|
public GetAuths ( int entityTypeId, int entityId, string action ) : IQueryable |
||
| entityTypeId | int | A |
| entityId | int | A |
| action | string | A |
| return | IQueryable |
|
/// <summary>
/// Gets the approvers.
/// </summary>
/// <param name="noteTypeId">The note type identifier.</param>
/// <returns></returns>
public List <Person> GetApprovers(int noteTypeId)
{
var rockContext = this.Context as RockContext;
var groupMemberService = new GroupMemberService(rockContext);
var noteType = NoteTypeCache.Get(noteTypeId);
int?noteTypeEntityTypeId = EntityTypeCache.GetId <NoteType>();
if (!noteTypeEntityTypeId.HasValue || noteType == null)
{
// shouldn't happen
return(new List <Person>());
}
var authService = new AuthService(rockContext);
var approvalAuths = authService.GetAuths(noteTypeEntityTypeId.Value, noteTypeId, Rock.Security.Authorization.APPROVE);
// Get a list of all PersonIds that are allowed that are included in the Auths
// Then, when we get a list of all the allowed people that are in the auth as a specific Person or part of a Role (Group), we'll run all those people thru NoteType.IsAuthorized
// That way, we don't have to figure out all the logic of Allow/Deny based on Order, etc
List <int> authPersonIdListAll = new List <int>();
var approvalAuthsAllowed = approvalAuths.Where(a => a.AllowOrDeny == "A").ToList();
foreach (var approvalAuth in approvalAuthsAllowed)
{
var personId = approvalAuth.PersonAlias?.PersonId;
if (personId.HasValue)
{
authPersonIdListAll.Add(personId.Value);
}
else if (approvalAuth.GroupId.HasValue)
{
var groupPersonIdsQuery = groupMemberService.Queryable().Where(a => a.GroupId == approvalAuth.GroupId.Value && a.GroupMemberStatus == GroupMemberStatus.Active && a.Person.IsDeceased == false).Select(a => a.PersonId);
authPersonIdListAll.AddRange(groupPersonIdsQuery.ToList());
}
else if (approvalAuth.SpecialRole != SpecialRole.None)
{
// Not Supported: Get people that belong to Special Roles like AllUsers, AllAuthenticatedUser, and AllUnAuthenicatedUsers doesn't really make sense, so ignore it
}
}
authPersonIdListAll = authPersonIdListAll.Distinct().ToList();
var authPersonsAll = new PersonService(rockContext).Queryable().Where(a => authPersonIdListAll.Contains(a.Id)).ToList();
var authorizedApprovers = new List <Person>();
// now that we have a list of all people that have at least one Allow auth, run them thru noteType.IsAuthorized, to get rid of people that would have been excluded due to a Deny auth
foreach (var authPerson in authPersonsAll)
{
if (noteType.IsAuthorized(Rock.Security.Authorization.APPROVE, authPerson))
{
authorizedApprovers.Add(authPerson);
}
}
return(authorizedApprovers);
}
/// <summary>
/// Handles the GridReorder event of the rGrid control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="GridReorderEventArgs"/> instance containing the event data.</param>
protected void rGrid_GridReorder(object sender, GridReorderEventArgs e)
{
int entityTypeId = iSecured.TypeId;
var rockContext = new RockContext();
var authService = new Rock.Model.AuthService(rockContext);
List <Rock.Model.Auth> rules = authService.GetAuths(iSecured.TypeId, iSecured.Id, CurrentAction).ToList();
authService.Reorder(rules, e.OldIndex, e.NewIndex);
rockContext.SaveChanges();
Authorization.ReloadAction(iSecured.TypeId, iSecured.Id, CurrentAction);
BindGrid();
}
/// <summary>
/// Handles the Click event of the lbAddUser control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
protected void lbAddUser_Click(object sender, EventArgs e)
{
if (ppUser.PersonId.HasValue)
{
int?personAliasId = ppUser.PersonAliasId;
if (personAliasId.HasValue)
{
using (var rockContext = new RockContext())
{
var authService = new Rock.Model.AuthService(rockContext);
var existingAuths = authService.GetAuths(iSecured.TypeId, iSecured.Id, CurrentAction).ToList();
if (!existingAuths.Any(a => a.PersonAliasId.HasValue && a.PersonAliasId.Value == personAliasId.Value))
{
int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0;
Rock.Model.Auth auth = new Rock.Model.Auth();
auth.EntityTypeId = iSecured.TypeId;
auth.EntityId = iSecured.Id;
auth.Action = CurrentAction;
auth.AllowOrDeny = "A";
auth.SpecialRole = Rock.Model.SpecialRole.None;
auth.PersonAliasId = personAliasId;
auth.Order = order;
authService.Add(auth);
rockContext.SaveChanges();
Authorization.ReloadAction(iSecured.TypeId, iSecured.Id, CurrentAction);
}
}
}
}
pnlAddUser.Visible = false;
phList.Visible = true;
BindGrid();
}
/// <summary>
/// Sets the role actions.
/// </summary>
private void SetRoleActions()
{
cblRoleActionList.Items.Clear();
using ( var rockContext = new RockContext() )
{
var authService = new AuthService( rockContext );
var actions = iSecured.SupportedActions;
foreach ( var action in actions )
{
if ( action.Key == CurrentAction )
{
lActionDescription.Text = action.Value;
ListItem roleItem = new ListItem( action.Key );
roleItem.Selected = true;
cblRoleActionList.Items.Add( roleItem );
}
else
{
Rock.Model.SpecialRole specialRole = Rock.Model.SpecialRole.None;
int? groupId = ddlRoles.SelectedValue.AsIntegerOrNull();
switch ( groupId )
{
case -1: specialRole = Rock.Model.SpecialRole.AllUsers;
break;
case -2: specialRole = Rock.Model.SpecialRole.AllAuthenticatedUsers;
break;
case -3: specialRole = Rock.Model.SpecialRole.AllUnAuthenticatedUsers;
break;
default: specialRole = Rock.Model.SpecialRole.None;
break;
}
if ( groupId < 0 )
{
groupId = null;
}
if ( !authService.GetAuths( iSecured.TypeId, iSecured.Id, action.Key )
.Any( a => a.SpecialRole == specialRole && a.GroupId == groupId ) )
{
cblRoleActionList.Items.Add( new ListItem( action.Key ) );
}
}
}
}
}
/// <summary>
/// Binds the grid.
/// </summary>
private void BindGrid()
{
using ( var rockContext = new RockContext() )
{
var authService = new AuthService( rockContext );
var itemRules = new List<AuthRule>();
foreach ( var auth in authService.GetAuths( iSecured.TypeId, iSecured.Id, CurrentAction ) )
{
itemRules.Add( new AuthRule( auth ) );
}
rGrid.DataSource = itemRules;
rGrid.DataBind();
var parentRules = new List<MyAuthRule>();
AddParentRules( authService, itemRules, parentRules, iSecured.ParentAuthorityPre, CurrentAction, false );
AddParentRules( authService, itemRules, parentRules, iSecured.ParentAuthority, CurrentAction, true );
rGridParentRules.DataSource = parentRules;
rGridParentRules.DataBind();
}
}
/// <summary>
/// Adds the parent rules.
/// </summary>
/// <param name="authService">The authentication service.</param>
/// <param name="itemRules">The item rules.</param>
/// <param name="parentRules">The parent rules.</param>
/// <param name="parent">The parent.</param>
/// <param name="action">The action.</param>
/// <param name="recurse">if set to <c>true</c> [recurse].</param>
private void AddParentRules( AuthService authService, List<AuthRule> itemRules, List<MyAuthRule> parentRules, ISecured parent, string action, bool recurse )
{
if ( parent != null )
{
var entityType = Rock.Web.Cache.EntityTypeCache.Read( parent.TypeId );
foreach ( var auth in authService.GetAuths( parent.TypeId, parent.Id, action ) )
{
var rule = new AuthRule( auth );
if ( !itemRules.Exists( r =>
r.SpecialRole == rule.SpecialRole &&
r.PersonId == rule.PersonId &&
r.GroupId == rule.GroupId ) &&
!parentRules.Exists( r =>
r.AuthRule.SpecialRole == rule.SpecialRole &&
r.AuthRule.PersonId == rule.PersonId &&
r.AuthRule.GroupId == rule.GroupId ) )
{
var myRule = new MyAuthRule( rule );
myRule.EntityTitle = string.Format( "{0} <small>({1})</small>", parent.ToString(), entityType.FriendlyName ?? entityType.Name ).TrimStart();
parentRules.Add( myRule );
}
}
if ( recurse )
{
AddParentRules( authService, itemRules, parentRules, parent.ParentAuthority, action, true );
}
}
}
/// <summary>
/// Handles the GridReorder event of the rGrid control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="GridReorderEventArgs"/> instance containing the event data.</param>
protected void rGrid_GridReorder( object sender, GridReorderEventArgs e )
{
int entityTypeId = iSecured.TypeId;
var rockContext = new RockContext();
var authService = new Rock.Model.AuthService( rockContext );
List<Rock.Model.Auth> rules = authService.GetAuths( iSecured.TypeId, iSecured.Id, CurrentAction ).ToList();
authService.Reorder( rules, e.OldIndex, e.NewIndex );
rockContext.SaveChanges();
Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, CurrentAction );
BindGrid();
}
/// <summary>
/// Handles the Click event of the lbAddUser control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
protected void lbAddUser_Click( object sender, EventArgs e )
{
if ( ppUser.PersonId.HasValue )
{
int? personAliasId = ppUser.PersonAliasId;
if ( personAliasId.HasValue )
{
using ( var rockContext = new RockContext() )
{
var authService = new Rock.Model.AuthService( rockContext );
var existingAuths = authService.GetAuths( iSecured.TypeId, iSecured.Id, CurrentAction ).ToList();
if ( !existingAuths.Any( a => a.PersonAliasId.HasValue && a.PersonAliasId.Value == personAliasId.Value ) )
{
int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0;
Rock.Model.Auth auth = new Rock.Model.Auth();
auth.EntityTypeId = iSecured.TypeId;
auth.EntityId = iSecured.Id;
auth.Action = CurrentAction;
auth.AllowOrDeny = "A";
auth.SpecialRole = Rock.Model.SpecialRole.None;
auth.PersonAliasId = personAliasId;
auth.Order = order;
authService.Add( auth );
rockContext.SaveChanges();
Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, CurrentAction );
}
}
}
}
pnlAddUser.Visible = false;
phList.Visible = true;
BindGrid();
}
/// <summary>
/// Handles the Click event of the lbAddRole control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
protected void lbAddRole_Click( object sender, EventArgs e )
{
using ( var rockContext = new RockContext() )
{
var authService = new AuthService( rockContext );
foreach ( ListItem li in cblRoleActionList.Items )
{
if ( li.Selected )
{
Rock.Model.SpecialRole specialRole = Rock.Model.SpecialRole.None;
int? groupId = ddlRoles.SelectedValue.AsIntegerOrNull();
switch ( groupId )
{
case -1: specialRole = Rock.Model.SpecialRole.AllUsers;
break;
case -2: specialRole = Rock.Model.SpecialRole.AllAuthenticatedUsers;
break;
case -3: specialRole = Rock.Model.SpecialRole.AllUnAuthenticatedUsers;
break;
default: specialRole = Rock.Model.SpecialRole.None;
break;
}
if ( groupId < 0 )
{
groupId = null;
}
var existingAuths = authService.GetAuths( iSecured.TypeId, iSecured.Id, li.Text ).ToList();
if ( !existingAuths.Any( a => a.SpecialRole == specialRole && a.GroupId.Equals( groupId ) ) )
{
int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0;
Rock.Model.Auth auth = new Rock.Model.Auth();
auth.EntityTypeId = iSecured.TypeId;
auth.EntityId = iSecured.Id;
auth.Action = li.Text;
auth.AllowOrDeny = "A";
auth.SpecialRole = specialRole;
auth.GroupId = groupId;
auth.Order = order;
authService.Add( auth );
rockContext.SaveChanges();
Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, li.Text );
}
}
}
}
pnlAddRole.Visible = false;
phList.Visible = true;
BindGrid();
}
/// <summary>
/// Reloads the authorizations for the specified entity and action.
/// </summary>
/// <param name="entityTypeId">The entity type id.</param>
/// <param name="entityId">The entity id.</param>
/// <param name="action">The action.</param>
public static void ReloadAction( int entityTypeId, int entityId, string action )
{
var rockContext = new RockContext();
// If there's no Authorizations object, create it
if ( Authorizations == null )
Load( rockContext );
else
{
// Delete the current authorizations
if ( Authorizations.ContainsKey( entityTypeId ) )
if ( Authorizations[entityTypeId].ContainsKey( entityId ) )
if ( Authorizations[entityTypeId][entityId].ContainsKey( action ) )
Authorizations[entityTypeId][entityId][action] = new List<AuthRule>();
// Find the Authrules for the given entity type, entity id, and action
AuthService authService = new AuthService( rockContext );
foreach ( Auth auth in authService.GetAuths( entityTypeId, entityId, action ) )
{
if ( !Authorizations.ContainsKey( auth.EntityTypeId ) )
Authorizations.Add( auth.EntityTypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() );
Dictionary<int, Dictionary<string, List<AuthRule>>> entityAuths = Authorizations[auth.EntityTypeId];
if ( !entityAuths.ContainsKey( auth.EntityId ?? 0 ) )
entityAuths.Add( auth.EntityId ?? 0, new Dictionary<string, List<AuthRule>>() );
Dictionary<string, List<AuthRule>> instanceAuths = entityAuths[auth.EntityId ?? 0];
if ( !instanceAuths.ContainsKey( auth.Action ) )
instanceAuths.Add( auth.Action, new List<AuthRule>() );
List<AuthRule> actionPermissions = instanceAuths[auth.Action];
actionPermissions.Add( new AuthRule( auth ) );
}
}
}
/// <summary>
/// If the entity is currently private for selected person, removes all the rules
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyMakeUnPrivate( ISecured entity, string action, Person person, RockContext rockContext )
{
if ( IsPrivate( entity, action, person ) )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
}
/// <summary>
/// Makes the entity private for the selected action and person
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyMakePrivate( ISecured entity, string action, Person person, RockContext rockContext )
{
if ( !IsPrivate( entity, action, person ) )
{
if ( person != null )
{
var personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id );
if ( personAlias != null )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
rockContext.SaveChanges();
// Create the rules in the database
Auth auth1 = new Auth();
auth1.EntityTypeId = entity.TypeId;
auth1.EntityId = entity.Id;
auth1.Order = 0;
auth1.Action = action;
auth1.AllowOrDeny = "A";
auth1.SpecialRole = SpecialRole.None;
auth1.PersonAlias = personAlias;
auth1.PersonAliasId = personAlias.Id;
authService.Add( auth1 );
Auth auth2 = new Auth();
auth2.EntityTypeId = entity.TypeId;
auth2.EntityId = entity.Id;
auth2.Order = 1;
auth2.Action = action;
auth2.AllowOrDeny = "D";
auth2.SpecialRole = SpecialRole.AllUsers;
authService.Add( auth2 );
rockContext.SaveChanges();
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
}
}
}
/// <summary>
/// Mies the allow all users.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyAllowAllUsers( ISecured entity, string action, RockContext rockContext )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
rockContext.SaveChanges();
// Create the rule in the database
Auth auth1 = new Auth();
auth1.EntityTypeId = entity.TypeId;
auth1.EntityId = entity.Id;
auth1.Order = 0;
auth1.Action = action;
auth1.AllowOrDeny = "A";
auth1.SpecialRole = SpecialRole.AllUsers;
authService.Add( auth1 );
rockContext.SaveChanges();
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
/// <summary>
/// Creates authorization rules to make the entity private to selected person
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="group">The group.</param>
/// <param name="specialRole">The special role.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyAllow( ISecured entity, string action,
Person person = null, Group group = null, SpecialRole specialRole = SpecialRole.None,
RockContext rockContext = null )
{
rockContext = rockContext ?? new RockContext();
PersonAlias personAlias = null;
if ( person != null )
{
personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id );
}
if ( personAlias != null || group != null || specialRole != SpecialRole.None )
{
var authService = new AuthService( rockContext );
// Update the order for any existing rules in database
int order = 1;
foreach ( Auth existingAuth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
existingAuth.Order = order++;
}
// Add the new auth (with order of zero)
Auth auth = new Auth();
auth.EntityTypeId = entity.TypeId;
auth.EntityId = entity.Id;
auth.Order = 0;
auth.Action = action;
auth.AllowOrDeny = "A";
auth.SpecialRole = specialRole;
if ( personAlias != null )
{
auth.PersonAlias = personAlias;
auth.PersonAliasId = personAlias.Id;
}
if ( group != null )
{
auth.Group = group;
auth.GroupId = group.Id;
}
authService.Add( auth );
rockContext.SaveChanges();
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
}
