private static bool IsAnonymousUserAuthorizedForMultipleSecurityActions(SecurityActions securityRequests, bool isPrivateAlbum, IGallerySettings gallerySettings, SecurityActionsOption secActionsOption)
        {
            // There are multiple security actions in securityAction enum.  Iterate through each one and determine if the user
            // has permission for it.
            List<bool> authResults = new List<bool>();
            foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
            {
                authResults.Add(IsAnonymousUserAuthorizedForSingleSecurityAction(securityAction, isPrivateAlbum, gallerySettings));
            }

            if (secActionsOption == SecurityActionsOption.RequireAll)
            {
                return (authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
            }
            else if (secActionsOption == SecurityActionsOption.RequireOne)
            {
                return authResults.Contains(true);
            }
            else
            {
                throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
            }
        }
        /// <summary>
        /// Determine whether the user belonging to the specified <paramref name="roles" /> has permission to perform all of the specified security
        /// actions against the specified <paramref name="albumId" />. The user may be anonymous or logged on.
        /// When the the user is logged on (i.e. <paramref name="isAuthenticated" /> = true), this method determines whether the user is authorized by
        /// validating that at least one role has the requested permission to the specified album. When the user is anonymous,
        /// the <paramref name="roles" /> parameter is ignored and instead the <paramref name="isPrivateAlbum" /> parameter is used.
        /// Anonymous users do not have any access to private albums. When the the user is logged on (i.e. <paramref name="isAuthenticated" /> = true),
        /// the <paramref name="roles" /> parameter must contain the roles belonging to the user.
        /// </summary>
        /// <param name="securityRequests">Represents the permission or permissions being requested. Multiple actions can be specified by using
        /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
        /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
        /// to be successful or only one item must be satisfied.</param>
        /// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
        /// for anonymous users (i.e. <paramref name="isAuthenticated" />=false). The parameter may be null.</param>
        /// <param name="albumId">The album for which the requested permission applies. This parameter does not apply when the requested permission
        /// is <see cref="SecurityActions.AdministerSite" /> or <see cref="SecurityActions.AdministerGallery" />.</param>
        /// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in this
        /// gallery. This parameter is not required <paramref name="securityRequests" /> is SecurityActions.AdministerSite (you can specify
        /// <see cref="int.MinValue" />).</param>
        /// <param name="isAuthenticated">A value indicating whether the current user is logged on. If true, the
        /// <paramref name="roles" /> parameter should contain the names of the roles for the current user. If <paramref name="isAuthenticated" />=true
        /// and the <paramref name="roles" /> parameter is either null or an empty collection, this method returns false.</param>
        /// <param name="isPrivateAlbum">A value indicating whether the album is hidden from anonymous users. This parameter is ignored for
        /// logged-on users.</param>
        /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityRequests" />
        /// to be successful or just one. This parameter defaults to SecurityActionsOption.RequireAll when not specified, and is applicable only
        /// when <paramref name="securityRequests" /> contains more than one item.</param>
        /// <param name="isVirtualAlbum">if set to <c>true</c> the album is a virtual album.</param>
        /// <returns>
        /// Returns true if the user has the requested permission; returns false if not.
        /// </returns>
        /// <exception cref="System.ArgumentOutOfRangeException"></exception>
        /// <exception cref="System.ComponentModel.InvalidEnumArgumentException"></exception>
        /// <remarks>
        /// This method handles both anonymous and logged on users. Note that when <paramref name="isAuthenticated" />=true, the
        /// <paramref name="isPrivateAlbum" /> parameter is ignored. When it is false, the <paramref name="roles" /> parameter is ignored.
        /// </remarks>
        public static bool IsUserAuthorized(SecurityActions securityRequests, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isAuthenticated, bool isPrivateAlbum, SecurityActionsOption secActionsOption, bool isVirtualAlbum)
        {
            #region Validation

            if (isAuthenticated && !isVirtualAlbum && ((roles == null) || (roles.Count == 0)))
                return false;

            var userIsRequestingSysAdminPermission = (securityRequests & SecurityActions.AdministerSite) == SecurityActions.AdministerSite;
            var userIsRequestingGalleryAdminPermission = (securityRequests & SecurityActions.AdministerGallery) == SecurityActions.AdministerGallery;

            if (galleryId == int.MinValue)
            {
                var isMoreThanOnePermissionRequest = !SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests);
                if (isMoreThanOnePermissionRequest || !userIsRequestingSysAdminPermission)
                {
                    throw new ArgumentOutOfRangeException("galleryId", String.Format(CultureInfo.CurrentCulture, "A valid gallery ID must be specified. Instead, the value was {0}.", galleryId));
                }
            }

            #endregion

            if (isVirtualAlbum && (!userIsRequestingSysAdminPermission && !userIsRequestingGalleryAdminPermission))
            {
                return true; // Virtual albums are always allowed, but only for non-admin requests. This feels hacky and non-intuitive; should try to improve someday
            }

            // Handle anonymous users.
            if (!isAuthenticated)
            {
                return IsAnonymousUserAuthorized(securityRequests, isPrivateAlbum, galleryId, secActionsOption);
            }

            // If we get here we are dealing with an authenticated (logged on) user. Authorization for authenticated users is
            // given if the user is a member of at least one role that provides permission.
            if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
            {
                // Iterate through each GalleryServerRole. If at least one allows the action, return true. Note that the
                // AdministerSite security action, if granted, applies to all albums and allows all actions (except HideWatermark).
                foreach (IGalleryServerRole role in roles)
                {
                    if (IsAuthenticatedUserAuthorized(securityRequests, role, albumId, galleryId))
                        return true;
                }
                return false;
            }
            else
            {
                // There are multiple security actions in securityRequest enum. Iterate through each one and determine if the user
                // has permission for it.
                List<bool> authResults = new List<bool>();
                foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
                {
                    // Iterate through each role. If at least one role allows the action, permission is granted.
                    foreach (IGalleryServerRole role in roles)
                    {
                        bool authResult = IsAuthenticatedUserAuthorized(securityAction, role, albumId, galleryId);

                        authResults.Add(authResult);

                        if (authResult)
                            break; // We found a role that provides permission, so no need to check the other roles. Just move on to the next security request.
                    }
                }

                // Determine the return value based on what the calling method wanted.
                if (secActionsOption == SecurityActionsOption.RequireAll)
                {
                    return (authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
                }
                else if (secActionsOption == SecurityActionsOption.RequireOne)
                {
                    return authResults.Contains(true);
                }
                else
                {
                    throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
                }
            }
        }
        private static bool IsAnonymousUserAuthorized(SecurityActions securityRequests, bool isPrivateAlbum, int galleryId, SecurityActionsOption secActionsOption)
        {
            // Anonymous user. Return true for viewing-related permission requests on PUBLIC albums; return false for all others.
            IGallerySettings gallerySettings = Factory.LoadGallerySetting(galleryId);

            if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
            {
                return IsAnonymousUserAuthorizedForSingleSecurityAction(securityRequests, isPrivateAlbum, gallerySettings);
            }
            else
            {
                return IsAnonymousUserAuthorizedForMultipleSecurityActions(securityRequests, isPrivateAlbum, gallerySettings, secActionsOption);
            }
        }
Example #4
0
 /// <summary>
 /// Determine whether user has permission to perform the specified security actions against the current album (identified in 
 /// <see cref="GetAlbumId()" />). When multiple security actions are passed, use 
 /// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
 /// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that 
 /// is, this method returns false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject" /> 
 /// or <see cref="SecurityActions.ViewOriginalImage" />, since Gallery Server is configured by default to allow anonymous viewing 
 /// access but it does not allow anonymous editing of any kind.
 /// </summary>
 /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
 /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />). 
 /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied 
 /// to be successful or only one item must be satisfied. This parameter is applicable only when <paramref name="securityActions" /> 
 /// contains more than one item.</param>
 /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
 /// to be successful or just one.</param>
 /// <returns>Returns true when the user is authorized to perform the specified security action; otherwise returns false.</returns>
 public bool IsUserAuthorized(SecurityActions securityActions, SecurityActionsOption secActionsOption)
 {
     return Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), this.GetAlbumId(), this.GalleryId, this.GetAlbum().IsPrivate, secActionsOption);
 }
Example #5
0
        /// <summary>
        /// Determine whether user has permission to perform the specified security action against the specified album. If no album 
        /// is specified, then the current album (as returned by GetAlbum()) is used. Un-authenticated users (anonymous users) are 
        /// always considered NOT authorized (that is, this method returns false) except when the requested security action is 
        /// ViewAlbumOrMediaObject or ViewOriginalImage, since Gallery Server is configured by default to allow anonymous viewing access
        /// but it does not allow anonymous editing of any kind.
        /// </summary>
        /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
        /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />). 
        /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied 
        /// to be successful or only one item must be satisfied.</param>
        /// <param name="album">The album for which the security check is to be applied.</param>
        /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
        /// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
        /// <returns>Returns true when the user is authorized to perform the specified security action; otherwise returns false.</returns>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="album" /> is null.</exception>
        public bool IsUserAuthorized(SecurityActions securityActions, IAlbum album, SecurityActionsOption secActionsOption)
        {
            if (album == null)
                throw new ArgumentNullException("album");

            return Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), album.Id, album.GalleryId, album.IsPrivate, secActionsOption);
        }
        private static bool IsAnonymousUserAuthorizedForMultipleSecurityActions(SecurityActions securityRequests, bool isPrivateAlbum, IGallerySettings gallerySettings, SecurityActionsOption secActionsOption)
        {
            // There are multiple security actions in securityAction enum.  Iterate through each one and determine if the user
            // has permission for it.
            List <bool> authResults = new List <bool>();

            foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
            {
                authResults.Add(IsAnonymousUserAuthorizedForSingleSecurityAction(securityAction, isPrivateAlbum, gallerySettings));
            }

            if (secActionsOption == SecurityActionsOption.RequireAll)
            {
                return(authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
            }
            else if (secActionsOption == SecurityActionsOption.RequireOne)
            {
                return(authResults.Contains(true));
            }
            else
            {
                throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
            }
        }
Example #7
0
        /// <summary>
        /// Check to ensure user has permission to perform the specified security actions for the specified <paramref name="album" />. 
        /// Throw a <see cref="GallerySecurityException" /> if the permission isn't granted to the logged on user. When multiple 
        /// security actions are passed, use <paramref name="secActionsOption" /> to specify whether all of the actions must be 
        /// satisfied to be successful or only one item must be satisfied. Un-authenticated users (anonymous users) are always 
        /// considered NOT authorized (that is, this method returns false) except when the requested security action is 
        /// <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or <see cref="SecurityActions.ViewOriginalImage"/>, since Gallery 
        /// Server is configured by default to allow anonymous viewing access but it does not allow anonymous editing of any kind. 
        /// This method behaves similarly to <see cref="IsUserAuthorized(SecurityActions, IAlbum, SecurityActionsOption)"/> except 
        /// that it throws an exception instead of returning false when the user is not authorized.
        /// </summary>
        /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
        /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />). 
        /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied 
        /// to be successful or only one item must be satisfied.</param>
        /// <param name="album">The album for which the security check is to be applied.</param>
        /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
        /// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
        /// <exception cref="GalleryServerPro.ErrorHandler.CustomExceptions.GallerySecurityException">Thrown when the logged on user
        /// does not belong to a role that authorizes the specified security action, or if an anonymous user is requesting any permission
        /// other than a viewing-related permission (i.e., <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or
        /// <see cref="SecurityActions.ViewOriginalImage"/>).</exception>
        /// <exception cref="ArgumentNullException">Thrown when <paramref name="album" /> is null.</exception>
        public void CheckUserSecurity(SecurityActions securityActions, IAlbum album, SecurityActionsOption secActionsOption)
        {
            if (album == null)
                throw new ArgumentNullException("album");

            if (!Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), album.Id, album.GalleryId, album.IsPrivate, secActionsOption))
            {
                if (this.IsAnonymousUser)
                {
                    throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "Anonymous user does not have permission '{0}' for album ID {1}.", securityActions.ToString(), album.Id));
                }
                else
                {
                    throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "User '{0}' does not have permission '{1}' for album ID {2}.", Utils.UserName, securityActions.ToString(), album.Id));
                }
            }
        }
        private static bool IsAnonymousUserAuthorized(SecurityActions securityRequests, bool isPrivateAlbum, int galleryId, SecurityActionsOption secActionsOption)
        {
            // Anonymous user. Return true for viewing-related permission requests on PUBLIC albums; return false for all others.
            IGallerySettings gallerySettings = Factory.LoadGallerySetting(galleryId);

            if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
            {
                return(IsAnonymousUserAuthorizedForSingleSecurityAction(securityRequests, isPrivateAlbum, gallerySettings));
            }
            else
            {
                return(IsAnonymousUserAuthorizedForMultipleSecurityActions(securityRequests, isPrivateAlbum, gallerySettings, secActionsOption));
            }
        }
        /// <summary>
        /// Determine whether the user belonging to the specified <paramref name="roles" /> has permission to perform all of the specified security
        /// actions against the specified <paramref name="albumId" />. The user may be anonymous or logged on.
        /// When the the user is logged on (i.e. <paramref name="isAuthenticated"/> = true), this method determines whether the user is authorized by
        /// validating that at least one role has the requested permission to the specified album. When the user is anonymous,
        /// the <paramref name="roles"/> parameter is ignored and instead the <paramref name="isPrivateAlbum"/> parameter is used.
        /// Anonymous users do not have any access to private albums. When the the user is logged on (i.e. <paramref name="isAuthenticated"/> = true),
        /// the <paramref name="roles"/> parameter must contain the roles belonging to the user.
        /// </summary>
        /// <param name="securityRequests">Represents the permission or permissions being requested. Multiple actions can be specified by using
        /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
        /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
        /// to be successful or only one item must be satisfied.</param>
        /// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
        ///     for anonymous users (i.e. <paramref name="isAuthenticated"/>=false). The parameter may be null.</param>
        /// <param name="albumId">The album for which the requested permission applies. This parameter does not apply when the requested permission
        ///     is <see cref="SecurityActions.AdministerSite" /> or <see cref="SecurityActions.AdministerGallery" />.</param>
        /// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in this
        /// gallery. This parameter is not required <paramref name="securityRequests" /> is SecurityActions.AdministerSite (you can specify
        /// <see cref="int.MinValue" />).</param>
        /// <param name="isAuthenticated">A value indicating whether the current user is logged on. If true, the
        ///     <paramref name="roles"/> parameter should contain the names of the roles for the current user. If <paramref name="isAuthenticated"/>=true
        ///     and the <paramref name="roles"/> parameter is either null or an empty collection, this method returns false.</param>
        /// <param name="isPrivateAlbum">A value indicating whether the album is hidden from anonymous users. This parameter is ignored for
        ///     logged-on users.</param>
        /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityRequests" />
        /// to be successful or just one. This parameter defaults to SecurityActionsOption.RequireAll when not specified, and is applicable only
        /// when <paramref name="securityRequests" /> contains more than one item.</param>
        /// <returns>
        /// Returns true if the user has the requested permission; returns false if not.
        /// </returns>
        /// <remarks>This method handles both anonymous and logged on users. Note that when <paramref name="isAuthenticated"/>=true, the
        /// <paramref name="isPrivateAlbum"/> parameter is ignored. When it is false, the <paramref name="roles" /> parameter is ignored.</remarks>
        public static bool IsUserAuthorized(SecurityActions securityRequests, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isAuthenticated, bool isPrivateAlbum, SecurityActionsOption secActionsOption)
        {
            #region Validation

            if (isAuthenticated && ((roles == null) || (roles.Count == 0)))
            {
                return(false);
            }

            if (galleryId == int.MinValue)
            {
                bool isMoreThanOnePermissionRequest     = !SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests);
                bool userIsRequestingSysAdminPermission = (securityRequests == SecurityActions.AdministerSite);
                if (isMoreThanOnePermissionRequest || !userIsRequestingSysAdminPermission)
                {
                    throw new ArgumentOutOfRangeException("galleryId", String.Format(CultureInfo.CurrentCulture, "A valid gallery ID must be specified. Instead, the value was {0}.", galleryId));
                }
            }

            #endregion

            // Handle anonymous users.
            if (!isAuthenticated)
            {
                return(IsAnonymousUserAuthorized(securityRequests, isPrivateAlbum, galleryId, secActionsOption));
            }

            // If we get here we are dealing with an authenticated (logged on) user. Authorization for authenticated users is
            // given if the user is a member of at least one role that provides permission.
            if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
            {
                // Iterate through each GalleryServerRole. If at least one allows the action, return true. Note that the
                // AdministerSite security action, if granted, applies to all albums and allows all actions (except HideWatermark).
                foreach (IGalleryServerRole role in roles)
                {
                    if (IsAuthenticatedUserAuthorized(securityRequests, role, albumId, galleryId))
                    {
                        return(true);
                    }
                }
                return(false);
            }
            else
            {
                // There are multiple security actions in securityRequest enum. Iterate through each one and determine if the user
                // has permission for it.
                List <bool> authResults = new List <bool>();
                foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
                {
                    // Iterate through each role. If at least one role allows the action, permission is granted.
                    foreach (IGalleryServerRole role in roles)
                    {
                        bool authResult = IsAuthenticatedUserAuthorized(securityAction, role, albumId, galleryId);

                        authResults.Add(authResult);

                        if (authResult)
                        {
                            break;                             // We found a role that provides permission, so no need to check the other roles. Just move on to the next security request.
                        }
                    }
                }

                // Determine the return value based on what the calling method wanted.
                if (secActionsOption == SecurityActionsOption.RequireAll)
                {
                    return(authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
                }
                else if (secActionsOption == SecurityActionsOption.RequireOne)
                {
                    return(authResults.Contains(true));
                }
                else
                {
                    throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
                }
            }
        }
Example #10
0
 /// <summary>
 /// Check to ensure user has permission to perform the specified security actions against the current album (identified in 
 /// <see cref="GetAlbumId()" />). Throw a <see cref="GallerySecurityException"/>
 /// if the permission isn't granted to the logged on user. When multiple security actions are passed, use 
 /// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
 /// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that is, this method 
 /// returns false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or 
 /// <see cref="SecurityActions.ViewOriginalMediaObject"/>, since Gallery Server is configured by default to allow anonymous viewing access 
 /// but it does not allow anonymous editing of any kind. This method behaves similarly to 
 /// <see cref="IsUserAuthorized(SecurityActions, SecurityActionsOption)"/> except that 
 /// it throws an exception instead of returning false when the user is not authorized.
 /// </summary>
 /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
 /// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />). 
 /// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied 
 /// to be successful or only one item must be satisfied.</param>
 /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
 /// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
 /// <exception cref="GalleryServerPro.Events.CustomExceptions.GallerySecurityException">Thrown when the logged on user
 /// does not belong to a role that authorizes the specified security action, or if an anonymous user is requesting any permission
 /// other than a viewing-related permission (i.e., <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or
 /// <see cref="SecurityActions.ViewOriginalMediaObject"/>).</exception>
 public void CheckUserSecurity(SecurityActions securityActions, SecurityActionsOption secActionsOption)
 {
     if (!Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), this.GetAlbumId(), this.GalleryId, this.GetAlbum().IsPrivate, secActionsOption, this.GetAlbum().IsVirtualAlbum))
     {
         if (this.IsAnonymousUser)
         {
             throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "Anonymous user does not have permission '{0}' for album ID {1}.", securityActions.ToString(), this.GetAlbumId()));
         }
         else
         {
             throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "User '{0}' does not have permission '{1}' for album ID {2}.", Utils.UserName, securityActions.ToString(), this.GetAlbumId()));
         }
     }
 }
Example #11
0
 /// <summary>
 /// Determine whether user has permission to perform the specified security actions. Un-authenticated users
 /// (anonymous users) are always considered NOT authorized (that is, this method returns false) except when the requested
 /// security action is <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or <see cref="SecurityActions.ViewOriginalImage"/>,
 /// since Gallery Server is configured by default to allow anonymous viewing access
 /// but it does not allow anonymous editing of any kind. This method will continue to work correctly if the webmaster configures
 /// Gallery Server to require users to log in in order to view objects, since at that point there will be no such thing as
 /// un-authenticated users, and the standard gallery server role functionality applies.
 /// </summary>
 /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
 /// a bitwise OR between them (example: SecurityActions.AdministerSite | SecurityActions.AdministerGallery).</param>
 /// <param name="albumId">The album ID to which the security action applies.</param>
 /// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId"/> must exist in
 /// this gallery. This parameter is not required <paramref name="securityActions"/> is SecurityActions.AdministerSite (you can specify
 /// <see cref="int.MinValue"/>).</param>
 /// <param name="isPrivate">Indicates whether the specified album is private (hidden from anonymous users). The parameter
 /// is ignored for logged on users.</param>
 /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
 /// to be successful or just one.</param>
 /// <returns>
 /// Returns true when the user is authorized to perform the specified security action against the specified album;
 /// otherwise returns false.
 /// </returns>
 public static bool IsUserAuthorized(SecurityActions securityActions, int albumId, int galleryId, bool isPrivate, SecurityActionsOption secActionsOption)
 {
     return IsUserAuthorized(securityActions, RoleController.GetGalleryServerRolesForUser(), albumId, galleryId, isPrivate, secActionsOption);
 }
Example #12
0
 /// <summary>
 /// Determine whether user has permission to perform the specified security actions. When multiple security actions are passed, use 
 /// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
 /// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that is, this method returns 
 /// false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject" /> or 
 /// <see cref="SecurityActions.ViewOriginalImage" />, since Gallery Server is configured by default to allow anonymous viewing access
 /// but it does not allow anonymous editing of any kind. This method will continue to work correctly if the webmaster configures
 /// Gallery Server to require users to log in in order to view objects, since at that point there will be no such thing as
 /// un-authenticated users, and the standard gallery server role functionality applies.
 /// </summary>
 /// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
 /// a bitwise OR between them (example: SecurityActions.AdministerSite | SecurityActions.AdministerGallery). If multiple actions are
 /// specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or 
 /// only one item must be satisfied.</param>
 /// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
 /// 	for anonymous users. The parameter may be null.</param>
 /// <param name="albumId">The album ID to which the security action applies.</param>
 /// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in 
 /// this gallery. This parameter is not required <paramref name="securityActions" /> is SecurityActions.AdministerSite (you can specify 
 /// <see cref="int.MinValue" />).</param>
 /// <param name="isPrivate">Indicates whether the specified album is private (hidden from anonymous users). The parameter
 /// 	is ignored for logged on users.</param>
 /// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
 /// to be successful or just one.</param>
 /// <returns>
 /// Returns true when the user is authorized to perform the specified security action against the specified album;
 /// otherwise returns false.
 /// </returns>
 public static bool IsUserAuthorized(SecurityActions securityActions, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isPrivate, SecurityActionsOption secActionsOption)
 {
     return SecurityManager.IsUserAuthorized(securityActions, roles, albumId, galleryId, IsAuthenticated, isPrivate, secActionsOption);
 }