Beispiel #1
0
        /// <summary>
        /// Handles the Click event of the btnSave control.
        /// </summary>
        /// <param name="sender">The source of the event.</param>
        /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
        protected void btnSave_Click(object sender, EventArgs e)
        {
            var highProfile    = RoleCache.Get(ddlHighRoles.SelectedValue.AsInteger());
            var extremeProfile = RoleCache.Get(ddlExtremeRoles.SelectedValue.AsInteger());

            if (highProfile == null || extremeProfile == null)
            {
                return;
            }

            _securitySettingsService.SecuritySettings.AccountProtectionProfilesForDuplicateDetectionToIgnore =
                cblIgnoredAccountProtectionProfiles.SelectedValuesAsInt.Select(a => ( AccountProtectionProfile )a).ToList();

            _securitySettingsService.SecuritySettings.DisableTokensForAccountProtectionProfiles =
                cblDisableTokensForAccountProtectionProfiles.SelectedValuesAsInt.Select(a => ( AccountProtectionProfile )a).ToList();

            _securitySettingsService.SecuritySettings.AccountProtectionProfileSecurityGroup.AddOrReplace(AccountProtectionProfile.Extreme, extremeProfile);
            _securitySettingsService.SecuritySettings.AccountProtectionProfileSecurityGroup.AddOrReplace(AccountProtectionProfile.High, highProfile);

            if (_securitySettingsService.Save())
            {
                nbSaveResult.Text = "Your Security Settings have been saved.";
                nbSaveResult.NotificationBoxType = NotificationBoxType.Success;
                nbSaveResult.Visible             = true;
            }
            else
            {
                var errors = "<li>" + _securitySettingsService.ValidationResults.Select(r => r.ErrorMessage).JoinStrings("</li><li>") + "</li>";
                errors = errors.Replace("<li></li>", string.Empty);

                nbSaveResult.Text = $"The following errors occurred while trying to save:<ul>{errors}</ul>";
                nbSaveResult.NotificationBoxType = NotificationBoxType.Danger;
                nbSaveResult.Visible             = true;
            }
        }
Beispiel #2
0
        /// <summary>
        /// Gets the ordered explicit authorization rules for an entity. The first rule in the list
        /// should be checked first, and so on. The order follows from the first explicit rule on the
        /// entity to the last explicit rule on the entity, then the first explicit rule on the parent
        /// entity to the last explicit rule on the parent entity and so on.
        /// </summary>
        /// <param name="entity">The entity.</param>
        /// <returns>A collection of explicit authorization rules in the proper order.</returns>
        private static List <string> GetOrderedExplicitAuthorizationRules(ISecured entity)
        {
            var explicitRules = new List <string>();

            if (entity == null)
            {
                return(explicitRules);
            }

            //
            // Get the ancestor authorization rules.
            //
            var parentEntity = entity.ParentAuthority;

            if (parentEntity != null)
            {
                explicitRules = GetOrderedExplicitAuthorizationRules(parentEntity);
            }

            var authRules = Authorization.AuthRules(entity.TypeId, entity.Id, Authorization.VIEW);

            //
            // Walk each rule in descending order so that the final order is correct
            // since we insert rules at index 0.
            //
            foreach (var rule in authRules.OrderByDescending(a => a.Order))
            {
                string entityIdentifier;

                if (rule.SpecialRole != SpecialRole.None)
                {
                    entityIdentifier = $"S:{( int ) rule.SpecialRole}";
                }
                else if (rule.GroupId.HasValue)
                {
                    var role = RoleCache.Get(rule.GroupId.Value);

                    if (role == null)
                    {
                        continue;
                    }

                    entityIdentifier = $"G:{role.Guid}";
                }
                else if (rule.PersonId.HasValue)
                {
                    /* Not currently supported, maybe in the future. -dsh */
                    continue;
                }
                else
                {
                    continue;
                }

                explicitRules.Insert(0, $"{entityIdentifier}:{rule.AllowOrDeny}");
            }

            return(explicitRules);
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="SecuritySettingsService"/> class.
        /// </summary>
        public SecuritySettingsService()
        {
            _validationResults = new List <ValidationResult>();
            var securitySettings = SystemSettings.GetValue(SYSTEM_SETTING_KEY).FromJsonOrNull <SecuritySettings>();

            if (securitySettings == null)
            {
                securitySettings = GetDefaultSecuritySettings();
            }
            else
            {
                var keys = securitySettings.AccountProtectionProfileSecurityGroup.Keys.ToList();
                foreach (var key in keys)
                {
                    var roleCache = securitySettings.AccountProtectionProfileSecurityGroup[key];
                    securitySettings.AccountProtectionProfileSecurityGroup[key] = RoleCache.Get(roleCache.Id);
                }
            }

            SecuritySettings = securitySettings;
        }
Beispiel #4
0
 /// <summary>
 /// Gets the or add existing.
 /// </summary>
 /// <param name="key">The key.</param>
 /// <param name="valueFactory">The value factory.</param>
 /// <returns></returns>
 public static Role GetOrAddExisting(string key, Func <Role> valueFactory)
 {
     // This mehod should not have been public, but it was, so leaving it with just a get.
     return(new Role(RoleCache.Get(key.AsInteger())));
 }
Beispiel #5
0
 /// <summary>
 /// Returns Role object from cache.  If role does not already exist in cache, it
 /// will be read and added to cache
 /// </summary>
 /// <param name="id">The id.</param>
 /// <returns></returns>
 public static Role Read(int id)
 {
     return(new Role(RoleCache.Get(id)));
 }
Beispiel #6
0
        /// <summary>
        /// Find the matching Auth record for this entity, action and person combination. Only explicit
        /// Auth records are checked.
        /// </summary>
        /// <param name="entity">The entity whose Auth records we are going to search for.</param>
        /// <param name="action">The type of action that is to be authenticated.</param>
        /// <param name="person">The person that is requesting permission.</param>
        /// <returns>An Auth object if an explicit permission was found, otherwise null.</returns>
        Auth MatchingAuth(ISecured entity, string action, Person person)
        {
            var rockContext = new RockContext();
            var authService = new AuthService(rockContext);

            var  rules      = authService.Get(entity.TypeId, entity.Id).Where(a => a.Action == action).ToList();
            bool matchFound = false;
            bool authorized = false;

            foreach (var authRule in rules)
            {
                // All Users
                if (authRule.SpecialRole == SpecialRole.AllUsers)
                {
                    matchFound = true;
                    authorized = authRule.AllowOrDeny == "A";
                    return(authRule);
                }

                // All Authenticated Users
                if (!matchFound && authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && person != null)
                {
                    matchFound = true;
                    authorized = authRule.AllowOrDeny == "A";
                    return(authRule);
                }

                // All Unauthenticated Users
                if (!matchFound && authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && person == null)
                {
                    matchFound = true;
                    authorized = authRule.AllowOrDeny == "A";
                    return(authRule);
                }

                if (!matchFound && authRule.SpecialRole == SpecialRole.None && person != null)
                {
                    // See if person has been authorized to entity
                    if (authRule.PersonAliasId.HasValue &&
                        person.Aliases.Where(a => a.Id == authRule.PersonAliasId.Value).Any())
                    {
                        matchFound = true;
                        authorized = authRule.AllowOrDeny == "A";
                        return(authRule);
                    }

                    // See if person is in role authorized
                    if (!matchFound && authRule.GroupId.HasValue)
                    {
                        var role = RoleCache.Get(authRule.GroupId.Value);
                        if (role != null && role.IsPersonInRole(person.Guid))
                        {
                            matchFound = true;
                            authorized = authRule.AllowOrDeny == "A";
                            return(authRule);
                        }
                    }
                }
            }

            return(null);
        }