Example #1
0
        public void Before(EntityOperation operation, EntityOperationContext context)
        {
            var update = operation as EntityUpdate;

            if (update != null)
            {
                if (operation.IsEntity(EntityConsts.Issue))
                {
                    if (update.IsCreate() && !update.ContainsProperty("Year"))
                    {
                        update.Set("Year", DateTime.Now.Year);
                    }

                    if (update.ContainsProperty("Sent"))//TODO: mymagazines issue send (sent flag used)
                    {
                        context.Set <bool>(CTXKEY_SEND_ISSUE, true);
                    }
                }
                else if (operation.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive") && update.Id.HasValue)
                {
                    if (update.Get <bool>("IsActive") == false)
                    {
                        var q = new EntityQuery2(EntityConsts.Magazine, update.Id.Value);
                        q.AddProperty("IsActive");
                        var magazine = _repository.Read(q);
                        context.Set <bool>(CTXKEY_ISACTIVEOLD, magazine.GetData <bool>("IsActive"));
                    }
                }
            }
        }
Example #2
0
        public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
        {
            if (operation.IsEntity(Notification.ENTITY) &&
                operation is EntityUpdate &&
                context.Get <bool>(CTXKEY_CREATENOTIFICATION) &&
                result.Success)
            {
                var update = operation as EntityUpdate;
                var method = ReplyMethods.ByNotification;//default
                if (update.ContainsProperty("Method"))
                {
                    method = update.Get <ReplyMethods>("Method");
                }



                var recipientUpdate = update.GetRelationUpdate(User.ENTITY, Roles.Recipient);
                var attachments     = update.GetMultipleRelationUpdates(NbuLibrary.Core.Domain.File.ENTITY, Roles.Attachment);
                if (attachments != null)
                {
                    foreach (var att in attachments)
                    {
                        _fileService.GrantAccess(att.Id.Value, FileAccessType.Read, new User(recipientUpdate.Id.Value));
                    }
                }

                var recipientQuery = new EntityQuery2(User.ENTITY, recipientUpdate.Id.Value);
                recipientQuery.AddProperty("Email");
                var recipient = _repository.Read(recipientQuery);
                var to        = recipient.GetData <string>("Email");
                var body      = update.Get <string>("Body");
                var subject   = update.Get <string>("Subject");
            }
        }
Example #3
0
        public void Before(EntityOperation operation, EntityOperationContext context)
        {
            if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate())
                {
                    update.Set("Date", DateTime.Now);
                    var sender = update.GetRelationUpdate(User.ENTITY, Roles.Sender);
                    if (sender == null)
                    {
                        update.Attach(User.ENTITY, Roles.Sender, _securityService.CurrentUser.Id);
                    }
                    else
                    {
                        sender.Id = _securityService.CurrentUser.Id;
                    }
                    context.Set <bool>(CTXKEY_CREATENOTIFICATION, true);
                }

                if (update.ContainsProperty("Body"))
                {
                    var text    = System.Web.HttpUtility.HtmlEncode(update.Get <string>("Body"));
                    var newText = HtmlProcessor.ProcessEncodedHtml(text);
                    update.Set("Body", newText);
                }
            }
        }
Example #4
0
        public InspectionResult Inspect(EntityOperation operation)
        {
            if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate())
                {
                    return(InspectionResult.Allow);
                }
                else if (update.PropertyUpdates.Count == 1 && (update.ContainsProperty("Received") || update.ContainsProperty("Archived")))
                {
                    EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
                    q.Include(User.ENTITY, Roles.Recipient);
                    var recipient = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Recipient);
                    if (recipient != null && recipient.Entity.Id == _securityService.CurrentUser.Id)
                    {
                        return(InspectionResult.Allow);
                    }
                }
                else if (update.PropertyUpdates.Count == 1 && update.ContainsProperty("ArchivedSent"))
                {
                    EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
                    q.Include(User.ENTITY, Roles.Sender);
                    var sender = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Sender);
                    if (sender != null && sender.Entity.Id == _securityService.CurrentUser.Id)
                    {
                        return(InspectionResult.Allow);
                    }
                }
            }

            return(InspectionResult.None);
        }
Example #5
0
        public InspectionResult Inspect(EntityOperation operation)
        {
            if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate() && _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.Upload))
                {
                    return(InspectionResult.Allow);
                }
                else if ((_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageOwn) || _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll)) &&
                         _fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Owner))
                {
                    return(InspectionResult.Allow);
                }
                else if (_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll) &&
                         _fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Full))
                {
                    return(InspectionResult.Allow);
                }
            }
            else if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityDelete)
            {
                //TODO: file delete permission
                if (_fileService.HasAccess(_securityService.CurrentUser, operation.Id.Value, FileAccessType.Owner))
                {
                    return(InspectionResult.Allow);
                }
            }
            else if (operation.IsEntity(User.ENTITY) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.ContainsProperty("DiskUsageLimit") && _securityService.CurrentUser.UserType != UserTypes.Admin)
                {
                    return(InspectionResult.Deny);
                }
            }

            return(InspectionResult.None);
        }
Example #6
0
        public InspectionResult Inspect(EntityOperation operation)
        {
            if (operation.IsEntity(EntityConsts.Magazine) || operation.IsEntity(EntityConsts.Issue))
            {
                if (_securityService.CurrentUser.UserType == UserTypes.Librarian &&
                    _securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use) &&
                    operation is EntityUpdate)
                {
                    return(InspectionResult.Allow);
                }
            }
            else if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate() &&
                    _securityService.CurrentUser.UserType == UserTypes.Librarian &&
                    _securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use))
                {
                    return(InspectionResult.Allow);
                }
            }

            return(InspectionResult.None);
        }
Example #7
0
        public void Before(EntityOperation operation, EntityOperationContext context)
        {
            if (!operation.IsEntity(Inquery.EntityType))
            {
                return;
            }

            if (operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (_securityService.CurrentUser.UserType == UserTypes.Customer && update.IsCreate())
                {
                    update.Attach(User.ENTITY, RelationConsts.Customer, _securityService.CurrentUser.Id);
                }
                else if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
                {
                    bool attach = false;
                    if (update.IsCreate())
                    {
                        attach = true;
                    }
                    else
                    {
                        var q = new EntityQuery2(User.ENTITY);
                        q.WhereRelated(new RelationQuery(Inquery.EntityType, RelationConsts.ProcessedBy, update.Id.Value));
                        var user = _repository.Read(q);
                        if (user == null)
                        {
                            attach = true;
                        }
                        else if (user.Id != _securityService.CurrentUser.Id)
                        {
                            update.Detach(User.ENTITY, RelationConsts.ProcessedBy, user.Id);
                            attach = true;
                        }
                    }

                    if (attach)
                    {
                        update.Attach(User.ENTITY, RelationConsts.ProcessedBy, _securityService.CurrentUser.Id);
                    }
                }
            }
        }
Example #8
0
        public InspectionResult Inspect(EntityOperation operation)
        {
            if (operation.IsEntity(User.ENTITY))
            {
                if (_securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserManagement))
                {
                    return(InspectionResult.Allow);
                }

                if (operation is EntityUpdate)
                {
                    var update = operation as EntityUpdate;
                    if (update.ContainsProperty("RecoveryCode"))
                    {
                        return(InspectionResult.Deny); //Only users with UserManagement permission can access this property
                    }
                }


                if (operation.Id.HasValue && _securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserActivation))
                {
                    EntityQuery2 query = new EntityQuery2("User", operation.Id.Value);
                    query.AddProperty("isActive");
                    var e = _repository.Read(query);
                    if (e.GetData <bool>("IsActive") == false)
                    {
                        return(InspectionResult.Allow);
                    }
                }
                else if (operation is EntityUpdate)
                {
                    var update = operation as EntityUpdate;
                    if (update.Id.HasValue &&
                        update.Id.Value == _securityService.CurrentUser.Id &&
                        !update.ContainsProperty("IsActive"))   //TODO: allowing the user to edit his data and relations
                    {
                        return(InspectionResult.Allow);
                    }
                }
            }

            return(InspectionResult.None);
        }
Example #9
0
        public void Before(EntityOperation operation, EntityOperationContext context)
        {
            if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate() && !update.ContainsProperty("Password")) //generate random password
                {
                    update.Set("Password", GenerateRandomPassword());
                }

                if (update.ContainsProperty("password"))
                {
                    var newPassword = update.PropertyUpdates["password"] as string;
                    context.Set <string>(CTXKEY_PASSWORD_UPDATE, newPassword);

                    string hash = null;
                    using (SHA1 sha1 = SHA1.Create())
                    {
                        hash = Convert.ToBase64String(sha1.ComputeHash(Encoding.UTF8.GetBytes(newPassword)));
                    }

                    update.Set("password", hash);
                    update.Set("FailedLoginsCount", 0);
                }

                if (update.ContainsProperty("RecoveryCode"))
                {
                    context.Set <bool>(CTXKEY_USER_PASSWORDRECOVERY, true);
                }

                if (update.IsCreate())
                {
                    context.Set <bool>(CTXKEY_USER_CREATION, true);
                }
                else if (update.Id.Value == _securityService.CurrentUser.Id)
                {
                    context.Set <int>(CTXKEY_UPDATE_PROFILE, _securityService.CurrentUser.Id);
                }
            }
        }
Example #10
0
        public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
        {
            if (!result.Success)
            {
                return;
            }

            if (!operation.IsEntity(User.ENTITY))
            {
                return;
            }

            var update = operation as EntityUpdate;

            if (update == null)
            {
                return;
            }

            if (context.Get <bool>(CTXKEY_USER_PASSWORDRECOVERY))
            {
                var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
                {
                    AllProperties = true
                }));
                var template = _templateService.Get(new Guid(NotificationTemplates.USER_PASSWORDRECOVERY));

                string subject = null, body = null;
                Dictionary <string, Entity> templateContext = new Dictionary <string, Entity>(StringComparer.InvariantCultureIgnoreCase);
                templateContext.Add("User", user);

                _templateService.Render(template, templateContext, out subject, out body);

                //TODO: async execution
                _notificationService.SendEmail(user.Email, subject, body, null);
            }

            if (context.Get <bool>(CTXKEY_USER_CREATION))
            {
                var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
                {
                    AllProperties = true
                }));

                var pwd = context.Get <string>(CTXKEY_PASSWORD_UPDATE);
                user.SetData <String>("Password", pwd);

                var template = _templateService.Get(new Guid(NotificationTemplates.USER_CREATED));

                string subject = null, body = null;
                Dictionary <string, Entity> templateContext = new Dictionary <string, Entity>(StringComparer.InvariantCultureIgnoreCase);
                templateContext.Add("User", user);

                _templateService.Render(template, templateContext, out subject, out body);

                //TODO: async execution
                _notificationService.SendEmail(user.Email, subject, body, null);
                if (update.ContainsProperty("IsActive") && update.Get <bool>("IsActive"))
                {
                    SendUserActivationEmail(user);
                }
            }
            else if (update.ContainsProperty("IsActive") && update.Get <bool>("IsActive"))
            {
                var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
                {
                    AllProperties = true
                }));
                SendUserActivationEmail(user);
            }
            else if (context.Get <int>(CTXKEY_UPDATE_PROFILE) > 0)
            {
                if (update.ContainsRelation("UserGroup", "UserGroup") ||
                    update.ContainsProperty("FacultyNumber") ||
                    update.ContainsProperty("CardNumber"))
                {
                    var user = new User(context.Get <int>(CTXKEY_UPDATE_PROFILE));
                    user.IsActive = false;
                    _repository.Update(user);
                    _securityService.Logout();
                    result.Data.Add("account_warning_logged_out", true);
                }
                if (update.ContainsProperty("Email"))
                {
                    _securityService.UpdateCurrentUserEmail(update.Get <string>("Email"));
                    result.Data.Add("account_event_email_changed", update.Get <string>("Email"));
                }
            }
        }
Example #11
0
        public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
        {
            if (!result.Success)
            {
                return;
            }

            if (operation.IsEntity(EntityConsts.Issue) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (context.Get <bool>(CTXKEY_SEND_ISSUE))
                {
                    SendIssueToSubscribers(operation as EntityUpdate);
                }

                if (update.ContainsRelation(File.ENTITY, Roles.Content))
                {
                    var filesAttached = update.GetMultipleRelationUpdates(File.ENTITY, Roles.Content).Where(fu => fu.Operation == RelationOperation.Attach);
                    if (filesAttached.Count() > 0)
                    {
                        var issue = update.ToEntity();
                        var q     = new EntityQuery2(EntityConsts.Magazine);
                        q.WhereRelated(new RelationQuery(EntityConsts.Issue, Roles.Issue, issue.Id));
                        q.Include(User.ENTITY, Roles.Subscriber);
                        var mag         = _repository.Read(q);
                        var subscribers = mag.GetManyRelations(User.ENTITY, Roles.Subscriber).Select(r => new User(r.Entity));
                        foreach (var subscriber in subscribers)
                        {
                            foreach (var fileUpdate in filesAttached)
                            {
                                if (!_fileService.HasAccess(subscriber, fileUpdate.Id.Value))
                                {
                                    _fileService.GrantAccess(fileUpdate.Id.Value, FileAccessType.Read, subscriber);
                                }
                            }
                        }
                    }
                }
            }
            else if (operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.IsEntity(User.ENTITY) && update.ContainsRelation(EntityConsts.Magazine, Roles.Subscriber))
                {
                    var rus = update.GetMultipleRelationUpdates(EntityConsts.Magazine, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);
                    foreach (var ru in rus)
                    {
                        var q = new EntityQuery2(EntityConsts.Issue);
                        q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, ru.Id.Value));
                        q.Include(File.ENTITY, Roles.Content);
                        var issues = _repository.Search(q);
                        foreach (var issue in issues)
                        {
                            //The user cannot give himself an access to file - only owner or administrator can.
                            using (_securityService.BeginSystemContext())
                            {
                                GiveFileAccessForIssue(issue, new User(update.ToEntity()));
                            }
                        }
                    }
                }
                else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsRelation(User.ENTITY, Roles.Subscriber))
                {
                    var rus = update.GetMultipleRelationUpdates(User.ENTITY, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);

                    if (rus.Count() > 0)
                    {
                        var q = new EntityQuery2(EntityConsts.Issue);
                        q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, update.Id.Value));
                        q.Include(File.ENTITY, Roles.Content);
                        var issues = _repository.Search(q);
                        foreach (var ru in rus)
                        {
                            foreach (var issue in issues)
                            {
                                GiveFileAccessForIssue(issue, new User(ru.Id.Value));
                            }
                        }
                    }
                }
                else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive"))
                {
                    var isActiveNew = update.Get <bool>("IsActive");
                    if (isActiveNew == false && context.Get <bool>(CTXKEY_ISACTIVEOLD))
                    {
                        SendMagazineNotActiveToSubscribers(update);
                    }
                }
            }
        }
Example #12
0
        public InspectionResult Inspect(EntityOperation operation)
        {
            if (operation.IsEntity("Inquery"))
            {
                if (_securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use))
                {
                    if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
                    {
                        return(InspectionResult.Allow);
                    }
                    else if (_securityService.CurrentUser.UserType == UserTypes.Customer)
                    {
                        if (operation is EntityUpdate && (operation as EntityUpdate).IsCreate())
                        {
                            return(InspectionResult.Allow);
                        }
                        else if (operation is EntityUpdate)
                        {
                            var update = operation as EntityUpdate;
                            if (update.ContainsRelation(User.ENTITY, RelationConsts.Customer))
                            {
                                return(InspectionResult.Deny);
                            }

                            var q = new EntityQuery2(Inquery.EntityType, update.Id.Value);
                            q.AddProperties("Status");
                            q.Include(User.ENTITY, RelationConsts.Customer);
                            var inquery = _repository.Read(q);

                            if (inquery.GetData <QueryStatus>("Status") != QueryStatus.New)
                            {
                                return(InspectionResult.Deny);
                            }

                            if (update.ContainsProperty("Status") &&
                                update.Get <QueryStatus>("Status") != QueryStatus.Canceled)
                            {
                                return(InspectionResult.Deny);
                            }

                            var customer = inquery.GetSingleRelation(User.ENTITY, RelationConsts.Customer);
                            if (customer != null && customer.Entity.Id == _securityService.CurrentUser.Id)
                            {
                                return(InspectionResult.Allow);
                            }
                        }
                    }
                }
            }
            else if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
            {
                var update = operation as EntityUpdate;
                if (update.IsCreate() &&
                    update.ContainsRelation(Inquery.EntityType, RelationConsts.Inquery) &&
                    _securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use) &&
                    _securityService.CurrentUser.UserType == UserTypes.Librarian)
                {
                    return(InspectionResult.Allow);
                }
            }
            return(InspectionResult.None);
        }