:UserSettings"); int userID = Convert.ToInt32(HttpContext.Current.Request.QueryString[Constants.CODE_USER]); + User user; String mode = HttpContext.Current.Request.QueryString["mode"]; - String product = HttpContext.Current.Request.QueryString[Constants.CODE_PRODUCT]; + int productID = Convert.ToInt32(HttpContext.Current.Request.QueryString[Constants.CODE_PRODUCT]); protected void Page_Load(object sender, EventArgs e) { + // input check if (!m_user.ISAUTHENTICATED) { return; } - if (!m_user.HasRight("view_my_settings", Constants.PRODUCT_ANYID)) - Response.Redirect("~/Assignments.aspx?" + Constants.CODE_USER + "=" + m_user.ID); - - m_logg.Debug("Loading page UserSettings"); if (userID == 0) { m_logg.Debug("Unable to locate user ID in query string. Default to current user"); userID = m_user.ID; } + + // Get user + user = UserDB.GetUserInfo(userID); + + // Rights check + if (userID == m_user.ID && !m_user.HasRight("view_my_settings", productID)) + Response.Redirect("~/Assignments.aspx?" + Constants.CODE_USER + "=" + m_user.ID); + if (userID != m_user.ID && !(user.HasRights(productID) && m_user.HasRight("view_other_settings", productID))) + Response.Redirect("~/UserSettings.aspx?" + Constants.CODE_USER + "=" + m_user.ID); + + // Settings init + m_logg.Debug("Loading page UserSettings"); Session.Add("userID", userID); Session.Add("tableName", "tcdb_user"); @@ -44,61 +54,67 @@ protected void deleteButton_Load(object sender, EventArgs e) { - if (mode == "read" || !m_user.HasRight("delete_user", Constants.PRODUCT_ANYID) || userID == m_user.ID) - { - LinkButton deleteButton = (LinkButton)UserSettingsView.FindControl("New"); + LinkButton deleteButton = (LinkButton)sender; + if (user == null) user = UserDB.GetUserInfo(userID); + + if ( mode == "read" || !(user.HasRights(productID) && m_user.HasRight("delete_user", productID)) || userID == m_user.ID) deleteButton.Visible = false; - } } protected void newButton_Load(object sender, EventArgs e) { - if (mode == "read" || !m_user.HasRight("create_user", Constants.PRODUCT_ANYID)) - { - LinkButton deleteButton = (LinkButton)UserSettingsView.FindControl("Delete"); - deleteButton.Visible = false; - } + LinkButton newButton = (LinkButton)sender; + if (user == null) user = UserDB.GetUserInfo(userID); + + if (mode == "read" || !(user.HasRights(productID) && m_user.HasRight("create_user", Constants.PRODUCT_ANYID))) + newButton.Visible = false; } protected void Edit_Init(object sender, EventArgs e) { LinkButton editBtn = (LinkButton)sender; + if (user == null) user = UserDB.GetUserInfo(userID); + if ( (userID == m_user.ID && !m_user.HasRight("edit_my_settings", Constants.PRODUCT_ANYID)) && - (mode != "read" && !m_user.HasRight("edit_other_settings", Constants.PRODUCT_ANYID))) + (mode != "read" && !(user.HasRights(productID) && m_user.HasRight("edit_other_settings", productID)))) editBtn.Visible = false; } protected void editConfig_Init(object sender, EventArgs e) { LinkButton editConfigBtn = (LinkButton)sender; + if (user == null) user = UserDB.GetUserInfo(userID); - if (!m_user.HasRight("view_my_preferences", Constants.PRODUCT_ANYID)) + if ((userID == m_user.ID && !m_user.HasRight("edit_my_settings", Constants.PRODUCT_ANYID)) && + (mode != "read" && !(user.HasRights(productID) && m_user.HasRight("edit_other_settings", productID)))) editConfigBtn.Visible = false; } protected void deleteLabel_Load(object sender, EventArgs e) { - if (mode == "read" || !m_user.HasRight("delete_user", Constants.PRODUCT_ANYID) || userID == m_user.ID) - { - Label deleteLabel = (Label)UserSettingsView.FindControl("deleteLabel"); + Label deleteLabel = (Label)sender; + if (user == null) user = UserDB.GetUserInfo(userID); + + if (mode == "read" || !(user.HasRights(productID) && m_user.HasRight("delete_user", productID)) || userID == m_user.ID) deleteLabel.Visible = false; - } } protected void newLabel_Load(object sender, EventArgs e) { - if (mode == "read" || !m_user.HasRight("create_user",Constants.PRODUCT_ANYID)) - { - Label newLabel = (Label)UserSettingsView.FindControl("newLabel"); + Label newLabel = (Label)sender; + if (user == null) user = UserDB.GetUserInfo(userID); + + if (mode == "read" || !(user.HasRights(productID) && m_user.HasRight("create_user", Constants.PRODUCT_ANYID))) newLabel.Visible = false; - } } protected void editLabel_Load(object sender, EventArgs e) { - Label editLabel = (Label)UserSettingsView.FindControl("editLabel"); + Label editLabel = (Label)sender; + if (user == null) user = UserDB.GetUserInfo(userID); - if (!m_user.HasRight("delete_user",Constants.PRODUCT_ANYID)) + if ((userID == m_user.ID && !m_user.HasRight("view_my_preferences", Constants.PRODUCT_ANYID)) || + (userID != m_user.ID && !(user.HasRights(productID) && m_user.HasRight("view_other_preferences", productID)))) editLabel.Visible = false; } @@ -141,7 +157,7 @@ tcdbDataSetTableAdapters.db_roleUserProductTableAdapter rupAdapter = new tcdbDataSetTableAdapters.db_roleUserProductTableAdapter(); Dictionary<String, ArrayList> ProductRoles = (Dictionary<String, ArrayList>)Session["ProductRoles"]; - /* + // Clear roles rupAdapter.upd_userRoleProduct(userID, null, null, false); @@ -157,8 +173,8 @@ rupAdapter.ins_userRoleProduct(userID, roleID, productID); } } - */ - + + /* tcdbDataSetTableAdapters.db_productsTableAdapter pAdapter = new tcdbDataSetTableAdapters.db_productsTableAdapter(); tcdbDataSet.db_productsDataTable pTable = pAdapter.GetData(true, null); tcdbDataSetTableAdapters.db_roleTableAdapter rAdapter = new tcdbDataSetTableAdapters.db_roleTableAdapter(); @@ -179,6 +195,7 @@ } } + * */ } protected void SyncWithAD(object sender, CommandEventArgs e) @@ -268,7 +285,8 @@ { Literal roleTree = (Literal)sender; - if (m_user.HasRight("view_my_roles", Constants.PRODUCT_ANYID)) + if ( (userID == m_user.ID && m_user.HasRight("view_my_roles", Constants.PRODUCT_ANYID)) || + (userID != m_user.ID && m_user.HasRight("view_other_roles", Constants.PRODUCT_ANYID))) { roleTree.Visible = true; roleTree.ID = "roleTree"; @@ -286,21 +304,25 @@ foreach (tcdbDataSet.db_productsRow pRow in pTable) { - // Get Roles - tcdbDataSetTableAdapters.db_roleUserProductTableAdapter rupAdapter = new tcdbDataSetTableAdapters.db_roleUserProductTableAdapter(); - tcdbDataSet.db_roleUserProductDataTable rupTable = rupAdapter.GetData(userID, pRow.productID, true); - ArrayList roles = new ArrayList(); + if ((userID == m_user.ID && m_user.HasRight("view_my_roles", pRow.productID)) || + (userID != m_user.ID && m_user.HasRight("view_other_roles", pRow.productID))) + { + // Get Roles + tcdbDataSetTableAdapters.db_roleUserProductTableAdapter rupAdapter = new tcdbDataSetTableAdapters.db_roleUserProductTableAdapter(); + tcdbDataSet.db_roleUserProductDataTable rupTable = rupAdapter.GetData(userID, pRow.productID, true); + ArrayList roles = new ArrayList(); - foreach (tcdbDataSet.db_roleUserProductRow rupRow in rupTable) - roles.Add(rupRow.roleName); + foreach (tcdbDataSet.db_roleUserProductRow rupRow in rupTable) + roles.Add(rupRow.roleName); - if (roles.Count > 0) - ProductRoles[pRow.name] = roles; + if (roles.Count > 0) + ProductRoles[pRow.name] = roles; + } } // Setup list foreach (String product in ProductRoles.Keys) - { + { roleTree.Text += "\t<li><strong>" + product + "</strong>\n"; roleTree.Text += "\t\t<ul>\n"; @@ -361,14 +383,17 @@ foreach (tcdbDataSet.db_productsRow row in pTable) { - TreeNode child = new TreeNode(); - child.Text = "<label>" + row.name + "</label>"; - child.Value = row.productID.ToString(); - child.SelectAction = TreeNodeSelectAction.Select; - child.PopulateOnDemand = true; - child.ShowCheckBox = false; + if (m_user.HasRight("edit_role_users", row.productID)) + { + TreeNode child = new TreeNode(); + child.Text = "<label>" + row.name + "</label>"; + child.Value = row.productID.ToString(); + child.SelectAction = TreeNodeSelectAction.Select; + child.PopulateOnDemand = true; + child.ShowCheckBox = false; - parent.ChildNodes.Add(child); + parent.ChildNodes.Add(child); + } } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
