protected virtual PermissionCheckResult IsAllowedByPermission(PermissionCheckRequest request, List <string> permissionList)
{
PermissionCheckResult checkResult = new PermissionCheckResult();
checkResult.RequestedPermission = request.Permission;
checkResult.PermissionResolveMode = PermissionResolveMode.Default;
PermissionSearchObject permissionSearch = new PermissionSearchObject();
permissionSearch.NameWithHierarchy = request.Permission;
permissionSearch.RetrieveAll = true;
var permissionResult = PermissionService.Value.GetPage(permissionSearch);
foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length))
{
var permissionSelect = permissionResult.ResultList.Where(y => y.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase)).ToList();
//first check is this permission disabled in any role
if (permissionSelect.Any(x => x.IsAllowed == false))
{
checkResult.IsAllowed = false;
checkResult.ResolvedByPermission = currentPermission;
break;
}
//is this method allowed in any role
else if (permissionSelect.Any(x => x.IsAllowed == true))
{
checkResult.IsAllowed = true;
checkResult.ResolvedByPermission = currentPermission;
break;
}
}
return(checkResult);
}
private void LogCheckResult(string endPointId, PermissionCheckResult checkResult)
{
var logMsg = $"{endPointId} => {checkResult.GetVoteDescription()}";
_logger.LogInformation(logMsg);
//PermissionCheckDebugHelper.Instance.SetLastResultDescription(endPointId + checkResult.GetVoteDescription());
PermissionCheckDebugHelper.Instance.AppendPermissionCheckResults(checkResult);
}
public virtual PermissionCheckResult IsAllowed(PermissionCheckRequest request)
{
PermissionCheckResult isAllowed = null;
string[] roleList = (string[])ActionContext.Value.Data["RoleList"];
isAllowed = IsAllowedByRole(request, roleList);
return(isAllowed);
}
public PermissionCheckDetailsRow(string desc, PermissionCheckResult checkResult)
{
iconCell.Value = checkResult == PermissionCheckResult.OK
? Resources._000_Tick_h32bit_16
: checkResult == PermissionCheckResult.Warning
? Resources._000_Alert2_h32bit_16
: Resources._000_Abort_h32bit_16;
descriptionCell.Value = desc;
}
private void UpdateHeaderRow(PermissionCheckHeaderRow headerRow, PermissionCheckResult checkResult)
{
Program.AssertOffEventThread();
Program.Invoke(this, delegate
{
headerRow.SetPermissionCheckInProgress(false);
headerRow.UpdateDescription(checkResult);
});
}
public ActionItemsDisplayViewData(ProjectFirmaModels.Models.Project project, ActionItemsGridSpec actionItemsGridSpec, string actionItemsGridName, string actionItemsGridDataUrl, PermissionCheckResult userCanViewActionItems, PermissionCheckResult userCanCreateActionItems, string addNewActionItemUrl)
{
Project = project;
ActionItemsGridSpec = actionItemsGridSpec;
ActionItemsGridName = actionItemsGridName;
ActionItemsGridDataUrl = actionItemsGridDataUrl;
UserCanViewActionItems = userCanViewActionItems;
UserCanCreateActionItems = userCanCreateActionItems;
AddNewActionItemUrl = addNewActionItemUrl;
}
public void UpdateDescription(PermissionCheckResult permissionCheckResult)
{
string result = permissionCheckResult == PermissionCheckResult.OK
? Messages.GENERAL_STATE_OK
: permissionCheckResult == PermissionCheckResult.Warning
? Messages.WARNING
: Messages.FAILED;
descriptionCell.Value = string.Format("{0} {1}", description, result);
}
private void AddDetailsRow(string desc, PermissionCheckResult checkResult)
{
Program.AssertOffEventThread();
Program.Invoke(this, delegate
{
PermissionCheckDetailsRow detailsRow =
new PermissionCheckDetailsRow(desc, checkResult);
dataGridViewEx1.Rows.Add(detailsRow);
});
}
public async Task CheckPermissionWithTargetUserAsync()
{
PermissionCheckResult result = await this.user.Services.PrivacyService.CheckPermissionWithTargetUserAsync(PermissionIdConstants.ViewTargetVideoHistory, "2814680291986301");
MockXboxLiveData.MockRequestData mockRequestData = MockXboxLiveData.MockResponses["defaultCheckPermissionsResponse"];
JObject responseJson = JObject.Parse(mockRequestData.Response.ResponseBodyString);
Assert.AreEqual("GET", mockRequestData.Request.Method);
Assert.AreEqual("https://privacy.xboxlive.com/users/xuid(2814662072777140)/permission/validate?setting=ViewTargetVideoHistory&target=xuid(2814680291986301)", mockRequestData.Request.Url);
VerifyPermissionCheckResult(result, responseJson);
}
public virtual PermissionCheckResult IsAllowed(Model.Requests.PermissionCheckRequest request)
{
PermissionCheckResult isAllowed = null;
string[] roleList = null;
object roleListTmp;
if (ActionContext.Value.Data.TryGetValue("RoleList", out roleListTmp))
{
roleList = (string[])roleListTmp;
}
isAllowed = IsAllowedByRole(request, roleList);
isAllowed.IsAuthorized = ActionContext.Value.Data.ContainsKey("UserId");
return(isAllowed);
}
protected void Page_Load(object sender, EventArgs e)
{
Scripts.InitilizeHtmlEditor(this, phEditor, ref htmlEditor, ref ckeditor, "500px", "200px");
canSendEcardPermissionResult = CurrentUserSession.CanSendEcards();
if (canSendEcardPermissionResult == PermissionCheckResult.YesWithCredits)
btnSend.OnClientClick =
String.Format("return confirm(\"" + "Sending this e-card will subtract {0} credits from your balance.".Translate() +"\");",
CurrentUserSession.BillingPlanOptions.CanSendEcards.Credits);
if (!IsPostBack)
{
loadStrings();
}
}
void VerifyPermissionCheckResult(PermissionCheckResult result, JObject resultToVerify)
{
var isAllowed = resultToVerify.SelectToken("isAllowed").Value <bool>();
Assert.AreEqual(result.IsAllowed, isAllowed);
int index = 0;
JArray jsonReasons = (JArray)(resultToVerify)["reasons"];
if (jsonReasons != null)
{
foreach (var reason in jsonReasons)
{
Assert.AreEqual(result.Reasons[index].Reason, reason["reason"].ToString());
++index;
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
Scripts.InitilizeHtmlEditor(this.Page, phEditor, ref htmlEditor, ref ckeditor, "500px", "200px");
lblError.Text = "";
if (CurrentUserSession != null)
{
permissionCheckResult = CurrentUserSession.CanCreateBlogs();
if (permissionCheckResult == PermissionCheckResult.YesWithCredits)
{
btnSaveChanges.OnClientClick =
String.Format("return confirm(\"" + "Posting this blog post will subtract {0} credits from your balance.".Translate() + "\");",
CurrentUserSession.BillingPlanOptions.CanCreateBlogs.Credits);
}
}
if (!Page.IsPostBack)
{
LoadStrings();
}
}
private void RetrieveRBACWarnings()
{
SetUpdating();
foreach (var connectionChecks in checksPerConnectionDict)
{
IXenConnection connection = connectionChecks.Key;
PermissionCheckHeaderRow headerRow = AddHeaderRow(connection);
PermissionCheckResult checkResult = PermissionCheckResult.OK;
if (connection.Session.IsLocalSuperuser || connectionChecks.Value.Count == 0)
{
SetNoWarnings();
}
else
{
List <WizardPermissionCheck> errors;
List <WizardPermissionCheck> warnings;
checkResult = RunPermissionChecks(connection, connectionChecks.Value, out errors, out warnings);
switch (checkResult)
{
case PermissionCheckResult.OK:
SetNoWarnings();
break;
case PermissionCheckResult.Warning:
AddWarnings(connection, warnings);
break;
case PermissionCheckResult.Failed:
AddErrors(connection, errors);
break;
}
}
UpdateHeaderRow(headerRow, checkResult);
}
FinishedUpdating();
}
private PermissionCheckResult RunPermissionChecks(IXenConnection connection,
List <WizardPermissionCheck> permissionChecks, out List <WizardPermissionCheck> errors,
out List <WizardPermissionCheck> warnings)
{
PermissionCheckResult checkResult = PermissionCheckResult.OK;
errors = new List <WizardPermissionCheck>();
warnings = new List <WizardPermissionCheck>();
foreach (WizardPermissionCheck wpc in permissionChecks)
{
List <Role> rolesAbleToComplete = Role.ValidRoleList(wpc.ApiCallsToCheck, connection);
List <Role> subjectRoles = connection.Session.Roles;
if (subjectRoles.Find(rolesAbleToComplete.Contains) != null)
{
continue;
}
log.DebugFormat("Failed RBAC check: {0}", wpc.WarningMessage);
if (wpc.Blocking)
{
errors.Add(wpc);
checkResult = PermissionCheckResult.Failed;
}
else
{
warnings.Add(wpc);
if (checkResult == PermissionCheckResult.OK)
{
checkResult = PermissionCheckResult.Warning;
}
}
}
return(checkResult);
}
protected virtual PermissionCheckResult IsAllowedByRole(PermissionCheckRequest request, string[] roleList)
{
if (request == null || string.IsNullOrWhiteSpace(request.Permission))
{
throw new ApplicationException("Permission must be set");
}
request.Permission = request.Permission.ToLower();
PermissionCheckResult checkResult = new PermissionCheckResult();
List <string> permissionList = new List <string>();
permissionList.Add(request.Permission);
if (!request.IsExactMatchRequired)
{
string[] permissionParts = request.Permission.Split('.');
StringBuilder previousPermissionPart = new StringBuilder();
for (int i = 0; i < permissionParts.Length - 1; i++)
{
string permissionPart = permissionParts[i];
previousPermissionPart.Append(permissionPart + ".");
string permissionTemp = previousPermissionPart.ToString() + "*";
permissionList.Add(permissionTemp);
}
//add root permission to list
permissionList.Add("*");
}
bool isHandled = false;
if (roleList != null && roleList.Length > 0)
{
checkResult.RequestedPermission = request.Permission;
checkResult.PermissionResolveMode = PermissionResolveMode.Role;
RoleSearchObject search = new RoleSearchObject();
foreach (var role in roleList)
{
search.NameList.Add(role);
}
search.PermissionName = request.Permission;
var result = RoleService.Value.GetPage(search);
foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length))
{
var permissionSelect = result.ResultList
.SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList();
//first check is this permission disabled in any role
if (permissionSelect.Any(x => x.IsAllowed == false))
{
checkResult.IsAllowed = false;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
//is this method allowed in any role
else if (permissionSelect.Any(x => x.IsAllowed == true))
{
checkResult.IsAllowed = true;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
}
}
if (!isHandled && !request.IsDefaultResolveModeDisabled)
{
checkResult = IsAllowedByPermission(request, permissionList);
}
return(checkResult);
}
public static PermissionCheckResult Combine(this IEnumerable <PermissionCheckResult> permissionCheckResults)
{
return(PermissionCheckResult.Combine(permissionCheckResults?.ToArray()));
}
public PermissionCheckDetailsRow(string desc, PermissionCheckResult checkResult)
{
iconCell.Value = checkResult == PermissionCheckResult.OK
? Resources._000_Tick_h32bit_16
: checkResult == PermissionCheckResult.Warning
? Resources._000_Alert2_h32bit_16
: Resources._000_Abort_h32bit_16;
descriptionCell.Value = desc;
}
protected void Page_Load(object sender, EventArgs e)
{
lblError.Text = "";
permission = CurrentUserSession.CanReadEmail();
if (!Page.IsPostBack)
{
LoadStrings();
SetActiveLinkButton(lnkInbox);
//if (Page.Request.Params["sel"] == "recec")
// lnkFolder_Click(lnkReceivedEcards, null);
//else if (Page.Request.Params["sel"] == "sentec")
// lnkFolder_Click(lnkSentEcards, null);
//if (Page.Request.Params["sel"] == "recgft")
// lnkFolder_Click(lnkReceivedGifts, null);
//else if (Page.Request.Params["sel"] == "sentgft")
// lnkFolder_Click(lnkSentGifts, null);
//if (Page.Request.Params["sel"] == "recwnk")
// lnkFolder_Click(lnkReceivedWinks, null);
//else if (Page.Request.Params["sel"] == "sentwnk")
// lnkFolder_Click(lnkSentWinks, null);
if (!string.IsNullOrEmpty(Page.Request.Params["uid"]))
{
currentMessageFolder = Message.eFolder.Inbox;
txtSearchMail.Text = Page.Request.Params["uid"];
//pnlEcards.Visible = false;
btnFilter_Click(null, null);
}
else
{
lnkFolder_Click(lnkInbox, null);
if (lnkInbox.ID == "lnkTrash")
btnDelete.Attributes.Add("onclick", String.Format("javascript: return confirm('{0}')",
"Do you really want to delete selected messages?".Translate()));
}
}
ScriptManager scriptManager = ScriptManager.GetCurrent(Page);
if (scriptManager != null)
scriptManager.Navigate += scriptManager_Navigate;
}
public void UpdateDescription(PermissionCheckResult permissionCheckResult)
{
string result = permissionCheckResult == PermissionCheckResult.OK
? Messages.GENERAL_STATE_OK
: permissionCheckResult == PermissionCheckResult.Warning
? Messages.WARNING
: Messages.FAILED;
descriptionCell.Value = string.Format("{0} {1}", description, result);
}
private void AddDetailsRow(string desc, PermissionCheckResult checkResult)
{
Program.AssertOffEventThread();
Program.Invoke(this, delegate
{
PermissionCheckDetailsRow detailsRow =
new PermissionCheckDetailsRow(desc, checkResult);
dataGridViewEx1.Rows.Add(detailsRow);
});
}
private void UpdateHeaderRow(PermissionCheckHeaderRow headerRow, PermissionCheckResult checkResult)
{
Program.AssertOffEventThread();
Program.Invoke(this, delegate
{
headerRow.SetPermissionCheckInProgress(false);
headerRow.UpdateDescription(checkResult);
});
}
protected void Page_Load(object sender, EventArgs e)
{
lblError.Text = "";
permission = CurrentUserSession.CanReadEmail();
if (!Page.IsPostBack)
{
LoadStrings();
if (Page.Request.Params["sel"] == "recec")
lnkReceivedEcards_Click(null, null);
else if (Page.Request.Params["sel"] == "sentec")
lnkSentEcards_Click(null, null);
else if (!string.IsNullOrEmpty(Page.Request.Params["uid"]))
{
currentFolder = Message.eFolder.Inbox;
txtSearchMail.Text = Page.Request.Params["uid"];
pnlReceivedEcards.Visible = false;
btnFilter_Click(null, null);
}
else
{
lnkInbox_Click(null, null);
btnDelete.Attributes.Add("onclick",
String.Format("javascript: return confirm('{0}')",
Lang.Trans("Do you really want to delete selected messages?")));
}
}
ScriptManager scriptManager = ScriptManager.GetCurrent(Page);
if (scriptManager != null)
scriptManager.Navigate += scriptManager_Navigate;
}
