public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public virtual void Process(AddDbItemArgs args)
{
var item = args.DbItem;
var rules = new AccessRuleCollection();
this.FillAccessRules(rules, item.Access, AccessRight.ItemRead, a => a.CanRead);
this.FillAccessRules(rules, item.Access, AccessRight.ItemWrite, a => a.CanWrite);
this.FillAccessRules(rules, item.Access, AccessRight.ItemRename, a => a.CanRename);
this.FillAccessRules(rules, item.Access, AccessRight.ItemCreate, a => a.CanCreate);
this.FillAccessRules(rules, item.Access, AccessRight.ItemDelete, a => a.CanDelete);
this.FillAccessRules(rules, item.Access, AccessRight.ItemAdmin, a => a.CanAdmin);
if (!rules.Any())
{
return;
}
var serializer = new AccessRuleSerializer();
// TODO: Should not require to check if Security field is exists
if (item.Fields.Any(f => f.ID == FieldIDs.Security))
{
item.Fields[FieldIDs.Security].Value = serializer.Serialize(rules);
}
else
{
item.Fields.Add(new DbField("__Security", FieldIDs.Security)
{
Value = serializer.Serialize(rules)
});
}
}
public void TestFixtureSetUp()
{
// Create test content
m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
try
{
m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
}
catch
{
// this "catch" is used to debug issues with the Paste() method call above
int y = 0;
y++;
}
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public virtual void Process(AddDbItemArgs args)
{
var item = args.DbItem;
var rules = new AccessRuleCollection();
this.FillAccessRules(rules, item.Access, AccessRight.ItemRead, a => a.CanRead);
this.FillAccessRules(rules, item.Access, AccessRight.ItemWrite, a => a.CanWrite);
this.FillAccessRules(rules, item.Access, AccessRight.ItemRename, a => a.CanRename);
this.FillAccessRules(rules, item.Access, AccessRight.ItemCreate, a => a.CanCreate);
this.FillAccessRules(rules, item.Access, AccessRight.ItemDelete, a => a.CanDelete);
this.FillAccessRules(rules, item.Access, AccessRight.ItemAdmin, a => a.CanAdmin);
if (!rules.Any())
{
return;
}
var serializer = new AccessRuleSerializer();
item.Fields.Add(new DbField("__Security", FieldIDs.Security)
{
Value = serializer.Serialize(rules)
});
}
private void ParseAccount([NotNull] Item item, [NotNull] Account account, [NotNull] AccessRuleCollection accessRules)
{
Assert.ArgumentNotNull(item, nameof(item));
Assert.ArgumentNotNull(account, nameof(account));
Assert.ArgumentNotNull(accessRules, nameof(accessRules));
var accessRights = AccessRightManager.GetAccessRights();
var first = true;
foreach (var accessRight in accessRights)
{
if (!accessRight.AppliesTo(item))
{
continue;
}
var entityPermission = accessRules.Helper.GetExplicitAccessPermission(account, accessRight, PropagationType.Entity);
var descendantsPermission = accessRules.Helper.GetExplicitAccessPermission(account, accessRight, PropagationType.Descendants);
if (entityPermission == AccessPermission.NotSet && descendantsPermission == AccessPermission.NotSet)
{
continue;
}
if (first)
{
RenderAccount(account);
first = false;
}
RenderPermissions(accessRight.Title, entityPermission, descendantsPermission);
}
RenderInheritance(accessRules, account, first);
}
private void DownloadRolesExport()
{
var allright = CurrentRights.GetAllRightsMaster();
var rols = Request.Form.Get("rol");
if (rols != null)
{
foreach (var rol in rols.Split(','))
{
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
dowload.Text += "role," + account.Name + ",";
int count = 0;
foreach (var subrol in RolesInRolesManager.GetRolesInRole(account, false))
{
if (count != 0)
{
dowload.Text += "|";
}
dowload.Text += subrol.Name;
count++;
}
dowload.Text += "\n";
}
foreach (var rol in rols.Split(','))
{
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
foreach (var itemWithRights in allright)
{
var accessRules = itemWithRights.Security.GetAccessRules();
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (rule.Account == account)
{
AccessRuleCollection ruleCollection = new AccessRuleCollection();
ruleCollection.Add(rule);
dowload.Text += itemWithRights.Paths.FullPath + "," + ruleCollection.ToString() + "\n";
}
}
}
}
}
}
Response.Clear();
Response.ContentType = "application/CSV";
Response.AddHeader("Cache-Control", "must-revalidate");
Response.AddHeader("Pragma", "must-revalidate");
Response.AddHeader("Content-type", "application/x-download");
Response.AddHeader("Content-disposition", "attachment; filename=sitecore-roles-export.csv");
}
private string GetAccessPermission(AccessRuleCollection rules, Sitecore.Security.Accounts.Account account, AccessRight accessRight, AccessPermission accessPermission, string sExistingPermissions)
{
if ((rules.Helper.GetAccessPermission(account, accessRight, PropagationType.Descendants) == accessPermission) &&
(sExistingPermissions.IndexOf(accessRight.Name) == -1))
{
sExistingPermissions += accessRight.Name + "|";
}
return(sExistingPermissions);
}
public virtual string BuildSecurityValue(ProductCatalog catalog)
{
AccessRuleCollection accessRulesForUsers = BuildAccessRuleCollectionForUsers(catalog);
var serializer = new AccessRuleSerializer();
var value = serializer.Serialize(accessRulesForUsers);
return(value);
}
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
return(collection);
}
private void ApplySecurity(Item item, Dictionary <string, SecurityEntry> entries)
{
if (item == null)
{
return;
}
var securityString = item.Fields[FieldIDs.Security].ContainsStandardValue
? null
: item.Security.GetAccessRules().ToString();
var newSecurityString = securityString;
if (entries.ContainsKey(item.ID.ToString()))
{
var entry = entries[item.ID.ToString()];
if (!_options.SkipPathIntegrityCheck && !entry.Path.Equals(item.Paths.FullPath, StringComparison.InvariantCultureIgnoreCase))
{
LogError($"Skipping item that failed path integrity check '{item.ID}'. Item path '{item.Paths.FullPath}' does not match entry path '{entry.Path}'");
}
else if (entry.Security != securityString)
{
newSecurityString = entry.Security;
}
}
else if (!string.IsNullOrWhiteSpace(securityString))
{
newSecurityString = null;
}
if (securityString != newSecurityString)
{
LogMessage($"Updating security for item '{item.Paths.FullPath}' ('{(securityString == null ? "null" : securityString)}' => '{(newSecurityString == null ? "null" : newSecurityString)}')", false);
if (!_options.Preview)
{
using (new EditContext(item, Sitecore.SecurityModel.SecurityCheck.Disable))
{
if (newSecurityString == null)
{
item.Fields[FieldIDs.Security].Reset();
}
else
{
item.Security.SetAccessRules(AccessRuleCollection.FromString(newSecurityString));
}
}
IncrementProcessed();
}
}
foreach (Item child in item.GetChildren(Sitecore.Collections.ChildListOptions.IgnoreSecurity | Sitecore.Collections.ChildListOptions.SkipSorting))
{
ApplySecurity(child, entries);
}
}
public FakeAuthorizationProviderTest()
{
this.provider = new FakeAuthorizationProvider();
this.localProvider = Substitute.For <AuthorizationProvider>();
this.helper = Substitute.For <ItemAuthorizationHelper>();
this.entity = Substitute.For <ISecurable>();
this.item = ItemHelper.CreateInstance();
this.rules = new AccessRuleCollection();
}
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func<DbItemAccess, bool?> canAct)
{
var canActRest = canAct(itemAccess);
if (canActRest == null)
{
return;
}
var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess;
rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission));
}
public FakeAuthorizationProviderTest()
{
this.provider = new FakeAuthorizationProvider();
this.localProvider = Substitute.For<AuthorizationProvider>();
this.helper = Substitute.For<ItemAuthorizationHelper>();
this.entity = Substitute.For<ISecurable>();
this.item = ItemHelper.CreateInstance();
this.rules = new AccessRuleCollection();
}
public static List <DefaultRight> GetDefaultRights(string database, string account, out string message)
{
IEnumerable <string[]> rights;
if (database.ToLower() == "core")
{
rights = GetDefaultCoreRightsByVersion(out message);
}
else
{
rights = GetDefaultMasterRightsByVersion(out message);
}
//Here is a issue, we handle account without looking for user or rol... so if a user has same name as rol, it is mixing.
var returnlist = new List <DefaultRight>();
foreach (var r in rights.OrderBy(x => x[0]))
{
var accessRules = AccessRuleCollection.FromString(r[1]);
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (account == "all" || account == rule.Account.Name)
{
var tmp = new DefaultRight
{
Path = r[0],
Account = rule.Account.Name,
AccountType = rule.Account.AccountType,
Right = rule.SecurityPermission.ToString(),
PropagationType = rule.PropagationType.ToString(),
Name = rule.AccessRight.Name,
Message = "Default Sitecore",
Hit = false
};
if (tmp.AccountType != AccountType.Role)
{
if (tmp.AccountType == AccountType.User)
{
tmp.Message += " User role not recommend";
}
else
{
tmp.Message += " User role Unknown";
}
}
returnlist.Add(tmp);
}
}
}
}
return(returnlist);
}
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct)
{
var canActRest = canAct(itemAccess);
if (canActRest == null)
{
return;
}
var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess;
rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission));
}
public FakeAuthorizationProviderTest()
{
this.localProvider = Substitute.For <AuthorizationProvider>();
this.helper = Substitute.For <ItemAuthorizationHelper>(
Substitute.For <BaseAccessRightManager>(),
Substitute.For <BaseRolesInRolesManager>(),
Substitute.For <BaseItemManager>());
this.provider = new FakeAuthorizationProvider(helper);
this.entity = Substitute.For <ISecurable>();
this.item = ItemHelper.CreateInstance();
this.rules = new AccessRuleCollection();
}
private void SetRight(string strDatabase, string strItem, string strAccount, List <AccessRight> rights)
{
//Get Access Rules, Set Access Rules
try
{
Sitecore.Data.Database db = Sitecore.Configuration.Factory.GetDatabase(strDatabase);
Item item = db.GetItem(strItem);
AccountType accountType = AccountType.User;
Account account = Account.FromName(strAccount, accountType);
AccessPermission rightState = AccessPermission.Allow;
if (Sitecore.Security.SecurityUtility.IsRole(strAccount))
{
accountType = Sitecore.Security.Accounts.AccountType.Role;
}
AccessRuleCollection accessRules = item.Security.GetAccessRules();
foreach (AccessRight right in rights)
{
try
{
accessRules.Helper.RemoveExactMatches(account, right);
}
catch (Exception ex)
{
Log.Debug("accessRules.Helper.RemoveExactMatches " + ex.Message.ToString());
}
try
{
accessRules.Helper.AddAccessPermission(account, right, PropagationType.Entity, rightState);
accessRules.Helper.AddAccessPermission(account, right, PropagationType.Descendants, rightState);
Log.Debug(account.Name.ToString() + " has access right of " + right.Name.ToString() + " for " + strItem);
}
catch (Exception ex)
{
Log.Debug("accessRules.Helper.AddAccessPermission " + ex.Message.ToString());
}
}
item.Security.SetAccessRules(accessRules);
}
catch
(Exception ex)
{
Log.Debug(ex.Message.ToString());
}
}
private static void RevokeItemAccessRights(User user, string[] items)
{
Database database = Factory.GetDatabase("master");
foreach (string itempath in items)
{
Item item = database.GetItem(itempath);
if (item != null)
{
AccessRuleCollection accessRules = item.Security.GetAccessRules();
accessRules.Helper.AddAccessPermission(user, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny);
}
}
}
protected virtual AccessRuleCollection BuildAccessRuleCollectionForUsers(ProductCatalog catalog)
{
var result = new AccessRuleCollection();
foreach (var user in _userService.GetAllUsers())
{
var sitecoreAccount = SitecoreUsers[user.ExternalId];
bool hasAccess = _securityService.UserCanAccess <ProductCatalogRole, ProductCatalog>(catalog, user);
var userCollection = BuildAccessRuleCollection(sitecoreAccount, hasAccess);
result.AddRange(userCollection);
}
return(result);
}
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
// Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories.
collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess));
return(collection);
}
public static void AddSecurityRules(this Item item, AccessRuleCollection addRules, bool checkSecurity = false)
{
Assert.IsNotNull(item, "item cannot be null");
var state = SecurityState.Enabled;
if (!checkSecurity)
{
state = SecurityState.Disabled;
}
using (new SecurityStateSwitcher(state))
{
var accessRules = item.Security.GetAccessRules();
accessRules.AddRange(addRules);
item.Security.SetAccessRules(accessRules);
}
}
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
Assert.ArgumentNotNull(entity, "entity");
Assert.ArgumentNotNull(rules, "rules");
if (this.IsLocalProviderSet())
{
this.LocalProvider.Value.SetAccessRules(entity, rules);
}
else
{
var item = entity as Item;
if (item != null)
{
this.itemHelper.SetAccessRules(item, rules);
}
}
}
public void ShouldRestrictItemSecurity()
{
// arrange
using (var db = new Db { new DbItem("home") { new DbItem("about") } })
{
var item = db.GetItem("/sitecore/content/home");
var rules = new AccessRuleCollection
{
AccessRule.Create(Context.User, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny)
};
// act
AuthorizationManager.SetAccessRules(item, rules);
// assert
Assert.NotNull(db.GetItem("/sitecore/content/home"));
Assert.Null(db.GetItem("/sitecore/content/home/about"));
}
}
protected string accessRules2Email(AccessRuleCollection accessRules, string oldUserRolesSetting)
{
foreach (AccessRule accessRule in accessRules)
{
string name = accessRule.Account.Name;
if (oldUserRolesSetting.Contains(name) || !accessRule.Account.Domain.Name.ToLower().Contains("TheDomainOfUsersYouWannaSent"))
{
continue;
}
string comment = accessRule.AccessRight.Comment;
var permiss = accessRule.SecurityPermission;
oldUserRolesSetting += name + "|";
Sitecore.Diagnostics.Log.Info("Name: " + name + "\\ Comment: " + comment, this);
}
return(oldUserRolesSetting);
}
private void RenderInheritance([NotNull] AccessRuleCollection accessRules, [NotNull] Account account, bool first)
{
Assert.ArgumentNotNull(accessRules, nameof(accessRules));
Assert.ArgumentNotNull(account, nameof(account));
var entityPermission = accessRules.Helper.GetInheritanceRestriction(account, AccessRight.Any, PropagationType.Entity);
var descendantsPermission = accessRules.Helper.GetInheritanceRestriction(account, AccessRight.Any, PropagationType.Descendants);
if (entityPermission == InheritancePermission.NotSet && descendantsPermission == InheritancePermission.NotSet)
{
return;
}
if (first)
{
RenderAccount(account);
}
RenderPermissions("Inheritance", GetAccessPermission(entityPermission), GetAccessPermission(descendantsPermission));
}
public virtual void Process(AddDbItemArgs args)
{
var item = args.DbItem;
var rules = new AccessRuleCollection();
this.FillAccessRules(rules, item.Access, AccessRight.ItemRead, a => a.CanRead);
this.FillAccessRules(rules, item.Access, AccessRight.ItemWrite, a => a.CanWrite);
this.FillAccessRules(rules, item.Access, AccessRight.ItemRename, a => a.CanRename);
this.FillAccessRules(rules, item.Access, AccessRight.ItemCreate, a => a.CanCreate);
this.FillAccessRules(rules, item.Access, AccessRight.ItemDelete, a => a.CanDelete);
this.FillAccessRules(rules, item.Access, AccessRight.ItemAdmin, a => a.CanAdmin);
if (!rules.Any())
{
return;
}
var serializer = new AccessRuleSerializer();
item.Fields.Add(new DbField("__Security", FieldIDs.Security) { Value = serializer.Serialize(rules) });
}
private static void Step2(HttpRequest request, Literal rolesexport)
{
rolesexport.Text += "Export preview<br><br>";
var allright = CurrentRights.GetAllRightsMaster();
var rols = request.Form.Get("rol");
if (rols != null)
{
foreach (var rol in rols.Split(','))
{
rolesexport.Text += "<strong>" + rol + "</strong> :<br> ";
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
foreach (var itemWithRights in allright)
{
var accessRules = itemWithRights.Security.GetAccessRules();
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (rule.Account == account)
{
AccessRuleCollection ruleCollection = new AccessRuleCollection();
ruleCollection.Add(rule);
rolesexport.Text += itemWithRights.Paths.FullPath + " " + RightsHelper.RightToHtml(rule) + " " + rule.AccessRight.Name + " " + rule.SecurityPermission.ToString() + "<br>";
}
}
}
}
rolesexport.Text += "<br>\n";
}
rolesexport.Text += "<form method=\"post\" action=\"/sitecore modules/Shell/Security-Rights-Reporting/Download.aspx?rolesexport=1\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"rol\" name=\"rol\" value=\"" + "" + HttpUtility.HtmlAttributeEncode(rols) + "\"><input type=\"submit\" value=\"Download\" name=\"submit\" ></form>";
}
}
public void ShouldRestrictItemSecurity()
{
// arrange
using (var db = new Db {
new DbItem("home")
{
new DbItem("about")
}
})
{
var item = db.GetItem("/sitecore/content/home");
var rules = new AccessRuleCollection
{
AccessRule.Create(Context.User, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny)
};
// act
AuthorizationManager.SetAccessRules(item, rules);
// assert
Assert.NotNull(db.GetItem("/sitecore/content/home"));
Assert.Null(db.GetItem("/sitecore/content/home/about"));
}
}
public void ShouldApplySecurityCheck()
{
// Arrange
using (var tree = new TTree())
{
User user = AuthenticationManager.BuildVirtualUser("User", true);
user.RuntimeSettings.IsAdministrator = false;
var rules = new AccessRuleCollection
{
AccessRule.Create(user, AccessRight.ItemRead, PropagationType.Any, AccessPermission.Deny)
};
const string Path = "/sitecore/content/home";
var item = tree.Database.GetItem(Path);
item.Security.SetAccessRules(rules);
// Act & Assert
using (var switcher = new UserSwitcher(user))
{
tree.Database.GetItem(Path).Should().BeNull();
}
}
}
public static void AddSecurityRules(this Item item, AccessRuleCollection addRules, bool checkSecurity = false)
{
Assert.IsNotNull(item, "item cannot be null");
var state = SecurityState.Enabled;
if (!checkSecurity) state = SecurityState.Disabled;
using (new SecurityStateSwitcher(state))
{
var accessRules = item.Security.GetAccessRules();
accessRules.AddRange(addRules);
item.Security.SetAccessRules(accessRules);
}
}
public void TestFixtureSetUp()
{
// Create test content
var db = Sitecore.Configuration.Factory.GetDatabase("master");
var home = db.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = home.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
m_blog1.Add("Entry11", template);
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
m_blog1.Add("Entry12", template);
}
// END: Workaround
// Create test users
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
}
m_api = new Mod.MetaBlogApi();
}
/// <summary>
/// Not implemented
/// </summary>
/// <param name="entity"></param>
/// <param name="rules"></param>
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
throw new NotImplementedException("GenSqlServerAuthorizationProvider.SetAccessRules");
}
/// <summary>
/// The set access rules.
/// </summary>
/// <param name="entity">
/// The entity.
/// </param>
/// <param name="rules">
/// The rules.
/// </param>
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
this.accessRules[entity.GetUniqueId()] = rules;
}
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
}
public void TestFixtureSetUp()
{
// Create test content
var db = Sitecore.Configuration.Factory.GetDatabase("master");
var home = db.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = home.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
{
m_blog1.Add("Entry11", template);
}
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
m_blog1.Add("Entry12", template);
}
// END: Workaround
// Create test users
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
}
m_api = new Mod.MetaBlogApi();
}
public void Process(WorkflowPipelineArgs args)
{
Item contentItem = args.DataItem;
var contentWorkflow = contentItem.Database.WorkflowProvider.GetWorkflow(contentItem);
var contentHistory = contentWorkflow.GetHistory(contentItem);
string oldName, emailTemplateName, emailTemplateBody, workflowComment, userRolesSetting, previewUrl;
CheckboxField dontSend2AuthorField;
oldName = userRolesSetting = workflowComment = String.Empty;
List <User> emailUserList = new List <User>();
try
{
using (new SecurityDisabler())
{
Item processorItem = args.ProcessorItem.InnerItem; // Current workflow state
Item nextStateItem = HelperClass.GetNextState(args); // Next workflow state
User submittingUser = null;
bool hasPresentation = false;
Sitecore.Diagnostics.Log.Info("============Work Flow Notification Start==================", this);
emailTemplateName = processorItem.Fields["Email template"].Value;
dontSend2AuthorField = processorItem.Fields["Dont Send to author"];
workflowComment = (!String.IsNullOrEmpty(args.Comments)) ? args.Comments : "---";
hasPresentation = HelperClass.DoesItemHasPresentationDetails(contentItem.ID.Guid.ToString());
// Generate preview link
if (hasPresentation)
{
previewUrl =
string.Format("{0}://{1}/?sc_itemid=%7b{2}%7d&sc_lang={3}&sc_mode=preview",
HttpContext.Current.Request.Url.Scheme,
HttpContext.Current.Request.Url.Host,
contentItem.ID.Guid.ToString().ToUpper(),
contentItem.Language.Name);
}
else
{
previewUrl =
string.Format("{0}://{1}/sitecore/shell/Applications/Content Editor.aspx?la={3}&fo={2}",
HttpContext.Current.Request.Url.Scheme,
HttpContext.Current.Request.Url.Host,
contentItem.ID.Guid.ToString().ToUpper(),
contentItem.Language.Name);
}
Item emailTemplateItem = HelperClass.GetItemByFieldName("Title", "/WhereEverYourEmailTemplateIs/Email Template/Workflow/" + emailTemplateName);
if (emailTemplateItem != null)
{
emailTemplateBody = WebUtility.HtmlDecode(emailTemplateItem.Fields["Text"].Value);
// Get all workflow action under next workflow state
IEnumerable <Item> items = nextStateItem.Children;
foreach (Item singleItem in items)
{
// Get all rule by access rule, find it's user rules. Finally concat all user roles.
AccessRuleCollection accessRules = singleItem.Security.GetAccessRules();
if (accessRules != null)
{
userRolesSetting = accessRules2Email(accessRules, userRolesSetting);
}
}
// Get all email addresses by user roles
if (userRolesSetting.Length > 0)
{
emailUserList = HelperClass.GetRecipientsToMail(userRolesSetting.Substring(0, userRolesSetting.Length - 1));
}
// Get authoer's email address of current content
if (contentHistory.Length > 0)
{
var firstUser = contentHistory.First().User;
submittingUser = User.FromName(firstUser, false);
if (!String.IsNullOrEmpty(submittingUser.Profile.Email))
{
emailUserList.Add(submittingUser);
Sitecore.Diagnostics.Log.Info("Added Author mail: " + submittingUser.Profile.Email, this);
}
else
{
Sitecore.Diagnostics.Log.Info("Author has no mail! ", this);
}
}
// Preparing to send out emails based on a email teamplate from eamil user list.
if (emailUserList.Count > 0)
{
foreach (User singleEmailUser in emailUserList)
{
try
{
string tmpReceiverName = (!String.IsNullOrEmpty(singleEmailUser.Profile.FullName)) ? singleEmailUser.Profile.FullName : singleEmailUser.Profile.UserName;
MailMessage tempEmailMessage = new MailMessage
{
IsBodyHtml = true,
From = new MailAddress(ConfigurationManager.AppSettings["EmailReminder.FromAddress"]),
Subject = "Workflow Notification: " + contentItem.Name,
Body = HelperClass.replacePlaceHodler(
emailTemplateBody,
new Dictionary <string, string> {
{ "[ItemName]", contentItem.Name },
{ "[ItemURL]", "<a href='" + previewUrl + "' target='_blank'>Preview Item Page</a>" },
{ "[WorkflowName]", processorItem.Parent.DisplayName + " Item" },
{ "[NextWorkflowName]", nextStateItem.DisplayName },
{ "[SubmitComment]", workflowComment },
{ "[Receiver]", tmpReceiverName },
{ "[CurrentActionUser]", Context.User.Name }
}
)
};
tempEmailMessage.To.Add(singleEmailUser.Profile.Email);
if (tempEmailMessage.To.Count > 0)
{
Sitecore.MainUtil.SendMail(tempEmailMessage);
Sitecore.Diagnostics.Log.Info("Sending Mail to: " + tempEmailMessage.To, this);
}
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error("Sending Mail Error:" + ex.StackTrace, this);
}
}
}
}
Sitecore.Diagnostics.Log.Info("============Work Flow notification End==================", this);
}
}
catch (Exception ex)
{
Sitecore.Diagnostics.Log.Error("NotifyNextStepUser:" + ex, this);
}
}
private string GetAccessPermission(AccessRuleCollection rules, Sitecore.Security.Accounts.Account account, AccessRight accessRight, AccessPermission accessPermission, string sExistingPermissions)
{
if ((rules.Helper.GetAccessPermission(account, accessRight, PropagationType.Descendants) == accessPermission) &&
(sExistingPermissions.IndexOf(accessRight.Name) == -1))
{
sExistingPermissions += accessRight.Name + "|";
}
return sExistingPermissions;
}
public void TestFixtureSetUp()
{
// Create test content
m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
try
{
m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
}
catch
{
// this "catch" is used to debug issues with the Paste() method call above
int y = 0;
y++;
}
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
throw new System.NotImplementedException();
}
public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = m_testContentRoot.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
{
var entry = m_blog1.Add("Entry11", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120105T233207";
}
}
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
var entry = m_blog1.Add("Entry12", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120106T233145";
}
}
// END: Workaround
// Create test users
// Use random usernames to ensure we're not trying to create users that might already exist
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemCreate, PropagationType.Any, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
#if FEATURE_CONTENT_SEARCH
var index = ContentSearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#else
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#endif
}
m_api = new Mod.MetaBlogApi();
}
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules)
{
}
private static void Import2(HttpRequest request, Literal rolesexport)
{
if (!CheckOnManagingRights())
{
rolesexport.Text += "You need Sitecore Client Securing right for Importing Riols and Users, the follow rol should work: Developer, Admin, Client Account Managing or Client Securing right";
return;
}
var file = request.Files.Get("fileToUpload");
if (file == null || file.ContentLength == 0)
{
rolesexport.Text += "Select an import csv file.<br/>";
Import1(rolesexport);
return;
}
rolesexport.Text += "Import size=" + file.ContentLength + " characters<br/>";
var db = Sitecore.Configuration.Factory.GetDatabase("master");
var updatecount = 0;
var newcount = 0;
List <string> rolsPostponedProcess = new List <string>();
using (StreamReader reader = new StreamReader(file.InputStream))
{
string line;
int count = 0;
while ((line = reader.ReadLine()) != null)
{
count++;
var splitted = line.Split(',');
if (splitted.Length == 3 && splitted[0] == "role")
{
if (!Sitecore.Security.Accounts.Role.Exists(splitted[1]))
{
try
{
Roles.CreateRole(splitted[1]);
rolesexport.Text += "<br>rol created" + HttpUtility.HtmlEncode(splitted[1]);
if (!string.IsNullOrEmpty(splitted[0]))
{
rolsPostponedProcess.Add(line);
}
} catch
{
rolesexport.Text += "<br>Error cannot create rol " + HttpUtility.HtmlEncode(splitted[1]);
}
}
}
else if (splitted.Length == 2)
{
if (rolsPostponedProcess.Any())
{
CreateRolInRols(rolsPostponedProcess);
rolsPostponedProcess = new List <string>();
}
Item item = db.GetItem(splitted[0]);
if (item == null)
{
rolesexport.Text += "<br>Error unknow item path or no read rights" + HttpUtility.HtmlEncode(splitted[0]);
}
else
{
var accessRules = item.Security.GetAccessRules();
var rules = AccessRuleCollection.FromString(splitted[1]);
if (rules != null)
{
if (item.Access.CanWrite())
{
foreach (var rule in rules)
{
if (accessRules.Contains(rule))
{
accessRules.Remove(rule);
updatecount++;
}
else
{
newcount++;
}
accessRules.Add(rule);
}
item.Editing.BeginEdit();
item.Security.SetAccessRules(accessRules);
item.Editing.EndEdit();
rolesexport.Text += "<br>" + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value);
}
else
{
rolesexport.Text += "<br><span style=\"color:#880000;\">Skipped: No write Access for " + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value) + "<span>";
}
}
}
}
else
{
rolesexport.Text += "<br>Error unknow line " + count + " : " + line;
}
}
}
rolesexport.Text += "<p>Rights are imported, new rights " + newcount + " updated rights " + updatecount + "<br>Remember nothing is deleted, only the items that are in the import file are affected </p>";
}
public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = m_testContentRoot.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
{
var entry = m_blog1.Add("Entry11", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120105T233207";
}
}
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
var entry = m_blog1.Add("Entry12", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120106T233145";
}
}
// END: Workaround
// Create test users
// Use random usernames to ensure we're not trying to create users that might already exist
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemCreate, PropagationType.Any, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
#if FEATURE_CONTENT_SEARCH
var index = ContentSearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#else
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#endif
}
m_api = new Mod.MetaBlogApi();
}
