/// <inheritdoc/>
        protected override Task <bool> IsAuthorized(AuthorizationHandlerContext context, UserGroupRequirement requirement)
        {
            IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser;

            var querystring = _httpContextAccessor.HttpContext?.Request.Query[requirement.QueryStringName];

            if (querystring is null)
            {
                // Must succeed this requirement since we cannot process it.
                return(Task.FromResult(true));
            }

            if (querystring.Value.Count == 0)
            {
                // Must succeed this requirement since we cannot process it.
                return(Task.FromResult(true));
            }

            var intIds = querystring.Value.ToString().Split(Constants.CharArrays.Comma)
                         .Select(x => int.TryParse(x, NumberStyles.Integer, CultureInfo.InvariantCulture, out var output) ? Attempt <int> .Succeed(output) : Attempt <int> .Fail())
                         .Where(x => x.Success).Select(x => x.Result).ToArray();

            var authHelper = new UserGroupEditorAuthorizationHelper(
                _userService,
                _contentService,
                _mediaService,
                _entityService,
                _appCaches);

            Attempt <string> isAuth = authHelper.AuthorizeGroupAccess(currentUser, intIds);

            return(Task.FromResult(isAuth.Success));
        }
Beispiel #2
0
    public ActionResult <UserGroupDisplay?> PostSaveUserGroup(UserGroupSave userGroupSave)
    {
        if (userGroupSave == null)
        {
            throw new ArgumentNullException(nameof(userGroupSave));
        }

        //authorize that the user has access to save this user group
        var authHelper = new UserGroupEditorAuthorizationHelper(
            _userService, _contentService, _mediaService, _entityService, _appCaches);

        Attempt <string?> isAuthorized =
            authHelper.AuthorizeGroupAccess(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, userGroupSave.Alias);

        if (isAuthorized == false)
        {
            return(Unauthorized(isAuthorized.Result));
        }

        //if sections were added we need to check that the current user has access to that section
        isAuthorized = authHelper.AuthorizeSectionChanges(
            _backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
            userGroupSave.PersistedUserGroup?.AllowedSections,
            userGroupSave.Sections);
        if (isAuthorized == false)
        {
            return(Unauthorized(isAuthorized.Result));
        }

        //if start nodes were changed we need to check that the current user has access to them
        isAuthorized = authHelper.AuthorizeStartNodeChanges(
            _backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
            userGroupSave.PersistedUserGroup?.StartContentId,
            userGroupSave.StartContentId,
            userGroupSave.PersistedUserGroup?.StartMediaId,
            userGroupSave.StartMediaId);
        if (isAuthorized == false)
        {
            return(Unauthorized(isAuthorized.Result));
        }

        //need to ensure current user is in a group if not an admin to avoid a 401
        EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);

        //map the model to the persisted instance
        _umbracoMapper.Map(userGroupSave, userGroupSave.PersistedUserGroup);

        if (userGroupSave.PersistedUserGroup is not null)
        {
            //save the group
            _userService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users?.ToArray());
        }

        //deal with permissions

        //remove ones that have been removed
        var existing = _userService.GetPermissions(userGroupSave.PersistedUserGroup, true)
                       .ToDictionary(x => x.EntityId, x => x);

        if (userGroupSave.AssignedPermissions is not null)
        {
            IEnumerable <int> toRemove = existing.Keys.Except(userGroupSave.AssignedPermissions.Select(x => x.Key));
            foreach (var contentId in toRemove)
            {
                _userService.RemoveUserGroupPermissions(userGroupSave.PersistedUserGroup?.Id ?? default, contentId);
            }

            //update existing
            foreach (KeyValuePair <int, IEnumerable <string> > assignedPermission in userGroupSave.AssignedPermissions)
            {
                _userService.ReplaceUserGroupPermissions(
                    userGroupSave.PersistedUserGroup?.Id ?? default,
                    assignedPermission.Value.Select(x => x[0]),
                    assignedPermission.Key);
            }
        }

        UserGroupDisplay?display = _umbracoMapper.Map <UserGroupDisplay>(userGroupSave.PersistedUserGroup);

        display?.AddSuccessNotification(
            _localizedTextService.Localize("speechBubbles", "operationSavedHeader"),
            _localizedTextService.Localize("speechBubbles", "editUserGroupSaved"));
        return(display);
    }