/// <summary>
        /// Bind the checkbox list and the treeview to the specified role. If adding a new role, pass null or an empty
        /// string to the roleName parameter.
        /// </summary>
        /// <param name="roleName">The name of the role to be bound to the checkbox list and treeview, or null if adding
        /// a new role.</param>
        private void PopulateControlsWithRoleData(string roleName)
            // Gets called by the Callback control when the user clicks Add or Edit for a particular role.
            // Populate the controls with data specific to this role, especially in regard to checking the appropriate
            // checkboxes to indicate the level of permission granted to this role (nothing will be checked when
            // adding a new role).

            IGalleryServerRole role = null;

            if (!String.IsNullOrEmpty(roleName))
                role = Factory.LoadGalleryServerRole(roleName);

                if (role == null)
                    throw new InvalidGalleryServerRoleException();

                lblRoleName.Text = RoleController.ParseRoleNameFromGspRoleName(Utils.HtmlEncode(role.RoleName));


        /// <summary>
        /// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role
        /// if one exists for the album, but only when this album is the only one assigned to the role. It also clears out
        /// <see cref="IGallerySettings.UserAlbumParentAlbumId" /> if the album's ID matches it. This function recursively calls
        /// itself to make sure all child albums are processed.
        /// </summary>
        /// <param name="album">The album to be deleted, or one of its child albums.</param>
        private static void OnBeforeAlbumDelete(IAlbum album)
            // If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it.
            if (!String.IsNullOrEmpty(album.OwnerRoleName))
                IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRole(album.OwnerRoleName);

                if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id))

            // If the album is specified as the user album container, clear out the setting. The ValidateBeforeAlbumDelete()
            // function will throw an exception if user albums are enabled, so this should only happen when user albums
            // are disabled, so it is safe to clear it out.
            int userAlbumParentAlbumId = Factory.LoadGallerySetting(album.GalleryId).UserAlbumParentAlbumId;

            if (album.Id == userAlbumParentAlbumId)
                IGallerySettings gallerySettingsWriteable = Factory.LoadGallerySetting(album.GalleryId, true);
                gallerySettingsWriteable.UserAlbumParentAlbumId = 0;

            // Recursively validate child albums.
            foreach (IGalleryObject childAlbum in album.GetChildGalleryObjects(GalleryObjectType.Album))
Beispiel #3
        private void UpdateExistingRole(string roleName)
            IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);

            if (role == null)
                throw new GalleryServerPro.ErrorHandler.CustomExceptions.InvalidGalleryServerRoleException();

            role.AllowAddChildAlbum          = chkAddAlbum.Checked;
            role.AllowAddMediaObject         = chkAddMediaObject.Checked;
            role.AllowAdministerSite         = chkAdministerSite.Checked;
            role.AllowDeleteChildAlbum       = chkDeleteChildAlbum.Checked;
            role.AllowDeleteMediaObject      = chkDeleteMediaObject.Checked;
            role.AllowEditAlbum              = chkEditAlbum.Checked;
            role.AllowEditMediaObject        = chkEditMediaObject.Checked;
            role.AllowSynchronize            = chkSynchronize.Checked;
            role.AllowViewOriginalImage      = chkViewHiResImage.Checked;
            role.AllowViewAlbumOrMediaObject = chkViewObject.Checked;
            role.HideWatermark = chkHideWatermark.Checked;

            RoleController.UpdateRoleAlbumRelationships(role, tvUC.TopLevelCheckedAlbumIds);

        /// <summary>
        /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
        /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
        /// isAdministratorChecked parameter is true.
        /// </summary>
        /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
        /// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
        /// checked or the specified role has administrative permission. Since administrative permission applies to all
        /// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
        /// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
        private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
            if ((role != null) && (role.AllowAdministerSite != isAdministrator))
                throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");

            if (role != null)             // Role will be null when user is adding a new role
                IIntegerCollection albumIds = tvUC.AlbumIdsToCheck;

                foreach (IGallery gallery in Factory.LoadGalleries())
                    IAlbum rootAlbum = Factory.LoadRootAlbumInstance(gallery.GalleryId);

                    if (role.RootAlbumIds.Contains(rootAlbum.Id))
                        // The role applies to all albums. Since the treeview initially renders to two levels, we need
                        // to add the album IDs for the root album's child albums.
                        foreach (IGalleryObject album in rootAlbum.GetChildGalleryObjects(GalleryObjectType.Album))

            tvUC.RequiredSecurityPermissions = SecurityActions.AdministerSite | SecurityActions.AdministerGallery;
            tvUC.Galleries       = Factory.LoadGalleries();
            tvUC.RootAlbumPrefix = String.Concat(Resources.GalleryServerPro.Site_Gallery_Text, " '{GalleryDescription}': ");
Beispiel #5
        private static void ValidateDeleteRole(string roleName)
            // Make sure the loggod-on person isn't doing anything stupid, like deleting the only role with Administer
            // site permission.
            IGalleryServerRole roleToDelete = Factory.LoadGalleryServerRole(roleName);

            if (roleToDelete == null)

            if (roleToDelete.AllowAdministerSite)
                // User is trying to delete a role with administer site permission. Make sure
                // at least one other role has this permission, and that the role has at least one member.
                bool atLeastOneOtherRoleHasAdminSitePermission = false;
                foreach (IGalleryServerRole role in Factory.LoadGalleryServerRoles())
                    if ((!role.RoleName.Equals(roleToDelete.RoleName, StringComparison.OrdinalIgnoreCase) && role.AllowAdministerSite))
                        if (GetUsersInRole(role.RoleName).Length > 0)
                            atLeastOneOtherRoleHasAdminSitePermission = true;

                if (!atLeastOneOtherRoleHasAdminSitePermission)
                    throw new WebException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Msg);
Beispiel #6
        /// <summary>
        /// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in
        /// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property
        /// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>.
        /// </summary>
        /// <param name="role">The role whose root album/role relationships should be updated. When editing
        /// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
        /// saving it.</param>
        /// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
        public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds)
            if (role == null)
                throw new ArgumentNullException("role");

            if (topLevelCheckedAlbumIds == null)
                topLevelCheckedAlbumIds = new IntegerCollection();

            int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count];
            role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0);


            if (role.AllowAdministerSite)
                // Administer site permission automatically applies to all albums, so all we need to do is get
                // a reference to the root album ID.

            if (IsRoleAnAlbumOwnerRole(role.RoleName))
                ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds);
 /// <summary>
 /// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null
 /// when adding a new role and the checkboxes will be set to their default values (unselected.)
 /// </summary>
 /// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding
 /// a new role.</param>
 private void BindRolePermissionCheckboxes(IGalleryServerRole role)
     if (role == null)
         chkAddAlbum.Checked          = false;
         chkAddMediaObject.Checked    = false;
         chkAdministerSite.Checked    = false;
         chkAdministerGallery.Checked = false;
         chkDeleteChildAlbum.Checked  = false;
         chkDeleteMediaObject.Checked = false;
         chkEditAlbum.Checked         = false;
         chkEditMediaObject.Checked   = false;
         chkSynchronize.Checked       = false;
         chkViewHiResImage.Checked    = false;
         chkViewObject.Checked        = false;
         chkHideWatermark.Checked     = false;
         chkAddAlbum.Checked          = role.AllowAddChildAlbum;
         chkAddMediaObject.Checked    = role.AllowAddMediaObject;
         chkAdministerSite.Checked    = role.AllowAdministerSite;
         chkAdministerGallery.Checked = role.AllowAdministerGallery;
         chkDeleteChildAlbum.Checked  = role.AllowDeleteChildAlbum;
         chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject;
         chkEditAlbum.Checked         = role.AllowEditAlbum;
         chkEditMediaObject.Checked   = role.AllowEditMediaObject;
         chkSynchronize.Checked       = role.AllowSynchronize;
         chkViewHiResImage.Checked    = role.AllowViewOriginalImage;
         chkViewObject.Checked        = role.AllowViewAlbumOrMediaObject;
         chkHideWatermark.Checked     = role.HideWatermark;
Beispiel #8
        /// <summary>
        /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
        /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
        /// isAdministratorChecked parameter is true.
        /// </summary>
        /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
        /// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
        /// checked or the specified role has administrative permission. Since administrative permission applies to all
        /// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
        /// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
        private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
            if ((role != null) && (role.AllowAdministerSite != isAdministrator))
                throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");

            if (role != null)             // Role will be null when user is adding a new role
                IIntegerCollection albumIds = tvUC.AlbumIdsToSelect;

                if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id))
                    // The role applies to all albums. Since the treeview initially renders to two levels, we need
                    // to add the album IDs for the root album's child albums.
                    foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album))

        /// <summary>
        /// Saves the specified role.
        /// </summary>
        /// <param name="role">The role.</param>
        public void Save(IGalleryServerRole role)

            var repo = new RoleAlbumRepository(Context);

            repo.Save(role.RoleName, role.RootAlbumIds);
Beispiel #10
        /// <summary>
        /// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
        /// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
        /// this role.
        /// </summary>
        /// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
        private static void DeleteFromDataStore(IGalleryServerRole role)
            SqlCommand cmd = GetCommandGalleryServerRoleDelete(role);

Beispiel #11
		/// <summary>
		/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
		/// in the <see cref="IGalleryServerRole.RootAlbumIds" /> property, is also saved. The <see cref="IGalleryServerRole.AllAlbumIds" /> 
		/// property is reloaded with the latest list of albums from the data store.
		/// </summary>
		/// <param name="role">An instance of <see cref="IGalleryServerRole" /> to persist to the data store.</param>
		public static void Save(IGalleryServerRole role)


Beispiel #12
        /// <summary>
        /// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
        /// in the <see cref="IGalleryServerRole.RootAlbumIds" /> property, is also saved. The <see cref="IGalleryServerRole.AllAlbumIds" />
        /// property is reloaded with the latest list of albums from the data store.
        /// </summary>
        /// <param name="role">An instance of <see cref="IGalleryServerRole" /> to persist to the data store.</param>
        public static void Save(IGalleryServerRole role)


Beispiel #13
        /// <summary>
        /// Adds the specified item.
        /// </summary>
        /// <param name="item">The item.</param>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="item" /> is null.</exception>
        public void Add(IGalleryServerRole item)
            if (item == null)
                throw new ArgumentNullException(nameof(item), "Cannot add null to an existing GalleryServerRoleCollection. Items.Count = " + _items.Count);

            _items.TryAdd(item.RoleName.ToLowerInvariant(), item);
        /// <summary>
        /// Determines whether the specified <paramref name="role" /> is equal to this instance.
        /// </summary>
        /// <param name="role">The role to compare to this instance.</param>
        /// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns>
        public bool Equals(IGalleryServerRole role)
            if (role == null)

            return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
Beispiel #15
        /// <summary>
        /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
        /// relationship. This procedure adds and deletes records as needed.
        /// </summary>
        /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
        private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
            // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
            // so we don't want to mess with the actual list attached to the object.
            List <int> roleAlbumRelationshipsToPersist = new List <int>();

            foreach (int albumId in role.RootAlbumIds)

            // Step 2: Get a datareader containing a list of all root album IDs in the data store. The result set contains a single
            // column of integers named "FKAlbumId".
            IDataReader dr = GetDataReaderRoleRootAlbums(role.RoleName);

            // Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
            // remove it from the list (see step 3 why). If not, the user must have unchecked it so add it to a list of
            // relationships to be deleted.
            List <int> roleAlbumRelationshipsToDelete = new List <int>();

            while (dr.Read())
                if (roleAlbumRelationshipsToPersist.Contains(dr.GetInt32(0)))

            // Step 4: Delete the records we accumulated in our list.
            SqlCommand cmd = GetCommandGalleryServerRole_AlbumDelete(role);

            foreach (int albumId in roleAlbumRelationshipsToDelete)
                cmd.Parameters["@AlbumId"].Value = albumId;

            // Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
            cmd = GetCommandGalleryServerRole_AlbumInsert(role);
            foreach (int albumId in roleAlbumRelationshipsToPersist)
                cmd.Parameters["@AlbumId"].Value = albumId;

Beispiel #16
        private static void DeleteGalleryServerRole(string roleName)
            IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);

            if (role != null)
Beispiel #17
        private static void PersistRoleToDataStore(IGalleryServerRole role)
            // The update stored procedure will automatically call the insert stored procedure if it does not
            // find a matching role to update.
            SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role);

Beispiel #18
 /// <summary>
 /// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
 /// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
 /// this role.
 /// </summary>
 /// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
 private static void DeleteFromDataStore(IGalleryServerRole role)
     using (SqlConnection cn = SqlDataProvider.GetDbConnection())
         using (SqlCommand cmd = GetCommandGalleryServerRoleDelete(role, cn))
Beispiel #19
        /// <summary>
        /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
        /// relationship. This procedure adds and deletes records as needed.
        /// </summary>
        /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
        private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
            // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
            // so we don't want to mess with the actual list attached to the object.
            List <int> roleAlbumRelationshipsToPersist = new List <int>();

            foreach (int albumId in role.RootAlbumIds)

            // Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
            // remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of
            // relationships to be deleted.
            List <int> roleAlbumRelationshipsToDelete = new List <int>();

            foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName))
                if (roleAlbumRelationshipsToPersist.Contains(albumId))

            using (SqlConnection cn = SqlDataProvider.GetDbConnection())

                // Step 3: Delete the records we accumulated in our list.
                using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn))
                    foreach (int albumId in roleAlbumRelationshipsToDelete)
                        cmd.Parameters["@AlbumId"].Value = albumId;

                using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn))
                    // Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
                    foreach (int albumId in roleAlbumRelationshipsToPersist)
                        cmd.Parameters["@AlbumId"].Value = albumId;
Beispiel #20
        private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn)
            SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn);

            cmd.CommandType = CommandType.StoredProcedure;

            // Add parameters
            cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
            cmd.Parameters["@RoleName"].Value = role.RoleName;

Beispiel #21
        /// <summary>
        /// Create a Gallery Server Pro role corresponding to the specified parameters. Also creates the corresponding ASP.NET role.
        /// Throws an exception if a role with the specified name already exists in the data store. The role is persisted to the data store.
        /// </summary>
        /// <param name="roleName">A string that uniquely identifies the role.</param>
        /// <param name="allowViewAlbumOrMediaObject">A value indicating whether the user assigned to this role has permission to view albums
        /// and media objects.</param>
        /// <param name="allowViewOriginalImage">A value indicating whether the user assigned to this role has permission to view the original,
        /// high resolution version of an image. This setting applies only to images. It has no effect if there are no
        /// high resolution images in the album or albums to which this role applies.</param>
        /// <param name="allowAddMediaObject">A value indicating whether the user assigned to this role has permission to add media objects to an album.</param>
        /// <param name="allowAddChildAlbum">A value indicating whether the user assigned to this role has permission to create child albums.</param>
        /// <param name="allowEditMediaObject">A value indicating whether the user assigned to this role has permission to edit a media object.</param>
        /// <param name="allowEditAlbum">A value indicating whether the user assigned to this role has permission to edit an album.</param>
        /// <param name="allowDeleteMediaObject">A value indicating whether the user assigned to this role has permission to delete media objects within an album.</param>
        /// <param name="allowDeleteChildAlbum">A value indicating whether the user assigned to this role has permission to delete child albums.</param>
        /// <param name="allowSynchronize">A value indicating whether the user assigned to this role has permission to synchronize an album.</param>
        /// <param name="allowAdministerSite">A value indicating whether the user has administrative permission for all albums. This permission
        /// automatically applies to all albums; it cannot be selectively applied.</param>
        /// <param name="hideWatermark">A value indicating whether the user assigned to this role has a watermark applied to images.
        /// This setting has no effect if watermarks are not used. A true value means the user does not see the watermark;
        /// a false value means the watermark is applied.</param>
        /// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
        /// <returns>Returns an <see cref="IGalleryServerRole" /> object corresponding to the specified parameters.</returns>
        /// <exception cref="InvalidGalleryServerRoleException">Thrown when a role with the specified role name already exists in the data store.</exception>
        public static IGalleryServerRole CreateRole(string roleName, bool allowViewAlbumOrMediaObject, bool allowViewOriginalImage, bool allowAddMediaObject, bool allowAddChildAlbum, bool allowEditMediaObject, bool allowEditAlbum, bool allowDeleteMediaObject, bool allowDeleteChildAlbum, bool allowSynchronize, bool allowAdministerSite, bool hideWatermark, IIntegerCollection topLevelCheckedAlbumIds)

            IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(roleName, allowViewAlbumOrMediaObject, allowViewOriginalImage, allowAddMediaObject, allowAddChildAlbum, allowEditMediaObject, allowEditAlbum, allowDeleteMediaObject, allowDeleteChildAlbum, allowSynchronize, allowAdministerSite, hideWatermark);

            UpdateRoleAlbumRelationships(role, topLevelCheckedAlbumIds);


Beispiel #22
        /// <summary>
        /// Verify that any role needed for album ownership exists and is properly configured. If an album owner
        /// is specified and the album is new (IsNew == true), the album is persisted to the data store. This is
        /// required because the ID is not assigned until it is saved, and a valid ID is required to configure the
        /// role.
        /// </summary>
        /// <param name="album">The album to validate for album ownership. If a null value is passed, the function
        /// returns without error or taking any action.</param>
        public static void ValidateRoleExistsForAlbumOwner(IAlbum album)
            // For albums, verify that any needed roles for album ownership are present. Create/update as needed.
            if (album == null)

            if (String.IsNullOrEmpty(album.OwnerUserName))
                // If owner role is specified, delete it.
                if (!String.IsNullOrEmpty(album.OwnerRoleName))
                    album.OwnerRoleName = String.Empty;
                // If this is a new album, save it before proceeding. We will need its album ID to configure the role,
                // and it is not assigned until it is saved.
                if (album.IsNew)

                // Verify that a role exists that corresponds to the owner.
                IGalleryServerRole role = Factory.LoadGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName);
                if (role == null)
                    // No role exists. Create it.
                    album.OwnerRoleName = CreateAlbumOwnerRole(album);
                    // Role exists. Make sure album is assigned to role and owner is a member.
                    if (!role.RootAlbumIds.Contains(album.Id))
                        // Current album is not a member. This should not typically occur, but just in case
                        // it does let's add the current album to it and save it.

                    string[] rolesForUser = GetRolesForUser(album.OwnerUserName);
                    if (Array.IndexOf <string>(rolesForUser, role.RoleName) < 0)
                        // Owner is not a member. Add.
                        AddUserToRole(album.OwnerUserName, role.RoleName);
Beispiel #23
        private static void ReloadAllAlbumIds(IGalleryServerRole role)

            IDataReader dr = GetDataReaderRoleAllAlbums(role.RoleName);

            while (dr.Read())
Beispiel #24
        /// <summary>
        /// Creates a deep copy of this instance, including the RootAlbumIds and AllAlbumIds properties. The RoleName property
        /// of the copied object is empty and must be assigned before persisting the copy to the data store.
        /// </summary>
        /// <returns>Returns a deep copy of this instance.</returns>
        public IGalleryServerRole Copy()
            IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(String.Empty, AllowViewAlbumOrMediaObject, AllowViewOriginalImage,
                                                                              AllowAddMediaObject, AllowAddChildAlbum, AllowEditMediaObject, AllowEditAlbum,
                                                                              AllowDeleteMediaObject, AllowDeleteChildAlbum, AllowSynchronize,
                                                                              AllowAdministerSite, HideWatermark);


Beispiel #25
        /// <summary>
        /// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role
        /// if one exists for the album, but only when this album is the only one assigned to the role.
        /// </summary>
        /// <param name="album">The album to be deleted.</param>
        private static void OnBeforeAlbumDelete(IAlbum album)
            // If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it.
            if (!String.IsNullOrEmpty(album.OwnerRoleName))
                IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName);

                if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id))
Beispiel #26
 private static void PersistRoleToDataStore(IGalleryServerRole role)
     // The update stored procedure will automatically call the insert stored procedure if it does not
     // find a matching role to update.
     using (SqlConnection cn = SqlDataProvider.GetDbConnection())
         using (SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role, cn))
Beispiel #27
        private static SqlCommand GetCommandGalleryServerRole_AlbumInsert(IGalleryServerRole role)
            DataStore dataStoreConfig = ConfigManager.GetGalleryServerProConfigSection().DataStore;

            SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_Role_AlbumInsert"), SqlDataProvider.GetDbConnection());

            cmd.CommandType = CommandType.StoredProcedure;

            // Add parameters
            cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, dataStoreConfig.RoleNameLength));
            cmd.Parameters.Add(new SqlParameter("@AlbumId", SqlDbType.Int));

            cmd.Parameters["@RoleName"].Value = role.RoleName;

        /// <summary>
        /// Determines whether the specified <see cref="System.Object"/> is equal to this instance.
        /// </summary>
        /// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
        /// <returns>
        ///     <c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.
        /// </returns>
        /// <exception cref="T:System.NullReferenceException">
        /// The <paramref name="obj"/> parameter is null.
        /// </exception>
        public override bool Equals(Object obj)
            if (obj == null)

            IGalleryServerRole role = obj as IGalleryServerRole;

            if (role == null)

            return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
        private void PersistRoleToDataStore(IGalleryServerRole role)
            // Update the existing role or insert if it doesn't exist.
            var roleDto = Find(role.RoleName);

            if (roleDto == null)
                roleDto = new RoleDto
                    RoleName = role.RoleName,
                    AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject,
                    AllowViewOriginalImage    = role.AllowViewOriginalImage,
                    AllowAddChildAlbum        = role.AllowAddChildAlbum,
                    AllowAddMediaObject       = role.AllowAddMediaObject,
                    AllowEditAlbum            = role.AllowEditAlbum,
                    AllowEditMediaObject      = role.AllowEditMediaObject,
                    AllowDeleteChildAlbum     = role.AllowDeleteChildAlbum,
                    AllowDeleteMediaObject    = role.AllowDeleteMediaObject,
                    AllowSynchronize          = role.AllowSynchronize,
                    HideWatermark             = role.HideWatermark,
                    AllowAdministerGallery    = role.AllowAdministerGallery,
                    AllowAdministerSite       = role.AllowAdministerSite

                roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject;
                roleDto.AllowViewOriginalImage    = role.AllowViewOriginalImage;
                roleDto.AllowAddChildAlbum        = role.AllowAddChildAlbum;
                roleDto.AllowAddMediaObject       = role.AllowAddMediaObject;
                roleDto.AllowEditAlbum            = role.AllowEditAlbum;
                roleDto.AllowEditMediaObject      = role.AllowEditMediaObject;
                roleDto.AllowDeleteChildAlbum     = role.AllowDeleteChildAlbum;
                roleDto.AllowDeleteMediaObject    = role.AllowDeleteMediaObject;
                roleDto.AllowSynchronize          = role.AllowSynchronize;
                roleDto.HideWatermark             = role.HideWatermark;
                roleDto.AllowAdministerGallery    = role.AllowAdministerGallery;
                roleDto.AllowAdministerSite       = role.AllowAdministerSite;

Beispiel #30
        /// <summary>
        /// Remove the user from any roles. If a role is an ownership role, then delete it if the user is the only member.
        /// Remove the user from ownership of any albums.
        /// </summary>
        /// <param name="userName">Name of the user to be deleted.</param>
        /// <remarks>The user will be specified as an owner only for those albums that belong in ownership roles, so
        /// to find all albums the user owns, we need only to loop through the user's roles and inspect the ones
        /// where the names begin with the album owner role name prefix variable.</remarks>
        private static void UpdateRolesAndOwnershipForDeletedUser(string userName)
            List <string> rolesToDelete = new List <string>();

            string[] userRoles = RoleController.GetRolesForUser(userName);
            foreach (string roleName in userRoles)
                if (RoleController.IsRoleAnAlbumOwnerRole(roleName))
                    // This is a role that was automatically created to provide ownership permission to an album. Check each
                    // album and empty out the OwnerUserName field if the listed owner matches our user.
                    IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);
                    foreach (int albumId in role.RootAlbumIds)
                        IAlbum album = Factory.LoadAlbumInstance(albumId, false);
                        if (album.OwnerUserName == userName)
                            album.OwnerUserName = String.Empty;

                    if (RoleController.GetUsersInRole(roleName).Length <= 1)
                        // The user we are deleting is the only user in the owner role. Mark for deletion.

            if (userRoles.Length > 0)
                foreach (string role in userRoles)
                    RoleController.RemoveUserFromRole(userName, role);

            foreach (string roleName in rolesToDelete)
Beispiel #31
        /// <summary>
        /// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy
        /// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership
        /// functionality, it is necessary to clear the owner field of all affected albums.
        /// </summary>
        /// <param name="role">Name of the role to be deleted.</param>
        private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role)
            // Proceed only when dealing with an album ownership role.
            if (!IsRoleAnAlbumOwnerRole(role.RoleName))

            // Loop through each album assigned to this role. If this role is assigned as the owner role,
            // clear the OwnerUserName property.
            foreach (int albumId in role.RootAlbumIds)
                IAlbum album = Factory.LoadAlbumInstance(albumId, false);
                if (album.OwnerRoleName == role.RoleName)
                    album.OwnerUserName = String.Empty;
Beispiel #32
		/// <summary>
		/// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null
		/// when adding a new role and the checkboxes will be set to their default values (unselected.)
		/// </summary>
		/// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding
		/// a new role.</param>
		private void BindRolePermissionCheckboxes(IGalleryServerRole role)
			if (role == null)
				chkAddAlbum.Checked = false;
				chkAddMediaObject.Checked = false;
				chkAdministerSite.Checked = false;
				chkDeleteChildAlbum.Checked = false;
				chkDeleteMediaObject.Checked = false;
				chkEditAlbum.Checked = false;
				chkEditMediaObject.Checked = false;
				chkSynchronize.Checked = false;
				chkViewHiResImage.Checked = false;
				chkViewObject.Checked = false;
				chkHideWatermark.Checked = false;
				chkAddAlbum.Checked = role.AllowAddChildAlbum;
				chkAddMediaObject.Checked = role.AllowAddMediaObject;
				chkAdministerSite.Checked = role.AllowAdministerSite;
				chkDeleteChildAlbum.Checked = role.AllowDeleteChildAlbum;
				chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject;
				chkEditAlbum.Checked = role.AllowEditAlbum;
				chkEditMediaObject.Checked = role.AllowEditMediaObject;
				chkSynchronize.Checked = role.AllowSynchronize;
				chkViewHiResImage.Checked = role.AllowViewOriginalImage;
				chkViewObject.Checked = role.AllowViewAlbumOrMediaObject;
				chkHideWatermark.Checked = role.HideWatermark;
Beispiel #33
		/// <summary>
		/// Permanently delete this gallery server role from the data store, including the list of role/album relationships
		/// associated with this role. This action cannot be undone.
		/// </summary>
		/// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param>
		public abstract void Role_Delete(IGalleryServerRole role);
Beispiel #34
		/// <summary>
		/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
		/// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically
		/// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property.
		/// </summary>
		/// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param>
		public abstract void Role_Save(IGalleryServerRole role);
        /// <summary>
        /// Persist the <paramref name="roleToSave" /> to the data store, associating any album IDs listed in <paramref name="topLevelCheckedAlbumIds" />
        /// with it. Prior to saving, validation is performed and a <see cref="GallerySecurityException" /> is thrown if a business rule
        /// is violated.
        /// </summary>
        /// <param name="roleToSave">The role to save.</param>
        /// <param name="topLevelCheckedAlbumIds">The top level album IDs. May be null.</param>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> is null.</exception>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
        /// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the 
        /// role name of the <paramref name="roleToSave" /> parameter.</exception>
        public static void Save(IGalleryServerRole roleToSave, IIntegerCollection topLevelCheckedAlbumIds)
            if (roleToSave == null)
                throw new ArgumentNullException("roleToSave");


            UpdateRoleAlbumRelationships(roleToSave, topLevelCheckedAlbumIds);

        /// <summary>
        /// Determines whether the specified <paramref name="role" /> is equal to this instance.
        /// </summary>
        /// <param name="role">The role to compare to this instance.</param>
        /// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns>
        public bool Equals(IGalleryServerRole role)
            if (role == null)
                return false;

            return (this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
Beispiel #37
		/// <summary>
		/// Permanently delete this gallery server role from the data store, including the list of role/album relationships
		/// associated with this role. This action cannot be undone.
		/// </summary>
		/// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param>
		public override void Role_Delete(IGalleryServerRole role)
Beispiel #38
		/// <summary>
		/// Update the list of root album IDs associated with this role based on the user's selection.
		/// Note that clearing the RootAlbumIds collection causes the AllAlbumIds property to be
		/// cleared out (Count = 0).
		/// </summary>
		/// <param name="role">The role whose root album/role relationships should be updated. When editing
		/// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
		/// saving it.</param>
		private void UpdateRoleAlbumRelationships(IGalleryServerRole role)

			if (role.AllowAdministerSite)
				// Administer site permission automatically applies to all albums, so all we need to do is get
				// a reference to the root album ID.
Beispiel #39
        private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn)
            SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn);
            cmd.CommandType = CommandType.StoredProcedure;

            // Add parameters
            cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
            cmd.Parameters["@RoleName"].Value = role.RoleName;

            return cmd;
        /// <summary>
        /// Verify the the current user isn't jeopardizing their ability to administer the site or current gallery. Specifically, if
        /// the user is a member of the role being saved and admin site or gallery permissions are being removed from it, make sure
        /// the user is in at least one other role with similar permissions. Verifies only the current gallery: That is, it is possible
        /// for the user to remove their ability to administer another gallery.
        /// </summary>
        /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
        /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
        /// <paramref name="roleToSave" />.</param>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
        private static void ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(IGalleryServerRole roleToSave, IGalleryServerRole existingRole)
            if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase))
                throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole));

            if (IsUserInRole(Utils.UserName, roleToSave.RoleName))
                bool adminSitePermissionBeingRevoked = (!roleToSave.AllowAdministerSite && existingRole.AllowAdministerSite);
                bool adminGalleryPermissionBeingRevoked = (!roleToSave.AllowAdministerGallery && existingRole.AllowAdministerGallery);

                bool userHasAdminSitePermissionThroughAtLeastOneOtherRole = false;
                bool userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = false;

                foreach (IGalleryServerRole roleForUser in GetGalleryServerRolesForUser())
                    if (!roleForUser.RoleName.Equals(roleToSave.RoleName))
                        if (roleForUser.AllowAdministerSite)
                            userHasAdminSitePermissionThroughAtLeastOneOtherRole = true;
                        if (roleForUser.AllowAdministerGallery)
                            userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = true;

                if (adminSitePermissionBeingRevoked && !userHasAdminSitePermissionThroughAtLeastOneOtherRole)
                    throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg);

                if (adminGalleryPermissionBeingRevoked && !userHasAdminGalleryPermissionThroughAtLeastOneOtherRole)
                    throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg);
        /// <summary>
        /// Determines whether the user has permission to edit the specified role. Determines this by checking
        /// whether the logged on user is a site administrator or a gallery administrator for every
        /// gallery associated with the role. If the role is not assigned to any albums, it verifies the user is
        /// a gallery admin to at least one gallery (doesn't matter which one).
        /// </summary>
        /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
        /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
        /// <paramref name="roleToSave" />.</param>
        /// <param name="rolesForCurrentUser">The roles for current user.</param>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
        private static void ValidateUserCanEditRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole, IGalleryServerRoleCollection rolesForCurrentUser)
            if (Utils.IsCurrentUserSiteAdministrator())

            if (roleToSave.Galleries.Count == 0)
                // The role isn't assigned to any albums, so let's make sure the user is a gallery admin to at
                // least one gallery.
                if (GalleryController.GetGalleriesCurrentUserCanAdminister().Count == 0)
                    throw new GallerySecurityException("Your account does not have permission to make changes to roles.");

            if (existingRole.Galleries.Any(gallery => !Utils.IsUserGalleryAdministrator(rolesForCurrentUser, gallery.GalleryId)))
                throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg2);
        /// <summary>
        /// Don't let user delete a role with site admin or gallery admin permissions if that means the user will 
        /// lose their own administrative access. This should be called before a role is deleted as a validation step.
        /// </summary>
        /// <param name="roleToDelete">The role to be deleted.</param>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception>
        private static void ValidatePreventLoggedOnUserFromLosingAdminAccess(IGalleryServerRole roleToDelete)
            string roleName = roleToDelete.RoleName;

            if (roleToDelete.AllowAdministerSite || roleToDelete.AllowAdministerGallery)
                bool needToVerify = false;
                IGalleryServerRoleCollection roles = GetGalleryServerRolesForUser(Utils.UserName);
                foreach (IGalleryServerRole role in roles)
                    if (role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase))
                        needToVerify = true;

                if (needToVerify)
                    // User is deleting a role he is a member of. Make sure user is in at least one other role with the same type of access.
                    bool userIsInAnotherRoleWithAdminAccess = false;
                    if (roleToDelete.AllowAdministerSite)
                        foreach (IGalleryServerRole role in roles)
                            if (role.AllowAdministerSite && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase)))
                                userIsInAnotherRoleWithAdminAccess = true;
                    else if (roleToDelete.AllowAdministerGallery)
                        foreach (IGalleryServerRole role in roles)
                            if (role.AllowAdministerGallery && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase)))
                                userIsInAnotherRoleWithAdminAccess = true;

                    if (!userIsInAnotherRoleWithAdminAccess)
                        throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Remove_Self_Admin_Msg);
        /// <summary>
        /// Make sure the loggod-on person has authority to save the role and that h/she isn't doing anything stupid, like removing
        /// Administer site permission from the only role that has it.
        /// </summary>
        /// <param name="roleToSave">The role to be saved.</param>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave"/> is null.</exception>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
        /// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the 
        /// role name of the <paramref name="roleToSave" /> parameter.</exception>
        private static void ValidateSaveRole(IGalleryServerRole roleToSave)
            #region Parameter Validation

            if (roleToSave == null)
                throw new ArgumentNullException("roleToSave");

            if (String.IsNullOrEmpty(roleToSave.RoleName))
                return; // Role name will be empty when adding a new one, so the validation below doesn't apply.

            IGalleryServerRole existingRole = Factory.LoadGalleryServerRole(roleToSave.RoleName) ?? roleToSave;


            ValidateCanRemoveSiteAdminPermission(roleToSave, existingRole);

            ValidateUserHasPermissionToSaveRole(roleToSave, existingRole);

            ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(roleToSave, existingRole);
Beispiel #44
		/// <summary>
		/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
		/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
		/// isAdministratorChecked parameter is true.
		/// </summary>
		/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
		private void BindAlbumTreeview(IGalleryServerRole role)
			bool isAdmin = ((role != null) && (role.AllowAdministerSite));
			BindAlbumTreeview(role, isAdmin);
Beispiel #45
		/// <summary>
		/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
		/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
		/// isAdministratorChecked parameter is true.
		/// </summary>
		/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
		/// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
		/// checked or the specified role has administrative permission. Since administrative permission applies to all 
		/// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
		/// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
		private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
			if ((role != null) && (role.AllowAdministerSite != isAdministrator))
				throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");

			if (role != null) // Role will be null when user is adding a new role
				IIntegerCollection albumIds = tvUC.AlbumIdsToCheck;

				if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id))
					// The role applies to all albums. Since the treeview initially renders to two levels, we need
					// to add the album IDs for the root album's child albums.
					foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album))

Beispiel #46
 /// <summary>
 /// Permanently delete this gallery server role from the data store, including the list of role/album relationships
 /// associated with this role. This action cannot be undone.
 /// </summary>
 /// <param name="role">An instance of <see cref="IGalleryServerRole" /> to delete from the data store.</param>
 public static void Delete(IGalleryServerRole role)
Beispiel #47
		/// <summary>
		/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
		/// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically
		/// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property.
		/// </summary>
		/// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param>
		public override void Role_Save(IGalleryServerRole role)
Beispiel #48
 private static void PersistRoleToDataStore(IGalleryServerRole role)
     // The update stored procedure will automatically call the insert stored procedure if it does not
     // find a matching role to update.
     using (SqlConnection cn = SqlDataProvider.GetDbConnection())
         using (SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role, cn))
Beispiel #49
		/// <summary>
		/// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in
		/// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property 
		/// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>.
		/// </summary>
		/// <param name="role">The role whose root album/role relationships should be updated. When editing
		/// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
		/// saving it.</param>
		/// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
		public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds)
			if (role == null)
				throw new ArgumentNullException("role");

			if (topLevelCheckedAlbumIds == null)
				topLevelCheckedAlbumIds = new IntegerCollection();

			int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count];
			role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0);


			if (role.AllowAdministerSite)
				// Administer site permission automatically applies to all albums, so all we need to do is get
				// a reference to the root album ID.

			if (IsRoleAnAlbumOwnerRole(role.RoleName))
				ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds);
        /// <summary>
        /// Don't let user delete a role that affects any gallery where the user is not a site admin or gallery admin. This should be called before 
        /// a role is deleted as a validation step. The only exception is that we allow a user to delete an album owner role, since that will typically
        /// be assigned to a single album, and we have logic elsewhere that verifies the user has permission to delete the album.
        /// </summary>
        /// <param name="roleToDelete">The role to be deleted.</param>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToDelete" /> is null.</exception>
        private static void ValidatePreventRoleDeletionAffectingOtherGalleries(IGalleryServerRole roleToDelete)
            if (roleToDelete == null)
                throw new ArgumentNullException("roleToDelete");

            if (IsRoleAnAlbumOwnerRole(roleToDelete.RoleName))

            IGalleryCollection adminGalleries = UserController.GetGalleriesCurrentUserCanAdminister();

            foreach (IGallery gallery in roleToDelete.Galleries)
                if (!adminGalleries.Contains(gallery))
                    throw new GallerySecurityException(String.Format(CultureInfo.InvariantCulture, Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Insufficient_Permission_Msg, roleToDelete.RoleName, gallery.Description));
Beispiel #51
 /// <summary>
 /// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
 /// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
 /// this role.
 /// </summary>
 /// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
 private static void DeleteFromDataStore(IGalleryServerRole role)
     using (SqlConnection cn = SqlDataProvider.GetDbConnection())
         using (SqlCommand cmd = GetCommandGalleryServerRoleDelete(role, cn))
        /// <summary>
        /// Permanently delete this gallery server role from the data store, including the list of role/album relationships
        /// associated with this role. This action cannot be undone.
        /// </summary>
        /// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param>
        public override void Role_Delete(IGalleryServerRole role)
            // Delete a gallery server role. This procedure only deletes it from the custom gallery server tables,
            // not the ASP.NET role membership table(s). The web application code that invokes this procedure also
            // uses the standard ASP.NET technique to delete the role from the membership table(s).
            // First delete the records from the role/album association table, then delete the role.
            using (GspContext ctx = new GspContext())
                foreach (RoleAlbumDto raDto in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra))


Beispiel #53
        private static SqlCommand GetCommandGalleryServerRoleUpdate(IGalleryServerRole role, SqlConnection cn)
            SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleUpdate"), cn);
            cmd.CommandType = CommandType.StoredProcedure;

            cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
            cmd.Parameters.Add(new SqlParameter("@AllowViewAlbumsAndObjects", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowViewOriginalImage", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowAddChildAlbum", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowAddMediaObject", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowEditAlbum", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowEditMediaObject", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowDeleteChildAlbum", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowDeleteMediaObject", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowSynchronize", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@HideWatermark", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowAdministerGallery", SqlDbType.Bit));
            cmd.Parameters.Add(new SqlParameter("@AllowAdministerSite", SqlDbType.Bit));

            cmd.Parameters["@RoleName"].Value = role.RoleName;
            cmd.Parameters["@AllowViewAlbumsAndObjects"].Value = role.AllowViewAlbumOrMediaObject;
            cmd.Parameters["@AllowViewOriginalImage"].Value = role.AllowViewOriginalImage;
            cmd.Parameters["@AllowAddChildAlbum"].Value = role.AllowAddChildAlbum;
            cmd.Parameters["@AllowAddMediaObject"].Value = role.AllowAddMediaObject;
            cmd.Parameters["@AllowEditAlbum"].Value = role.AllowEditAlbum;
            cmd.Parameters["@AllowEditMediaObject"].Value = role.AllowEditMediaObject;
            cmd.Parameters["@AllowDeleteChildAlbum"].Value = role.AllowDeleteChildAlbum;
            cmd.Parameters["@AllowDeleteMediaObject"].Value = role.AllowDeleteMediaObject;
            cmd.Parameters["@AllowSynchronize"].Value = role.AllowSynchronize;
            cmd.Parameters["@HideWatermark"].Value = role.HideWatermark;
            cmd.Parameters["@AllowAdministerGallery"].Value = role.AllowAdministerGallery;
            cmd.Parameters["@AllowAdministerSite"].Value = role.AllowAdministerSite;

            return cmd;
        /// <summary>
        /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
        /// relationship. This procedure adds and deletes records as needed.
        /// </summary>
        /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
        private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
            // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
            // so we don't want to mess with the actual list attached to the object.
            List<int> roleAlbumRelationshipsToPersist = new List<int>();
            foreach (int albumId in role.RootAlbumIds)

            using (GspContext ctx = new GspContext())
                // Step 2: Get a list of all root album IDs in the data store for this role.
                List<int> roleAlbumRelationshipsToDelete = new List<int>();
                foreach (int albumId in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra.FKAlbumId))
                    // Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
                    // remove it from the list (see step 5 why). If not, the user must have unchecked it so add it to a list of
                    // relationships to be deleted.
                    if (roleAlbumRelationshipsToPersist.Contains(albumId))

                // Step 4: Delete the records we accumulated in our list.
                var roleAlbumDtos = from ra in ctx.RoleAlbums where roleAlbumRelationshipsToDelete.Contains(ra.FKAlbumId) select ra;

                foreach (RoleAlbumDto roleAlbumDto in roleAlbumDtos)

                // Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
                foreach (int albumid in roleAlbumRelationshipsToPersist)
                    ctx.RoleAlbums.Add(new RoleAlbumDto { FKAlbumId = albumid, FKRoleName = role.RoleName });

Beispiel #55
        /// <summary>
        /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
        /// relationship. This procedure adds and deletes records as needed.
        /// </summary>
        /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
        private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
            // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
            // so we don't want to mess with the actual list attached to the object.
            List<int> roleAlbumRelationshipsToPersist = new List<int>();
            foreach (int albumId in role.RootAlbumIds)

            // Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
            // remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of
            // relationships to be deleted.
            List<int> roleAlbumRelationshipsToDelete = new List<int>();
            foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName))
                if (roleAlbumRelationshipsToPersist.Contains(albumId))

            using (SqlConnection cn = SqlDataProvider.GetDbConnection())

                // Step 3: Delete the records we accumulated in our list.
                using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn))
                    foreach (int albumId in roleAlbumRelationshipsToDelete)
                        cmd.Parameters["@AlbumId"].Value = albumId;

                using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn))
                    // Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
                    foreach (int albumId in roleAlbumRelationshipsToPersist)
                        cmd.Parameters["@AlbumId"].Value = albumId;
        private static void PersistRoleToDataStore(IGalleryServerRole role)
            // Update the existing role or insert if it doesn't exist.
            using (GspContext ctx = new GspContext())
                RoleDto roleDto = ctx.Roles.Find(role.RoleName);

                if (roleDto == null)
                    roleDto = new RoleDto
                                                RoleName = role.RoleName,
                                                AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject,
                                                AllowViewOriginalImage = role.AllowViewOriginalImage,
                                                AllowAddChildAlbum = role.AllowAddChildAlbum,
                                                AllowAddMediaObject = role.AllowAddMediaObject,
                                                AllowEditAlbum = role.AllowEditAlbum,
                                                AllowEditMediaObject = role.AllowEditMediaObject,
                                                AllowDeleteChildAlbum = role.AllowDeleteChildAlbum,
                                                AllowDeleteMediaObject = role.AllowDeleteMediaObject,
                                                AllowSynchronize = role.AllowSynchronize,
                                                HideWatermark = role.HideWatermark,
                                                AllowAdministerGallery = role.AllowAdministerGallery,
                                                AllowAdministerSite = role.AllowAdministerSite

                    roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject;
                    roleDto.AllowViewOriginalImage = role.AllowViewOriginalImage;
                    roleDto.AllowAddChildAlbum = role.AllowAddChildAlbum;
                    roleDto.AllowAddMediaObject = role.AllowAddMediaObject;
                    roleDto.AllowEditAlbum = role.AllowEditAlbum;
                    roleDto.AllowEditMediaObject = role.AllowEditMediaObject;
                    roleDto.AllowDeleteChildAlbum = role.AllowDeleteChildAlbum;
                    roleDto.AllowDeleteMediaObject = role.AllowDeleteMediaObject;
                    roleDto.AllowSynchronize = role.AllowSynchronize;
                    roleDto.HideWatermark = role.HideWatermark;
                    roleDto.AllowAdministerGallery = role.AllowAdministerGallery;
                    roleDto.AllowAdministerSite = role.AllowAdministerSite;

Beispiel #57
		private static bool IsAuthenticatedUserAuthorized(SecurityActions securityRequest, IGalleryServerRole role, int albumId)
			if ((role.AllowAdministerSite) && (securityRequest != SecurityActions.HideWatermark))
				// Administer permissions imply permissions to carry out all other actions, except for hide watermark, which is more of 
				// a preference assigned to the user.
				return true;

			switch (securityRequest)
				case SecurityActions.AdministerSite: if (role.AllowAdministerSite) return true; break;
				case SecurityActions.ViewAlbumOrMediaObject: if (role.AllowViewAlbumOrMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.ViewOriginalImage: if (role.AllowViewOriginalImage && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.AddChildAlbum: if (role.AllowAddChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.AddMediaObject: if (role.AllowAddMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.DeleteAlbum:
						// It is OK to delete the album if the AllowDeleteChildAlbum permission is true and one of the following is true:
						// 1. The album is the root album and its ID is in the list of targeted albums (Note that we never actually delete the root album.
						//    Instead, we delete all objects within the album. But the idea of deleting the top level album to clear out all objects in the
						//    gallery is useful to the user.)
						// 2. The album is not the root album and its parent album's ID is in the list of targeted albums.
						if (role.AllowDeleteChildAlbum)
							IAlbum album = Factory.LoadAlbumInstance(albumId, false);
							if (album.IsRootAlbum)
								if (role.AllAlbumIds.Contains(album.Id)) return true; break;
								if (role.AllAlbumIds.Contains(album.Parent.Id)) return true; break;
				case SecurityActions.DeleteChildAlbum: if (role.AllowDeleteChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.DeleteMediaObject: if (role.AllowDeleteMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.EditAlbum: if (role.AllowEditAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.EditMediaObject: if (role.AllowEditMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.HideWatermark: if (role.HideWatermark && role.AllAlbumIds.Contains(albumId)) return true; break;
				case SecurityActions.Synchronize: if (role.AllowSynchronize && role.AllAlbumIds.Contains(albumId)) return true; break;
				default: throw new GalleryServerPro.ErrorHandler.CustomExceptions.BusinessException(string.Format(CultureInfo.CurrentCulture, "The IsUserAuthorized function is not designed to handle the {0} SecurityActions. It must be updated by a developer.", securityRequest.ToString()));
			return false;
        private static void SaveRole(IGalleryServerRole role)

Beispiel #59
		/// <summary>
		/// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy 
		/// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership
		/// functionality, it is necessary to clear the owner field of all affected albums.
		/// </summary>
		/// <param name="role">Name of the role to be deleted.</param>
		private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role)
			// Proceed only when dealing with an album ownership role.
			if (!IsRoleAnAlbumOwnerRole(role.RoleName))

			// Loop through each album assigned to this role. If this role is assigned as the owner role,
			// clear the OwnerUserName property.
			foreach (int albumId in role.RootAlbumIds)
				IAlbum album = Factory.LoadAlbumInstance(albumId, false);
				if (album.OwnerRoleName == role.RoleName)
					album.OwnerUserName = String.Empty;
        /// <summary>
        /// Verify the user has permission to save the role.
        /// Specifically, the user is not allowed to add administer site permission or save any gallery she is not a gallery
        /// administrator for. It is up to the caller to verify that only site or gallery administrators call this function!
        /// </summary>
        /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
        /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
        /// <paramref name="roleToSave" />.</param>
        /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> or <paramref name="existingRole" /> is null.</exception>
        private static void ValidateUserHasPermissionToSaveRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole)
            if (roleToSave == null)
                throw new ArgumentNullException("roleToSave");

            if (existingRole == null)
                throw new ArgumentNullException("existingRole");

            if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase))
                throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole));

            var roles = GetGalleryServerRolesForUser();

            ValidateUserCanEditRole(roleToSave, existingRole, roles);

            if (!Utils.IsUserSiteAdministrator(roles))
                // User is a gallery admin but not a site admin (we deduce this because ONLY site or gallery admins will get this
                // far in the function. The user CANNOT save add AllowAdminSite permission.
                if (roleToSave.AllowAdministerSite)
                    throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg);