public static string GrantOrDenyRequest(string username, string mode, string pid)
{
if (Membership.GetUser() == null || !Membership.GetUser().IsApproved)
{
return("You must be logged in! How did you even get here?");
}
MessageManager messageMgr = new MessageManager();
PermissionsManager permMgr = new PermissionsManager();
ModelPermissionLevel permission = permMgr.GetPermissionLevel(Membership.GetUser().UserName, pid);
ModelPermissionLevel userpermission = permMgr.GetPermissionLevel(username, pid);
if (userpermission >= ModelPermissionLevel.Fetchable)
{
permMgr.Dispose();
messageMgr.Dispose();
return(username + " already has access permission for this model.");
}
string result = "";
if (permission >= ModelPermissionLevel.Editable)
{
if (mode == "Grant")
{
permMgr.SetModelToUserLevel(Membership.GetUser().UserName, pid, username, ModelPermissionLevel.Fetchable);
messageMgr.SendMessage(Membership.GetUser().UserName, username, "Request approved for model " + pid, "The owner of model <a href='/public/model.aspx?ContentObjectID=" + pid + "'>" + pid + "</a> has granted your request for access. You may now download the model.", Membership.GetUser().UserName);
result = "You have granted " + username + " permission to this model. A message will be sent notifying the user of your response.";
}
if (mode == "Deny")
{
messageMgr.SendMessage(Membership.GetUser().UserName, username, "Request denied for model " + pid, "The owner of model <a href='/public/model.aspx?ContentObjectID=" + pid + "'>" + pid + "</a> has denied your request for access.", Membership.GetUser().UserName);
result = "You have denied " + username + " permission to this model. A message will be sent notifying the user of your response.";
}
}
else
{
result = "You do not have permission to grant or deny this request.";
}
permMgr.Dispose();
messageMgr.Dispose();
return(result);
}
public IEnumerable <ContentObject> FilterResultsBasedOnPermissions(string username, IEnumerable <ContentObject> input, int total)
{
PermissionsManager prm = new PermissionsManager();
List <ContentObject> output = new List <ContentObject>();
foreach (ContentObject co in input)
{
ModelPermissionLevel Permission = prm.GetPermissionLevel(username, co.PID);
if (Permission >= ModelPermissionLevel.Searchable)
{
output.Add(co);
}
}
if (output.Count > total)
{
return(output.GetRange(0, total));
}
return(output);
}
public void BindSelectedPermission(object sender, ListViewItemEventArgs e)
{
KeyValuePair <string, ModelPermissionLevel> item = (KeyValuePair <string, ModelPermissionLevel>)e.Item.DataItem;
string grpName = item.Key;
ModelPermissionLevel lvl = item.Value;
// To the user, these are equivalent in terms of access
if (lvl == ModelPermissionLevel.NotSet)
{
lvl = _permissionsManager.CheckGroupPermissions(_permissionsManager.GetUserGroup(DefaultGroups.AllUsers), _pid);
}
var row = e.Item.FindControl("DataRow");
if (grpName == DefaultGroups.AllUsers)
{
((System.Web.UI.HtmlControls.HtmlTableCell)row.Controls[0]).InnerText = PermissionsManager.ALL_USERS_LABEL;
}
else if (grpName == DefaultGroups.AnonymousUsers)
{
((System.Web.UI.HtmlControls.HtmlTableCell)row.Controls[0]).InnerText = PermissionsManager.ANONYMOUS_USERS_LABEL;
}
if (e.Item.ItemType == ListViewItemType.DataItem)
{
DropDownList dd = (DropDownList)row.FindControl("DropdownColumn")
.FindControl("PermissionsDropdownList");
foreach (ListItem li in dd.Items)
{
if (Int32.Parse(li.Value) == (int)lvl)
{
li.Selected = true;
break;
}
}
}
}
public static GetSupportingFilesResponse GetSupportingFiles(string pid)
{
APIWrapper api = null;
if (Membership.GetUser() != null && Membership.GetUser().IsApproved)
{
api = new APIWrapper(Membership.GetUser().UserName, null);
}
else
{
api = new APIWrapper(vwarDAL.DefaultUsers.Anonymous[0], null);
}
vwar.service.host.Metadata md = api.GetMetadata(pid, "00-00-00");
if (md == null)
{
return(new GetSupportingFilesResponse(false));
}
PermissionsManager prm = new PermissionsManager();
MembershipUser user = Membership.GetUser();
ModelPermissionLevel Permission = prm.GetPermissionLevel(user != null ? user.UserName:vwarDAL.DefaultUsers.Anonymous[0], pid);
prm.Dispose();
GetSupportingFilesResponse response = new GetSupportingFilesResponse(true);
response.DownloadAllowed = Permission >= ModelPermissionLevel.Fetchable;
response.EditAllowed = Permission >= ModelPermissionLevel.Editable;
response.files = new vwarDAL.SupportingFile[md.SupportingFiles.Count];
for (int i = 0; i < md.SupportingFiles.Count; i++)
{
response.files[i] = new vwarDAL.SupportingFile(md.SupportingFiles[i].Filename, md.SupportingFiles[i].Description, "");
}
return(response);
}
public ModelPermissionLevel GetPermissionLevel(string user, string pid)
{
string admin = System.Configuration.ConfigurationManager.AppSettings["DefaultAdminName"];
if (admin.Equals(user, StringComparison.CurrentCultureIgnoreCase))
{
return(ModelPermissionLevel.Admin);
}
if (GetModelOwner(pid).Equals(user, StringComparison.CurrentCultureIgnoreCase))
{
return(ModelPermissionLevel.Admin);
}
//The highest level from all groups
ModelPermissionLevel UserPermissionsFromGroups = 0;
List <UserGroup> GroupsContainingThisUser = GetUsersGroups(user);
GroupsContainingThisUser.Add(GetUserGroup(DefaultGroups.AnonymousUsers));
foreach (UserGroup g in GroupsContainingThisUser)
{
ModelPermissionLevel thisgroup = (CheckGroupPermissions(g, pid));
if (thisgroup > UserPermissionsFromGroups)
{
UserPermissionsFromGroups = thisgroup;
}
}
ModelPermissionLevel SpecificForThisUser = CheckUserPermissions(user, pid);
//Uncomment this to make user level permmissions override group level permissions
//otherwise, the user gets the max level available
// if (SpecificForThisUser != ModelPermissionLevel.NotSet)
// return SpecificForThisUser;
return(Max(UserPermissionsFromGroups, SpecificForThisUser));
}
private void BindModelDetails()
{
if (String.IsNullOrEmpty(ContentObjectID))
{
Response.Redirect("~/Default.aspx");
}
PermissionsManager prm = new PermissionsManager();
ModelPermissionLevel Permission = prm.GetPermissionLevel(Context.User.Identity.Name, ContentObjectID);
prm.Dispose();
prm = null;
if (Permission < ModelPermissionLevel.Searchable)
{
Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return;
}
APILink.NavigateUrl = "https://" + ConfigurationManager.AppSettings["LR_Integration_APIBaseURL"] + "/" + ContentObjectID + "/Metadata/json?id=00-00-00";
var uri = Request.Url;
//string proxyTemplate = "Model.ashx?pid={0}&file={1}&fileid={2}";
vwarDAL.IDataRepository vd = (new vwarDAL.DataAccessFactory()).CreateDataRepositorProxy();
vwarDAL.ContentObject co = vd.GetContentObjectById(ContentObjectID, !IsPostBack, true);
vd.Dispose();
vd = null;
//model screenshot
if (co != null)
{
if (LR_3DR_Bridge.LR_Integration_Enabled())
{
LR_3DR_Bridge.ModelViewed(co);
}
DownloadButton.Enabled = Permission >= ModelPermissionLevel.Fetchable;
DownloadButton.Visible = Permission >= ModelPermissionLevel.Fetchable;
if ("Model".Equals(co.AssetType, StringComparison.InvariantCultureIgnoreCase) || true)
{
//if the content object file is null, dont' try to display
if (co.DisplayFile != string.Empty && co.Location != string.Empty && Permission > ModelPermissionLevel.Searchable)
{
Page.ClientScript.RegisterClientScriptBlock(GetType(), "vload", string.Format("vLoader = new ViewerLoader('{0}', '{1}', '{2}', '{3}', {4});", Page.ResolveClientUrl("~/Public/Serve.ashx?mode=PreviewModel"),
(co.UpAxis != null) ? co.UpAxis : "",
(co.UnitScale != null) ? co.UnitScale : "", co.NumPolygons, "\"" + co.PID.Replace(':', '_') + "\""), true);
BodyTag.Attributes["onunload"] += "vLoader.DestroyViewer();";
}
if (String.IsNullOrWhiteSpace(co.ScreenShot) && String.IsNullOrWhiteSpace(co.ScreenShotId))
{
ScreenshotImage.ImageUrl = Page.ResolveUrl("~/styles/images/nopreview_icon.png");
}
else
{
ScreenshotImage.ImageUrl = String.Format("Serve.ashx?pid={0}&mode=GetScreenshot", co.PID);
}
AddHeaderTag("link", "og:image", ScreenshotImage.ImageUrl);
}
else if ("Texture".Equals(co.AssetType, StringComparison.InvariantCultureIgnoreCase))
{
ScreenshotImage.ImageUrl = String.Format("Serve.ashx?pid={0}&mode=GetScreenshot", co.PID, co.Location);
}
IDLabel.Text = co.PID;
TitleLabel.Text = co.Title;
AddHeaderTag("meta", "og:title", co.Title);
//show hide edit link
if (Permission >= ModelPermissionLevel.Editable)
{
editLink.Visible = true;
PermissionsLink.Visible = true;
DeleteLink.Visible = true;
//editLink.NavigateUrl = "~/Users/Edit.aspx?ContentObjectID=" + co.PID;
}
else
{
EditorButtons.Visible = false;
}
if (Permission >= ModelPermissionLevel.Fetchable)
{
//show and hide requires resubmit checkbox
if (co.RequireResubmit)
{
RequiresResubmitCheckbox.Visible = true;
RequiresResubmitCheckbox.Enabled = true;
RequiresResubmitLabel.Visible = true;
}
submitRating.Visible = true;
}
else
{
string returnUrlParam = "?ReturnUrl=" + Page.ResolveUrl("~/Public/Model.aspx?ContentObjectID=" + co.PID);
LoginLink.NavigateUrl += returnUrlParam;
ReveiwLoginHyperLink.NavigateUrl += returnUrlParam;
if (User.Identity.IsAuthenticated)
{
RequestAccessLabel.Visible = true;
}
else
{
LoginToDlLabel.Visible = true;
}
submitRating.Visible = false;
}
//rating
int rating = Website.Common.CalculateAverageRating(co.Reviews);
ir.CurrentRating = rating;
this.NotRatedLabel.Visible = (rating == 0);
//description
DescriptionLabel.Text = String.IsNullOrEmpty(co.Description) ? "No description available." : co.Description;
AddHeaderTag("meta", "og:description", co.Description);
upAxis.Value = co.UpAxis;
unitScale.Value = co.UnitScale;
//keywords
var keywordsList = string.IsNullOrEmpty(co.Keywords) ? new String[0] : co.Keywords.Split(new char[] { ',' });
foreach (var keyword in keywordsList)
{
HyperLink link = new HyperLink()
{
Text = keyword,
NavigateUrl = "~/Public/Results.aspx?ContentObjectID=" + ContentObjectID + "&Keywords=" + Server.UrlEncode(keyword.Trim()),
CssClass = "Hyperlink"
};
keywords.Controls.Add(link);
keywords.Controls.Add(new LiteralControl(" "));
}
//more details
this.MoreDetailsHyperLink.NavigateUrl = co.MoreInformationURL;
this.MoreDetailsHyperLink.Text = co.MoreInformationURL;
string submitterFullName = Website.Common.GetFullUserName(co.SubmitterEmail);
if (co.UploadedDate != null)
{
UploadedDateLabel.Text = "Uploaded by: " + submitterFullName + " on " + co.UploadedDate.ToString();
}
//sponsor logo
if (!string.IsNullOrEmpty(co.SponsorLogoImageFileName))
{
this.SponsorLogoImage.ImageUrl = String.Format("Serve.ashx?pid={0}&mode=GetSponsorLogo", co.PID);
}
this.SponsorNameLabel.Text = co.SponsorName;
//developr logo
if (!string.IsNullOrEmpty(co.DeveloperLogoImageFileName))
{
this.DeveloperLogoImage.ImageUrl = String.Format("Serve.ashx?pid={0}&mode=GetDeveloperLogo", co.PID);
}
//this.DeveloperLogoRow.Visible = !string.IsNullOrEmpty(co.DeveloperLogoImageFileName);
//developer name
this.DeveloperNameHyperLink.NavigateUrl = "~/Public/Results.aspx?ContentObjectID=" + ContentObjectID + "&DeveloperName=" + Server.UrlEncode(co.DeveloperName);
this.DeveloperNameHyperLink.Text = co.DeveloperName;
if (String.IsNullOrEmpty(co.ArtistName))
{
}
else
{
this.ArtistNameHyperLink.NavigateUrl = "~/Public/Results.aspx?ContentObjectID=" + ContentObjectID + "&ArtistName=" + Server.UrlEncode(co.ArtistName);
this.ArtistNameHyperLink.Text = co.ArtistName;
}
//this.DeveloperRow.Visible = !string.IsNullOrEmpty(co.DeveloperName);
this.FormatLabel.Text = ((string.IsNullOrEmpty(co.Format)) ? "Unknown" : co.Format);
//num polygons
this.NumPolygonsLabel.Text = co.NumPolygons.ToString();
//num textures
this.NumTexturesLabel.Text = co.NumTextures.ToString();
//cclrow
this.CCLHyperLink.NavigateUrl = co.CreativeCommonsLicenseURL;
if (!string.IsNullOrEmpty(co.CreativeCommonsLicenseURL))
{
switch (co.CreativeCommonsLicenseURL.ToLower().Trim())
{
case "http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by-nc-sa.png";
this.CCLHyperLink.ToolTip = "by-nc-sa";
break;
case "http://creativecommons.org/licenses/by-nc-nd/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by-nc-nd.png";
this.CCLHyperLink.ToolTip = "by-nc-nd";
break;
case "http://creativecommons.org/licenses/by-nc/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by-nc.png";
this.CCLHyperLink.ToolTip = "by-nc";
break;
case "http://creativecommons.org/licenses/by-nd/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by-nd.png";
this.CCLHyperLink.ToolTip = "by-nd";
break;
case "http://creativecommons.org/licenses/by-sa/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by-sa.png";
this.CCLHyperLink.ToolTip = "by-sa";
break;
case "http://creativecommons.org/publicdomain/mark/1.0/":
this.CCLHyperLink.ImageUrl = "../styles/images/publicdomain.png";
this.CCLHyperLink.ToolTip = "Public Domain";
break;
case "http://creativecommons.org/licenses/by/3.0/legalcode":
this.CCLHyperLink.ImageUrl = "../styles/images/by.png";
this.CCLHyperLink.ToolTip = "by";
break;
}
}
//downloads
DownloadsLabel.Text = co.Downloads.ToString();
this.DownloadsRow.Visible = !string.IsNullOrEmpty(co.Downloads.ToString());
//views
ViewsLabel.Text = co.Views.ToString();
this.ViewsRow.Visible = !string.IsNullOrEmpty(co.Views.ToString());
//download buton
//this.DownloadButton.Visible = Context.User.Identity.IsAuthenticated;
this.CommentsGridView.DataSource = co.Reviews;
this.CommentsGridView.DataBind();
//SupportingFileGrid.DataSource = co.SupportingFiles;
//if(Permission < ModelPermissionLevel.Fetchable)
// ((ButtonField)SupportingFileGrid.Columns[2]).ImageUrl = "../styles/images/icons/expand_disabled.jpg";
//SupportingFileGrid.DataBind();
//SupportingFileGrid.Enabled = Permission >= ModelPermissionLevel.Fetchable;
EditKeywords.Text = co.Keywords;
EditDistributionDeterminationDate.Text = co.Distribution_Determination_Date.ToString();
EditDistributionOffice.Text = co.Distribution_Contolling_Office;
EditDistributionReasonLabel.Text = co.Distribution_Reason;
EditDistributionRegulation.Text = co.Distribution_Regulation;
DistributionLabel.Text = Enum.GetName(typeof(DistributionGrade), co.Distribution_Grade);
DistributionStatementText.InnerText = GetDistributionText(co);
}
}
public ModelPermissionLevel Max(ModelPermissionLevel i1, ModelPermissionLevel i2)
{
return((ModelPermissionLevel)Math.Max((int)i1, (int)i2));
}
public PermissionErrorCode SetModelToGroupLevel(string userRequestingChange, string pid, UserGroup group, ModelPermissionLevel level)
{
//you must be the model owner, or you must be removing the model
bool modelauth = false;
if (GetModelOwner(pid).Equals(userRequestingChange, StringComparison.CurrentCultureIgnoreCase) || level == ModelPermissionLevel.Invisible)
{
modelauth = true;
}
//You must be either the group owner, or you must be in the group and the group must allows users to add models
bool groupauth = false;
if (group.Owner.Equals(userRequestingChange, StringComparison.CurrentCultureIgnoreCase))
{
groupauth = true;
}
//if your in the group, the groups allows users to add, and your are not setting it to 0 - which is remove
if (UserIsInGroup(userRequestingChange, group) && group.PolicyLevel == GroupPolicyLevel.UsersAdd && level > ModelPermissionLevel.Invisible)
{
groupauth = true;
}
//this you're in the group, the group allows members to remove, and you are removing
if (UserIsInGroup(userRequestingChange, group) && group.PolicyLevel == GroupPolicyLevel.UsersAddRemove)
{
groupauth = true;
}
//The owner of the model is always allowed to change it from the group, even if he is no longer in the group
if (GetModelsInGroup(group).Contains(pid) && GetModelOwner(pid).Equals(userRequestingChange, StringComparison.CurrentCultureIgnoreCase))
{
groupauth = true;
}
string admin = System.Configuration.ConfigurationManager.AppSettings["DefaultAdminName"];
if (userRequestingChange.Equals(admin, StringComparison.CurrentCultureIgnoreCase))
{
groupauth = true;
modelauth = true;
}
//anyone can add models to the default groups
if (group.GroupName == DefaultGroups.AllUsers || group.GroupName == DefaultGroups.AnonymousUsers)
{
groupauth = true;
}
//You must be authorized on both the model and the group
if (!(groupauth && modelauth))
{
return(PermissionErrorCode.NotAuthorized);
}
var mConnection = GetConnection();
using (var command = mConnection.CreateCommand())
{
command.CommandText = "{CALL SetPermission(?,?,?)}";
command.Parameters.AddWithValue("inpid", pid);
command.Parameters.AddWithValue("ingroupname", group.GroupName);
command.Parameters.AddWithValue("plevel", level);
command.ExecuteScalar();
}
return(PermissionErrorCode.Ok);
}
//Add a model to a group
public PermissionErrorCode SetModelToGroupLevel(string userRequestingChange, string pid, string groupname, ModelPermissionLevel level)
{
//The group must exist
if (!GroupExists(groupname))
{
return(PermissionErrorCode.DoesNotExist);
}
return(SetModelToGroupLevel(userRequestingChange, pid, GetUserGroup(groupname), level));
}
public PermissionErrorCode SetModelToUserLevel(string userRequestingChange, string pid, string userName, ModelPermissionLevel level)
{
//you must be the model owner, or you must be removing the model
bool modelauth = false;
if (GetPermissionLevel(userRequestingChange, pid) >= ModelPermissionLevel.Admin || level == ModelPermissionLevel.Invisible)
{
modelauth = true;
}
//You must be authorized on both the model and the group
if (!modelauth)
{
return(PermissionErrorCode.NotAuthorized);
}
var connection = GetConnection();
using (var command = connection.CreateCommand())
{
command.CommandText = "{CALL SetUserPermission(?,?,?);}";
command.CommandType = System.Data.CommandType.StoredProcedure;
command.Parameters.AddWithValue("username", userName);
command.Parameters.AddWithValue("pid", pid);
command.Parameters.AddWithValue("plevel", level);
command.ExecuteScalar();
}
return(PermissionErrorCode.Ok);
}
public string SavePermissions(string type, string pid, List <string> targets, List <string> permissions, bool temp)
{
PermissionsManager permissionsManager = new PermissionsManager();
HttpContext context = HttpContext.Current;
string identity = context.User.Identity.Name;
pid = context.Server.UrlDecode(pid);
if (targets.Count == permissions.Count &&
(type == "user" || type == "group"))
{
for (int i = 0; i < targets.Count; i++)
{
ModelPermissionLevel perm = (ModelPermissionLevel)(Int32.Parse(permissions[i]));
if (type == "group")
{
//Transform any end-user-view groupnames into codebehind groupnames
if (targets[i] == PermissionsManager.ALL_USERS_LABEL)
{
targets[i] = DefaultGroups.AllUsers;
}
else if (targets[i] == PermissionsManager.ANONYMOUS_USERS_LABEL)
{
targets[i] = DefaultGroups.AnonymousUsers;
}
}
PermissionErrorCode errorCode = PermissionErrorCode.Ok;
if (type == "user" && !Website.Common.IsValidUser(targets[i]))
{
errorCode = PermissionErrorCode.DoesNotExist;
}
else
{
if (temp)
{
if (type == "group")
{
_tempGroupPermissions[targets[i]] = perm;
}
else
{
_tempUserPermissions[targets[i]] = perm;
}
}
else
{
errorCode = (type == "group")
? permissionsManager.SetModelToGroupLevel(identity, pid, targets[i], perm)
: permissionsManager.SetModelToUserLevel(identity, pid, targets[i], perm);
}
}
switch (errorCode)
{
case PermissionErrorCode.Ok:
context.Response.StatusCode = 200;
break;
case PermissionErrorCode.NotAuthorized:
context.Response.StatusCode = 401;
break;
default:
context.Response.StatusCode = 400;
break;
}
if (errorCode != PermissionErrorCode.Ok)
{
break;
}
}
}
else
{
context.Response.StatusCode = 400;
}
permissionsManager.Dispose();
//TODO: Add more specific error messages
return((context.Response.StatusCode == 200) ? "success" : "failure");
}
