private void CopyGroupAssociationsToRootMap(GlymaSecurableObject rootMapSecurableObject)
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl))
                {
                    using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
                    {
                        using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
                        {
                            var groupAssociations = from ga in dataContext.GroupAssociations
                                                    where ga.SecurableObjectUid == rootMapSecurableObject.SecurableParentUid
                                                    select ga;

                            if (groupAssociations.Any())
                            {
                                foreach (GroupAssociation groupAssociation in groupAssociations)
                                {
                                    GlymaSecurableObject securableObject = new GlymaSecurableObject();
                                    securableObject.SecurableParentUid   = groupAssociation.SecurableObjectUid;       //the parent is now the project uid
                                    securableObject.SecurableObjectUid   = rootMapSecurableObject.SecurableObjectUid; //the object is now the root map being copied to
                                    GlymaSecurityAssociationContext securityAssocationContext = new GlymaSecurityAssociationContext(this, rootMapSecurableObject);
                                    securityAssocationContext.CreateGroupAssociation(groupAssociation.GroupId);
                                }
                            }
                        }
                    }
                }
            });
        }
        /// <summary>
        /// Gets the current security associations for a list of groups against a particular securable object
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="glGroups">A list of groups to get the security assocations for</param>
        /// <param name="securableObject">An object that contains the Parent and Object ID's
        ///                                 SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
        ///                                 SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
        /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns>
        internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable <GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject)
        {
            GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse()
            {
                HasError = false
            };

            if (this.CurrentUser.IsUserSecurityManager())
            {
                SecurityAssociations securityAssociations     = new SecurityAssociations();
                Dictionary <GlymaSecurityGroup, bool> results = new Dictionary <GlymaSecurityGroup, bool>();
                SecurableContext securableContext             = GetSecurableContext();
                int securableContextId = securableContext.SecurableContextId;
                GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
                bool isInherited = securableObjectContext.GetIsInherited();

                foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups)
                {
                    try
                    {
                        GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject);
                        bool response = securityAssociationContext.HasAssociation();
                        results.Add(glymaSecurityGroup, response);
                    }
                    catch (Exception ex)
                    {
                        result.HasError     = true;
                        result.ErrorMessage = ex.Message;
                    }
                }
                if (!result.HasError)
                {
                    securityAssociations.HasAssociations = results;
                    securityAssociations.IsInherited     = isInherited;
                    result.Result = securityAssociations;
                }
            }
            else
            {
                result.HasError     = true;
                result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
            }

            return(result);
        }
Beispiel #3
0
        /// <summary>
        /// Adds or Removes security associations for a batch of groups.
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="securityAssociations">The details of the group and the securable object and whether it's an add or remove operation</param>
        /// <returns>A response object to indicate if it completd without error.</returns>
        public ResponseObject UpdateSecurityAssociations(string webUrl, IList <GlymaSecurityAssociation> securityAssociations)
        {
            ResponseObject result = new ResponseObject()
            {
                HasError = false
            };

            SecurityContextManager securityContext = new SecurityContextManager(webUrl);

            if (securityContext.CurrentUser.IsUserSecurityManager())
            {
                try
                {
                    foreach (GlymaSecurityAssociation securityAssociation in securityAssociations)
                    {
                        GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(securityContext, securityAssociation.GlymaSecurityGroup, securityAssociation.SecurableObject);
                        if (securityAssociation.Value)
                        {
                            securityAssociationContext.SetSecurityAssociation(securityAssociation.BreakInheritance);
                        }
                        else
                        {
                            securityAssociationContext.RemoveSecurityAssociation();
                        }
                    }
                }
                catch (Exception ex)
                {
                    result.HasError     = true;
                    result.ErrorMessage = ex.Message;
                }
            }
            else
            {
                result.HasError     = true;
                result.ErrorMessage = "Access Denied. User does not have permissions to access this web service.";
            }
            return(result);
        }
        private void CopyGroupAssociationsToRootMap(GlymaSecurableObject rootMapSecurableObject)
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl))
                {
                    using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
                    {
                        using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
                        {
                            var groupAssociations = from ga in dataContext.GroupAssociations
                                                    where ga.SecurableObjectUid == rootMapSecurableObject.SecurableParentUid
                                                    select ga;

                            if (groupAssociations.Any())
                            {
                                foreach (GroupAssociation groupAssociation in groupAssociations)
                                {
                                    GlymaSecurableObject securableObject = new GlymaSecurableObject();
                                    securableObject.SecurableParentUid = groupAssociation.SecurableObjectUid; //the parent is now the project uid
                                    securableObject.SecurableObjectUid = rootMapSecurableObject.SecurableObjectUid; //the object is now the root map being copied to
                                    GlymaSecurityAssociationContext securityAssocationContext = new GlymaSecurityAssociationContext(this, rootMapSecurableObject);
                                    securityAssocationContext.CreateGroupAssociation(groupAssociation.GroupId);
                                }
                            }
                        }
                    }
                }
            });
        }
        /// <summary>
        /// Gets the current security associations for a list of groups against a particular securable object
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="glGroups">A list of groups to get the security assocations for</param>
        /// <param name="securableObject">An object that contains the Parent and Object ID's 
        ///                                 SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), 
        ///                                 SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
        /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns>
        internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable<GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject)
        {
            GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false };

            if (this.CurrentUser.IsUserSecurityManager())
            {
                SecurityAssociations securityAssociations = new SecurityAssociations();
                Dictionary<GlymaSecurityGroup, bool> results = new Dictionary<GlymaSecurityGroup, bool>();
                SecurableContext securableContext = GetSecurableContext();
                int securableContextId = securableContext.SecurableContextId;
                GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
                bool isInherited = securableObjectContext.GetIsInherited();

                foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups)
                {
                    try
                    {
                        GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject);
                        bool response = securityAssociationContext.HasAssociation();
                        results.Add(glymaSecurityGroup, response);
                    }
                    catch (Exception ex)
                    {
                        result.HasError = true;
                        result.ErrorMessage = ex.Message;
                    }
                }
                if (!result.HasError)
                {
                    securityAssociations.HasAssociations = results;
                    securityAssociations.IsInherited = isInherited;
                    result.Result = securityAssociations;
                }
            }
            else
            {
                result.HasError = true;
                result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
            }

            return result;
        }
        /// <summary>
        /// Adds or Removes security associations for a batch of groups.
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="securityAssociations">The details of the group and the securable object and whether it's an add or remove operation</param>
        /// <returns>A response object to indicate if it completd without error.</returns>
        public ResponseObject UpdateSecurityAssociations(string webUrl, IList<GlymaSecurityAssociation> securityAssociations)
        {
            ResponseObject result = new ResponseObject() { HasError = false };

            SecurityContextManager securityContext = new SecurityContextManager(webUrl);
            if (securityContext.CurrentUser.IsUserSecurityManager())
            {
                try
                {
                    foreach (GlymaSecurityAssociation securityAssociation in securityAssociations)
                    {
                        GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(securityContext, securityAssociation.GlymaSecurityGroup, securityAssociation.SecurableObject);
                        if (securityAssociation.Value)
                        {
                            securityAssociationContext.SetSecurityAssociation(securityAssociation.BreakInheritance);
                        }
                        else
                        {
                            securityAssociationContext.RemoveSecurityAssociation();
                        }
                    }
                }
                catch (Exception ex)
                {
                    result.HasError = true;
                    result.ErrorMessage = ex.Message;
                }
            }
            else
            {
                result.HasError = true;
                result.ErrorMessage = "Access Denied. User does not have permissions to access this web service.";
            }
            return result;
        }
Beispiel #7
0
        /// <summary>
        /// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to
        /// with the newly created project.
        /// </summary>
        /// <param name="securableObject">Describes the project that was just added</param>
        /// <returns>A response object indicating if the operation completed without error.</returns>
        internal ResponseObject SetProjectManagerGroupAssociations(GlymaSecurableObject securableObject)
        {
            ResponseObject result = new ResponseObject()
            {
                HasError = false
            };

            try
            {
                if (this.IsUserProjectManager()) //ensure they are a project manager
                {
                    using (SPSite site = new SPSite(Context.WebUrl))
                    {
                        using (SPWeb currentWeb = site.OpenWeb())
                        {
                            GetSecurityGroupsResponse response = Context.GetSecurityGroups(GlymaPermissionLevel.GlymaProjectManager);
                            if (!response.HasError)
                            {
                                IList <GlymaSecurityGroup> pmGroupsToAssociate = new List <GlymaSecurityGroup>();
                                IList <GlymaSecurityGroup> pmGroups            = response.Result;

                                //for any group that is a Glyma Project Manager group
                                foreach (SPGroup group in CurrentSPUser.Groups)
                                {
                                    foreach (GlymaSecurityGroup projectManagerGroup in pmGroups)
                                    {
                                        Group glGroup = Context.GetGroup(projectManagerGroup);
                                        if (group.ID == glGroup.GroupSPID)
                                        {
                                            pmGroupsToAssociate.Add(projectManagerGroup);
                                        }
                                    }
                                }

                                //Add the security association for every Glyma Project Manager group the current user belongs to.
                                foreach (GlymaSecurityGroup glGroup in pmGroupsToAssociate)
                                {
                                    GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(Context, glGroup, securableObject);
                                    ResponseObject addResponse = securityAssociationContext.SetSecurityAssociation(false);
                                    if (addResponse.HasError)
                                    {
                                        //if an error occurs adding the security association for any of the groups stop and return the error
                                        result.HasError     = true;
                                        result.ErrorMessage = addResponse.ErrorMessage;
                                        break;
                                    }
                                }
                            }
                            else
                            {
                                //there was an error get the groups that have been assigned the permission level of Glyma Project Manager
                                result.HasError     = true;
                                result.ErrorMessage = response.ErrorMessage;
                            }
                        }
                    }
                }
                else
                {
                    //Only a Glyma Project Manager can call this method
                    result.HasError     = true;
                    result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
                }
            }
            catch (Exception ex)
            {
                result.HasError     = true;
                result.ErrorMessage = ex.Message;
            }
            return(result);
        }
Beispiel #8
0
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="securableObject">An object that contains the Parent and Object ID's
        ///                                 SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
        ///                                 SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
        /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user
        /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param>
        /// <returns>True if the user belongs to a group that has access to the securable object</returns>
        internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false)
        {
            GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse()
            {
                HasError  = false,
                HasAccess = false,
                HighestPermissionLevel = GlymaPermissionLevel.None
            };

            try
            {
                using (SPSite site = new SPSite(Context.WebUrl))
                {
                    using (SPWeb currentWeb = site.OpenWeb())
                    {
                        IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel();
                        if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None)
                        {
                            result.HasAccess = false;
                            result.HighestPermissionLevel = GlymaPermissionLevel.None;
                            return(result); //an error occured so assume there is no access to the object
                        }
                        else
                        {
                            if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager)
                            {
                                //The Glyma Security Manager permission exists for this user, they can access anything
                                result.HasAccess = true;
                                result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager;
                                return(result);
                            }
                        }

                        GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups();
                        if (!allSPSecurityGroups.HasError)
                        {
                            //GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result);
                            GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result);

                            //gets a sorted list of groups highest to lowest permission level
                            IList <GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser);

                            SecurableContext securableContext = Context.GetSecurableContext();

                            //check each glyma group the person has associated with them for access to the maps
                            foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups)
                            {
                                GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject);
                                bool response = securityAssociation.HasAssociation(checkProjectsChildren);

                                if (response)
                                {
                                    result.HasAccess = response;
                                    result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup);
                                    return(result);
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception e)
            {
                result.HasError     = true;
                result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message;
            }
            return(result); //if it gets all the way to here it's the default no access response
        }
Beispiel #9
0
        /// <summary>
        /// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to
        /// with the newly created project.
        /// </summary>
        /// <param name="securableObject">Describes the project that was just added</param>
        /// <returns>A response object indicating if the operation completed without error.</returns>
        internal ResponseObject SetProjectManagerGroupAssociations(GlymaSecurableObject securableObject)
        {
            ResponseObject result = new ResponseObject() { HasError = false };

            try
            {
                if (this.IsUserProjectManager()) //ensure they are a project manager
                {
                    using (SPSite site = new SPSite(Context.WebUrl))
                    {
                        using (SPWeb currentWeb = site.OpenWeb())
                        {
                            GetSecurityGroupsResponse response = Context.GetSecurityGroups(GlymaPermissionLevel.GlymaProjectManager);
                            if (!response.HasError)
                            {
                                IList<GlymaSecurityGroup> pmGroupsToAssociate = new List<GlymaSecurityGroup>();
                                IList<GlymaSecurityGroup> pmGroups = response.Result;

                                //for any group that is a Glyma Project Manager group
                                foreach (SPGroup group in CurrentSPUser.Groups)
                                {
                                    foreach (GlymaSecurityGroup projectManagerGroup in pmGroups)
                                    {
                                        Group glGroup = Context.GetGroup(projectManagerGroup);
                                        if (group.ID == glGroup.GroupSPID)
                                        {
                                            pmGroupsToAssociate.Add(projectManagerGroup);
                                        }
                                    }
                                }

                                //Add the security association for every Glyma Project Manager group the current user belongs to.
                                foreach (GlymaSecurityGroup glGroup in pmGroupsToAssociate)
                                {
                                    GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(Context, glGroup, securableObject);
                                    ResponseObject addResponse = securityAssociationContext.SetSecurityAssociation(false);
                                    if (addResponse.HasError)
                                    {
                                        //if an error occurs adding the security association for any of the groups stop and return the error
                                        result.HasError = true;
                                        result.ErrorMessage = addResponse.ErrorMessage;
                                        break;
                                    }
                                }
                            }
                            else
                            {
                                //there was an error get the groups that have been assigned the permission level of Glyma Project Manager
                                result.HasError = true;
                                result.ErrorMessage = response.ErrorMessage;
                            }
                        }
                    }
                }
                else
                {
                    //Only a Glyma Project Manager can call this method
                    result.HasError = true;
                    result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
                }
            }
            catch (Exception ex)
            {
                result.HasError = true;
                result.ErrorMessage = ex.Message;
            }
            return result;
        }
Beispiel #10
0
        /// </summary>
        /// <param name="webUrl">The URL for the SP site</param>
        /// <param name="securableObject">An object that contains the Parent and Object ID's 
        ///                                 SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), 
        ///                                 SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
        /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user
        /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param>
        /// <returns>True if the user belongs to a group that has access to the securable object</returns>
        internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false)
        {
            GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse() { 
                HasError = false, 
                HasAccess = false, 
                HighestPermissionLevel = GlymaPermissionLevel.None 
            };

            try
            {
                using (SPSite site = new SPSite(Context.WebUrl))
                {
                    using (SPWeb currentWeb = site.OpenWeb())
                    {
                        IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel();
                        if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None)
                        {
                            result.HasAccess = false;
                            result.HighestPermissionLevel = GlymaPermissionLevel.None;
                            return result; //an error occured so assume there is no access to the object
                        }
                        else
                        {
                            if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager)
                            {
                                //The Glyma Security Manager permission exists for this user, they can access anything
                                result.HasAccess = true;
                                result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager;
                                return result;
                            }
                        }

                        GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups();
                        if (!allSPSecurityGroups.HasError)
                        {
                            //GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result);
                            GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result);

                            //gets a sorted list of groups highest to lowest permission level
                            IList<GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser);

                            SecurableContext securableContext = Context.GetSecurableContext();

                            //check each glyma group the person has associated with them for access to the maps
                            foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups)
                            {
                                GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject);
                                bool response = securityAssociation.HasAssociation(checkProjectsChildren);

                                if (response)
                                {
                                    result.HasAccess = response;
                                    result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup);
                                    return result;
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception e)
            {
                result.HasError = true;
                result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message;
            }
            return result; //if it gets all the way to here it's the default no access response
        }