private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.Management.Name)
         return Permissions.Lead;
     if (permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name)
         return Orchard.Core.Contents.Permissions.ViewOwnContent;
     return null;
 }
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (String.IsNullOrEmpty(PermissionName))
            {
                throw new ApplicationException("No permission supplied");
            }

            //No authorization if permission is AllowAnonymous
            if (String.Equals(PermissionName, "AllowAnonymous", StringComparison.InvariantCultureIgnoreCase))
            {
                return;
            }

            WorkContext workContext = filterContext.GetWorkContext();
            IAuthorizer authorizer = workContext.Resolve<IAuthorizer>();
            Permission permission = new Permission {Name = PermissionName};

            if (authorizer.Authorize(permission,
                new LocalizedString("Access is denied")))
            {
                return;
            }

            //Access is denied
            filterContext.Result = new HttpUnauthorizedResult();
        }
        public new bool Authorize(Permission permission, IContent content, LocalizedString message) {
            var authorizerMessage = new AuthorizerMessage {PermissionName = permission.Name};

            if (content != null)
            {
                authorizerMessage.ContentId = content.Id;
                authorizerMessage.ContentType = content.ContentItem.ContentType;
                authorizerMessage.ContentName = content.GetContentName();
            }

            return _performanceMonitor.PublishTimedAction(() =>
            {
                if (permission == StandardPermissions.AccessFrontEnd)
                {
                    return true;
                }

                return base.Authorize(permission, content, message);
            }, (r, t) => { 
                authorizerMessage.Duration = t.Duration;
                authorizerMessage.UserIsAuthorized = r;

                return authorizerMessage;
            }, TimelineCategories.Authorization, "Authorize", permission.Name).ActionResult;
        }
        /// <summary>
        /// Returns a dynamic permission for a content type, based on a global content permission template
        /// </summary>
        public static Permission ConvertToDynamicPermission(Permission permission) {
            if (PermissionTemplates.ContainsKey(permission.Name)) {
                return PermissionTemplates[permission.Name];
            }

            return null;
        }
        public bool TryCheckAccess(Permission permission, IUser user, IContent content) {
            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) {
                if (!context.Granted && context.User != null) {
                    if (String.Equals(context.User.UserName, "Administrator", StringComparison.OrdinalIgnoreCase) ||
                        ((!String.IsNullOrEmpty(CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, CurrentSite.SuperUser, StringComparison.OrdinalIgnoreCase)))) {
                        context.Granted = true;
                    }
                }

                if (!context.Granted) {

                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null) {
                        rolesToExamine = AnonymousRole;
                    }
                    else if (context.User.Has<IUserRoles>()) {
                        rolesToExamine = context.User.As<IUserRoles>().Roles.Concat(AuthenticatedRole);
                    }
                    else {
                        rolesToExamine = AuthenticatedRole;
                    }

                    foreach (var role in rolesToExamine) {
                        RoleRecord roleRecord = _roleService.GetRoleByName(role);
                        if ( roleRecord == null )
                            continue;
                        foreach (var permissionName in _roleService.GetPermissionsForRole(roleRecord.Id)) {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
        public bool TryCheckAccess(Permission permission, IUser user, IContent content) {
            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) {
                if (!context.Granted && context.User != null) {
                    if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) {
                        context.Granted = true;
                    }
                }

                if (!context.Granted) {

                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null) {
                        rolesToExamine = AnonymousRole;
                    } 
                    else if (user.As<IUserRoles>().Roles.Any()) {
                        

                        // the current user is not null, so get his roles and add "Authenticated" to it
                        rolesToExamine = user.As<IUserRoles>().Roles.Union(AuthenticatedRole);

                    } else {
                        // the user is not null and has no specific role, then it's just "Authenticated"
                        rolesToExamine = AuthenticatedRole;
                    }

                    foreach (var role in rolesToExamine) {
                        foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
 /// <summary>
 /// Generates a permission dynamically for a content type
 /// </summary>
 public static Permission CreateDynamicPermission(Permission template, ContentTypeDefinition typeDefinition) {
     return new Permission {
         Name = String.Format(template.Name, typeDefinition.Name),
         Description = String.Format(template.Description, typeDefinition.DisplayName),
         Category = typeDefinition.DisplayName,
         ImpliedBy = (template.ImpliedBy ?? new Permission[0]).Select(t => CreateDynamicPermission(t, typeDefinition))
     };
 }
        public PermissionRequirement(Permission permission)
        {
            if (permission == null)
            {
                throw new ArgumentNullException(nameof(permission));
            }

            Permission = permission;
        }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.PublishOthersPages.Name)
         return Permissions.PublishPages;
     if (permission.Name == Permissions.EditOthersPages.Name)
         return Permissions.EditPages;
     if (permission.Name == Permissions.DeleteOthersPages.Name)
         return Permissions.DeletePages;
     return null;
 }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.PublishTimetableAppointment.Name)
         return Permissions.PublishOwnTimetableAppointment;
     if (permission.Name == Permissions.EditTimetableAppointment.Name)
         return Permissions.EditOwnTimetableAppointment;
     if (permission.Name == Permissions.DeleteTimetableAppointment.Name)
         return Permissions.DeleteOwnTimetableAppointment;
     return null;
 }
 public void CheckAccess(Permission permission, IUser user, IContent content) {
     if (!TryCheckAccess(permission, user, content)) {
         throw new OrchardSecurityException(T("A security exception occurred in the content management system.")) {
             PermissionName = permission.Name,
             User = user,
             Content = content
         };
     }
 }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.PublishBlogPost.Name)
         return Permissions.PublishOwnBlogPost;
     if (permission.Name == Permissions.EditBlogPost.Name)
         return Permissions.EditOwnBlogPost;
     if (permission.Name == Permissions.DeleteBlogPost.Name)
         return Permissions.DeleteOwnBlogPost;
     return null;
 }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.PublishContent.Name)
         return Permissions.PublishOwnContent;
     if (permission.Name == Permissions.EditContent.Name)
         return Permissions.EditOwnContent;
     if (permission.Name == Permissions.DeleteContent.Name)
         return Permissions.DeleteOwnContent;
     return null;
 }
 private static Permission GetOwnerVariation(Permission permission)
 {
     if (permission.Name == Permissions.DeletePost.Name)
         return Permissions.DeleteOwnPost;
     if (permission.Name == Permissions.EditPost.Name)
         return Permissions.EditOwnPost;
     if (permission.Name == Permissions.MarkPostAsAnswer.Name)
         return Permissions.MarkPostInOwnThreadAsAnswer;
     return null;
 }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.ManageForums.Name)
         return Permissions.ManageOwnForums;
     if (permission.Name == Permissions.MoveThread.Name)
         return Permissions.MoveOwnThread;
     if (permission.Name == Permissions.StickyThread.Name)
         return Permissions.StickyOwnThread;
     if (permission.Name == Permissions.CloseThread.Name)
         return Permissions.CloseOwnThread;
     return null;
 }
        /// <summary>
        /// Gets the given permission variation (if any) for the given menu.
        /// </summary>
        /// <param name="permission">Permission to look variation for.</param>
        /// <param name="menu">Menu to look variation for.</param>
        /// <returns>Appropriate permission.</returns>
        private static Permission GetPermissionVariation(Permission permission, IContent menu)
        {
            var variation = MenuPermissions.ConvertToDynamicPermission(permission);

            if (variation == null) {
                return permission;
            }

            variation = MenuPermissions.CreateDynamicPermission(variation, menu);
            return variation;
        }
        /// <summary>
        /// Generates a permission dynamically for a content item
        /// </summary>
        public static Permission CreateItemPermission(Permission template, IContent content, Localizer T, IContentManager contentManager) {
            var identity = contentManager.GetItemMetadata(content).Identity.ToString();
            var displayText = contentManager.GetItemMetadata(content).DisplayText;
            var typeDefinition = content.ContentItem.TypeDefinition;

            return new Permission {
                Name = String.Format(template.Name, identity),
                Description = String.Format(template.Description, typeDefinition.DisplayName),
                Category = T("{0} - {1}", typeDefinition.DisplayName, displayText).ToString(),
                ImpliedBy = (template.ImpliedBy ?? new Permission[0]).Select(t => CreateItemPermission(t, content, T, contentManager))
            };
        }
        private static Permission GetOwnerVariation(Permission permission) {
            if (permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name)
                return Orchard.Core.Contents.Permissions.PublishOwnContent;
            if (permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name)
                return Orchard.Core.Contents.Permissions.EditOwnContent;
            if (permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name)
                return Orchard.Core.Contents.Permissions.DeleteOwnContent;
            if (permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name)
                return Orchard.Core.Contents.Permissions.ViewOwnContent;
            if (permission.Name == Orchard.Core.Contents.Permissions.PreviewContent.Name)
                return Orchard.Core.Contents.Permissions.PreviewOwnContent;

            return null;
        }
        private static Permission GetOwnerVariation(Permission permission) {
            if (permission.Name == Permissions.PublishBlogPost.Name)
                return Permissions.PublishOwnBlogPost;
            if (permission.Name == Permissions.EditBlogPost.Name)
                return Permissions.EditOwnBlogPost;
            if (permission.Name == Permissions.DeleteBlogPost.Name)
                return Permissions.DeleteOwnBlogPost;
            if (permission.Name == Core.Contents.Permissions.ViewContent.Name)
                return Core.Contents.Permissions.ViewOwnContent;
            if (permission.Name == Permissions.MetaListBlogs.Name)
                return Permissions.MetaListOwnBlogs;

            return null;
        }
Beispiel #20
0
        public bool Authorize(Permission permission, IContent content, LocalizedString message) {
            if (_authorizationService.TryCheckAccess(permission, _workContextAccessor.GetContext().CurrentUser, content))
                return true;

            if (message != null) {
                if (_workContextAccessor.GetContext().CurrentUser == null) {
                    _notifier.Error(T("{0}. Anonymous users do not have {1} permission.",
                                      message, permission.Name));
                }
                else {
                    _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
                                      message, permission.Name, _workContextAccessor.GetContext().CurrentUser.UserName));
                }
            }

            return false;
        }
 private static Permission GetOwnerVariation(Permission permission) {
     if (permission.Name == Permissions.ManageForums.Name)
         return Permissions.ManageOwnForums;
     if (permission.Name == Permissions.MoveThread.Name)
         return Permissions.MoveOwnThread;
     if (permission.Name == Permissions.StickyThread.Name)
         return Permissions.StickyOwnThread;
     if (permission.Name == Permissions.CloseThread.Name)
         return Permissions.CloseOwnThread;
     if (permission.Name == Permissions.EditPosts.Name)
         return Permissions.EditOwnPosts;
     if (permission.Name == Permissions.ModerateInappropriatePosts.Name)
         return Permissions.ModerateOwnInappropriatePosts;
     if (permission.Name == Permissions.DeleteThreadsAndPosts.Name)
         return Permissions.DeleteOwnThreadsAndPosts;
     return null;
 }
        public bool Authorize(Permission permission, IContent content, LocalizedString message)
        {
            // creates a user for the active directory user if one doesn't already
            // exist. If one does already exists then that user from the database
            // is returned by the method.
            var user = CreateUserForActiveDirectoryUserIfNotExists(new ActiveDirectoryUser());

            // attempts to authorize the active directory user based on their roles
            // and the permissions that their associated roles have.
            if (_authorizationService.TryCheckAccess(permission, user, content))
                return true;

            if (message != null) {
                _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
                                    message, permission.Name, user.UserName));
            }

            return false;
        }
        public bool Authorize(Permission permission, IContent content, LocalizedString message)
        {
            // gets the current active directory user.
            var user = new ActiveDirectoryUser();

            // attempts to authorize the active directory user based on their roles
            // and the permissions that their associated roles have.
            if (_authorizationService.TryCheckAccess(permission, user, content))
            {
                if (!_attemptedToSaveUser)
                    CreateUserForActiveDirectoryUserIfNotExists(user);

                return true;
            }

            if (message != null) {
                _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
                                    message, permission.Name, user.UserName));
            }

            return false;
        }
        private static IEnumerable<string> PermissionNames(Permission permission, IEnumerable<string> stack) {
            // the given name is tested
            yield return permission.Name;

            // iterate implied permissions to grant, it present
            if (permission.ImpliedBy != null && permission.ImpliedBy.Any()) {
                foreach (var impliedBy in permission.ImpliedBy) {
                    // avoid potential recursion
                    if (stack.Contains(impliedBy.Name))
                        continue;

                    // otherwise accumulate the implied permission names recursively
                    foreach (var impliedName in PermissionNames(impliedBy, stack.Concat(new[] { permission.Name }))) {
                        yield return impliedName;
                    }
                }
            }

            yield return StandardPermissions.SiteOwner.Name;
        }
 private static Permission GetContentTypeVariation(Permission permission) {
     return DynamicPermissions.ConvertToDynamicPermission(permission);
 }
 private static bool OwnerVariationExists(Permission permission) {
     return GetOwnerVariation(permission) != null;
 }
Beispiel #27
0
 public bool Authorize(Permission permission, object content)
 {
     return Authorize(permission, content, null);
 }
Beispiel #28
0
 public bool Authorize(Permission permission, LocalizedString message)
 {
     return Authorize(permission, null, message);
 }
Beispiel #29
0
 public bool Authorize(Permission permission)
 {
     return Authorize(permission, null, null);
 }
 public bool TryCheckAccess(Permission permission, IUser user, IContent content) {
     return true;
 }