private static Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(App app, string name, string stream, bool includeGuid, ModuleInfo module, Log log)
{
log.Add($"build and run query name:{name}, with module:{module?.ModuleID}");
var query = app.GetQuery(name);
if (query == null)
{
throw HttpErr(HttpStatusCode.NotFound, "query not found", $"query '{name}' not found");
}
var permissionChecker = new DnnPermissionCheck(log, targetItem: query.QueryDefinition, instance: new DnnInstanceInfo(module));
var readExplicitlyAllowed = permissionChecker.UserMay(Grants.Read);
var isAdmin = module != null && DotNetNuke.Security.Permissions
.ModulePermissionController.CanAdminModule(module);
// Only return query if permissions ok
if (!(readExplicitlyAllowed || isAdmin))
{
throw HttpErr(HttpStatusCode.Unauthorized, "Request not allowed", $"Request not allowed. User does not have read permissions for query '{name}'");
}
var serializer = new Serializer {
IncludeGuid = includeGuid
};
return(serializer.Prepare(query, stream?.Split(',')));
}
private Tuple <App, PermissionCheckBase> AppAndPermissionChecker(int appId, string typeName)
{
var env = Factory.Resolve <IEnvironmentFactory>().Environment(Log);
var tenant = new DnnTenant(PortalSettings.Current);
var uiZoneId = env.ZoneMapper.GetZoneId(tenant.Id);
// now do relevant security checks
var zoneId = SystemManager.ZoneIdOfApp(appId);
var app = new App(tenant, zoneId, appId, parentLog: Log);
var type = typeName == null
? null
: new AppRuntime(zoneId, appId, Log)
.ContentTypes.Get(typeName);
var samePortal = uiZoneId == tenant.Id;
var portalToUseInSecCheck = samePortal ? PortalSettings.Current : null;
// user has edit permissions on this app, and it's the same app as the user is coming from
var checker = new DnnPermissionCheck(Log,
instance: SxcInstance.EnvInstance,
app: app,
portal: portalToUseInSecCheck,
targetType: type);
return(new Tuple <App, PermissionCheckBase>(app, checker));
}
/// <summary>
/// This will check if the field-definition grants additional rights
/// Should only be called if the user doesn't have full edit-rights
/// </summary>
public bool FieldPermissionOk(List <Grants> requiredGrant)
{
var fieldPermissions = new DnnPermissionCheck(Log,
instance: BlockBuilder.Container,
permissions1: Attribute.Permissions,
appIdentity: BlockBuilder.App);
return(fieldPermissions.UserMay(requiredGrant));
}
/// <summary>
/// This will check if the field-definition grants additional rights
/// Should only be called if the user doesn't have full edit-rights
/// </summary>
public bool FieldPermissionOk(List <Grants> requiredGrant)
{
var fieldPermissions = new DnnPermissionCheck(Log,
instance: SxcInstance.EnvInstance,
permissions1: Attribute.Permissions,
appIdentity: SxcInstance.App);
return(fieldPermissions.UserMay(requiredGrant));
}
private static Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(IApp app, string name, string stream, bool includeGuid, ModuleInfo module, ILog log, IBlockBuilder blockBuilder)
{
var wrapLog = log.Call($"name:{name}, withModule:{module?.ModuleID}");
var query = app.GetQuery(name);
if (query == null)
{
var msg = $"query '{name}' not found";
wrapLog(msg);
throw HttpErr(HttpStatusCode.NotFound, "query not found", msg);
}
var permissionChecker = new DnnPermissionCheck(log, targetItem: query.Definition.Entity,
instance: new DnnContainer(module), appIdentity: app);
var readExplicitlyAllowed = permissionChecker.UserMay(GrantSets.ReadSomething);
var isAdmin = module != null && DotNetNuke.Security.Permissions
.ModulePermissionController.CanAdminModule(module);
// Only return query if permissions ok
if (!(readExplicitlyAllowed || isAdmin))
{
var msg = $"Request not allowed. User does not have read permissions for query '{name}'";
wrapLog(msg);
throw HttpErr(HttpStatusCode.Unauthorized, "Request not allowed", msg);
}
var serializer = new DataToDictionary(blockBuilder?.UserMayEdit ?? false)
{
WithGuid = includeGuid
};
var result = serializer.Convert(query, stream?.Split(','));
wrapLog(null);
return(result);
}
