10a5283fb-5d7c-4ed6-b5fa-6bc11e2bbde8VBScriptAzBizRuleContext.BusinessRuleResult = false ' Set BizRule result to fail in case script stops prematurely ' ---------------------------------------------------- ' Authorization Manager Rule script. ' Retrieves CoSign Uniqname variable from host header, ' and queries database to determine if username ' assigned access to given URL. ' ' David Sweetman - dsweetma@umich.edu ' v0.2.0 ' ---------------------------------------------------- Dim oConn, oRS, SQL, URL, URLID, uniqname, UniqnameID, IP, ALL_RAW Dim s, buf, b, p ' database connection Set oConn = CreateObject("ADODB.Connection") Set oRS = CreateObject ("ADODB.Recordset") oConn.ConnectionString="DRIVER={Microsoft Access Driver (*.mdb)};" & _ "DBQ=c:\MMB\database\URLAuthorization.mdb" URL = lcase(AzBizRuleContext.GetParameter("URL")) IP = "0.0.0.0" 'lcase(AzBizRuleContext.GetParameter("REMOTE_ADDR")) ALL_RAW = AzBizRuleContext.GetParameter("ALL_HTTP") buf = split(ALL_RAW,chr(10)) ' split them according to the chr(10) for each b in buf ' for each element in the split string b = trim(b) ' remove spaces p = instr(b,"REMOTE_USER:") ' search for the remote_user string if p>0 then ' if it's there uniqname = trim(mid(b,instr(b,chr(32))+1)) ' retrieve the user name and trim all spaces uniqname = left(uniqname,len(uniqname)) ' the last character is a chr(10) so remove it end if ' end if Next Uniqname = lcase(Right(Uniqname, (Len(Uniqname) - Instr(Uniqname, ":")))) oConn.Open URLID = returnURLid(URL) If URLID = 0 Then ' URLpath not defined in db for use with URL Authorization SQL = "INSERT INTO AccessErrors (DateTimeErr, IP, AccName, URL, ErrMsg) VALUES (" & _ "#" & Now & "#, '" & IP & "', '" & Uniqname & _ "', '" & URL & "', 'URLpath not defined in db.')" oConn.execute SQL End If SQL = "SELECT ID FROM AccessPrincipals WHERE AccName = '" & Uniqname & "'" oRS.Open SQL, oConn If oRS.EOF Then ' Uniqname not found in db SQL = "INSERT INTO AccessErrors (DateTimeErr, IP, AccName, URL, ErrMsg) VALUES (" & _ "#" & Now & "#, '" & IP & "', '" & Uniqname & _ "', '" & URL & "', 'Uniqname not found in db.')" oConn.execute SQL UniqnameID = 0 Else UniqnameID = oRS("ID") End If oRS.Close SQL = "SELECT URLAccess.URLID FROM URLAccess, UserGroup WHERE " & _ "(URLAccess.AccessID = UserGroup.UserID OR URLAccess.AccessID = UserGroup.GroupID) " & _ "AND URLID = " & URLID & " AND UserID = " & UniqnameID oRS.Open SQL, oConn If oRS.EOF Then ' Uniqname not found in db SQL = "INSERT INTO AccessErrors (DateTimeErr, IP, AccName, URL, ErrMsg) VALUES (" & _ "#" & Now & "#, '" & IP & "', '" & Uniqname & _ "', '" & URL & "', 'User not authorized to access resource.')" oConn.execute SQL Else ' for troubleshooting SQL = "INSERT INTO AccessErrors (DateTimeErr, IP, AccName, URL, ErrMsg) VALUES (" & _ "#" & Now & "#, '" & IP & "', '" & Uniqname & _ "', '" & URL & "', 'Access granted.')" oConn.execute SQL ' Person is authorized, set result to true AzBizRuleContext.BusinessRuleResult = true End If oRS.Close oConn.Close ' ------------------------------------------------------------------------- Function ReturnURLid(URL) ' returns db id of URL specified, or closest parent dir ' zero if id not found or abnormal function termination ReturnURLid = 0 Dim resultURL, URLarray, dir, ArrMax, i, j resultURL = URL URLarray = split(URL, "/") ' create array of dirs/filename in URL For each dir in URLArray If Len(dir) > 1 Then ' for initial (empty) value ArrMax = ArrMax + 1 End If Next If Instr(URLArray(arrMax), ".") Then ' assumes directories will not have "." in name ' decrements Array to then recurse for deepest folder defined in db ArrMax = ArrMax - 1 End If For i = 1 to arrMax resultURL = "" ' starts at root, higher directories will overwrite value For j = 1 to i ' re-construct construct URL resultURL = resultURL & "/" & URLArray(j) Next SQL = "SELECT ID FROM URLpaths WHERE URL = '" & resultURL & "'" oRS.Open SQL, oConn If NOT oRS.EOF Then returnURLid = oRS("ID") End If oRS.Close Next End Function Set oConn = Nothing Set oRS = Nothing 1bb5dc5d-4fa2-4701-afba-ad56ca917e99S-1-5-21-3238728885-3433763950-1021928860-1003a75f97f0-e728-4cda-94eb-7527c2c06920S-1-5-32-544VBScriptAzBizRuleContext.BusinessRuleResult = true0a5283fb-5d7c-4ed6-b5fa-6bc11e2bbde8VBScriptAzBizRuleContext.BusinessRuleResult = false0a5283fb-5d7c-4ed6-b5fa-6bc11e2bbde8