Ejemplo n.º 1
0
 public void Adjust(CheckAccessContext context)
 {
     if (context.Content.Is<OrderPart>()) {
         if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = OrdersPermissions.CreateOrders;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = OrdersPermissions.ManageOrders;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = OrdersPermissions.ManageOrders;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = OrdersPermissions.ViewOrders;
         }
     }
 }
Ejemplo n.º 2
0
 public void Adjust(CheckAccessContext context)
 {
     if (context.User == null && !MembershipInitialized)
     {
         context.Granted = true;
     }
 }
Ejemplo n.º 3
0
        public bool TryCheckAccess(Permission permission, IUser user, IContent content) {
            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) {
                if (!context.Granted && context.User != null) {
                    if (String.Equals(context.User.UserName, "Administrator", StringComparison.OrdinalIgnoreCase) ||
                        ((!String.IsNullOrEmpty(CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, CurrentSite.SuperUser, StringComparison.OrdinalIgnoreCase)))) {
                        context.Granted = true;
                    }
                }

                if (!context.Granted) {

                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null) {
                        rolesToExamine = AnonymousRole;
                    }
                    else if (context.User.Has<IUserRoles>()) {
                        rolesToExamine = context.User.As<IUserRoles>().Roles.Concat(AuthenticatedRole);
                    }
                    else {
                        rolesToExamine = AuthenticatedRole;
                    }

                    foreach (var role in rolesToExamine) {
                        RoleRecord roleRecord = _roleService.GetRoleByName(role);
                        if ( roleRecord == null )
                            continue;
                        foreach (var permissionName in _roleService.GetPermissionsForRole(roleRecord.Id)) {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
Ejemplo n.º 4
0
        public bool TryCheckAccess(Permission permission, IUser user, IContent content) {
            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) {
                if (!context.Granted && context.User != null) {
                    if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) {
                        context.Granted = true;
                    }
                }

                if (!context.Granted) {

                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null) {
                        rolesToExamine = AnonymousRole;
                    } 
                    else if (user.As<IUserRoles>().Roles.Any()) {
                        

                        // the current user is not null, so get his roles and add "Authenticated" to it
                        rolesToExamine = user.As<IUserRoles>().Roles.Union(AuthenticatedRole);

                    } else {
                        // the user is not null and has no specific role, then it's just "Authenticated"
                        rolesToExamine = AuthenticatedRole;
                    }

                    foreach (var role in rolesToExamine) {
                        foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
Ejemplo n.º 5
0
        public void Adjust(CheckAccessContext context) {
            if (context.Granted || context.Permission != Permissions.ViewProfiles || context.Content != context.User) {
                return;
            }

            context.Adjusted = true;
            context.Permission = Permissions.ViewOwnProfile;
        }
Ejemplo n.º 6
0
 public void Adjust(CheckAccessContext context)
 {
     if (!context.Granted) {
         // Are we checking for a "PublishOwn" type permission?
         if (context.Permission.Name.StartsWith("PublishOwn_"))
         {
             // Hmmm...
         }
     }
 }
Ejemplo n.º 7
0
        public void Adjust(CheckAccessContext context) {
            if (!context.Granted 
                && context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name 
                && context.Content != null
                && context.Content.ContentItem.ContentType == "CustomForm") {

                context.Adjusted = true;
                context.Permission = Permissions.CreateSubmitPermission(context.Content.ContentItem.As<CustomFormPart>().ContentType);
            }
        }
Ejemplo n.º 8
0
        public void Adjust(CheckAccessContext context) {
            if (context.Granted == false && 
                context.Content.Is<Page>() && 
                OwnerVariationExists(context.Permission) &&
                HasOwnership(context.User, context.Content)) {

                context.Adjusted = true;
                context.Permission = GetOwnerVariation(context.Permission);
            }
        }
Ejemplo n.º 9
0
 public void Adjust(CheckAccessContext context) {
     if (!context.Granted &&
         context.Content.Is<ICommonPart>()) {
         if (OwnerVariationExists(context.Permission) &&
             HasOwnership(context.User, context.Content)) {
             context.Adjusted = true;
             context.Permission = GetOwnerVariation(context.Permission);
         }
     }
 }
Ejemplo n.º 10
0
        public void Adjust(CheckAccessContext context) {
            if (!context.Granted && context.Permission.Name == Permissions.ManageMenus.Name && context.Content != null) {
                
                var menuAsContentItem = context.Content.As<ContentItem>();
                if (menuAsContentItem == null || menuAsContentItem.Id <= 0) {
                    return;
                }

                context.Adjusted = true;
                context.Permission = DynamicPermissions.CreateMenuPermission(menuAsContentItem, _contentManager);
            }
        }
Ejemplo n.º 11
0
        public void Complete(CheckAccessContext context)
        {
            if (context.Content == null) return;

            var pageContext = context.PageContext();

            if (pageContext.Group != FrontendsPageConfigs.Group) return;

            context.Granted = _frontendAuthorizationService.IsAuthorizedToView(
                _workContextAccessor.GetContext().CurrentUser,
                pageContext.Page.As<IEngineConfigurationAspect>().GraphDescriptor.MaximalContext());
        }
Ejemplo n.º 12
0
        public void Adjust(CheckAccessContext context) {
            var mediaPart = context.Content.As<MediaPart>();
            if (mediaPart != null) {
                if(_authorizer.Authorize(Permissions.ManageMediaContent)) {
                    context.Granted = true;
                    return;
                }

                if(_authorizer.Authorize(Permissions.ManageOwnMedia)) {
                    context.Granted = _mediaLibraryService.CanManageMediaFolder(mediaPart.FolderPath);
                }
            }
        }
Ejemplo n.º 13
0
        public void Adjust(CheckAccessContext context) {
            if (!context.Granted &&
                context.Content.Is<ICommonPart>()) {

                if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name && context.Content.ContentItem.ContentType == "BlogPost") {
                    context.Adjusted = true;
                    context.Permission = Permissions.PublishBlogPost;
                }
                else if (OwnerVariationExists(context.Permission) &&
                    HasOwnership(context.User, context.Content)) {
                    context.Adjusted = true;
                    context.Permission = GetOwnerVariation(context.Permission);
                }
            }
        }
Ejemplo n.º 14
0
        public void Complete(CheckAccessContext context) {
            if (context.Content == null) {
                return;
            }

            var part = context.Content.As<ContentMenuItemPart>();

            // if the content item has no right attached, check on the container
            if (part == null) {
                return;
            }

            context.Granted = _authorizationService.TryCheckAccess(context.Permission, context.User, part.Content);
            context.Adjusted = true;
        }
Ejemplo n.º 15
0
        public void Adjust(CheckAccessContext context)
        {
            if (context.Granted || context.Content == null || context.Content.ContentItem.ContentType != "Menu") {
                return;
            }

            // replace permission if a menu-specific version exists
            var permission = GetMenuVariation(context.Permission);

            if (permission == null) {
                return;
            }

            context.Adjusted = true;
            context.Permission = MenuPermissions.CreateDynamicPermission(permission, context.Content);
        }
Ejemplo n.º 16
0
 public void Adjust(CheckAccessContext context) {
     //this won't work if checking permission without passing a part
     //if (!context.Granted && context.Content.Is<ICommonPart>()) { 
     if (!context.Granted)
     {
         if (OwnerVariationExists(context.Permission) && !context.Content.Is<ICommonPart>())
         {
             context.Adjusted = true;
             context.Permission = GetOwnerVariation(context.Permission);
         }
         else if (OwnerVariationExists(context.Permission) && context.Content.Is<ICommonPart>() )
         {
             if (HasOwnership(context.User, context.Content))
             {
                 context.Adjusted = true;
                 context.Permission = GetOwnerVariation(context.Permission);
             }
         }
     }
 }
Ejemplo n.º 17
0
 public void Adjust(CheckAccessContext context)
 {
     if (context.Content.Is<CustomerPart>() || context.Content.Is<CustomerAddressPart>()) {
         if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.EditOwnCustomerAccount : CustomersPermissions.ManageCustomerAccounts;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? CustomersPermissions.ViewOwnCustomerAccount : CustomersPermissions.ViewCustomerAccounts;
         }
     }
     else if (context.Content.Is<CustomerOrderPart>()) {
         if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? OrdersPermissions.CreateOrders : OrdersPermissions.ManageOrders;
         }
         else if (context.Permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name || context.Permission.Name == Orchard.Core.Contents.Permissions.ViewOwnContent.Name) {
             context.Granted = false;
             context.Adjusted = true;
             context.Permission = HasOwnership(context.User, context.Content) ? OrdersPermissions.ViewOwnOrders : OrdersPermissions.ViewOrders;
         }
         else if (!context.Granted && context.Permission.Name == OrdersPermissions.ViewOrders.Name && HasOwnership(context.User, context.Content)) {
             context.Adjusted = true;
             context.Permission = OrdersPermissions.ViewOwnOrders;
         }
     }
 }
Ejemplo n.º 18
0
        public void Adjust(CheckAccessContext context) {
            if ( !context.Granted &&
                context.Content.Is<ICommonPart>() ) {

                if (OwnerVariationExists(context.Permission) &&
                    HasOwnership(context.User, context.Content)) {

                    context.Adjusted = true;
                    context.Permission = GetOwnerVariation(context.Permission);
                }

                var typeDefinition = context.Content.ContentItem.TypeDefinition;

                // replace permission if a content type specific version exists
                if ( typeDefinition.Settings.GetModel<ContentTypeSettings>().Creatable ) {
                    var permission = GetContentTypeVariation(context.Permission);

                    if ( permission != null) {
                        context.Adjusted = true;
                        context.Permission = DynamicPermissions.CreateDynamicPermission(permission, typeDefinition);
                    }
                }
            }
        }
Ejemplo n.º 19
0
        public void Checking(CheckAccessContext context)
        {
            // TODO: We could actually implement *denied* permissions. Maybe in Adjust(...)
            if (context.Granted) return;

            // TODO: Do we need to move to Adjusted so we can check per-type permissions? I general they're irrelevant since here we check against a specific content *item*.

            // TODO: Check this works with versioning. Will the authoritative item still get security check?
            // NOTE: I had to repeat a lot of code from RolesBasedAuthorizationService. Not brilliantly neat but I couldn't see any other way.

            // TODO: There's a lot of querying going on here, especially when groups are involved. Need indexing on left/right Ids *definitely* as well as other
            // optimisation / caching methods.

            // Check we have user and content
            // TODO: Could have EffectiveRolesPart on group itself; this would mean all users get that role (kind of dangerous tho!)
            if (context.User==null) return;
            if (context.Content == null) return;

            var userItem = context.User.ContentItem;
            // Find relationships between content and the User type
            var perms = _relationsService.Connectors(context.Content, userItem, "ContentToEffectingUser").List();
            if (perms.Count() == 0) return;
            
            // Find roles effected by this relationship
            IEnumerable<String> rolesToExamine = perms.SelectMany(p=>p.As<EffectiveRolesPart>().ListEffectiveRoles());

            // Find groups from content
            var groups = _relationsService.Connectors(context.Content, "GroupContentToGroup").List();
            // Find any links to user
            foreach (var g in groups)
            {
                var userInGroup = _relationsService.Connectors(g.LeftContentItemId, userItem.Id, "GroupToMemberUser").List();
                if (userInGroup.Any())
                {
                    // Firstly, any group roles the user has are applied
                    rolesToExamine = rolesToExamine.Union(userInGroup.SelectMany(ug=>ug.As<EffectiveRolesPart>().ListEffectiveRoles()));
                    // And apply any roles the whole group has
                    var groupToContent = _relationsService.Connectors(g.LeftContentItemId, context.Content.Id, "GroupToGroupContent").List();
                    rolesToExamine = rolesToExamine.Union(groupToContent.SelectMany(ug => ug.As<EffectiveRolesPart>().ListEffectiveRoles()));
                }
            }

            // Determine which set of permissions would satisfy the access check
            var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

            foreach (var role in rolesToExamine)
            {
                foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
                {
                    string possessedName = permissionName;
                    if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
                    {
                        context.Granted = true;
                    }

                    if (context.Granted)
                        break;
                }
                // End as soon as it's granted
                if (context.Granted)
                    break;
            }

        }
Ejemplo n.º 20
0
 public void Checking(CheckAccessContext context) { }
Ejemplo n.º 21
0
 public void Complete(CheckAccessContext context) { }
Ejemplo n.º 22
0
        public void Complete(CheckAccessContext context) {

            if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) 
                && context.User != null
                && String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) {
                context.Granted = true;
                return;
            }

            if (context.Content == null) {
                return;
            }

            var part = context.Content.As<ContentPermissionsPart>();

            // if the content item has no right attached, check on the container
            if (part == null || !part.Enabled) {
                var commonPart = context.Content.As<ICommonPart>();
                if(commonPart != null && commonPart.Container != null) {
                    part = commonPart.Container.As<ContentPermissionsPart>();
                }
            }

            if (part == null || !part.Enabled) {
                return;
            }

            var hasOwnership = HasOwnership(context.User, context.Content);

            IEnumerable<string> authorizedRoles;

            if (context.Permission == Core.Contents.Permissions.ViewContent) {
                authorizedRoles = (hasOwnership ? part.ViewOwnContent : part.ViewContent).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
            }
            else if (context.Permission == Core.Contents.Permissions.PublishContent) {
                authorizedRoles = (hasOwnership ? part.PublishOwnContent : part.PublishContent).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
            }
            else if (context.Permission == Core.Contents.Permissions.EditContent) {
                authorizedRoles = (hasOwnership ? part.EditOwnContent : part.EditContent).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
            }
            else if (context.Permission == Core.Contents.Permissions.DeleteContent) {
                authorizedRoles = (hasOwnership ? part.DeleteOwnContent : part.DeleteContent).Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
            }
            else {
                return;
            }

            // determine what set of roles should be examined by the access check
            IEnumerable<string> rolesToExamine;
            if (context.User == null) {
                rolesToExamine = AnonymousRole;
            }
            else if (context.User.Has<IUserRoles>()) {
                // the current user is not null, so get his roles and add "Authenticated" to it
                rolesToExamine = context.User.As<IUserRoles>().Roles;

                // when it is a simulated anonymous user in the admin
                if (!rolesToExamine.Contains(AnonymousRole[0])) {
                    rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
                }
            }
            else {
                // the user is not null and has no specific role, then it's just "Authenticated"
                rolesToExamine = AuthenticatedRole;
            }
            
            context.Granted = rolesToExamine.Any(x => authorizedRoles.Contains(x, StringComparer.OrdinalIgnoreCase));
            context.Adjusted = true;
        }
Ejemplo n.º 23
0
 public void Adjust(CheckAccessContext context) { }
Ejemplo n.º 24
0
 public void Adjust(CheckAccessContext context)
 {
     // NOTE: I'd like to do it here and feed a list of Roles back into the CheckAccessContext. But the only way I could do that would be to stuff them into the User object and I'm
     // worried that could affect checks elsewhere if the User object is reused.
 }
Ejemplo n.º 25
0
        public bool TryCheckAccess(Permission permission, IUser user, IContent content)
        {
            user = new ActiveDirectoryUser();

            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
            {
                if (!context.Granted && context.User != null)
                {
                    if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal))
                    {
                        context.Granted = true;
                    }
                }

                if (!context.Granted)
                {
                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null)
                    {
                        rolesToExamine = AnonymousRole;
                    }
                    else
                    {
                        //retrieve the UserPart record for the user from the DB (if there is one)
                        UserPart dbUser = null;
                        if (!string.IsNullOrWhiteSpace(context.User.UserName))
                        {
                            dbUser = _contentManager.Query<UserPart, UserPartRecord>().Where(x => x.NormalizedUserName == context.User.UserName.ToLowerInvariant()).List().FirstOrDefault();
                        }

                        // This line has been changed from the core implementation of IAuthorizationService,
                        // because our ActiveDirectoryUser implements the IUserRoles interface instead of having
                        // an UserRolesPart included on the content.
                        rolesToExamine = (context.User as IUserRoles).Roles;

                        //Also adding all the Roles from the UserRolePart, incase We want to use role management that is not part of AD..
                        if (dbUser != null && dbUser.As<IUserRoles>() != null && dbUser.As<IUserRoles>().Roles != null)
                            rolesToExamine = rolesToExamine.Union(dbUser.As<IUserRoles>().Roles);

                        // when it is a simulated anonymous user in the admin
                        if (!rolesToExamine.Contains(AnonymousRole[0]))
                        {
                            rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
                        }
                    }

                    foreach (var role in rolesToExamine)
                    {
                        foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
                        {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
                            {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }
Ejemplo n.º 26
0
        public bool TryCheckAccess(Permission permission, IUser user, IContent content)
        {
            user = new ActiveDirectoryUser();

            var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
            _authorizationServiceEventHandler.Checking(context);

            for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
            {
                if (!context.Granted && context.User != null)
                {
                    if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
                           String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal))
                    {
                        context.Granted = true;
                    }
                }

                if (!context.Granted)
                {
                    // determine which set of permissions would satisfy the access check
                    var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();

                    // determine what set of roles should be examined by the access check
                    IEnumerable<string> rolesToExamine;
                    if (context.User == null)
                    {
                        rolesToExamine = AnonymousRole;
                    }
                    else
                    {
                        // the current user is not null, so get his roles and add "Authenticated" to it.

                        // This line has been changed from the core implementation of IAuthorizationService,
                        // because our ActiveDirectoryUser implements the IUserRoles interface instead of having
                        // an UserRolesPart included on the content.
                        rolesToExamine = (context.User as IUserRoles).Roles;

                        // when it is a simulated anonymous user in the admin
                        if (!rolesToExamine.Contains(AnonymousRole[0]))
                        {
                            rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
                        }
                    }
   
                    foreach (var role in rolesToExamine)
                    {
                        foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
                        {
                            string possessedName = permissionName;
                            if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
                            {
                                context.Granted = true;
                            }

                            if (context.Granted)
                                break;
                        }

                        if (context.Granted)
                            break;
                    }
                }

                context.Adjusted = false;
                _authorizationServiceEventHandler.Adjust(context);
                if (!context.Adjusted)
                    break;
            }

            _authorizationServiceEventHandler.Complete(context);

            return context.Granted;
        }