/// <summary>
/// Detects the permissions for the current user.
/// </summary>
/// <remarks><b>currentPage</b> should be set before calling this method.</remarks>
private void DetectPermissions()
{
string currentUser = SessionFacade.GetCurrentUsername();
string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki);
AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki));
if (currentPage != null)
{
Pages.CanEditPage(currentPage.Provider.CurrentWiki, currentPage.FullName, currentUser, currentGroups, out canEdit, out canEditWithApproval);
canCreateNewPages = false; // Least privilege
canCreateNewCategories = authChecker.CheckActionForNamespace(Pages.FindNamespace(currentWiki, NameTools.GetNamespace(currentPage.FullName)),
Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
canManagePageCategories = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.ManageCategories, currentUser, currentGroups);
canDownloadAttachments = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.DownloadAttachments, currentUser, currentGroups);
}
else
{
NamespaceInfo ns = DetectNamespaceInfo();
canCreateNewPages = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups);
canCreateNewCategories = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
canManagePageCategories = canCreateNewCategories;
canDownloadAttachments = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups);
}
}
/// <summary>
/// Detects the permissions for the current user.
/// </summary>
/// <remarks><b>currentPage</b> should be set before calling this method.</remarks>
private void DetectPermissions()
{
// Sueetie Modified - Bug fix for session expiring and user not known
if (!Page.User.Identity.IsAuthenticated)
{
Response.Redirect("accessdenied.aspx");
return;
}
MembershipUser _user = Membership.GetUser();
var currentUser = _user.UserName;
UserInfo user = Users.FindUser(_user.UserName);
if (user == null)
{
Response.Redirect("/members/message.aspx?msgid=2");
return;
}
var currentGroups = SessionFacade.GetCurrentGroupNames();
currentGroups = UserGroups(user);
if (HttpContext.Current.Session == null)
{
if (user == null)
{
user = Users.FindUser(_user.UserName);
}
SessionFacade.LoginKey = ConfigurationManager.AppSettings["SUEETIE.WikiLoginKey"].ToString();
SessionFacade.CurrentUsername = user.Username;
Session["Logout"] = null;
Log.LogEntry("User " + user.Username + " auto-logged in through edit bug fix session restart", EntryType.General, "SUEETIE");
}
// END - Bug fix for session expiring and user not known
if (currentPage != null)
{
Pages.CanEditPage(currentPage, currentUser, currentGroups, out canEdit, out canEditWithApproval);
canCreateNewPages = false; // Least privilege
canCreateNewCategories = AuthChecker.CheckActionForNamespace(Pages.FindNamespace(NameTools.GetNamespace(currentPage.FullName)),
Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
canManagePageCategories = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageCategories, currentUser, currentGroups);
canDownloadAttachments = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUser, currentGroups);
}
else
{
NamespaceInfo ns = DetectNamespaceInfo();
canCreateNewPages = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups);
canCreateNewCategories = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups);
canManagePageCategories = canCreateNewCategories;
canDownloadAttachments = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups);
}
}
protected void Page_Load(object sender, EventArgs e)
{
discussMode = Request["Discuss"] != null;
viewCodeMode = Request["Code"] != null && !discussMode;
if (!Settings.EnableViewPageCodeFeature)
{
viewCodeMode = false;
}
currentPage = DetectPageInfo(true);
VerifyAndPerformRedirects();
// The following actions are verified:
// - View content (redirect to AccessDenied)
// - Edit or Edit with Approval (for button display)
// - Any Administrative activity (Rollback/Admin/Perms) (for button display)
// - Download attachments (for button display - download permissions are also checked in GetFile)
// - View discussion (for button display in content mode)
// - Post discussion (for button display in discuss mode)
string currentUsername = SessionFacade.GetCurrentUsername();
string[] currentGroups = SessionFacade.GetCurrentGroupNames();
bool canView = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadPage, currentUsername, currentGroups);
bool canEdit = false;
bool canEditWithApproval = false;
Pages.CanEditPage(currentPage, currentUsername, currentGroups, out canEdit, out canEditWithApproval);
if (canEditWithApproval && canEdit)
{
canEditWithApproval = false;
}
bool canDownloadAttachments = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUsername, currentGroups);
bool canSetPerms = AuthChecker.CheckActionForGlobals(Actions.ForGlobals.ManagePermissions, currentUsername, currentGroups);
bool canAdmin = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManagePage, currentUsername, currentGroups);
bool canViewDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups);
bool canPostDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.PostDiscussion, currentUsername, currentGroups);
bool canManageDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageDiscussion, currentUsername, currentGroups);
if (!canView)
{
if (SessionFacade.LoginKey == null)
{
UrlTools.Redirect("Login.aspx?Redirect=" + Tools.UrlEncode(Request.Url.ToString()));
}
else
{
UrlTools.Redirect(UrlTools.BuildUrl("AccessDenied.aspx"));
}
}
attachmentViewer.Visible = canDownloadAttachments;
attachmentViewer.PageInfo = currentPage;
currentContent = Content.GetPageContent(currentPage, true);
pnlPageInfo.Visible = Settings.EnablePageInfoDiv;
SetupTitles();
SetupToolbarLinks(canEdit || canEditWithApproval, canViewDiscussion, canPostDiscussion, canDownloadAttachments, canAdmin, canAdmin, canSetPerms);
SetupLabels();
SetupPrintAndRssLinks();
SetupMetaInformation();
VerifyAndPerformPageRedirection();
SetupRedirectionSource();
SetupNavigationPaths();
SetupAdjacentPages();
SessionFacade.Breadcrumbs.AddPage(currentPage);
SetupBreadcrumbsTrail();
SetupDoubleClickHandler();
SetupEmailNotification();
SetupPageContent(canPostDiscussion, canManageDiscussion);
}
