Beispiel #1
0
        /// <summary> Gets the <see cref="CommandInfo"/> for the command. </summary>
        /// <param name="postBackEvent">
        ///   The string executed upon the click on a command of types
        ///   <see cref="CommandType.Event"/> or <see cref="CommandType.WxeFunction"/>.
        ///   This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
        ///   to force a post back.
        /// </param>
        /// <param name="parameters">
        ///   The strings inserted into the href attribute using <c>string.Format</c>.
        /// </param>
        /// <param name="onClick">
        ///   The string always rendered in the <c>onClick</c> tag of the anchor element.
        /// </param>
        /// <param name="securableObject">
        ///   The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
        /// </param>
        /// <param name="additionalUrlParameters">
        ///   The <see cref="NameValueCollection"/> containing additional url parameters.
        ///   Must not be <see langword="null"/>.
        /// </param>
        /// <param name="includeNavigationUrlParameters">
        ///   <see langword="true"/> to include URL parameters provided by <see cref="ISmartNavigablePage"/>.
        /// </param>
        public CommandInfo GetCommandInfo(
            string postBackEvent,
            string[] parameters,
            string onClick,
            ISecurableObject securableObject,
            NameValueCollection additionalUrlParameters,
            bool includeNavigationUrlParameters)
        {
            if (!HasAccess(securableObject))
            {
                return(null);
            }

            switch (_type)
            {
            case CommandType.Href:
                return(GetCommandInfoForHrefCommand(parameters, onClick, additionalUrlParameters, includeNavigationUrlParameters));

            case CommandType.Event:
                return(GetCommandInfoForEventCommand(postBackEvent, onClick));

            case CommandType.WxeFunction:
                return(GetCommandInfoForWxeFunctionCommand(postBackEvent, onClick, additionalUrlParameters, includeNavigationUrlParameters));

            case CommandType.None:
                return(null);

            default:
                throw new InvalidOperationException(
                          string.Format("The CommandType '{0}' is not supported by the '{1}'.", _type, typeof(Command).FullName));
            }
        }
Beispiel #2
0
 /// <summary>
 /// Initializes a new instance of the Permission class with .
 /// </summary>
 /// <param name="securableObjectGuid">The securable object.</param>
 /// <param name="rightName">Name of the right.</param>
 public Permission(ISecurableObject securableObject, string[] rightNames)
 {
     foreach (string rightName in rightNames)
     {
         this.AddObjectRight(securableObject, rightName);
     }
 }
        private void LoadObjectEventReceivers(ParentType parentType, string name)
        {
            switch (parentType)
            {
            case ParentType.Lists:
            case ParentType.Libraries:
            {
                this.m_SelectedObject = this.m_Web.Lists[name];
                break;
            }

            //case ParentType.ContentTypes:
            //    {
            //        this.m_SelectedObject = this.m_Site.RootWeb.ContentTypes[name];
            //        break;
            //    }
            case ParentType.Websites:
            {
                this.m_SelectedObject = this.m_Web.Webs[name];
                break;
            }

            default:
            {
                MessageBox.Show(this, "The current type is not supported.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                break;
            }
            }

            this.LoadEventReceivers();
        }
        public ISecurableObject GetSecurableObject(WxeFunction function)
        {
            ArgumentUtility.CheckNotNullAndType("function", function, _functionType);

            WxeParameterDeclaration parameterDeclaration = GetParameterDeclaration(function.VariablesContainer.ParameterDeclarations);
            var tuple = GetActualParameterTypeAndValue(parameterDeclaration.Type, function.Variables[parameterDeclaration.Name]);
            var actualParameterType = tuple.Item1;
            var parameterValue      = tuple.Item2;

            if (parameterValue == null)
            {
                throw new WxeException(string.Format(
                                           "The parameter '{1}' specified by the {0} applied to WxeFunction '{2}' is null.",
                                           _attribute.GetType().Name, parameterDeclaration.Name, _functionType.FullName));
            }

            ISecurableObject securableObject = parameterValue as ISecurableObject;

            if (securableObject == null)
            {
                throw new WxeException(string.Format(
                                           "The parameter '{1}' specified by the {0} applied to WxeFunction '{2}' does not implement interface '{3}'.",
                                           _attribute.GetType().Name, parameterDeclaration.Name, _functionType.FullName, typeof(ISecurableObject).FullName));
            }

            if (SecurableClass != null)
            {
                CheckParameterDeclarationMatchesSecurableClass(actualParameterType, parameterDeclaration.Name);
            }
            return(securableObject);
        }
Beispiel #5
0
        /// <summary> Renders the opening tag for the command. </summary>
        /// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. Must not be <see langword="null"/>. </param>
        /// <param name="renderingFeatures"> The rendering features to use. </param>
        /// <param name="postBackEvent">
        ///   The string executed upon the click on a command of types
        ///   <see cref="CommandType.Event"/> or <see cref="CommandType.WxeFunction"/>.
        ///   This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
        ///   to force a post back.
        /// </param>
        /// <param name="parameters">
        ///   The strings inserted into the href attribute using <c>string.Format</c>.
        /// </param>
        /// <param name="onClick">
        ///   The string always rendered in the <c>onClick</c> tag of the anchor element.
        /// </param>
        /// <param name="securableObject">
        ///   The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
        /// </param>
        /// <param name="additionalUrlParameters">
        ///   The <see cref="NameValueCollection"/> containing additional url parameters.
        ///   Must not be <see langword="null"/>.
        /// </param>
        /// <param name="includeNavigationUrlParameters">
        ///   <see langword="true"/> to include URL parameters provided by <see cref="ISmartNavigablePage"/>.
        /// </param>
        /// <param name="style"> The style applied to the opening tag. </param>
        public virtual void RenderBegin(
            HtmlTextWriter writer,
            IRenderingFeatures renderingFeatures,
            string postBackEvent,
            string[] parameters,
            string onClick,
            ISecurableObject securableObject,
            NameValueCollection additionalUrlParameters,
            bool includeNavigationUrlParameters,
            Style style)
        {
            ArgumentUtility.CheckNotNull("writer", writer);
            ArgumentUtility.CheckNotNull("style", style);

            var commandInfo = GetCommandInfo(postBackEvent, parameters, onClick, securableObject, additionalUrlParameters, includeNavigationUrlParameters);

            if (commandInfo != null)
            {
                commandInfo.AddAttributesToRender(writer, renderingFeatures);
            }

            if (OwnerControl != null && !string.IsNullOrEmpty(OwnerControl.ClientID) && !string.IsNullOrEmpty(ItemID))
            {
                var clientID = OwnerControl.ClientID + "_" + ItemID;
                writer.AddAttribute(HtmlTextWriterAttribute.Id, clientID);
            }

            style.AddAttributesToRender(writer);

            writer.RenderBeginTag(HtmlTextWriterTag.A);
        }
 public void Setup()
 {
     _mocks = new MockRepository();
     _mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter> ();
     _mockSecurableObject    = _mocks.StrictMock <ISecurableObject> ();
     _mockCommand            = _mocks.StrictMock <Command> (CommandType.None, _mockWebSecurityAdapter, (IWxeSecurityAdapter)null);
 }
Beispiel #7
0
        public override bool HasAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
        {
            ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
            ArgumentUtility.DebugCheckNotNull("principal", principal);
            ArgumentUtility.DebugCheckNotNullOrEmpty("requiredAccessTypes", requiredAccessTypes);

            return(true);
        }
Beispiel #8
0
        public override bool HasPropertyWriteAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
        {
            ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
            ArgumentUtility.DebugCheckNotNull("methodInformation", methodInformation);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            return(true);
        }
Beispiel #9
0
 private bool HasAccessForEventCommand(ISecurableObject securableObject)
 {
     if (_webSecurityAdapter == null)
     {
         return(true);
     }
     return(_webSecurityAdapter.HasAccess(securableObject, Click));
 }
        public bool HasPropertyWriteAccess(ISecurableObject securableObject, MethodInfo methodInfo, ISecurityPrincipal principal)
        {
            ArgumentUtility.CheckNotNull("securableObject", securableObject);
            ArgumentUtility.CheckNotNull("methodInfo", methodInfo);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            var methodInformation = _memberResolver.GetMethodInformation(securableObject.GetSecurableType(), methodInfo, MemberAffiliation.Instance);

            return(HasPropertyWriteAccess(securableObject, methodInformation, principal));
        }
        public bool HasPropertyReadAccess(ISecurableObject securableObject, string propertyName, ISecurityPrincipal principal)
        {
            ArgumentUtility.CheckNotNull("securableObject", securableObject);
            ArgumentUtility.CheckNotNullOrEmpty("propertyName", propertyName);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            var methodInformation = _memberResolver.GetMethodInformation(securableObject.GetSecurableType(), "get_" + propertyName, MemberAffiliation.Instance);

            return(HasPropertyReadAccess(securableObject, methodInformation, principal));
        }
Beispiel #12
0
 /// <summary> Renders the opening tag for the command. </summary>
 /// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. </param>
 /// <param name="renderingFeatures"> The rendering features to use. </param>
 /// <param name="postBackLink">
 ///   The string rendered in the <c>href</c> tag of the anchor element when the command type is <see cref="CommandType.Event"/> or
 ///   <see cref="CommandType.WxeFunction"/>. This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
 ///   to force a post back.
 /// </param>
 /// <param name="onClick">
 ///   The string rendered in the <c>onClick</c> tag of the anchor element.
 /// </param>
 /// <param name="businessObjectID">
 ///   An identifier for the <see cref="IBusinessObject"/> to which the rendered command is applied.
 /// </param>
 /// <param name="securableObject">
 ///   The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
 /// </param>
 public void RenderBegin(
     HtmlTextWriter writer,
     IRenderingFeatures renderingFeatures,
     string postBackLink,
     string onClick,
     string businessObjectID,
     ISecurableObject securableObject)
 {
     RenderBegin(writer, renderingFeatures, postBackLink, new[] { businessObjectID }, onClick, securableObject);
 }
        public CopyDialog(spevthkman parentForm, SPWeb web, ISecurableObject selectedObject)
            : base()
        {
            this.m_ParentForm = parentForm;

            InitializeComponent();

            this.Web            = web;
            this.SelectedObject = selectedObject;
        }
Beispiel #14
0
        public void AddSecurableObject(ISecurableObject securableObject)
        {
            SecurableObject obj = new SecurableObject()
            {
                Application = securableObject.Application,
                SecurableObjectType = securableObject.SecurableObjectType,
                Guid = securableObject.SecurableObjectGuid
            };

            GatekeeperFactory.SecurableObjectSvc.Add(obj);
        }
        public void CheckAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
        {
            ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
            ArgumentUtility.DebugCheckNotNull("principal", principal);
            ArgumentUtility.DebugCheckNotNull("requiredAccessTypes", requiredAccessTypes);

            if (!HasAccess(securableObject, principal, requiredAccessTypes))
            {
                throw CreatePermissionDeniedException("Access has been denied.");
            }
        }
Beispiel #16
0
        public void GetSecurableType()
        {
            OrganizationalStructureTestHelper testHelper = new OrganizationalStructureTestHelper();

            using (testHelper.Transaction.EnterNonDiscardingScope())
            {
                ISecurableObject position = testHelper.CreatePosition("PositionName");

                Assert.That(position.GetSecurableType(), Is.SameAs(typeof(Position)));
            }
        }
        /// <summary>
        /// Adds the specified securable object,inserts the ISecurableObject object.
        /// </summary>
        /// <param name="securableObject">The securable object.</param>
        public void Add(ISecurableObject securableObject)
        {
            SecurableObject obj = new SecurableObject()
            {
                Application = securableObject.Application,
                SecurableObjectType = securableObject.SecurableObjectType,
                Guid = securableObject.SecurableObjectGuid
            };

            this.securableObjectDao.Add(obj);
        }
 /// <summary> Renders the opening tag for the command. </summary>
 /// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. </param>
 /// <param name="renderingFeatures"> The rendering features to use. </param>
 /// <param name="postBackLink">
 ///   The string rendered in the <c>href</c> tag of the anchor element when the command type is <see cref="CommandType.Event"/> or
 ///   <see cref="CommandType.WxeFunction"/>. This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
 ///   to force a post back.
 /// </param>
 /// <param name="onClick">
 ///   The string rendered in the <c>onClick</c> tag of the anchor element.
 /// </param>
 /// <param name="listIndex">
 ///   An index that indentifies the <see cref="IBusinessObject"/> on which the rendered command is applied on.
 /// </param>
 /// <param name="businessObjectID">
 ///   An identifier for the <see cref="IBusinessObject"/> to which the rendered command is applied.
 /// </param>
 /// <param name="securableObject">
 ///   The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
 /// </param>
 public void RenderBegin(
     HtmlTextWriter writer,
     IRenderingFeatures renderingFeatures,
     string postBackLink,
     string onClick,
     int listIndex,
     string businessObjectID,
     ISecurableObject securableObject)
 {
     base.RenderBegin(writer, renderingFeatures, postBackLink, new string[] { listIndex.ToString(), businessObjectID }, onClick, securableObject);
 }
Beispiel #19
0
        public AddDialog(spevthkman parentForm, SPWeb web, ISecurableObject selectedObject)
            : base()
        {
            this.m_ParentForm = parentForm;

            InitializeComponent();

            this.m_TypeNames = new List <string>();

            this.Web            = web;
            this.SelectedObject = selectedObject;
        }
Beispiel #20
0
        public void GetSecurityStrategy()
        {
            ISecurableObject tenant = TestHelper.CreateTenant("Tenant", "UID: Tenant");

            IObjectSecurityStrategy objectSecurityStrategy = tenant.GetSecurityStrategy();

            Assert.That(objectSecurityStrategy, Is.Not.Null);
            Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
            DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;

            Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
        }
Beispiel #21
0
        public void Setup()
        {
            _mocks = new MockRepository();
            _mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter> ();
            _mockSecurableObject    = _mocks.StrictMock <ISecurableObject> ();

            var serviceLocator = DefaultServiceLocator.Create();

            serviceLocator.RegisterMultiple <IWebSecurityAdapter> (() => _mockWebSecurityAdapter);
            serviceLocator.RegisterMultiple <IWxeSecurityAdapter>();
            _serviceLocatorScope = new ServiceLocatorScope(serviceLocator);
        }
Beispiel #22
0
        public void GetSecurityStrategy()
        {
            ISecurableObject group = CreateGroup();

            IObjectSecurityStrategy objectSecurityStrategy = group.GetSecurityStrategy();

            Assert.That(objectSecurityStrategy, Is.Not.Null);
            Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
            DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;

            Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
        }
        public virtual bool HasMethodAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
        {
            ArgumentUtility.CheckNotNull("securableObject", securableObject);
            ArgumentUtility.CheckNotNull("methodInformation", methodInformation);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            var requiredAccessTypeEnums = _permissionProvider.GetRequiredMethodPermissions(securableObject.GetSecurableType(), methodInformation);

            Assertion.DebugIsNotNull(requiredAccessTypeEnums, "IPermissionProvider.GetRequiredMethodPermissions evaluated and returned null.");

            return(HasAccess(securableObject, methodInformation, requiredAccessTypeEnums, principal));
        }
        private bool HasAccess(
            ISecurableObject securableObject,
            IMemberInformation memberInformation,
            IReadOnlyList <Enum> requiredAccessTypeEnums,
            ISecurityPrincipal principal)
        {
            if (requiredAccessTypeEnums.Count == 0)
            {
                throw new ArgumentException(string.Format("The member '{0}' does not define required permissions.", memberInformation.Name), "requiredAccessTypeEnums");
            }

            return(HasAccess(securableObject, principal, ConvertRequiredAccessTypeEnums(requiredAccessTypeEnums)));
        }
        // methods and properties

        public bool HasAccess(ISecurableObject securableObject, Delegate handler)
        {
            if (handler == null)
            {
                return(true);
            }

            if (SecurityFreeSection.IsActive)
            {
                return(true);
            }

            List <DemandTargetPermissionAttribute> attributes = GetPermissionAttributes(handler.GetInvocationList());

            bool hasAccess = true;

            foreach (DemandTargetPermissionAttribute attribute in attributes)
            {
                switch (attribute.PermissionSource)
                {
                case PermissionSource.WxeFunction:
                    hasAccess &= WxeFunction.HasAccess(attribute.FunctionType);
                    break;

                case PermissionSource.SecurableObject:
                    SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
                    if (securableObject == null)
                    {
                        hasAccess &= securityClient.HasStatelessMethodAccess(attribute.SecurableClass, attribute.MethodName);
                    }
                    else
                    {
                        hasAccess &= securityClient.HasMethodAccess(securableObject, attribute.MethodName);
                    }
                    break;

                default:
                    throw new InvalidOperationException(string.Format(
                                                            "Value '{0}' is not supported by the PermissionSource property of the DemandTargetPermissionAttribute.",
                                                            attribute.PermissionSource));
                }

                if (!hasAccess)
                {
                    break;
                }
            }

            return(hasAccess);
        }
        public void CheckMethodAccess(ISecurableObject securableObject, string methodName, ISecurityPrincipal principal)
        {
            ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
            ArgumentUtility.DebugCheckNotNullOrEmpty("methodName", methodName);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            if (!HasMethodAccess(securableObject, methodName, principal))
            {
                ArgumentUtility.CheckNotNull("securableObject", securableObject);

                throw CreatePermissionDeniedException(
                          "Access to method '{0}' on type '{1}' has been denied.", methodName, securableObject.GetSecurableType().FullName);
            }
        }
Beispiel #27
0
        public void GetSecurityStrategy()
        {
            OrganizationalStructureTestHelper testHelper = new OrganizationalStructureTestHelper();

            using (testHelper.Transaction.EnterNonDiscardingScope())
            {
                ISecurableObject position = testHelper.CreatePosition("PositionName");

                IObjectSecurityStrategy objectSecurityStrategy = position.GetSecurityStrategy();
                Assert.That(objectSecurityStrategy, Is.Not.Null);
                Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
                DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;
                Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
            }
        }
Beispiel #28
0
        // construction and disposing

        public CommandTestHelper()
        {
            _httpContext = HttpContextHelper.CreateHttpContext("GET", "default.html", null);
            _httpContext.Response.ContentEncoding = Encoding.UTF8;

            _functionType     = typeof(TestFunction);
            _functionTypeName = TypeUtility.GetPartialAssemblyQualifiedName(_functionType);

            _mocks = new MockRepository();
            _mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter>();
            _mockWxeSecurityAdapter = _mocks.StrictMock <IWxeSecurityAdapter>();
            _mockSecurableObject    = _mocks.StrictMock <ISecurableObject>();

            _htmlWriter = new HtmlTextWriterSingleTagMock();
        }
        public virtual bool HasAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
        {
            ArgumentUtility.CheckNotNull("securableObject", securableObject);
            ArgumentUtility.CheckNotNull("principal", principal);
            ArgumentUtility.CheckNotNull("requiredAccessTypes", requiredAccessTypes);

            if (SecurityFreeSection.IsActive)
            {
                return(true);
            }

            var objectSecurityStrategy = securableObject.GetSecurityStrategy();

            Assertion.DebugIsNotNull(objectSecurityStrategy, "The securableObject did not return an IObjectSecurityStrategy.");

            return(objectSecurityStrategy.HasAccess(_securityProvider, principal, requiredAccessTypes));
        }
        public void CheckPropertyWriteAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
        {
            ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
            ArgumentUtility.DebugCheckNotNull("methodInformation", methodInformation);
            ArgumentUtility.DebugCheckNotNull("principal", principal);

            if (!HasPropertyWriteAccess(securableObject, methodInformation, principal))
            {
                ArgumentUtility.CheckNotNull("securableObject", securableObject);
                ArgumentUtility.CheckNotNull("methodInformation", methodInformation);

                throw CreatePermissionDeniedException(
                          "Access to set-accessor of property '{0}' on type '{1}' has been denied.",
                          methodInformation.Name,
                          securableObject.GetSecurableType().FullName);
            }
        }
        public IRepositoryResult Create(ISecurableObject obj)
        {
            if (_db?.Employees == null)
            {
                var message = "Database is not available at the moment";
                var exception = new TaskTrackerException("DB context is null", new NullReferenceException());
                _erResult = new EmployeeRepositoryResult(message, exception);

                return _erResult;
            }

            var newEmployee = obj as AttEmployee;

            if (newEmployee == null)
            {
                var message = "Please specify valid data for Employee";
                var exception = new TaskTrackerException("object cannot be cast to Employee", new ArgumentException());
                _erResult = new EmployeeRepositoryResult(message, exception);

                return _erResult;
            }

            var emp = new Employee()
            {
                EUID = new Guid(),
                Name = newEmployee.Name,
                Surname = newEmployee.Surname
            };

            var dbEmp = _db.Employees.Add(emp);
            _db.SaveChanges();

            newEmployee = new AttEmployee(dbEmp.ID)
            {
                Name = dbEmp.Name,
                Surname = dbEmp.Surname,
                EUID = dbEmp.EUID
            };

            var objects = new List<ISecurableObject>() { newEmployee };
            _erResult = new EmployeeRepositoryResult(objects);

            return _erResult;
        }
Beispiel #32
0
        public virtual bool HasAccess(ISecurableObject securableObject)
        {
            switch (_type)
            {
            case CommandType.Href:
                return(true);

            case CommandType.Event:
                return(HasAccessForEventCommand(securableObject));

            case CommandType.WxeFunction:
                return(HasAccessForWxeFunctionCommand());

            case CommandType.None:
                return(true);

            default:
                throw new InvalidOperationException(
                          string.Format("The CommandType '{0}' is not supported by the '{1}'.", _type, typeof(Command).FullName));
            }
        }
        private void OnObjectSelected()
        {
            try
            {
                if ((this.ObjectsTreeView.SelectedNode != null) && (this.ObjectsTreeView.SelectedNode.Parent != null))
                {
                    this.EventReceiverTreeView.Nodes.Clear();
                    this.EventReceiverPropertyGrid.SelectedObject = null;
                    this.m_SelectedObject = null;

                    if (this.ObjectsTreeView.SelectedNode != null)
                    {
                        ParentType parentType = (ParentType)Enum.Parse(typeof(ParentType), this.ObjectsTreeView.SelectedNode.Parent.Name, false);

                        this.LoadObjectEventReceivers(parentType, this.ObjectsTreeView.SelectedNode.Text);
                    }
                }
            }
            catch (Exception ex)
            {
                this.HandleException(ex);
            }
        }
        private void DeleteEventReceiverHook(Guid guid, ISecurableObject eventContiner)
        {
            SPEventReceiverDefinitionCollection definitions = null;

            if (typeof(SPWeb).IsAssignableFrom(eventContiner.GetType()))
            {
                SPWeb web = (SPWeb)eventContiner;

                definitions = web.EventReceivers;
            }
            else if (typeof(SPList).IsAssignableFrom(eventContiner.GetType()))
            {
                SPList list = (SPList)eventContiner;

                definitions = list.EventReceivers;
            }
            else
            {
                MessageBox.Show(this, "The current type is not supported.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            if (definitions != null)
            {
                foreach (SPEventReceiverDefinition definition in definitions)
                {
                    if (guid == definition.Id)
                    {
                        string type = definition.Type.ToString();
                        string name = definition.Class;
                        definition.Delete();
                        MessageBox.Show(this, string.Format("The event hook [{0}] to class [{1}] was deleted.", type, name), "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
                        break;
                    }
                }
            }
        }
 private static bool DoesPrincipalHasPermissions(ISecurableObject item, SPPrincipal principal, SPBasePermissions permissions)
 {
     SPRoleAssignment roleAssignment = null;
     try
     {
         roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal);
     }
     catch
     {
         //if the user has no permission on the item (SPPrincipal is not in permissionlist -> item.RoleAssignments is empty), an exception is thrown.
         return false;
     }
     foreach (SPRoleDefinition definition in roleAssignment.RoleDefinitionBindings)
     {
         if ((definition.BasePermissions & permissions) == permissions)
         {
             return true;
         }
     }
     return false;
 }
Beispiel #36
0
 public void AddObjectRight(ISecurableObject securableObject, string rightName)
 {
     securableObject.SecurableObjectId = GatekeeperFactory.SecurableObjectSvc.Get(securableObject.SecurableObjectGuid).Id;
     this.ObjectRights.Add(new ObjectRight(securableObject, rightName));
 }
Beispiel #37
0
 /// <summary>
 /// Initializes a new instance of the Permission class with .
 /// </summary>
 /// <param name="securableObject">The securable object.</param>
 /// <param name="rightName">Name of the right.</param>
 public Permission(ISecurableObject securableObject, string rightName)
 {
     this.AddObjectRight(securableObject, rightName);
 }
        public IRepositoryResult Get(ISecurableObject obj)
        {
            if (_db?.Employees == null)
            {
                var message = "Database is not available at the moment";
                var exception = new TaskTrackerException("DB context is null", new NullReferenceException());
                _erResult = new EmployeeRepositoryResult(message, exception);

                return _erResult;
            }

            var dbEmp = _db.Employees.ToList();
            if (dbEmp.Count == 0)
            {
                var message = "No employees were found";
                var exception = new TaskTrackerObjectNotFoundException("Employees not found");
                _erResult = new EmployeeRepositoryResult(message, exception);

                return _erResult;
            }

            var employees = dbEmp.Select(employee => new AttEmployee(employee.ID)
            {
                Name = employee.Name,
                Surname = employee.Surname,
                EUID = employee.EUID
            });

            _erResult = new EmployeeRepositoryResult(employees);

            return _erResult;
        }
Beispiel #39
0
 /// <summary>
 /// Determines whether the specified securable object has right.
 /// </summary>
 /// <param name="securableObject">The securable object.</param>
 /// <param name="rightName">Name of the right.</param>
 /// <returns>
 /// 	<c>true</c> if the specified securable object has right; otherwise, <c>false</c>.
 /// </returns>
 public virtual bool HasRight(ISecurableObject securableObject, string rightName)
 {
     return this.HasRight(securableObject.SecurableObjectId, rightName);
 }
Beispiel #40
0
        private SushiSecurable findRoleAssignmentsForMember(ISecurableObject webOrList, SPUser user, List<string> userSharepointGroups, List<string> userADgroups)
        {
            SushiSecurable secSiteOrList = new SushiSecurable();

            if (!webOrList.HasUniqueRoleAssignments && !chkShowOnlyUnique.Checked)
                return secSiteOrList;

            foreach (SPRoleAssignment ra in webOrList.RoleAssignments)
            {
                string raName = ra.Member.Name.ToUpper();
                if (raName == user.Name.ToUpper() || userSharepointGroups.Contains(raName) || userADgroups.Contains(raName))
                {
                    UorG uOrG = new UorG(ra.Member.Name, userADgroups.Contains(raName));
                    if (ra.Member.Name.ToUpper() == user.Name.ToUpper())
                        uOrG.Name = user.LoginName;
                    secSiteOrList.UorGs.Add(uOrG);
                    foreach (SPRoleDefinition rd in ra.RoleDefinitionBindings)
                        uOrG.RoleNames.Add(rd.Name);
                    secSiteOrList.AtLeastOnePermission = true;
                }
            }
            if (user.IsSiteAdmin)
            {
                UorG uOrG = new UorG("Site Collection Admins", false);
                secSiteOrList.UorGs.Add(uOrG);
                uOrG.RoleNames.Add("Full Control");
                secSiteOrList.AtLeastOnePermission = true;
            }
            return secSiteOrList;

        }
        public void Save(Application application, User user, Role role, ISecurableObject securableObject)
        {
            SecurableObject sObj = GatekeeperFactory.SecurableObjectSvc.Get(securableObject.SecurableObjectGuid);

            this.Save(application, user, role, sObj);
        }
Beispiel #42
0
 /// <summary>
 /// Initializes a new instance of the ObjectRight class with two parameters.
 /// </summary>
 /// <param name="securableObject">The securable object.</param>
 /// <param name="right">The right.</param>
 public ObjectRight(ISecurableObject securableObject, Right right)
     : this(securableObject.SecurableObjectId, right)
 {
 }
Beispiel #43
0
 /// <summary>
 /// Initializes a new instance of the ObjectRight class with parameters.
 /// </summary>
 /// <param name="securableObject">The securable object.</param>
 /// <param name="rightName">Name of the right.</param>
 public ObjectRight(ISecurableObject securableObject, string rightName)
     : this(securableObject.SecurableObjectId, rightName)
 {
 }
 public IRepositoryResult Delete(ISecurableObject obj)
 {
     throw new NotImplementedException();
 }
 /// <summary>
 /// Initializes a new instance of the UserRightAssignment class.
 /// </summary>
 /// <param name="user">The user of the application.</param>
 /// <param name="securableObject">The securable object.</param>
 /// <param name="right">The right.</param>
 public UserRightAssignment(User user, ISecurableObject securableObject, Right right)
     : base(securableObject, right)
 {
     this.User = user;
 }