internal bool IfUpdateValidateAndCorrectIds(int count, IEntity newEntity, out HttpExceptionAbstraction preparedException) { var wrapLog = Log.Call(); var previousEntity = AppRead.Entities.Get(newEntity.EntityId) ?? AppRead.Entities.Get(newEntity.EntityGuid); if (previousEntity != null) { Log.Add("found previous entity, will check types/ids/attributes"); CompareTypes(count, previousEntity, newEntity); // for saving, ensure we are using the DB entity-ID if (newEntity.EntityId == 0) { Log.Add("found existing entity - will set the ID to that to overwrite"); newEntity.ResetEntityId(previousEntity.EntityId); } CompareIdentities(count, previousEntity, newEntity); CompareAttributes(count, previousEntity, newEntity); } else { Log.Add("no previous entity found"); } var ok = BuildExceptionIfHasIssues(out preparedException, "EntityIsOk() done"); wrapLog($"{ok}"); return(ok); }
/// <summary> /// The package format for loading and saving are the same, but we want to make sure /// that the save package doesn't contain unexpected trash (which would indicate the UI was broken) /// or that invalid combinations get back here /// </summary> /// <param name="preparedException"></param> /// <returns></returns> internal bool ContainsOnlyExpectedNodes(out HttpExceptionAbstraction preparedException) { var wrapLog = Log.Call(); if (Package.ContentTypes != null) { Add("package contained content-types, unexpected!"); } if (Package.InputTypes != null) { Add("package contained input types, unexpected!"); } if (Package.Features != null) { Add("package contained features, unexpected!"); } // check that items are mostly intact if (Package.Items == null || Package.Items.Count == 0) { Add("package didn't contain items, unexpected!"); } else { // do various validity tests on items VerifyAllGroupAssignmentsValid(Package.Items); ValidateEachItemInBundle(Package.Items); } var ok = BuildExceptionIfHasIssues(out preparedException, "ContainsOnlyExpectedNodes() done"); wrapLog($"{ok}"); return(ok); }
internal bool UserIsPermittedOnField(List <Grants> requiredPermissions, out HttpExceptionAbstraction preparedException) { // check field permissions, but only for non-publish-data if (UserIsRestricted && !FieldPermissionOk(requiredPermissions)) { preparedException = HttpException.PermissionDenied("this field is not configured to allow uploads by the current user"); return(false); } preparedException = null; return(true); }
internal bool MustThrowIfAccessingRootButNotAllowed(bool usePortalRoot, out HttpExceptionAbstraction preparedException) { if (usePortalRoot && UserIsRestricted) { preparedException = HttpException.BadRequest("you may only create draft-data, so file operations outside of ADAM is not allowed"); return(true); } preparedException = null; return(false); }
internal bool ExtensionIsOk(string fileName, out HttpExceptionAbstraction preparedException) { if (!SiteAllowsExtension(fileName)) { preparedException = HttpException.NotAllowedFileType(fileName, "Not in whitelisted CMS file types."); return(false); } if (AdamSecurityCheckHelpers.IsKnownRiskyExtension(fileName)) { preparedException = HttpException.NotAllowedFileType(fileName, "This is a known risky file type."); return(false); } preparedException = null; return(true); }
/// <summary> /// Determine if errors exist, and return that state /// </summary> /// <returns></returns> protected bool BuildExceptionIfHasIssues(out HttpExceptionAbstraction preparedException, string logMessage = null) { var wrapLog = Log.Call(); preparedException = HasErrors ? HttpException.BadRequest(Errors): null; if (logMessage != null) { Log.Add($"{nameof(logMessage)}:{logMessage}"); } if (HasErrors) { Log.Add($"Errors:{Errors}"); } wrapLog(HasErrors ? "found errors" : "all ok"); return(!HasErrors); }
internal bool EntityIsOk(int count, IEntity newEntity, out HttpExceptionAbstraction preparedException) { var wrapLog = Log.Call <bool>(); if (newEntity == null) { Add($"entity {count} couldn't deserialize"); var notOk = BuildExceptionIfHasIssues(out preparedException); return(wrapLog("newEntity is null", notOk)); } if (newEntity.Attributes.Count == 0) { Add($"entity {count} doesn't have attributes (or they are invalid)"); } var ok = BuildExceptionIfHasIssues(out preparedException, "EntityIsOk() done"); return(wrapLog("", ok)); }
/// <summary> /// Returns true if user isn't restricted, or if the restricted user is accessing a draft item /// </summary> internal bool UserIsNotRestrictedOrItemIsDraft(Guid guid, out HttpExceptionAbstraction exp) { Log.Add($"check if user is restricted ({UserIsRestricted}) or if the item '{guid}' is draft"); exp = null; // check that if the user should only see drafts, he doesn't see items of normal data if (!UserIsRestricted || FieldPermissionOk(GrantSets.ReadPublished)) { return(true); } // check if the data is public var itm = AdamState.AppRuntime.Entities.Get(guid); if (!(itm?.IsPublished ?? false)) { return(true); } exp = HttpException.PermissionDenied(Log.Add("user is restricted and may not see published, but item exists and is published - not allowed")); return(false); }
internal bool FileTypeIsOkForThisField(out HttpExceptionAbstraction preparedException) { var wrapLog = Log.Call <bool>(); var fieldDef = AdamState.Attribute; bool result; // check if this field exists and is actually a file-field or a string (wysiwyg) field if (fieldDef == null || !(fieldDef.Type != Eav.Constants.DataTypeHyperlink || fieldDef.Type != Eav.Constants.DataTypeString)) { preparedException = HttpException.BadRequest("Requested field '" + AdamState.ItemField + "' type doesn't allow upload"); Log.Add($"field type:{fieldDef?.Type} - does not allow upload"); result = false; } else { Log.Add($"field type:{fieldDef.Type}"); preparedException = null; result = true; } return(wrapLog(result.ToString(), result)); }
internal bool SuperUserOrAccessingItemFolder(string path, out HttpExceptionAbstraction preparedException) { preparedException = null; return(!UserIsRestricted || AdamSecurityCheckHelpers.DestinationIsInItem(AdamState.ItemGuid, AdamState.ItemField, path, out preparedException)); }
internal static bool DestinationIsInItem(Guid guid, string field, string path, out HttpExceptionAbstraction preparedException) { var inAdam = Sxc.Adam.Security.PathIsInItemAdam(guid, field, path); preparedException = inAdam ? null : HttpException.PermissionDenied("Can't access a resource which is not part of this item."); return(inAdam); }
internal bool SuperUserOrAccessingItemFolder(string path, out HttpExceptionAbstraction preparedException) { preparedException = null; return(!UserIsRestricted || DestinationIsInItem(AdamContext.ItemGuid, AdamContext.ItemField, path, out preparedException)); }