Beispiel #1
0
        /// <summary>
        /// Detects the permissions for the current user.
        /// </summary>
        /// <remarks><b>currentPage</b> should be set before calling this method.</remarks>
        private void DetectPermissions()
        {
            string currentUser = SessionFacade.GetCurrentUsername();

            string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki);

            AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki));

            if (currentPage != null)
            {
                Pages.CanEditPage(currentPage.Provider.CurrentWiki, currentPage.FullName, currentUser, currentGroups, out canEdit, out canEditWithApproval);
                canCreateNewPages      = false;            // Least privilege
                canCreateNewCategories = authChecker.CheckActionForNamespace(Pages.FindNamespace(currentWiki, NameTools.GetNamespace(currentPage.FullName)),
                                                                             Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
                canManagePageCategories = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.ManageCategories, currentUser, currentGroups);
                canDownloadAttachments  = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.DownloadAttachments, currentUser, currentGroups);
            }
            else
            {
                NamespaceInfo ns = DetectNamespaceInfo();
                canCreateNewPages       = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups);
                canCreateNewCategories  = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
                canManagePageCategories = canCreateNewCategories;
                canDownloadAttachments  = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups);
            }
        }
Beispiel #2
0
        /// <summary>
        /// Detects the permissions for the current user.
        /// </summary>
        /// <remarks><b>currentPage</b> should be set before calling this method.</remarks>
        private void DetectPermissions()
        {
            // Sueetie Modified - Bug fix for session expiring and user not known
            if (!Page.User.Identity.IsAuthenticated)
            {
                Response.Redirect("accessdenied.aspx");
                return;
            }

            MembershipUser _user       = Membership.GetUser();
            var            currentUser = _user.UserName;
            UserInfo       user        = Users.FindUser(_user.UserName);

            if (user == null)
            {
                Response.Redirect("/members/message.aspx?msgid=2");
                return;
            }

            var currentGroups = SessionFacade.GetCurrentGroupNames();

            currentGroups = UserGroups(user);
            if (HttpContext.Current.Session == null)
            {
                if (user == null)
                {
                    user = Users.FindUser(_user.UserName);
                }
                SessionFacade.LoginKey        = ConfigurationManager.AppSettings["SUEETIE.WikiLoginKey"].ToString();
                SessionFacade.CurrentUsername = user.Username;
                Session["Logout"]             = null;
                Log.LogEntry("User " + user.Username + " auto-logged in through edit bug fix session restart", EntryType.General, "SUEETIE");
            }
            // END - Bug fix for session expiring and user not known

            if (currentPage != null)
            {
                Pages.CanEditPage(currentPage, currentUser, currentGroups, out canEdit, out canEditWithApproval);
                canCreateNewPages      = false; // Least privilege
                canCreateNewCategories = AuthChecker.CheckActionForNamespace(Pages.FindNamespace(NameTools.GetNamespace(currentPage.FullName)),
                                                                             Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
                canManagePageCategories = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageCategories, currentUser, currentGroups);
                canDownloadAttachments  = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUser, currentGroups);
            }
            else
            {
                NamespaceInfo ns = DetectNamespaceInfo();
                canCreateNewPages       = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups);
                canCreateNewCategories  = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
                canManagePageCategories = canCreateNewCategories;
                canDownloadAttachments  = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups);
            }
        }
Beispiel #3
0
        protected void Page_Load(object sender, EventArgs e)
        {
            discussMode  = Request["Discuss"] != null;
            viewCodeMode = Request["Code"] != null && !discussMode;
            if (!Settings.EnableViewPageCodeFeature)
            {
                viewCodeMode = false;
            }

            currentPage = DetectPageInfo(true);

            VerifyAndPerformRedirects();

            // The following actions are verified:
            // - View content (redirect to AccessDenied)
            // - Edit or Edit with Approval (for button display)
            // - Any Administrative activity (Rollback/Admin/Perms) (for button display)
            // - Download attachments (for button display - download permissions are also checked in GetFile)
            // - View discussion (for button display in content mode)
            // - Post discussion (for button display in discuss mode)

            string currentUsername = SessionFacade.GetCurrentUsername();

            string[] currentGroups = SessionFacade.GetCurrentGroupNames();

            bool canView             = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadPage, currentUsername, currentGroups);
            bool canEdit             = false;
            bool canEditWithApproval = false;

            Pages.CanEditPage(currentPage, currentUsername, currentGroups, out canEdit, out canEditWithApproval);
            if (canEditWithApproval && canEdit)
            {
                canEditWithApproval = false;
            }

            bool canDownloadAttachments = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUsername, currentGroups);
            bool canSetPerms            = AuthChecker.CheckActionForGlobals(Actions.ForGlobals.ManagePermissions, currentUsername, currentGroups);
            bool canAdmin            = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManagePage, currentUsername, currentGroups);
            bool canViewDiscussion   = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups);
            bool canPostDiscussion   = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.PostDiscussion, currentUsername, currentGroups);
            bool canManageDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageDiscussion, currentUsername, currentGroups);

            if (!canView)
            {
                if (SessionFacade.LoginKey == null)
                {
                    UrlTools.Redirect("Login.aspx?Redirect=" + Tools.UrlEncode(Request.Url.ToString()));
                }
                else
                {
                    UrlTools.Redirect(UrlTools.BuildUrl("AccessDenied.aspx"));
                }
            }
            attachmentViewer.Visible = canDownloadAttachments;

            attachmentViewer.PageInfo = currentPage;
            currentContent            = Content.GetPageContent(currentPage, true);

            pnlPageInfo.Visible = Settings.EnablePageInfoDiv;

            SetupTitles();

            SetupToolbarLinks(canEdit || canEditWithApproval, canViewDiscussion, canPostDiscussion, canDownloadAttachments, canAdmin, canAdmin, canSetPerms);

            SetupLabels();
            SetupPrintAndRssLinks();
            SetupMetaInformation();
            VerifyAndPerformPageRedirection();
            SetupRedirectionSource();
            SetupNavigationPaths();
            SetupAdjacentPages();

            SessionFacade.Breadcrumbs.AddPage(currentPage);
            SetupBreadcrumbsTrail();

            SetupDoubleClickHandler();

            SetupEmailNotification();

            SetupPageContent(canPostDiscussion, canManageDiscussion);
        }