private static Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(App app, string name, string stream, bool includeGuid, ModuleInfo module, Log log) { log.Add($"build and run query name:{name}, with module:{module?.ModuleID}"); var query = app.GetQuery(name); if (query == null) { throw HttpErr(HttpStatusCode.NotFound, "query not found", $"query '{name}' not found"); } var permissionChecker = new DnnPermissionCheck(log, targetItem: query.QueryDefinition, instance: new DnnInstanceInfo(module)); var readExplicitlyAllowed = permissionChecker.UserMay(Grants.Read); var isAdmin = module != null && DotNetNuke.Security.Permissions .ModulePermissionController.CanAdminModule(module); // Only return query if permissions ok if (!(readExplicitlyAllowed || isAdmin)) { throw HttpErr(HttpStatusCode.Unauthorized, "Request not allowed", $"Request not allowed. User does not have read permissions for query '{name}'"); } var serializer = new Serializer { IncludeGuid = includeGuid }; return(serializer.Prepare(query, stream?.Split(','))); }
private Tuple <App, PermissionCheckBase> AppAndPermissionChecker(int appId, string typeName) { var env = Factory.Resolve <IEnvironmentFactory>().Environment(Log); var tenant = new DnnTenant(PortalSettings.Current); var uiZoneId = env.ZoneMapper.GetZoneId(tenant.Id); // now do relevant security checks var zoneId = SystemManager.ZoneIdOfApp(appId); var app = new App(tenant, zoneId, appId, parentLog: Log); var type = typeName == null ? null : new AppRuntime(zoneId, appId, Log) .ContentTypes.Get(typeName); var samePortal = uiZoneId == tenant.Id; var portalToUseInSecCheck = samePortal ? PortalSettings.Current : null; // user has edit permissions on this app, and it's the same app as the user is coming from var checker = new DnnPermissionCheck(Log, instance: SxcInstance.EnvInstance, app: app, portal: portalToUseInSecCheck, targetType: type); return(new Tuple <App, PermissionCheckBase>(app, checker)); }
/// <summary> /// This will check if the field-definition grants additional rights /// Should only be called if the user doesn't have full edit-rights /// </summary> public bool FieldPermissionOk(List <Grants> requiredGrant) { var fieldPermissions = new DnnPermissionCheck(Log, instance: BlockBuilder.Container, permissions1: Attribute.Permissions, appIdentity: BlockBuilder.App); return(fieldPermissions.UserMay(requiredGrant)); }
/// <summary> /// This will check if the field-definition grants additional rights /// Should only be called if the user doesn't have full edit-rights /// </summary> public bool FieldPermissionOk(List <Grants> requiredGrant) { var fieldPermissions = new DnnPermissionCheck(Log, instance: SxcInstance.EnvInstance, permissions1: Attribute.Permissions, appIdentity: SxcInstance.App); return(fieldPermissions.UserMay(requiredGrant)); }
private static Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(IApp app, string name, string stream, bool includeGuid, ModuleInfo module, ILog log, IBlockBuilder blockBuilder) { var wrapLog = log.Call($"name:{name}, withModule:{module?.ModuleID}"); var query = app.GetQuery(name); if (query == null) { var msg = $"query '{name}' not found"; wrapLog(msg); throw HttpErr(HttpStatusCode.NotFound, "query not found", msg); } var permissionChecker = new DnnPermissionCheck(log, targetItem: query.Definition.Entity, instance: new DnnContainer(module), appIdentity: app); var readExplicitlyAllowed = permissionChecker.UserMay(GrantSets.ReadSomething); var isAdmin = module != null && DotNetNuke.Security.Permissions .ModulePermissionController.CanAdminModule(module); // Only return query if permissions ok if (!(readExplicitlyAllowed || isAdmin)) { var msg = $"Request not allowed. User does not have read permissions for query '{name}'"; wrapLog(msg); throw HttpErr(HttpStatusCode.Unauthorized, "Request not allowed", msg); } var serializer = new DataToDictionary(blockBuilder?.UserMayEdit ?? false) { WithGuid = includeGuid }; var result = serializer.Convert(query, stream?.Split(',')); wrapLog(null); return(result); }