public ActionResult Edit(int id)
{
if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
{
return(new HttpUnauthorizedResult());
}
var role = _roleService.GetRole(id);
if (role == null)
{
return(HttpNotFound());
}
var model = new RoleEditViewModel {
Name = role.Name, Id = role.Id,
RoleCategoryPermissions = _roleService.GetInstalledPermissions(),
CurrentPermissions = _roleService.GetPermissionsForRole(id)
};
var simulation = UserSimulation.Create(role.Name);
model.EffectivePermissions = model.RoleCategoryPermissions
.SelectMany(group => group.Value)
.Where(permission => _authorizationService.TryCheckAccess(permission, simulation, null))
.Select(permission => permission.Name)
.Distinct()
.ToList();
return(View(model));
}
// GET: Admin
public ActionResult AnonymousViewEditor()
{
var types = _contentDefinitionService.GetTypes();
var permissions = _roleService.GetInstalledPermissions();
var simulation = UserSimulation.Create("Anonymous");
var effectivePermissions = permissions
.SelectMany(group => group.Value)
.Where(permission => _authorizationService.TryCheckAccess(permission, simulation, null))
.Select(permission => permission.Name)
.Distinct()
.ToList();
var viewModel = new AnonymousViewEditorViewModel();
foreach (var type in types)
{
viewModel.TypesSecuritySettings.Add(new TypeSecuritySettings()
{
TypeName = type.Name,
IsSecurable = type.Settings.GetModel <ContentTypeSettings>().Securable,
Permission = "View_" + type.Name,
CanView = effectivePermissions.Contains("View_" + type.Name)
});
}
viewModel.AllowViewAllContent = effectivePermissions.Contains("ViewContent");
return(View(viewModel));
}
protected override DriverResult Editor(ContentPermissionsPart part, dynamic shapeHelper)
{
return(ContentShape("Parts_ContentPermissions_Edit", () => {
// ensure the current user is allowed to define permissions
if (!_authorizer.Authorize(Permissions.GrantPermission))
{
return null;
}
var settings = part.Settings.TryGetModel <ContentPermissionsPartSettings>();
var allRoles = _roleService.GetRoles().Select(x => x.Name).OrderBy(x => x).ToList();
if (settings == null)
{
settings = new ContentPermissionsPartSettings {
View = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x), null)
}).ToList()),
ViewOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x), null)
}).ToList()),
Publish = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x), null)
}).ToList()),
PublishOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x), null)
}).ToList()),
Edit = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x), null)
}).ToList()),
EditOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x), null)
}).ToList()),
Delete = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x), null)
}).ToList()),
DeleteOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x), null)
}).ToList()),
Preview = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewContent, UserSimulation.Create(x), null)
}).ToList()),
PreviewOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewOwnContent, UserSimulation.Create(x), null)
}).ToList()),
DisplayedRoles = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = true
}).ToList()),
};
}
ContentPermissionsPartViewModel model;
// copy defaults settings if new content item
if (!part.Enabled && !part.ContentItem.HasDraft() && !part.ContentItem.HasPublished())
{
model = new ContentPermissionsPartViewModel {
ViewRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.View),
ViewOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.ViewOwn),
PublishRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Publish),
PublishOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.PublishOwn),
EditRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Edit),
EditOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.EditOwn),
DeleteRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Delete),
DeleteOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.DeleteOwn),
PreviewRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Preview),
PreviewOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.PreviewOwn),
AllRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.DisplayedRoles)
};
}
else
{
model = new ContentPermissionsPartViewModel {
ViewRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.ViewContent),
ViewOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.ViewOwnContent),
PublishRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.PublishContent),
PublishOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.PublishOwnContent),
EditRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.EditContent),
EditOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.EditOwnContent),
DeleteRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.DeleteContent),
DeleteOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.DeleteOwnContent),
PreviewRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.PreviewContent),
PreviewOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, part.PreviewOwnContent),
AllRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.DisplayedRoles)
};
}
// disable permissions the current user doesn't have
model.ViewRoles = model.ViewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.ViewOwnRoles = model.ViewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewOwnContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishRoles = model.PublishRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishOwnRoles = model.PublishOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishOwnContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditRoles = model.EditRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditOwnRoles = model.EditOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditOwnContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteRoles = model.DeleteRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteOwnRoles = model.DeleteOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteOwnContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PreviewRoles = model.PreviewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PreviewContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PreviewOwnRoles = model.PreviewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PreviewOwnContent, part.ContentItem), Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.Enabled = part.Enabled;
return shapeHelper.EditorTemplate(TemplateName: TemplateName, Model: model, Prefix: Prefix);
}));
}
private void OverrideDefaultPermissions(ContentPermissionsPart part, List <string> allRoles, ContentPermissionsPartSettings settings)
{
// reset permissions the user can't change
if (!_authorizer.Authorize(Core.Contents.Permissions.ViewContent, part.ContentItem))
{
part.ViewContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x), null)
})) : settings.View;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.ViewOwnContent, part.ContentItem))
{
part.ViewOwnContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x), null)
})) : settings.ViewOwn;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.PublishContent, part.ContentItem))
{
part.PublishContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x), null)
})) : settings.Publish;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.PublishOwnContent, part.ContentItem))
{
part.PublishOwnContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x), null)
})) : settings.PublishOwn;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.EditContent, part.ContentItem))
{
part.EditContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x), null)
})) : settings.Edit;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.EditOwnContent, part.ContentItem))
{
part.EditOwnContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x), null)
})) : settings.EditOwn;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.DeleteContent, part.ContentItem))
{
part.DeleteContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x), null)
})) : settings.Delete;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.DeleteOwnContent, part.ContentItem))
{
part.DeleteOwnContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x), null)
})) : settings.DeleteOwn;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.PreviewContent, part.ContentItem))
{
part.PreviewContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewContent, UserSimulation.Create(x), null)
})) : settings.Preview;
}
if (!_authorizer.Authorize(Core.Contents.Permissions.PreviewOwnContent, part.ContentItem))
{
part.PreviewOwnContent = settings == null?ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PreviewOwnContent, UserSimulation.Create(x), null)
})) : settings.PreviewOwn;
}
}
public int UpdateFrom2()
{
//Assigns the "Create Permission" to all roles able to create contents
var contentEditPermissions = new[] {
Core.Contents.Permissions.EditContent,
Core.Contents.Permissions.EditOwnContent
};
var dynamicPermissions = new Orchard.Core.Contents.DynamicPermissions(_contentDefinitionManager);
var securableTypes = _contentDefinitionManager.ListTypeDefinitions()
.Where(ctd => ctd.Settings.GetModel <ContentTypeSettings>().Securable);
var permissionTemplates = Core.Contents.DynamicPermissions.PermissionTemplates;
List <object> dynContentPermissions = new List <object>();
foreach (var typeDefinition in securableTypes)
{
dynContentPermissions.Add(new {
Permission = DynamicPermissions.CreateDynamicPermission(permissionTemplates[Core.Contents.Permissions.EditContent.Name], typeDefinition),
CreatePermission = DynamicPermissions.CreateDynamicPermission(permissionTemplates[Core.Contents.Permissions.CreateContent.Name], typeDefinition)
});
dynContentPermissions.Add(new {
Permission = DynamicPermissions.CreateDynamicPermission(permissionTemplates[Core.Contents.Permissions.EditOwnContent.Name], typeDefinition),
CreatePermission = DynamicPermissions.CreateDynamicPermission(permissionTemplates[Core.Contents.Permissions.CreateContent.Name], typeDefinition)
});
}
var roles = _roleService.GetRoles();
foreach (var role in roles)
{
var existingPermissionsNames = role.RolesPermissions.Select(x => x.Permission.Name).ToList();
var checkForDynamicPermissions = true;
var updateRole = false;
if (existingPermissionsNames.Any(x => x == Core.Contents.Permissions.CreateContent.Name))
{
continue; // Skipping this role cause it already has the Create content permission
}
var simulation = UserSimulation.Create(role.Name);
foreach (var contentEditPermission in contentEditPermissions)
{
if (_authorizationService.TryCheckAccess(contentEditPermission, simulation, null))
{
existingPermissionsNames.Add(Core.Contents.Permissions.CreateContent.Name);
checkForDynamicPermissions = false;
updateRole = true;
break;
}
}
if (checkForDynamicPermissions)
{
foreach (var dynContentPermission in dynContentPermissions)
{
if (!existingPermissionsNames.Contains(((dynamic)dynContentPermission).CreatePermission.Name)) // Skipping this permission cause it already has the Create content variation
{
if (_authorizationService.TryCheckAccess(((dynamic)dynContentPermission).Permission, simulation, null))
{
existingPermissionsNames.Add(((dynamic)dynContentPermission).CreatePermission.Name);
updateRole = true;
}
}
}
}
if (updateRole)
{
var rolePermissionsNames = existingPermissionsNames;
_roleService.UpdateRole(role.Id, role.Name, rolePermissionsNames);
}
}
return(3);
}
public override IEnumerable <TemplateViewModel> TypePartEditor(ContentTypePartDefinition definition)
{
if (definition.PartDefinition.Name != "ContentPermissionsPart")
{
yield break;
}
// ensure the current user is allowed to define permissions
if (!_authorizer.Authorize(Permissions.GrantPermission))
{
yield break;
}
var settings = definition.Settings.TryGetModel <ContentPermissionsPartSettings>();
var allRoles = _roleService.GetRoles().Select(x => x.Name).OrderBy(x => x).ToList();
// copy defaults if new type
if (settings == null)
{
settings = new ContentPermissionsPartSettings {
View = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x), null)
})),
ViewOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x), null)
})),
Publish = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x), null)
})),
PublishOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x), null)
})),
Edit = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x), null)
})),
EditOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x), null)
})),
Delete = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x), null)
})),
DeleteOwn = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x), null)
})),
DisplayedRoles = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry {
Role = x, Checked = true
})),
};
}
var model = new ContentPermissionsPartViewModel {
ViewRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.View),
ViewOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.ViewOwn),
PublishRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Publish),
PublishOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.PublishOwn),
EditRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Edit),
EditOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.EditOwn),
DeleteRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.Delete),
DeleteOwnRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.DeleteOwn),
AllRoles = ContentPermissionsPartViewModel.ExtractRoleEntries(allRoles, settings.DisplayedRoles)
};
// disable permissions the current user doesn't have
model.ViewRoles = model.ViewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewContent)
}).ToList();
model.ViewOwnRoles = model.ViewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewOwnContent)
}).ToList();
model.PublishRoles = model.PublishRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishContent)
}).ToList();
model.PublishOwnRoles = model.PublishOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishOwnContent)
}).ToList();
model.EditRoles = model.EditRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditContent)
}).ToList();
model.EditOwnRoles = model.EditOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditOwnContent)
}).ToList();
model.DeleteRoles = model.DeleteRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteContent)
}).ToList();
model.DeleteOwnRoles = model.DeleteOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteOwnContent)
}).ToList();
// initialize default value
model.ViewRoles = model.ViewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.ViewOwnRoles = model.ViewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishRoles = model.PublishRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishOwnRoles = model.PublishOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditRoles = model.EditRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditOwnRoles = model.EditOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteRoles = model.DeleteRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteOwnRoles = model.DeleteOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
yield return(DefinitionTemplate(model));
}
public override IEnumerable <TemplateViewModel> TypePartEditorUpdate(ContentTypePartDefinitionBuilder builder, IUpdateModel updateModel)
{
if (builder.Name != "ContentPermissionsPart")
{
yield break;
}
if (!_authorizer.Authorize(Permissions.GrantPermission))
{
yield break;
}
var allRoles = _roleService.GetRoles().Select(x => x.Name).OrderBy(x => x).ToList();
var model = new ContentPermissionsPartViewModel();
updateModel.TryUpdateModel(model, "ContentPermissionsPartViewModel", null, null);
// update permissions only for those the current user is granted
if (_authorizer.Authorize(Core.Contents.Permissions.ViewContent))
{
builder.WithSetting("ContentPermissionsPartSettings.View", ContentPermissionsPartViewModel.SerializePermissions(model.ViewRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.ViewOwnContent))
{
builder.WithSetting("ContentPermissionsPartSettings.ViewOwn", ContentPermissionsPartViewModel.SerializePermissions(model.ViewOwnRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.PublishContent))
{
builder.WithSetting("ContentPermissionsPartSettings.Publish", ContentPermissionsPartViewModel.SerializePermissions(model.PublishRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.PublishOwnContent))
{
builder.WithSetting("ContentPermissionsPartSettings.PublishOwn", ContentPermissionsPartViewModel.SerializePermissions(model.PublishOwnRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.EditContent))
{
builder.WithSetting("ContentPermissionsPartSettings.Edit", ContentPermissionsPartViewModel.SerializePermissions(model.EditRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.EditOwnContent))
{
builder.WithSetting("ContentPermissionsPartSettings.EditOwn", ContentPermissionsPartViewModel.SerializePermissions(model.EditOwnRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.DeleteContent))
{
builder.WithSetting("ContentPermissionsPartSettings.Delete", ContentPermissionsPartViewModel.SerializePermissions(model.DeleteRoles));
}
if (_authorizer.Authorize(Core.Contents.Permissions.DeleteOwnContent))
{
builder.WithSetting("ContentPermissionsPartSettings.DeleteOwn", ContentPermissionsPartViewModel.SerializePermissions(model.DeleteOwnRoles));
}
builder.WithSetting("ContentPermissionsPartSettings.DisplayedRoles", ContentPermissionsPartViewModel.SerializePermissions(model.AllRoles));
// disable permissions the current user doesn't have
model.ViewRoles = model.ViewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewContent)
}).ToList();
model.ViewOwnRoles = model.ViewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.ViewOwnContent)
}).ToList();
model.PublishRoles = model.PublishRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishContent)
}).ToList();
model.PublishOwnRoles = model.PublishOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.PublishOwnContent)
}).ToList();
model.EditRoles = model.EditRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditContent)
}).ToList();
model.EditOwnRoles = model.EditOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.EditOwnContent)
}).ToList();
model.DeleteRoles = model.DeleteRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteContent)
}).ToList();
model.DeleteOwnRoles = model.DeleteOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = _authorizer.Authorize(Core.Contents.Permissions.DeleteOwnContent)
}).ToList();
// initialize default value
model.ViewRoles = model.ViewRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.ViewOwnRoles = model.ViewOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishRoles = model.PublishRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.PublishOwnRoles = model.PublishOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.PublishOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditRoles = model.EditRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.EditOwnRoles = model.EditOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.EditOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteRoles = model.DeleteRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteContent, UserSimulation.Create(x.Role), null)
}).ToList();
model.DeleteOwnRoles = model.DeleteOwnRoles.Select(x => new RoleEntry {
Role = x.Role, Checked = x.Checked, Enabled = x.Enabled, Default = _authorizationService.TryCheckAccess(Core.Contents.Permissions.DeleteOwnContent, UserSimulation.Create(x.Role), null)
}).ToList();
yield return(DefinitionTemplate(model));
}
public ActionResult SaveAnonymousViewEditor()
{
var role = _roleService.GetRoleByName("Anonymous");
var types = _contentDefinitionService.GetTypes();
var permissions = _roleService.GetInstalledPermissions();
var simulation = UserSimulation.Create("Anonymous");
var effectivePermissions = permissions
.SelectMany(group => group.Value)
.Where(permission => _authorizationService.TryCheckAccess(permission, simulation, null))
.Select(permission => permission.Name)
.Distinct()
.ToList();
var viewContentChanged = false;
if (Request.Form["AllowViewAllContent"] != "true" && effectivePermissions.Contains("ViewContent"))
{
effectivePermissions.Remove("ViewContent");
viewContentChanged = true;
}
else if (Request.Form["AllowViewAllContent"] == "true" && !effectivePermissions.Contains("ViewContent"))
{
effectivePermissions.Add("ViewContent");
viewContentChanged = true;
}
if (viewContentChanged)
{
_roleService.UpdateRole(role.Id, role.Name, effectivePermissions);
return(RedirectToAction("AnonymousViewEditor"));
}
foreach (var type in types)
{
var permissionName = "View_" + type.Name;
if (Request.Form[type.Name] != null)
{
var isSecurable = Request.Form[type.Name] == "true";
var isSecurableOrigin = type.Settings.GetModel <ContentTypeSettings>().Securable;
if (isSecurable != isSecurableOrigin)
{
_contentDefinitionManager.AlterTypeDefinition(type.Name, x => x.Securable(isSecurable));
if (!isSecurable)
{
effectivePermissions.Remove(permissionName);
continue;
}
}
}
if (Request.Form[permissionName] != null)
{
var canView = Request.Form[permissionName] == "true";
if (effectivePermissions.Contains(permissionName) && !canView)
{
effectivePermissions.Remove(permissionName);
}
else if (!effectivePermissions.Contains(permissionName) && canView)
{
effectivePermissions.Add(permissionName);
}
}
_roleService.UpdateRole(role.Id, role.Name, effectivePermissions);
}
foreach (string key in Request.Form.Keys)
{
if (key.StartsWith("View_"))
{
//rolePermissions.Add(permissionName);
}
}
return(RedirectToAction("AnonymousViewEditor"));
}
