public void CheckAccess(Permission permission, IUser user, IContent content)
 {
     if (!TryCheckAccess(permission, user, content))
     {
         throw new FrameworkSecurityException("A security exception occurred in the content management system.")
         {
             PermissionName = permission.Name,
             User = user
         };
     }
 }
Ejemplo n.º 2
0
        public bool Authorize(Permission permission, IContent content, string message)
        {
            if (_authorizationService == null)
                return false;

            if (_authorizationService.TryCheckAccess(permission, _user, content))
                return true;

            if (message != null)
            {
                //if (_user == null)
                //{
                //    //notifier error
                //    _notifier.Error(T("{0}. Anonymous users do not have {1} permission.",
                //                      message, permission.Name));
                //}
                //else
                //{
                //    //notifier error
                //    _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
                //                      message, permission.Name, _user.UserName));
                //}
            }

            return false;
        }
Ejemplo n.º 3
0
 public bool Authorize(Permission permission, IContent content)
 {
     return Authorize(permission, content, null);
 }
Ejemplo n.º 4
0
 public bool Authorize(Permission permission, string message)
 {
     return Authorize(permission, null, message);
 }
Ejemplo n.º 5
0
 public bool Authorize(Permission permission)
 {
     return Authorize(permission, null, null);
 }
        public bool TryCheckAccess(Permission permission, IUser user, IContent content)
        {
            var context = new CheckAccessContext { Permission = permission, User = user };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
            {
                if (!context.Granted && context.User != null)
                {
                    //if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
                    //       String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal))
                    //{
                    //    context.Granted = true;
                    //}
                }

                if (!context.Granted)
                {

                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null)
                    {
                        rolesToExamine = AnonymousRole;
                    }
                    //else if (context.User.Has<IUserRoles>())
                    //{
                    //    // the current user is not null, so get his roles and add "Authenticated" to it
                    //    rolesToExamine = context.User.As<IUserRoles>().Roles;

                    //    // when it is a simulated anonymous user in the admin
                    //    if (!rolesToExamine.Contains(AnonymousRole[0]))
                    //    {
                    //        rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
                    //    }
                    //}
                    else
                    {
                        // the user is not null and has no specific role, then it's just "Authenticated"
                        rolesToExamine = AuthenticatedRole;
                    }

                    foreach (var role in rolesToExamine)
                    {
                        foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
                        {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
                            {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
        private static IEnumerable<string> PermissionNames(Permission permission, IEnumerable<string> stack)
        {
            // the given name is tested
            yield return permission.Name;

            // iterate implied permissions to grant, it present
            if (permission.ImpliedBy != null && permission.ImpliedBy.Any())
            {
                foreach (var impliedBy in permission.ImpliedBy)
                {
                    // avoid potential recursion
                    if (stack.Contains(impliedBy.Name))
                        continue;

                    // otherwise accumulate the implied permission names recursively
                    foreach (var impliedName in PermissionNames(impliedBy, stack.Concat(new[] { permission.Name })))
                    {
                        yield return impliedName;
                    }
                }
            }

            yield return StandardPermissions.SiteOwner.Name;
        }