public bool CheckUnique(EntityPermission permission)
{
return(!QPContext.EFContext.SiteFolderPermissionSet.Any(p =>
p.FolderId == permission.ParentEntityId &&
(permission.GroupId.HasValue ? p.GroupId == permission.GroupId.Value : p.GroupId == null) &&
(permission.UserId.HasValue ? p.UserId == permission.UserId.Value : p.UserId == null)));
}
public bool CheckUnique(EntityPermission permission)
{
return(!QPContext.EFContext.ContentPermissionSet.Where(p => p.ContentId == permission.ParentEntityId)
.AsEnumerable()
.Any(p => PermissionUserOrGroupEquals(permission, p)
));
}
public static void RemovePermission(Type classType, string identifier, string userName)
{
if (logger.IsDebugEnabled)
{
logger.DebugFormat("Finding entity permission: {0} {1}", classType.Name, identifier);
}
EntityPermission ep = ControllerManager.EntityPermission.Find(classType.Name, identifier);
UserMember um = ControllerManager.UserMember.GetById(MembershipHelper.GetUser(userName).UserId);
if (ep != null)
{
if (ep.Users.Contains(um))
{
if (logger.IsDebugEnabled)
{
logger.DebugFormat("Removing entity permission: {0} {1}", classType.Name, identifier);
}
ep.Users.Remove(um);
ControllerManager.EntityPermission.Save(ep);
// Remove any cached information
string cachedKey = string.Format("LISTIDENTIFIERS_{0}_{1}_{2}", classType.Name.ToString(), PermissionAction.Create.ToString(), MembershipHelper.GetUser(userName).UserId);
object result = CacheManager.ExpireItem(cachedKey);
}
}
}
public static bool HasEntityPermission(EntityPermission permission, Entity entity, ErpUser user = null)
{
if (entity == null)
{
throw new ArgumentNullException("entity");
}
if (user == null)
{
user = CurrentUser;
}
if (user != null)
{
//system user has unlimited permissions :)
if (user.Id == SystemIds.SystemUserId)
{
return(true);
}
switch (permission)
{
case EntityPermission.Read:
return(user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id)));
case EntityPermission.Create:
return(user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id)));
case EntityPermission.Update:
return(user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id)));
case EntityPermission.Delete:
return(user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id)));
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
else
{
switch (permission)
{
case EntityPermission.Read:
return(entity.RecordPermissions.CanRead.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Create:
return(entity.RecordPermissions.CanCreate.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Update:
return(entity.RecordPermissions.CanUpdate.Any(z => z == SystemIds.GuestRoleId));
case EntityPermission.Delete:
return(entity.RecordPermissions.CanDelete.Any(z => z == SystemIds.GuestRoleId));
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
}
public override OperationStatus HasPermission(EntityPermission permission, MemberUser item = null, Guid?threadId = null)
{
if (permission == EntityPermission.Add)
{
return(OperationStatus.Granted);
}
return(base.HasPermission(permission, item, threadId));
}
public void Insert(EntityPermission ep)
{
if (_entityPermissions.Any(e => e.Action == ep.Action && e.RoleName == ep.RoleName && e.Id == ep.Id))
{
throw new InvalidOperationException("Duplicate EntityPermission.");
}
_entityPermissions.Add(ep);
}
public EntityPermission Change(EntityPermission entityPermission)
{
if (entityPermission.IsNew)
{
return(PermissionRepository.Save(entityPermission));
}
return(PermissionRepository.Update(entityPermission));
}
/// <summary>
/// Gets the actions from an EntityPermission
/// </summary>
public IReadOnlyList <IAction> FromEntityPermission(EntityPermission entityPermission)
{
IAction[] actions = this.ToArray(); // no worry: internally, it's already an array
return(entityPermission.AssignedPermissions
.Where(x => x.Length == 1)
.SelectMany(x => actions.Where(y => y.Letter == x[0]))
.WhereNotNull()
.ToList());
}
public static void RemovePermission(Type classType, string identifier)
{
EntityPermission ep = ControllerManager.EntityPermission.Find(classType.Name, identifier);
if (ep != null)
{
ControllerManager.EntityPermission.Delete(ep);
}
}
public override EntityPermission Update(EntityPermission permission)
{
if (permission.ExplicitPermissionToRelatedContents)
{
ExplicitPermissionToRelatedContents(permission);
}
return(base.Update(permission));
}
public override EntityPermission Update(EntityPermission permission)
{
if (ArticleRepository.IsAnyAggregatedFields(permission.ParentEntityId))
{
throw new ActionNotAllowedException(ArticleStrings.OperationIsNotAllowedForAggregated);
}
return(base.Update(permission));
}
public static void UpdateEntityPermission(Type classType, string identifier, string newIdentifier)
{
EntityPermission ep = ControllerManager.EntityPermission.Find(classType.Name, identifier);
if (ep != null)
{
ControllerManager.EntityPermission.CreateOrUpdate(ep.Name, ep.Code, ep.Description, ep.PermissionAction, newIdentifier, ep.ClassName, ep.ID);
}
}
public void Create(EntityPermission entityPermission)
{
using (var uow = this.GetUnitOfWork())
{
var entityPermissionRepository = uow.GetRepository <EntityPermission>();
entityPermissionRepository.Put(entityPermission);
uow.Commit();
}
}
public void AddPermission(Type type, EntityPermission permission)
{
if (Permissions.ContainsKey(type))
{
return;
}
Permissions.Add(type, permission);
}
public EntityPermission Create <T>(string subjectName, string entityName, Type entityType, long key, List <RightType> rights) where T : Subject
{
if (string.IsNullOrEmpty(subjectName))
{
return(null);
}
if (string.IsNullOrEmpty(entityName))
{
return(null);
}
if (entityType == null)
{
return(null);
}
EntityPermission entityPermission = null;
using (var uow = this.GetUnitOfWork())
{
var entityRepository = uow.GetReadOnlyRepository <Entity>();
var subjectRepository = uow.GetReadOnlyRepository <Subject>();
var subject = subjectRepository.Query(s => s.Name.ToUpperInvariant() == subjectName.ToUpperInvariant() && s is T).FirstOrDefault();
if (subject == null)
{
return(null);
}
var entity = entityRepository.Query(e => e.Name.ToUpperInvariant() == entityName.ToUpperInvariant() && e.EntityType == entityType).FirstOrDefault();
if (entity == null)
{
return(null);
}
if (Exists(subject, entity, key))
{
return(null);
}
entityPermission = new EntityPermission()
{
Subject = subject,
Entity = entity,
Key = key,
Rights = rights.Aggregate(0, (current, right) => current | (int)right)
};
var entityPermissionRepository = uow.GetRepository <EntityPermission>();
entityPermissionRepository.Put(entityPermission);
uow.Commit();
}
return(entityPermission);
}
public static PermissionViewModel Create(EntityPermission permission, string tabId, int parentId, IPermissionService service, IPermissionViewModelSettings settings = null, bool?isPostBack = null)
{
var model = Create <PermissionViewModel>(permission, tabId, parentId);
model._service = service;
model._settings = settings ?? service.ViewModelSettings;
model.IsPostBack = isPostBack ?? false;
model.Init();
return(model);
}
public static ChildEntityPermission CreateFrom(EntityPermission permission, bool createFromParent = true) => new ChildEntityPermission
{
UserId = permission.UserId,
GroupId = permission.GroupId,
PermissionLevelId = permission.PermissionLevelId,
PropagateToItems = permission.PropagateToItems,
CopyParentPermission = createFromParent,
ParentEntityId = permission.ParentEntityId,
Hide = permission.Hide
};
public void Update(EntityPermission entity)
{
using (var uow = this.GetUnitOfWork())
{
var repo = uow.GetRepository <EntityPermission>();
repo.Merge(entity);
var merged = repo.Get(entity.Id);
repo.Put(merged);
uow.Commit();
}
}
public override OperationStatus HasPermission(EntityPermission permission, ContentComment item = null, Guid?threadId = null)
{
if (!Security.IsCurrentUserValid())
{
return(OperationStatus.NoPermission);
}
if (IsCurrentAdminUser())
{
return(OperationStatus.Granted);
}
if (item != null && permission.IsDataChangePermission())
{
var currentThread = _threadWork.GetThread(item.Topic.ThreadId);
if (item.IsHidden || item.Topic.IsHidden || currentThread.IsHidden || currentThread.IsAbstract)
{
return(OperationStatus.CommentHasHidden);
}
if (item.IsLocked || item.Topic.IsLocked || currentThread.IsLocked)
{
return(OperationStatus.CommentHasLocked);
}
if (Security.CurrentUser.UserId != item.UserId)
{
return(OperationStatus.NoPermission);
}
}
if (PermissionNameDictionary.ContainsKey(permission))
{
Guid?tId = null;
if (item != null && item.Topic != null)
{
tId = item.Topic.ThreadId;
}
else if (threadId.HasValue)
{
tId = threadId;
}
if (tId == null)
{
return(PermissionWork.IsPermissionGranted(Security.CurrentUser.RoleId, PermissionNameDictionary[permission]) ?
OperationStatus.Granted : OperationStatus.NoPermission);
}
else
{
return(PermissionWork.IsPermissionGranted(Security.CurrentUser.RoleId, PermissionNameDictionary[permission], tId) ?
OperationStatus.Granted : OperationStatus.NoPermission);
}
}
return(OperationStatus.NoPermission);
}
private EntityPermission InnerReadOrDefault(int parentId, int?userId, int?groupId)
{
var permission = Read(parentId, userId, groupId);
if (permission == null)
{
permission = EntityPermission.Create(parentId, PermissionRepository);
permission.GroupId = groupId;
permission.UserId = userId;
}
return(permission);
}
public static AlumniEntityPermission ToAlumniEntityPermission(EntityPermission entityPermission)
{
var alumniEntityPermission = new AlumniEntityPermission
{
Entity = entityPermission.Entity,
Key = entityPermission.Key,
Rights = entityPermission.Rights,
Subject = entityPermission.Subject
};
return(alumniEntityPermission);
}
public static EntityPermission ToEntityPermission(AlumniEntityPermission alumniEntityPermission)
{
var entityPermission = new EntityPermission
{
Entity = alumniEntityPermission.Entity,
Key = alumniEntityPermission.Key,
Rights = alumniEntityPermission.Rights,
Subject = alumniEntityPermission.Subject
};
return(entityPermission);
}
public void Determine_Deepest_Explicit_Permissions_For_Group_For_Path_2()
{
string path = "-1,1,2,3";
int[] pathIds = path.GetIdsFromPathReversed();
string[] defaults = new[] { "A", "B", "C" };
var permissions = new List <EntityPermission>
{
new EntityPermission(9876, 1, defaults, isDefaultPermissions: true),
new EntityPermission(9876, 2, defaults, isDefaultPermissions: true),
new EntityPermission(9876, 3, defaults, isDefaultPermissions: true)
};
EntityPermission result = UserService.GetPermissionsForPathForGroup(permissions, pathIds, fallbackToDefaultPermissions: false);
Assert.IsNull(result);
}
public void Create(Subject subject, Entity entity, long key, int rights)
{
using (var uow = this.GetUnitOfWork())
{
var entityPermission = new EntityPermission()
{
Subject = subject,
Entity = entity,
Key = key,
Rights = rights
};
var entityPermissionRepository = uow.GetRepository <EntityPermission>();
entityPermissionRepository.Put(entityPermission);
uow.Commit();
}
}
public void Update(EntityPermission entityPermission)
{
var permission =
_entityPermissions.SingleOrDefault(ep => ep.Id == entityPermission.Id);
if (permission != null)
{
permission.EntityId = entityPermission.EntityId;
permission.Action = entityPermission.Action;
permission.RoleName = entityPermission.RoleName;
permission.Permission = entityPermission.Permission;
}
else
{
throw new Exception("Entity Permision With this id not found");
}
}
public static bool HasEntityPermission(EntityPermission permission, Entity entity, ErpUser user = null)
{
if (entity == null)
throw new ArgumentNullException("entity");
if (user == null)
user = CurrentUser;
if (user != null)
{
//system user has unlimited permissions :)
if (user.Id == SystemIds.SystemUserId)
return true;
switch (permission)
{
case EntityPermission.Read:
return user.Roles.Any(x => entity.RecordPermissions.CanRead.Any(z => z == x.Id));
case EntityPermission.Create:
return user.Roles.Any(x => entity.RecordPermissions.CanCreate.Any(z => z == x.Id));
case EntityPermission.Update:
return user.Roles.Any(x => entity.RecordPermissions.CanUpdate.Any(z => z == x.Id));
case EntityPermission.Delete:
return user.Roles.Any(x => entity.RecordPermissions.CanDelete.Any(z => z == x.Id));
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
else
{
switch (permission)
{
case EntityPermission.Read:
return entity.RecordPermissions.CanRead.Any(z => z == SystemIds.GuestRoleId);
case EntityPermission.Create:
return entity.RecordPermissions.CanCreate.Any(z => z == SystemIds.GuestRoleId);
case EntityPermission.Update:
return entity.RecordPermissions.CanUpdate.Any(z => z == SystemIds.GuestRoleId);
case EntityPermission.Delete:
return entity.RecordPermissions.CanDelete.Any(z => z == SystemIds.GuestRoleId);
default:
throw new NotSupportedException("Entity permission type is not supported");
}
}
}
public ModelViewPermission Update(ModelViewPermission model)
{
EntityPermission data = new EntityPermission()
{
ProfileID = model.ProfileID,
ModuleID = model.ModuleID,
Access = model.Access,
Add = model.Add,
Delete = model.Delete,
Export = model.Export,
Read = model.Read,
Update = model.Update
};
data = new RepositoryPermission().Update(data);
return(model);
}
public void Create(long?subjectId, long entityId, long key, int rights)
{
using (var uow = this.GetUnitOfWork())
{
var entityRepository = uow.GetReadOnlyRepository <Entity>();
var subjectRepository = uow.GetReadOnlyRepository <Subject>();
var entityPermission = new EntityPermission()
{
Subject = subjectId == null ? null : subjectRepository.Query(s => s.Id == subjectId).FirstOrDefault(),
Entity = entityRepository.Get(entityId),
Key = key,
Rights = rights
};
var entityPermissionRepository = uow.GetRepository <EntityPermission>();
entityPermissionRepository.Put(entityPermission);
uow.Commit();
}
}
/// <summary>
/// Gets explicit and default permissions (if requested) permissions for the group for specified entities
/// </summary>
/// <param name="groups"></param>
/// <param name="fallbackToDefaultPermissions">If true will include the group's default permissions if no permissions are explicitly assigned</param>
/// <param name="nodeIds">Array of entity Ids, if empty will return permissions for the group for all entities</param>
public EntityPermissionCollection GetPermissions(IReadOnlyUserGroup[] groups, bool fallbackToDefaultPermissions, params int[] nodeIds)
{
if (groups == null)
{
throw new ArgumentNullException(nameof(groups));
}
var groupIds = groups.Select(x => x.Id).ToArray();
var explicitPermissions = GetPermissions(groupIds, nodeIds);
var result = new EntityPermissionCollection(explicitPermissions);
// If requested, and no permissions are assigned to a particular node, then we will fill in those permissions with the group's defaults
if (fallbackToDefaultPermissions)
{
//if no node ids are passed in, then we need to determine the node ids for the explicit permissions set
nodeIds = nodeIds.Length == 0
? explicitPermissions.Select(x => x.EntityId).Distinct().ToArray()
: nodeIds;
//if there are still no nodeids we can just exit
if (nodeIds.Length == 0)
{
return(result);
}
foreach (var group in groups)
{
foreach (var nodeId in nodeIds)
{
// TODO: We could/should change the EntityPermissionsCollection into a KeyedCollection and they key could be
// a struct of the nodeid + groupid so then we don't actually allocate this class just to check if it's not
// going to be included in the result!
var defaultPermission = new EntityPermission(group.Id, nodeId, group.Permissions.ToArray(), isDefaultPermissions: true);
//Since this is a hashset, this will not add anything that already exists by group/node combination
result.Add(defaultPermission);
}
}
}
return(result);
}
public void Determine_Deepest_Explicit_Permissions_For_Group_For_Path_3()
{
string path = "-1,1,2,3";
int[] pathIds = path.GetIdsFromPathReversed();
string[] defaults = new[] { "A", "B" };
var permissions = new List <EntityPermission>
{
new EntityPermission(9876, 1, defaults, isDefaultPermissions: true),
new EntityPermission(9876, 2, defaults, isDefaultPermissions: true),
new EntityPermission(9876, 3, defaults, isDefaultPermissions: true)
};
EntityPermission result = UserService.GetPermissionsForPathForGroup(permissions, pathIds, fallbackToDefaultPermissions: true);
Assert.AreEqual(2, result.AssignedPermissions.Length);
Assert.IsTrue(result.IsDefaultPermissions);
Assert.IsTrue(result.AssignedPermissions.ContainsAll(defaults));
Assert.AreEqual(3, result.EntityId);
Assert.AreEqual(9876, result.UserGroupId);
}
private EntityPermission Read(int parentId, int?userId, int?groupId)
{
EntityPermission permission = null;
if (!userId.HasValue && !groupId.HasValue)
{
return(null);
}
if (userId.HasValue)
{
permission = ChangeRepository.ReadForUser(parentId, userId.Value);
}
else if (groupId.HasValue)
{
permission = ChangeRepository.ReadForGroup(parentId, groupId.Value);
}
return(permission);
}
public bool GetUserOperationPermission(EntityPermission permission, string employeeid)
{
using (SysUserBLL bll = new SysUserBLL())
{
return bll.GetUserOperationPermission(permission, employeeid);
}
}
