private void DemandReadWriteRule(IAccessSecuredObject item)
{
// Do not demand access, if user set SaveUnsecured to true explicilty
if (item.SaveUnsecured)
{
return;
}
try
{
using (var container = ContextScopeProvider.CreateChildContainer())
{
var unitOfWork = container.Resolve <IUnitOfWork>();
Type itemType;
if (item is IProxy)
{
itemType = item.GetType().BaseType;
}
else
{
itemType = item.GetType();
}
object securedObject;
if (!cacheService.GetEntity(itemType, item.Id, out securedObject))
{
securedObject = unitOfWork.Session.Get(itemType, item.Id);
cacheService.AddEntity(itemType, item.Id, securedObject);
}
if (securedObject != null)
{
var accessControlService = container.Resolve <IAccessControlService>();
var securityService = container.Resolve <ISecurityService>();
var principal = securityService.GetCurrentPrincipal();
if (accessControlService.GetAccessLevel((IAccessSecuredObject)securedObject, principal) != AccessLevel.ReadWrite)
{
throw new ValidationException(
() => string.Format(RootGlobalization.Validation_CurrentUserHasNoRightsToUpdateOrDelete_Message, principal.Identity.Name, item.Title),
string.Format("Current user {0} has no rights to update or delete secured object {1}.", principal.Identity.Name, item));
}
}
}
}
catch (ValidationException)
{
throw;
}
catch (Exception ex)
{
throw new CmsException(string.Format("Failed to check an access level of current user for the record {0}.", item), ex);
}
}
private void DemandReadWriteRule(IAccessSecuredObject item)
{
// Do not demand access, if user set SaveUnsecured to true explicilty
if (item.SaveUnsecured)
{
return;
}
try
{
using (var container = ContextScopeProvider.CreateChildContainer())
{
var unitOfWork = container.Resolve<IUnitOfWork>();
Type itemType;
if (item is IProxy)
{
itemType = item.GetType().BaseType;
}
else
{
itemType = item.GetType();
}
object securedObject;
if (!cacheService.GetEntity(itemType, item.Id, out securedObject))
{
securedObject = unitOfWork.Session.Get(itemType, item.Id);
cacheService.AddEntity(itemType, item.Id, securedObject);
}
if (securedObject != null)
{
var accessControlService = container.Resolve<IAccessControlService>();
var securityService = container.Resolve<ISecurityService>();
var principal = securityService.GetCurrentPrincipal();
if (accessControlService.GetAccessLevel((IAccessSecuredObject)securedObject, principal) != AccessLevel.ReadWrite)
{
throw new ValidationException(
() => string.Format(RootGlobalization.Validation_CurrentUserHasNoRightsToUpdateOrDelete_Message, principal.Identity.Name, item.Title),
string.Format("Current user {0} has no rights to update or delete secured object {1}.", principal.Identity.Name, item));
}
}
}
}
catch (ValidationException)
{
throw;
}
catch (Exception ex)
{
throw new CmsException(string.Format("Failed to check an access level of current user for the record {0}.", item), ex);
}
}
private bool HasCurrentPrincipalAccess(IAccessSecuredObject page)
{
if (!cmsConfiguration.Security.AccessControlEnabled)
{
return(true);
}
if (accessControlService == null)
{
return(true);
}
var principal = SecurityService.GetCurrentPrincipal();
var accessLevel = accessControlService.GetAccessLevel(page, principal);
return(accessLevel != AccessLevel.Deny);
}
/// <summary>
/// Update the access rule entities.
/// </summary>
/// <param name="securedObject">The secured object.</param>
/// <param name="updatedRules">The access list.</param>
private void UpdateChangedRules(IAccessSecuredObject securedObject, IList <IAccessRule> updatedRules)
{
if (updatedRules != null && updatedRules.Count > 0 && securedObject.AccessRules != null)
{
var existingAccessRules = securedObject.AccessRules.ToList();
foreach (var entity in existingAccessRules)
{
// Find access rule object with the same Role and different AccessLevel.
var rule = updatedRules.FirstOrDefault(x => x.Identity == entity.Identity && x.IsForRole == entity.IsForRole && x.AccessLevel != entity.AccessLevel);
// If found, update.
if (rule != null)
{
entity.AccessLevel = rule.AccessLevel;
}
}
}
}
private bool HasCurrentPrincipalAccess(IAccessSecuredObject page)
{
if (!cmsConfiguration.Security.AccessControlEnabled)
{
return true;
}
if (accessControlService == null)
{
return true;
}
var principal = SecurityService.GetCurrentPrincipal();
var accessLevel = accessControlService.GetAccessLevel(page, principal);
return accessLevel != AccessLevel.Deny;
}
