/// <summary> Gets the <see cref="CommandInfo"/> for the command. </summary>
/// <param name="postBackEvent">
/// The string executed upon the click on a command of types
/// <see cref="CommandType.Event"/> or <see cref="CommandType.WxeFunction"/>.
/// This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
/// to force a post back.
/// </param>
/// <param name="parameters">
/// The strings inserted into the href attribute using <c>string.Format</c>.
/// </param>
/// <param name="onClick">
/// The string always rendered in the <c>onClick</c> tag of the anchor element.
/// </param>
/// <param name="securableObject">
/// The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
/// </param>
/// <param name="additionalUrlParameters">
/// The <see cref="NameValueCollection"/> containing additional url parameters.
/// Must not be <see langword="null"/>.
/// </param>
/// <param name="includeNavigationUrlParameters">
/// <see langword="true"/> to include URL parameters provided by <see cref="ISmartNavigablePage"/>.
/// </param>
public CommandInfo GetCommandInfo(
string postBackEvent,
string[] parameters,
string onClick,
ISecurableObject securableObject,
NameValueCollection additionalUrlParameters,
bool includeNavigationUrlParameters)
{
if (!HasAccess(securableObject))
{
return(null);
}
switch (_type)
{
case CommandType.Href:
return(GetCommandInfoForHrefCommand(parameters, onClick, additionalUrlParameters, includeNavigationUrlParameters));
case CommandType.Event:
return(GetCommandInfoForEventCommand(postBackEvent, onClick));
case CommandType.WxeFunction:
return(GetCommandInfoForWxeFunctionCommand(postBackEvent, onClick, additionalUrlParameters, includeNavigationUrlParameters));
case CommandType.None:
return(null);
default:
throw new InvalidOperationException(
string.Format("The CommandType '{0}' is not supported by the '{1}'.", _type, typeof(Command).FullName));
}
}
/// <summary>
/// Initializes a new instance of the Permission class with .
/// </summary>
/// <param name="securableObjectGuid">The securable object.</param>
/// <param name="rightName">Name of the right.</param>
public Permission(ISecurableObject securableObject, string[] rightNames)
{
foreach (string rightName in rightNames)
{
this.AddObjectRight(securableObject, rightName);
}
}
private void LoadObjectEventReceivers(ParentType parentType, string name)
{
switch (parentType)
{
case ParentType.Lists:
case ParentType.Libraries:
{
this.m_SelectedObject = this.m_Web.Lists[name];
break;
}
//case ParentType.ContentTypes:
// {
// this.m_SelectedObject = this.m_Site.RootWeb.ContentTypes[name];
// break;
// }
case ParentType.Websites:
{
this.m_SelectedObject = this.m_Web.Webs[name];
break;
}
default:
{
MessageBox.Show(this, "The current type is not supported.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
break;
}
}
this.LoadEventReceivers();
}
public ISecurableObject GetSecurableObject(WxeFunction function)
{
ArgumentUtility.CheckNotNullAndType("function", function, _functionType);
WxeParameterDeclaration parameterDeclaration = GetParameterDeclaration(function.VariablesContainer.ParameterDeclarations);
var tuple = GetActualParameterTypeAndValue(parameterDeclaration.Type, function.Variables[parameterDeclaration.Name]);
var actualParameterType = tuple.Item1;
var parameterValue = tuple.Item2;
if (parameterValue == null)
{
throw new WxeException(string.Format(
"The parameter '{1}' specified by the {0} applied to WxeFunction '{2}' is null.",
_attribute.GetType().Name, parameterDeclaration.Name, _functionType.FullName));
}
ISecurableObject securableObject = parameterValue as ISecurableObject;
if (securableObject == null)
{
throw new WxeException(string.Format(
"The parameter '{1}' specified by the {0} applied to WxeFunction '{2}' does not implement interface '{3}'.",
_attribute.GetType().Name, parameterDeclaration.Name, _functionType.FullName, typeof(ISecurableObject).FullName));
}
if (SecurableClass != null)
{
CheckParameterDeclarationMatchesSecurableClass(actualParameterType, parameterDeclaration.Name);
}
return(securableObject);
}
/// <summary> Renders the opening tag for the command. </summary>
/// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. Must not be <see langword="null"/>. </param>
/// <param name="renderingFeatures"> The rendering features to use. </param>
/// <param name="postBackEvent">
/// The string executed upon the click on a command of types
/// <see cref="CommandType.Event"/> or <see cref="CommandType.WxeFunction"/>.
/// This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
/// to force a post back.
/// </param>
/// <param name="parameters">
/// The strings inserted into the href attribute using <c>string.Format</c>.
/// </param>
/// <param name="onClick">
/// The string always rendered in the <c>onClick</c> tag of the anchor element.
/// </param>
/// <param name="securableObject">
/// The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
/// </param>
/// <param name="additionalUrlParameters">
/// The <see cref="NameValueCollection"/> containing additional url parameters.
/// Must not be <see langword="null"/>.
/// </param>
/// <param name="includeNavigationUrlParameters">
/// <see langword="true"/> to include URL parameters provided by <see cref="ISmartNavigablePage"/>.
/// </param>
/// <param name="style"> The style applied to the opening tag. </param>
public virtual void RenderBegin(
HtmlTextWriter writer,
IRenderingFeatures renderingFeatures,
string postBackEvent,
string[] parameters,
string onClick,
ISecurableObject securableObject,
NameValueCollection additionalUrlParameters,
bool includeNavigationUrlParameters,
Style style)
{
ArgumentUtility.CheckNotNull("writer", writer);
ArgumentUtility.CheckNotNull("style", style);
var commandInfo = GetCommandInfo(postBackEvent, parameters, onClick, securableObject, additionalUrlParameters, includeNavigationUrlParameters);
if (commandInfo != null)
{
commandInfo.AddAttributesToRender(writer, renderingFeatures);
}
if (OwnerControl != null && !string.IsNullOrEmpty(OwnerControl.ClientID) && !string.IsNullOrEmpty(ItemID))
{
var clientID = OwnerControl.ClientID + "_" + ItemID;
writer.AddAttribute(HtmlTextWriterAttribute.Id, clientID);
}
style.AddAttributesToRender(writer);
writer.RenderBeginTag(HtmlTextWriterTag.A);
}
public void Setup()
{
_mocks = new MockRepository();
_mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter> ();
_mockSecurableObject = _mocks.StrictMock <ISecurableObject> ();
_mockCommand = _mocks.StrictMock <Command> (CommandType.None, _mockWebSecurityAdapter, (IWxeSecurityAdapter)null);
}
public override bool HasAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
{
ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
ArgumentUtility.DebugCheckNotNull("principal", principal);
ArgumentUtility.DebugCheckNotNullOrEmpty("requiredAccessTypes", requiredAccessTypes);
return(true);
}
public override bool HasPropertyWriteAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
{
ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
ArgumentUtility.DebugCheckNotNull("methodInformation", methodInformation);
ArgumentUtility.DebugCheckNotNull("principal", principal);
return(true);
}
private bool HasAccessForEventCommand(ISecurableObject securableObject)
{
if (_webSecurityAdapter == null)
{
return(true);
}
return(_webSecurityAdapter.HasAccess(securableObject, Click));
}
public bool HasPropertyWriteAccess(ISecurableObject securableObject, MethodInfo methodInfo, ISecurityPrincipal principal)
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
ArgumentUtility.CheckNotNull("methodInfo", methodInfo);
ArgumentUtility.DebugCheckNotNull("principal", principal);
var methodInformation = _memberResolver.GetMethodInformation(securableObject.GetSecurableType(), methodInfo, MemberAffiliation.Instance);
return(HasPropertyWriteAccess(securableObject, methodInformation, principal));
}
public bool HasPropertyReadAccess(ISecurableObject securableObject, string propertyName, ISecurityPrincipal principal)
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
ArgumentUtility.CheckNotNullOrEmpty("propertyName", propertyName);
ArgumentUtility.DebugCheckNotNull("principal", principal);
var methodInformation = _memberResolver.GetMethodInformation(securableObject.GetSecurableType(), "get_" + propertyName, MemberAffiliation.Instance);
return(HasPropertyReadAccess(securableObject, methodInformation, principal));
}
/// <summary> Renders the opening tag for the command. </summary>
/// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. </param>
/// <param name="renderingFeatures"> The rendering features to use. </param>
/// <param name="postBackLink">
/// The string rendered in the <c>href</c> tag of the anchor element when the command type is <see cref="CommandType.Event"/> or
/// <see cref="CommandType.WxeFunction"/>. This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
/// to force a post back.
/// </param>
/// <param name="onClick">
/// The string rendered in the <c>onClick</c> tag of the anchor element.
/// </param>
/// <param name="businessObjectID">
/// An identifier for the <see cref="IBusinessObject"/> to which the rendered command is applied.
/// </param>
/// <param name="securableObject">
/// The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
/// </param>
public void RenderBegin(
HtmlTextWriter writer,
IRenderingFeatures renderingFeatures,
string postBackLink,
string onClick,
string businessObjectID,
ISecurableObject securableObject)
{
RenderBegin(writer, renderingFeatures, postBackLink, new[] { businessObjectID }, onClick, securableObject);
}
public CopyDialog(spevthkman parentForm, SPWeb web, ISecurableObject selectedObject)
: base()
{
this.m_ParentForm = parentForm;
InitializeComponent();
this.Web = web;
this.SelectedObject = selectedObject;
}
public void AddSecurableObject(ISecurableObject securableObject)
{
SecurableObject obj = new SecurableObject()
{
Application = securableObject.Application,
SecurableObjectType = securableObject.SecurableObjectType,
Guid = securableObject.SecurableObjectGuid
};
GatekeeperFactory.SecurableObjectSvc.Add(obj);
}
public void CheckAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
{
ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
ArgumentUtility.DebugCheckNotNull("principal", principal);
ArgumentUtility.DebugCheckNotNull("requiredAccessTypes", requiredAccessTypes);
if (!HasAccess(securableObject, principal, requiredAccessTypes))
{
throw CreatePermissionDeniedException("Access has been denied.");
}
}
public void GetSecurableType()
{
OrganizationalStructureTestHelper testHelper = new OrganizationalStructureTestHelper();
using (testHelper.Transaction.EnterNonDiscardingScope())
{
ISecurableObject position = testHelper.CreatePosition("PositionName");
Assert.That(position.GetSecurableType(), Is.SameAs(typeof(Position)));
}
}
/// <summary>
/// Adds the specified securable object,inserts the ISecurableObject object.
/// </summary>
/// <param name="securableObject">The securable object.</param>
public void Add(ISecurableObject securableObject)
{
SecurableObject obj = new SecurableObject()
{
Application = securableObject.Application,
SecurableObjectType = securableObject.SecurableObjectType,
Guid = securableObject.SecurableObjectGuid
};
this.securableObjectDao.Add(obj);
}
/// <summary> Renders the opening tag for the command. </summary>
/// <param name="writer"> The <see cref="HtmlTextWriter"/> object to use. </param>
/// <param name="renderingFeatures"> The rendering features to use. </param>
/// <param name="postBackLink">
/// The string rendered in the <c>href</c> tag of the anchor element when the command type is <see cref="CommandType.Event"/> or
/// <see cref="CommandType.WxeFunction"/>. This string is usually the call to the <c>__doPostBack</c> script function used by ASP.net
/// to force a post back.
/// </param>
/// <param name="onClick">
/// The string rendered in the <c>onClick</c> tag of the anchor element.
/// </param>
/// <param name="listIndex">
/// An index that indentifies the <see cref="IBusinessObject"/> on which the rendered command is applied on.
/// </param>
/// <param name="businessObjectID">
/// An identifier for the <see cref="IBusinessObject"/> to which the rendered command is applied.
/// </param>
/// <param name="securableObject">
/// The <see cref="ISecurableObject"/> for which security is evaluated. Use <see landword="null"/> if security is stateless or not evaluated.
/// </param>
public void RenderBegin(
HtmlTextWriter writer,
IRenderingFeatures renderingFeatures,
string postBackLink,
string onClick,
int listIndex,
string businessObjectID,
ISecurableObject securableObject)
{
base.RenderBegin(writer, renderingFeatures, postBackLink, new string[] { listIndex.ToString(), businessObjectID }, onClick, securableObject);
}
public AddDialog(spevthkman parentForm, SPWeb web, ISecurableObject selectedObject)
: base()
{
this.m_ParentForm = parentForm;
InitializeComponent();
this.m_TypeNames = new List <string>();
this.Web = web;
this.SelectedObject = selectedObject;
}
public void GetSecurityStrategy()
{
ISecurableObject tenant = TestHelper.CreateTenant("Tenant", "UID: Tenant");
IObjectSecurityStrategy objectSecurityStrategy = tenant.GetSecurityStrategy();
Assert.That(objectSecurityStrategy, Is.Not.Null);
Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;
Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
}
public void Setup()
{
_mocks = new MockRepository();
_mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter> ();
_mockSecurableObject = _mocks.StrictMock <ISecurableObject> ();
var serviceLocator = DefaultServiceLocator.Create();
serviceLocator.RegisterMultiple <IWebSecurityAdapter> (() => _mockWebSecurityAdapter);
serviceLocator.RegisterMultiple <IWxeSecurityAdapter>();
_serviceLocatorScope = new ServiceLocatorScope(serviceLocator);
}
public void GetSecurityStrategy()
{
ISecurableObject group = CreateGroup();
IObjectSecurityStrategy objectSecurityStrategy = group.GetSecurityStrategy();
Assert.That(objectSecurityStrategy, Is.Not.Null);
Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;
Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
}
public virtual bool HasMethodAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
ArgumentUtility.CheckNotNull("methodInformation", methodInformation);
ArgumentUtility.DebugCheckNotNull("principal", principal);
var requiredAccessTypeEnums = _permissionProvider.GetRequiredMethodPermissions(securableObject.GetSecurableType(), methodInformation);
Assertion.DebugIsNotNull(requiredAccessTypeEnums, "IPermissionProvider.GetRequiredMethodPermissions evaluated and returned null.");
return(HasAccess(securableObject, methodInformation, requiredAccessTypeEnums, principal));
}
private bool HasAccess(
ISecurableObject securableObject,
IMemberInformation memberInformation,
IReadOnlyList <Enum> requiredAccessTypeEnums,
ISecurityPrincipal principal)
{
if (requiredAccessTypeEnums.Count == 0)
{
throw new ArgumentException(string.Format("The member '{0}' does not define required permissions.", memberInformation.Name), "requiredAccessTypeEnums");
}
return(HasAccess(securableObject, principal, ConvertRequiredAccessTypeEnums(requiredAccessTypeEnums)));
}
// methods and properties
public bool HasAccess(ISecurableObject securableObject, Delegate handler)
{
if (handler == null)
{
return(true);
}
if (SecurityFreeSection.IsActive)
{
return(true);
}
List <DemandTargetPermissionAttribute> attributes = GetPermissionAttributes(handler.GetInvocationList());
bool hasAccess = true;
foreach (DemandTargetPermissionAttribute attribute in attributes)
{
switch (attribute.PermissionSource)
{
case PermissionSource.WxeFunction:
hasAccess &= WxeFunction.HasAccess(attribute.FunctionType);
break;
case PermissionSource.SecurableObject:
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
if (securableObject == null)
{
hasAccess &= securityClient.HasStatelessMethodAccess(attribute.SecurableClass, attribute.MethodName);
}
else
{
hasAccess &= securityClient.HasMethodAccess(securableObject, attribute.MethodName);
}
break;
default:
throw new InvalidOperationException(string.Format(
"Value '{0}' is not supported by the PermissionSource property of the DemandTargetPermissionAttribute.",
attribute.PermissionSource));
}
if (!hasAccess)
{
break;
}
}
return(hasAccess);
}
public void CheckMethodAccess(ISecurableObject securableObject, string methodName, ISecurityPrincipal principal)
{
ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
ArgumentUtility.DebugCheckNotNullOrEmpty("methodName", methodName);
ArgumentUtility.DebugCheckNotNull("principal", principal);
if (!HasMethodAccess(securableObject, methodName, principal))
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
throw CreatePermissionDeniedException(
"Access to method '{0}' on type '{1}' has been denied.", methodName, securableObject.GetSecurableType().FullName);
}
}
public void GetSecurityStrategy()
{
OrganizationalStructureTestHelper testHelper = new OrganizationalStructureTestHelper();
using (testHelper.Transaction.EnterNonDiscardingScope())
{
ISecurableObject position = testHelper.CreatePosition("PositionName");
IObjectSecurityStrategy objectSecurityStrategy = position.GetSecurityStrategy();
Assert.That(objectSecurityStrategy, Is.Not.Null);
Assert.IsInstanceOf(typeof(DomainObjectSecurityStrategyDecorator), objectSecurityStrategy);
DomainObjectSecurityStrategyDecorator domainObjectSecurityStrategyDecorator = (DomainObjectSecurityStrategyDecorator)objectSecurityStrategy;
Assert.That(domainObjectSecurityStrategyDecorator.RequiredSecurityForStates, Is.EqualTo(RequiredSecurityForStates.None));
}
}
// construction and disposing
public CommandTestHelper()
{
_httpContext = HttpContextHelper.CreateHttpContext("GET", "default.html", null);
_httpContext.Response.ContentEncoding = Encoding.UTF8;
_functionType = typeof(TestFunction);
_functionTypeName = TypeUtility.GetPartialAssemblyQualifiedName(_functionType);
_mocks = new MockRepository();
_mockWebSecurityAdapter = _mocks.StrictMock <IWebSecurityAdapter>();
_mockWxeSecurityAdapter = _mocks.StrictMock <IWxeSecurityAdapter>();
_mockSecurableObject = _mocks.StrictMock <ISecurableObject>();
_htmlWriter = new HtmlTextWriterSingleTagMock();
}
public virtual bool HasAccess(ISecurableObject securableObject, ISecurityPrincipal principal, IReadOnlyList <AccessType> requiredAccessTypes)
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
ArgumentUtility.CheckNotNull("principal", principal);
ArgumentUtility.CheckNotNull("requiredAccessTypes", requiredAccessTypes);
if (SecurityFreeSection.IsActive)
{
return(true);
}
var objectSecurityStrategy = securableObject.GetSecurityStrategy();
Assertion.DebugIsNotNull(objectSecurityStrategy, "The securableObject did not return an IObjectSecurityStrategy.");
return(objectSecurityStrategy.HasAccess(_securityProvider, principal, requiredAccessTypes));
}
public void CheckPropertyWriteAccess(ISecurableObject securableObject, IMethodInformation methodInformation, ISecurityPrincipal principal)
{
ArgumentUtility.DebugCheckNotNull("securableObject", securableObject);
ArgumentUtility.DebugCheckNotNull("methodInformation", methodInformation);
ArgumentUtility.DebugCheckNotNull("principal", principal);
if (!HasPropertyWriteAccess(securableObject, methodInformation, principal))
{
ArgumentUtility.CheckNotNull("securableObject", securableObject);
ArgumentUtility.CheckNotNull("methodInformation", methodInformation);
throw CreatePermissionDeniedException(
"Access to set-accessor of property '{0}' on type '{1}' has been denied.",
methodInformation.Name,
securableObject.GetSecurableType().FullName);
}
}
public IRepositoryResult Create(ISecurableObject obj)
{
if (_db?.Employees == null)
{
var message = "Database is not available at the moment";
var exception = new TaskTrackerException("DB context is null", new NullReferenceException());
_erResult = new EmployeeRepositoryResult(message, exception);
return _erResult;
}
var newEmployee = obj as AttEmployee;
if (newEmployee == null)
{
var message = "Please specify valid data for Employee";
var exception = new TaskTrackerException("object cannot be cast to Employee", new ArgumentException());
_erResult = new EmployeeRepositoryResult(message, exception);
return _erResult;
}
var emp = new Employee()
{
EUID = new Guid(),
Name = newEmployee.Name,
Surname = newEmployee.Surname
};
var dbEmp = _db.Employees.Add(emp);
_db.SaveChanges();
newEmployee = new AttEmployee(dbEmp.ID)
{
Name = dbEmp.Name,
Surname = dbEmp.Surname,
EUID = dbEmp.EUID
};
var objects = new List<ISecurableObject>() { newEmployee };
_erResult = new EmployeeRepositoryResult(objects);
return _erResult;
}
public virtual bool HasAccess(ISecurableObject securableObject)
{
switch (_type)
{
case CommandType.Href:
return(true);
case CommandType.Event:
return(HasAccessForEventCommand(securableObject));
case CommandType.WxeFunction:
return(HasAccessForWxeFunctionCommand());
case CommandType.None:
return(true);
default:
throw new InvalidOperationException(
string.Format("The CommandType '{0}' is not supported by the '{1}'.", _type, typeof(Command).FullName));
}
}
private void OnObjectSelected()
{
try
{
if ((this.ObjectsTreeView.SelectedNode != null) && (this.ObjectsTreeView.SelectedNode.Parent != null))
{
this.EventReceiverTreeView.Nodes.Clear();
this.EventReceiverPropertyGrid.SelectedObject = null;
this.m_SelectedObject = null;
if (this.ObjectsTreeView.SelectedNode != null)
{
ParentType parentType = (ParentType)Enum.Parse(typeof(ParentType), this.ObjectsTreeView.SelectedNode.Parent.Name, false);
this.LoadObjectEventReceivers(parentType, this.ObjectsTreeView.SelectedNode.Text);
}
}
}
catch (Exception ex)
{
this.HandleException(ex);
}
}
private void DeleteEventReceiverHook(Guid guid, ISecurableObject eventContiner)
{
SPEventReceiverDefinitionCollection definitions = null;
if (typeof(SPWeb).IsAssignableFrom(eventContiner.GetType()))
{
SPWeb web = (SPWeb)eventContiner;
definitions = web.EventReceivers;
}
else if (typeof(SPList).IsAssignableFrom(eventContiner.GetType()))
{
SPList list = (SPList)eventContiner;
definitions = list.EventReceivers;
}
else
{
MessageBox.Show(this, "The current type is not supported.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
if (definitions != null)
{
foreach (SPEventReceiverDefinition definition in definitions)
{
if (guid == definition.Id)
{
string type = definition.Type.ToString();
string name = definition.Class;
definition.Delete();
MessageBox.Show(this, string.Format("The event hook [{0}] to class [{1}] was deleted.", type, name), "Information", MessageBoxButtons.OK, MessageBoxIcon.Information);
break;
}
}
}
}
private static bool DoesPrincipalHasPermissions(ISecurableObject item, SPPrincipal principal, SPBasePermissions permissions)
{
SPRoleAssignment roleAssignment = null;
try
{
roleAssignment = item.RoleAssignments.GetAssignmentByPrincipal(principal);
}
catch
{
//if the user has no permission on the item (SPPrincipal is not in permissionlist -> item.RoleAssignments is empty), an exception is thrown.
return false;
}
foreach (SPRoleDefinition definition in roleAssignment.RoleDefinitionBindings)
{
if ((definition.BasePermissions & permissions) == permissions)
{
return true;
}
}
return false;
}
public void AddObjectRight(ISecurableObject securableObject, string rightName)
{
securableObject.SecurableObjectId = GatekeeperFactory.SecurableObjectSvc.Get(securableObject.SecurableObjectGuid).Id;
this.ObjectRights.Add(new ObjectRight(securableObject, rightName));
}
/// <summary>
/// Initializes a new instance of the Permission class with .
/// </summary>
/// <param name="securableObject">The securable object.</param>
/// <param name="rightName">Name of the right.</param>
public Permission(ISecurableObject securableObject, string rightName)
{
this.AddObjectRight(securableObject, rightName);
}
public IRepositoryResult Get(ISecurableObject obj)
{
if (_db?.Employees == null)
{
var message = "Database is not available at the moment";
var exception = new TaskTrackerException("DB context is null", new NullReferenceException());
_erResult = new EmployeeRepositoryResult(message, exception);
return _erResult;
}
var dbEmp = _db.Employees.ToList();
if (dbEmp.Count == 0)
{
var message = "No employees were found";
var exception = new TaskTrackerObjectNotFoundException("Employees not found");
_erResult = new EmployeeRepositoryResult(message, exception);
return _erResult;
}
var employees = dbEmp.Select(employee => new AttEmployee(employee.ID)
{
Name = employee.Name,
Surname = employee.Surname,
EUID = employee.EUID
});
_erResult = new EmployeeRepositoryResult(employees);
return _erResult;
}
/// <summary>
/// Determines whether the specified securable object has right.
/// </summary>
/// <param name="securableObject">The securable object.</param>
/// <param name="rightName">Name of the right.</param>
/// <returns>
/// <c>true</c> if the specified securable object has right; otherwise, <c>false</c>.
/// </returns>
public virtual bool HasRight(ISecurableObject securableObject, string rightName)
{
return this.HasRight(securableObject.SecurableObjectId, rightName);
}
private SushiSecurable findRoleAssignmentsForMember(ISecurableObject webOrList, SPUser user, List<string> userSharepointGroups, List<string> userADgroups)
{
SushiSecurable secSiteOrList = new SushiSecurable();
if (!webOrList.HasUniqueRoleAssignments && !chkShowOnlyUnique.Checked)
return secSiteOrList;
foreach (SPRoleAssignment ra in webOrList.RoleAssignments)
{
string raName = ra.Member.Name.ToUpper();
if (raName == user.Name.ToUpper() || userSharepointGroups.Contains(raName) || userADgroups.Contains(raName))
{
UorG uOrG = new UorG(ra.Member.Name, userADgroups.Contains(raName));
if (ra.Member.Name.ToUpper() == user.Name.ToUpper())
uOrG.Name = user.LoginName;
secSiteOrList.UorGs.Add(uOrG);
foreach (SPRoleDefinition rd in ra.RoleDefinitionBindings)
uOrG.RoleNames.Add(rd.Name);
secSiteOrList.AtLeastOnePermission = true;
}
}
if (user.IsSiteAdmin)
{
UorG uOrG = new UorG("Site Collection Admins", false);
secSiteOrList.UorGs.Add(uOrG);
uOrG.RoleNames.Add("Full Control");
secSiteOrList.AtLeastOnePermission = true;
}
return secSiteOrList;
}
public void Save(Application application, User user, Role role, ISecurableObject securableObject)
{
SecurableObject sObj = GatekeeperFactory.SecurableObjectSvc.Get(securableObject.SecurableObjectGuid);
this.Save(application, user, role, sObj);
}
/// <summary>
/// Initializes a new instance of the ObjectRight class with two parameters.
/// </summary>
/// <param name="securableObject">The securable object.</param>
/// <param name="right">The right.</param>
public ObjectRight(ISecurableObject securableObject, Right right)
: this(securableObject.SecurableObjectId, right)
{
}
/// <summary>
/// Initializes a new instance of the ObjectRight class with parameters.
/// </summary>
/// <param name="securableObject">The securable object.</param>
/// <param name="rightName">Name of the right.</param>
public ObjectRight(ISecurableObject securableObject, string rightName)
: this(securableObject.SecurableObjectId, rightName)
{
}
public IRepositoryResult Delete(ISecurableObject obj)
{
throw new NotImplementedException();
}
/// <summary>
/// Initializes a new instance of the UserRightAssignment class.
/// </summary>
/// <param name="user">The user of the application.</param>
/// <param name="securableObject">The securable object.</param>
/// <param name="right">The right.</param>
public UserRightAssignment(User user, ISecurableObject securableObject, Right right)
: base(securableObject, right)
{
this.User = user;
}