<%@page pageEncoding="iso-8859-1" contentType="text/html" %>
<%@ page import ="org.dbforms.config.DbFormsConfigRegistry,java.sql.Connection,java.sql.Statement,java.sql.ResultSet" %>
<%if (request.getParameter("logoff") != null&&request.getSession()!=null) {
    request.getSession().invalidate();
    };
  if (request.getSession()!=null&&request.getSession().getAttribute("sessiontype")!=null&&
  request.getSession().getAttribute("sessiontype").equals("superx")) {

Object mandantobject=request.getSession().getAttribute("MandantenID");
Object userid=request.getSession().getAttribute("UserID");
String mandantenid="";
if(mandantobject != null)
        mandantenid=mandantobject.toString();
//der superx-Default-Mandant ist bei dbforms ein Leerstring
if(mandantenid.equals("default"))
        mandantenid="";

Connection conmm=null; 
Statement st5;
ResultSet l_rset5;

try { 
 
conmm = DbFormsConfigRegistry.instance().lookup().getConnection(mandantenid); 

st5=conmm.createStatement();
	String queryMaskenRechte = "--alle Abfragen für die die Gruppe über Sachgebiete berechtigt \n"
				+ "select distinct M.tid,M.name \n"
				+ "		  from  maskeninfo M, sachgeb_maske_bez S, group_sachgeb_bez G, user_group_bez U \n"
				+ "		 where (U.sticky is null or  U.sticky>0) and M.tid = S.maskeninfo_id \n"
				+ "		 and S.sachgebiete_id = G.sachgebiete_id \n"
				+ "		   and G.groupinfo_id = U.groupinfo_id \n"
				+ "		   and U.userinfo_id = "
				+ userid
				+ " \n"
				+ "		 union  \n"
				+ "		 --alle Abfragen für die die Gruppe berechtigt (Einzelrechte) \n"
				+ "	select distinct M.tid,M.name \n"
				+ "		  from  maskeninfo M, group_masken_bez G, user_group_bez U \n"
				+ "		 where  (U.sticky is null or  U.sticky>0) and M.tid = G.maskeninfo_id \n"
				+ "		   and G.groupinfo_id = U.groupinfo_id \n"
				+ "		   and U.userinfo_id = "
				+ userid
				+ " \n"
				+ "		 union  \n"
				+ "--alle Abfragen aus Sachgebieten für die der Nutzer Rechte hat \n"
				+ "	select distinct M.tid,M.name \n"
				+ "		from  maskeninfo M  \n"
				+ "		where  \n"
				+ " 		 (M.tid in (select maskeninfo_id from sachgeb_maske_bez S where S.sachgebiete_id in  \n"
				+ "		 (select sachgebiete_id from user_sachgeb_bez U where U.userinfo_id="
				+ userid
				+ " )))  \n"
				+ "		union  \n"
				+ "--alle Abfragen für die Einzelrechte in user_masken_bez angegeben \n"
				+ "	select distinct M.tid,M.name \n"
				+ "		from  maskeninfo M, user_masken_bez B  \n"
				+ "		where \n"
				+ "		 B.userinfo_id = "
				+ userid
				+ " \n"
				+ "		 	 and (M.tid = B.maskeninfo_id \n"
				+ "		 or B.maskeninfo_id = 0)";
l_rset5 = st5.executeQuery(queryMaskenRechte);
StringBuffer maskRights=new StringBuffer();
while (l_rset5.next()) 
{
maskRights.append(l_rset5.getObject(1)+",");
}
l_rset5.close();
st5.close();
conmm.close();	

  int countMaskRights=0; boolean hasFinRights=false;boolean hasDrittRights=false;boolean hasManRights=false;
//String maskRights=request.getSession().getAttribute("UserMaskRights").toString();
if (maskRights.indexOf(",14571000,")>-1)
{countMaskRights++;hasFinRights=true;}
if (maskRights.indexOf(",888880120,")>-1)
{countMaskRights++;hasDrittRights=true;}
if (maskRights.indexOf(",888880190,")>-1)
{countMaskRights++;hasManRights=true;}
if (countMaskRights==0)
{
%>
<html>

<head>
<meta http-equiv="content-type" content="text/html;">
<title>HFT Stuttgart </title>
<!-- <link rel="stylesheet" type="text/css" href="format.css">-->
<link rel="stylesheet" type="text/css" href="/superx/BISP/xml/man.css" />
<link rel="stylesheet" type="text/css" href="/superx/BISP/xml/man_html.css" />

</head>
<script language="Javascript">
function oeffne(url)
{
self.maske.location.href=url;
}
function applyMerkmale(merkmale)
{
self.maske.applyMerkmale(merkmale);
}
</script>
<script type="text/javascript" src="js/dojo/dojo.js"></script>

<body>
<br/><br/><br/><br/><br/><h2 align="center"><font color=red>Sie haben keine Rechte für Finanz- oder Drittmittelbericht oder Managementübersicht</font><h2>
</body>
</html>
    <% } else
//if (countMaskRights==1&&hasFinRights) response.sendRedirect("/superx/xml/management/finanzbericht.jsp");
 {%>
<html>
<head>
<meta http-equiv="content-type" content="text/html;">
<title>HFT Stuttgart </title>
<!-- <link rel="stylesheet" type="text/css" href="format.css">-->
<link rel="stylesheet" type="text/css" href="/superx/BISP/xml/man.css" />
<link rel="stylesheet" type="text/css" href="/superx/BISP/xml/man_html.css" />

<script language="Javascript">
function oeffne(url)
{
self.maske.location.href=url;
}
function applyMerkmale(merkmale)
{
self.maske.applyMerkmale(merkmale);
}
</script>
<script type="text/javascript" src="js/dojo/dojo.js"></script>
</head>
<body>
<br/><br/>
<p align="center"><img src="LogoHFTStuttgart.png" width="90%" height="30%"></p><br/>

<div align="center" id="Menue">

<h2 align="center">Bitte w&auml;hlen Sie:</h2>
<% if (hasManRights) {%><h3 class="menue"><a  href="/superx/servlet/SuperXmlTabelle?tid=888880190">Managementübersicht</a></h3><%}%>
<% if (hasFinRights) {%><h3 class="menue"> <a  href="/superx/servlet/SuperXmlMaske?tid=14571000">Finanzbericht</a></h3><%}%>
<% if (hasDrittRights) {%><h3 class="menue"> <a  href="/superx/servlet/SuperXmlMaske?tid=888880120">Drittmitellbericht</a></h3><%}%>

</div>



</body>
</html>
 <%
} 
}
catch (Exception e) { 
out.print("<html><body>Fehler bei Datenverbindung: "+e+ " MandantenID"+mandantenid);
} 
  
}
else {

    if (request.getSession()!=null) session.invalidate();
    response.sendRedirect("/superx/xml/management/index.jsp");
    return;
  }
%>