Example #1
0
        private void ValidateCustomPermissions(User user, IExecutionContext executionContext, RoleDetails executorRole)
        {
            if (user.IsSystemAccount)
            {
                throw new NotPermittedException("You cannot delete the system account.");
            }
            if (user.UserAreaCode == CofoundryAdminUserArea.AreaCode)
            {
                _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
            }
            else
            {
                _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
            }

            if (user.UserId == executionContext.UserContext.UserId)
            {
                throw new NotPermittedException("You cannot delete your own user account via this api.");
            }

            // Only super admins can delete super admin
            if (user.Role.RoleCode == SuperAdminRole.SuperAdminRoleCode && !executorRole.IsSuperAdministrator)
            {
                throw new NotPermittedException("Only Super Administrator users can delete other users with the Super Administrator role");
            }
        }
Example #2
0
 public void ValidatePermissions(IExecutionContext executionContext)
 {
     if (executionContext.UserContext.IsCofoundryUser())
     {
         _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
     }
     else
     {
         _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
     }
 }
Example #3
0
 public void ValidatePermissions(IUserAreaDefinition userArea, IExecutionContext executionContext)
 {
     if (userArea is CofoundryAdminUserArea)
     {
         _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
     }
     else
     {
         _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
     }
 }
Example #4
0
        public virtual void Validate <TCommand>(TCommand command, IAsyncCommandHandler <TCommand> commandHandler, IExecutionContext executionContext) where TCommand : ICommand
        {
            ValidateCommmandImplementation <TCommand>(commandHandler);

            if (commandHandler is IPermissionRestrictedCommandHandler <TCommand> )
            {
                var permissions = ((IPermissionRestrictedCommandHandler <TCommand>)commandHandler).GetPermissions(command);
                _permissionValidationService.EnforcePermission(permissions, executionContext.UserContext);
            }

            CheckAdditionalPermissionHandlers(commandHandler, executionContext, _permissionValidationService);
        }
Example #5
0
        public void ValidatePermissions(User user, IExecutionContext executionContext)
        {
            var userArea = _userAreaRepository.GetByCode(user.UserAreaCode);

            if (userArea is CofoundryAdminUserArea)
            {
                _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
            }
            else
            {
                _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
            }
        }
Example #6
0
        private async Task <List <PageUrlChangedMessage> > GetAffectedPagesAndValidatePermissionsAsync(ICollection <int> affectedPageDirectoryIds, IExecutionContext executionContext)
        {
            var pageIds = await _dbContext
                          .Pages
                          .AsNoTracking()
                          .Where(p => affectedPageDirectoryIds.Contains(p.PageDirectoryId))
                          .Select(p => p.PageId)
                          .ToListAsync();

            if (pageIds.Any())
            {
                _permissionValidationService.EnforcePermission <PageUpdateUrlPermission>(executionContext.UserContext);
            }

            var affectedPages = await _queryExecutor.ExecuteAsync(new GetPageRoutesByIdRangeQuery(pageIds), executionContext);

            var results = new List <PageUrlChangedMessage>(affectedPages.Count);

            foreach (var affectedPage in affectedPages.Values)
            {
                var result = new PageUrlChangedMessage()
                {
                    PageId                     = affectedPage.PageId,
                    OldFullUrlPath             = affectedPage.FullUrlPath,
                    HasPublishedVersionChanged = affectedPage.PublishStatus == PublishStatus.Published
                };

                results.Add(result);
            }

            return(results);
        }
Example #7
0
        /// <summary>
        /// Gets all pages that will be deleted when each of the specified directories
        /// are deleted. Note that these will be actually deleted via the database trigger
        /// but we need the list to check for constraints and publish messages.
        /// </summary>
        private async Task <Dictionary <int, PageDeletedMessage> > GetPageIdsToDeleteAndValidatePermissionAsync(ICollection <int> directoryIdsToDelete, IExecutionContext executionContext)
        {
            var pageIds = await _dbContext
                          .Pages
                          .AsNoTracking()
                          .Where(p => directoryIdsToDelete.Contains(p.PageDirectoryId))
                          .Select(p => p.PageId)
                          .ToListAsync();

            if (pageIds.Any())
            {
                _permissionValidationService.EnforcePermission <PageDeletePermission>(executionContext.UserContext);
            }

            var pagesToDelete = await _queryExecutor.ExecuteAsync(new GetPageRoutesByIdRangeQuery(pageIds), executionContext);

            var results = new Dictionary <int, PageDeletedMessage>(pagesToDelete.Count);

            foreach (var pageToDelete in pagesToDelete.Values)
            {
                var result = new PageDeletedMessage()
                {
                    PageId      = pageToDelete.PageId,
                    FullUrlPath = pageToDelete.FullUrlPath
                };

                results.Add(result.PageId, result);
            }

            return(results);
        }
Example #8
0
        public async Task ValidatePermissionsAsync(User user, IExecutionContext executionContext)
        {
            if (user.UserId == executionContext.UserContext.UserId)
            {
                throw new NotPermittedException("A user cannot reset the password on their own user account.");
            }

            var userArea = _userAreaDefinitionRepository.GetRequiredByCode(user.UserAreaCode);

            if (userArea is CofoundryAdminUserArea)
            {
                _permissionValidationService.EnforcePermission(new CofoundryUserResetPasswordPermission(), executionContext.UserContext);
            }
            else
            {
                _permissionValidationService.EnforcePermission(new NonCofoundryUserResetPasswordPermission(), executionContext.UserContext);
            }

            await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext);
        }
Example #9
0
        private async Task ValidateCustomPermissionsAsync(User user, IExecutionContext executionContext)
        {
            if (user.IsSystemAccount)
            {
                throw new NotPermittedException("You cannot delete the system account.");
            }

            if (user.UserAreaCode == CofoundryAdminUserArea.Code)
            {
                _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext);
            }
            else
            {
                _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext);
            }

            if (user.UserId == executionContext.UserContext.UserId)
            {
                throw new NotPermittedException("You cannot delete your own user account via this api.");
            }

            // Only super admins can delete super admin
            await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext);
        }
Example #10
0
        public Task ExecuteAsync(Controller controller, PageActionRoutingState state)
        {
            var pageRoutingInfo = state.PageRoutingInfo;

            if (pageRoutingInfo == null || state.VisualEditorState.VisualEditorMode != VisualEditorMode.Edit)
            {
                return(Task.CompletedTask);
            }

            if (pageRoutingInfo.CustomEntityRoute != null &&
                state.InputParameters.IsEditingCustomEntity
                )
            {
                _permissionValidationService.EnforceCustomEntityPermission <CustomEntityUpdatePermission>(pageRoutingInfo.CustomEntityRoute.CustomEntityDefinitionCode, state.CofoundryAdminUserContext);
            }

            if (!state.InputParameters.IsEditingCustomEntity)
            {
                _permissionValidationService.EnforcePermission <PageUpdatePermission>(state.CofoundryAdminUserContext);
            }

            return(Task.CompletedTask);
        }