private static bool IsAnonymousUserAuthorizedForMultipleSecurityActions(SecurityActions securityRequests, bool isPrivateAlbum, IGallerySettings gallerySettings, SecurityActionsOption secActionsOption)
{
// There are multiple security actions in securityAction enum. Iterate through each one and determine if the user
// has permission for it.
List<bool> authResults = new List<bool>();
foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
{
authResults.Add(IsAnonymousUserAuthorizedForSingleSecurityAction(securityAction, isPrivateAlbum, gallerySettings));
}
if (secActionsOption == SecurityActionsOption.RequireAll)
{
return (authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
}
else if (secActionsOption == SecurityActionsOption.RequireOne)
{
return authResults.Contains(true);
}
else
{
throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
}
}
/// <summary>
/// Determine whether the user belonging to the specified <paramref name="roles" /> has permission to perform all of the specified security
/// actions against the specified <paramref name="albumId" />. The user may be anonymous or logged on.
/// When the the user is logged on (i.e. <paramref name="isAuthenticated" /> = true), this method determines whether the user is authorized by
/// validating that at least one role has the requested permission to the specified album. When the user is anonymous,
/// the <paramref name="roles" /> parameter is ignored and instead the <paramref name="isPrivateAlbum" /> parameter is used.
/// Anonymous users do not have any access to private albums. When the the user is logged on (i.e. <paramref name="isAuthenticated" /> = true),
/// the <paramref name="roles" /> parameter must contain the roles belonging to the user.
/// </summary>
/// <param name="securityRequests">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied.</param>
/// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
/// for anonymous users (i.e. <paramref name="isAuthenticated" />=false). The parameter may be null.</param>
/// <param name="albumId">The album for which the requested permission applies. This parameter does not apply when the requested permission
/// is <see cref="SecurityActions.AdministerSite" /> or <see cref="SecurityActions.AdministerGallery" />.</param>
/// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in this
/// gallery. This parameter is not required <paramref name="securityRequests" /> is SecurityActions.AdministerSite (you can specify
/// <see cref="int.MinValue" />).</param>
/// <param name="isAuthenticated">A value indicating whether the current user is logged on. If true, the
/// <paramref name="roles" /> parameter should contain the names of the roles for the current user. If <paramref name="isAuthenticated" />=true
/// and the <paramref name="roles" /> parameter is either null or an empty collection, this method returns false.</param>
/// <param name="isPrivateAlbum">A value indicating whether the album is hidden from anonymous users. This parameter is ignored for
/// logged-on users.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityRequests" />
/// to be successful or just one. This parameter defaults to SecurityActionsOption.RequireAll when not specified, and is applicable only
/// when <paramref name="securityRequests" /> contains more than one item.</param>
/// <param name="isVirtualAlbum">if set to <c>true</c> the album is a virtual album.</param>
/// <returns>
/// Returns true if the user has the requested permission; returns false if not.
/// </returns>
/// <exception cref="System.ArgumentOutOfRangeException"></exception>
/// <exception cref="System.ComponentModel.InvalidEnumArgumentException"></exception>
/// <remarks>
/// This method handles both anonymous and logged on users. Note that when <paramref name="isAuthenticated" />=true, the
/// <paramref name="isPrivateAlbum" /> parameter is ignored. When it is false, the <paramref name="roles" /> parameter is ignored.
/// </remarks>
public static bool IsUserAuthorized(SecurityActions securityRequests, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isAuthenticated, bool isPrivateAlbum, SecurityActionsOption secActionsOption, bool isVirtualAlbum)
{
#region Validation
if (isAuthenticated && !isVirtualAlbum && ((roles == null) || (roles.Count == 0)))
return false;
var userIsRequestingSysAdminPermission = (securityRequests & SecurityActions.AdministerSite) == SecurityActions.AdministerSite;
var userIsRequestingGalleryAdminPermission = (securityRequests & SecurityActions.AdministerGallery) == SecurityActions.AdministerGallery;
if (galleryId == int.MinValue)
{
var isMoreThanOnePermissionRequest = !SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests);
if (isMoreThanOnePermissionRequest || !userIsRequestingSysAdminPermission)
{
throw new ArgumentOutOfRangeException("galleryId", String.Format(CultureInfo.CurrentCulture, "A valid gallery ID must be specified. Instead, the value was {0}.", galleryId));
}
}
#endregion
if (isVirtualAlbum && (!userIsRequestingSysAdminPermission && !userIsRequestingGalleryAdminPermission))
{
return true; // Virtual albums are always allowed, but only for non-admin requests. This feels hacky and non-intuitive; should try to improve someday
}
// Handle anonymous users.
if (!isAuthenticated)
{
return IsAnonymousUserAuthorized(securityRequests, isPrivateAlbum, galleryId, secActionsOption);
}
// If we get here we are dealing with an authenticated (logged on) user. Authorization for authenticated users is
// given if the user is a member of at least one role that provides permission.
if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
{
// Iterate through each GalleryServerRole. If at least one allows the action, return true. Note that the
// AdministerSite security action, if granted, applies to all albums and allows all actions (except HideWatermark).
foreach (IGalleryServerRole role in roles)
{
if (IsAuthenticatedUserAuthorized(securityRequests, role, albumId, galleryId))
return true;
}
return false;
}
else
{
// There are multiple security actions in securityRequest enum. Iterate through each one and determine if the user
// has permission for it.
List<bool> authResults = new List<bool>();
foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
{
// Iterate through each role. If at least one role allows the action, permission is granted.
foreach (IGalleryServerRole role in roles)
{
bool authResult = IsAuthenticatedUserAuthorized(securityAction, role, albumId, galleryId);
authResults.Add(authResult);
if (authResult)
break; // We found a role that provides permission, so no need to check the other roles. Just move on to the next security request.
}
}
// Determine the return value based on what the calling method wanted.
if (secActionsOption == SecurityActionsOption.RequireAll)
{
return (authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
}
else if (secActionsOption == SecurityActionsOption.RequireOne)
{
return authResults.Contains(true);
}
else
{
throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
}
}
}
private static bool IsAnonymousUserAuthorized(SecurityActions securityRequests, bool isPrivateAlbum, int galleryId, SecurityActionsOption secActionsOption)
{
// Anonymous user. Return true for viewing-related permission requests on PUBLIC albums; return false for all others.
IGallerySettings gallerySettings = Factory.LoadGallerySetting(galleryId);
if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
{
return IsAnonymousUserAuthorizedForSingleSecurityAction(securityRequests, isPrivateAlbum, gallerySettings);
}
else
{
return IsAnonymousUserAuthorizedForMultipleSecurityActions(securityRequests, isPrivateAlbum, gallerySettings, secActionsOption);
}
}
/// <summary>
/// Determine whether user has permission to perform the specified security actions against the current album (identified in
/// <see cref="GetAlbumId()" />). When multiple security actions are passed, use
/// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
/// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that
/// is, this method returns false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject" />
/// or <see cref="SecurityActions.ViewOriginalImage" />, since Gallery Server is configured by default to allow anonymous viewing
/// access but it does not allow anonymous editing of any kind.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied. This parameter is applicable only when <paramref name="securityActions" />
/// contains more than one item.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one.</param>
/// <returns>Returns true when the user is authorized to perform the specified security action; otherwise returns false.</returns>
public bool IsUserAuthorized(SecurityActions securityActions, SecurityActionsOption secActionsOption)
{
return Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), this.GetAlbumId(), this.GalleryId, this.GetAlbum().IsPrivate, secActionsOption);
}
/// <summary>
/// Determine whether user has permission to perform the specified security action against the specified album. If no album
/// is specified, then the current album (as returned by GetAlbum()) is used. Un-authenticated users (anonymous users) are
/// always considered NOT authorized (that is, this method returns false) except when the requested security action is
/// ViewAlbumOrMediaObject or ViewOriginalImage, since Gallery Server is configured by default to allow anonymous viewing access
/// but it does not allow anonymous editing of any kind.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied.</param>
/// <param name="album">The album for which the security check is to be applied.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
/// <returns>Returns true when the user is authorized to perform the specified security action; otherwise returns false.</returns>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="album" /> is null.</exception>
public bool IsUserAuthorized(SecurityActions securityActions, IAlbum album, SecurityActionsOption secActionsOption)
{
if (album == null)
throw new ArgumentNullException("album");
return Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), album.Id, album.GalleryId, album.IsPrivate, secActionsOption);
}
private static bool IsAnonymousUserAuthorizedForMultipleSecurityActions(SecurityActions securityRequests, bool isPrivateAlbum, IGallerySettings gallerySettings, SecurityActionsOption secActionsOption)
{
// There are multiple security actions in securityAction enum. Iterate through each one and determine if the user
// has permission for it.
List <bool> authResults = new List <bool>();
foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
{
authResults.Add(IsAnonymousUserAuthorizedForSingleSecurityAction(securityAction, isPrivateAlbum, gallerySettings));
}
if (secActionsOption == SecurityActionsOption.RequireAll)
{
return(authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
}
else if (secActionsOption == SecurityActionsOption.RequireOne)
{
return(authResults.Contains(true));
}
else
{
throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
}
}
/// <summary>
/// Check to ensure user has permission to perform the specified security actions for the specified <paramref name="album" />.
/// Throw a <see cref="GallerySecurityException" /> if the permission isn't granted to the logged on user. When multiple
/// security actions are passed, use <paramref name="secActionsOption" /> to specify whether all of the actions must be
/// satisfied to be successful or only one item must be satisfied. Un-authenticated users (anonymous users) are always
/// considered NOT authorized (that is, this method returns false) except when the requested security action is
/// <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or <see cref="SecurityActions.ViewOriginalImage"/>, since Gallery
/// Server is configured by default to allow anonymous viewing access but it does not allow anonymous editing of any kind.
/// This method behaves similarly to <see cref="IsUserAuthorized(SecurityActions, IAlbum, SecurityActionsOption)"/> except
/// that it throws an exception instead of returning false when the user is not authorized.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied.</param>
/// <param name="album">The album for which the security check is to be applied.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
/// <exception cref="GalleryServerPro.ErrorHandler.CustomExceptions.GallerySecurityException">Thrown when the logged on user
/// does not belong to a role that authorizes the specified security action, or if an anonymous user is requesting any permission
/// other than a viewing-related permission (i.e., <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or
/// <see cref="SecurityActions.ViewOriginalImage"/>).</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="album" /> is null.</exception>
public void CheckUserSecurity(SecurityActions securityActions, IAlbum album, SecurityActionsOption secActionsOption)
{
if (album == null)
throw new ArgumentNullException("album");
if (!Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), album.Id, album.GalleryId, album.IsPrivate, secActionsOption))
{
if (this.IsAnonymousUser)
{
throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "Anonymous user does not have permission '{0}' for album ID {1}.", securityActions.ToString(), album.Id));
}
else
{
throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "User '{0}' does not have permission '{1}' for album ID {2}.", Utils.UserName, securityActions.ToString(), album.Id));
}
}
}
private static bool IsAnonymousUserAuthorized(SecurityActions securityRequests, bool isPrivateAlbum, int galleryId, SecurityActionsOption secActionsOption)
{
// Anonymous user. Return true for viewing-related permission requests on PUBLIC albums; return false for all others.
IGallerySettings gallerySettings = Factory.LoadGallerySetting(galleryId);
if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
{
return(IsAnonymousUserAuthorizedForSingleSecurityAction(securityRequests, isPrivateAlbum, gallerySettings));
}
else
{
return(IsAnonymousUserAuthorizedForMultipleSecurityActions(securityRequests, isPrivateAlbum, gallerySettings, secActionsOption));
}
}
/// <summary>
/// Determine whether the user belonging to the specified <paramref name="roles" /> has permission to perform all of the specified security
/// actions against the specified <paramref name="albumId" />. The user may be anonymous or logged on.
/// When the the user is logged on (i.e. <paramref name="isAuthenticated"/> = true), this method determines whether the user is authorized by
/// validating that at least one role has the requested permission to the specified album. When the user is anonymous,
/// the <paramref name="roles"/> parameter is ignored and instead the <paramref name="isPrivateAlbum"/> parameter is used.
/// Anonymous users do not have any access to private albums. When the the user is logged on (i.e. <paramref name="isAuthenticated"/> = true),
/// the <paramref name="roles"/> parameter must contain the roles belonging to the user.
/// </summary>
/// <param name="securityRequests">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied.</param>
/// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
/// for anonymous users (i.e. <paramref name="isAuthenticated"/>=false). The parameter may be null.</param>
/// <param name="albumId">The album for which the requested permission applies. This parameter does not apply when the requested permission
/// is <see cref="SecurityActions.AdministerSite" /> or <see cref="SecurityActions.AdministerGallery" />.</param>
/// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in this
/// gallery. This parameter is not required <paramref name="securityRequests" /> is SecurityActions.AdministerSite (you can specify
/// <see cref="int.MinValue" />).</param>
/// <param name="isAuthenticated">A value indicating whether the current user is logged on. If true, the
/// <paramref name="roles"/> parameter should contain the names of the roles for the current user. If <paramref name="isAuthenticated"/>=true
/// and the <paramref name="roles"/> parameter is either null or an empty collection, this method returns false.</param>
/// <param name="isPrivateAlbum">A value indicating whether the album is hidden from anonymous users. This parameter is ignored for
/// logged-on users.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityRequests" />
/// to be successful or just one. This parameter defaults to SecurityActionsOption.RequireAll when not specified, and is applicable only
/// when <paramref name="securityRequests" /> contains more than one item.</param>
/// <returns>
/// Returns true if the user has the requested permission; returns false if not.
/// </returns>
/// <remarks>This method handles both anonymous and logged on users. Note that when <paramref name="isAuthenticated"/>=true, the
/// <paramref name="isPrivateAlbum"/> parameter is ignored. When it is false, the <paramref name="roles" /> parameter is ignored.</remarks>
public static bool IsUserAuthorized(SecurityActions securityRequests, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isAuthenticated, bool isPrivateAlbum, SecurityActionsOption secActionsOption)
{
#region Validation
if (isAuthenticated && ((roles == null) || (roles.Count == 0)))
{
return(false);
}
if (galleryId == int.MinValue)
{
bool isMoreThanOnePermissionRequest = !SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests);
bool userIsRequestingSysAdminPermission = (securityRequests == SecurityActions.AdministerSite);
if (isMoreThanOnePermissionRequest || !userIsRequestingSysAdminPermission)
{
throw new ArgumentOutOfRangeException("galleryId", String.Format(CultureInfo.CurrentCulture, "A valid gallery ID must be specified. Instead, the value was {0}.", galleryId));
}
}
#endregion
// Handle anonymous users.
if (!isAuthenticated)
{
return(IsAnonymousUserAuthorized(securityRequests, isPrivateAlbum, galleryId, secActionsOption));
}
// If we get here we are dealing with an authenticated (logged on) user. Authorization for authenticated users is
// given if the user is a member of at least one role that provides permission.
if (SecurityActionEnumHelper.IsSingleSecurityAction(securityRequests))
{
// Iterate through each GalleryServerRole. If at least one allows the action, return true. Note that the
// AdministerSite security action, if granted, applies to all albums and allows all actions (except HideWatermark).
foreach (IGalleryServerRole role in roles)
{
if (IsAuthenticatedUserAuthorized(securityRequests, role, albumId, galleryId))
{
return(true);
}
}
return(false);
}
else
{
// There are multiple security actions in securityRequest enum. Iterate through each one and determine if the user
// has permission for it.
List <bool> authResults = new List <bool>();
foreach (SecurityActions securityAction in SecurityActionEnumHelper.ParseSecurityAction(securityRequests))
{
// Iterate through each role. If at least one role allows the action, permission is granted.
foreach (IGalleryServerRole role in roles)
{
bool authResult = IsAuthenticatedUserAuthorized(securityAction, role, albumId, galleryId);
authResults.Add(authResult);
if (authResult)
{
break; // We found a role that provides permission, so no need to check the other roles. Just move on to the next security request.
}
}
}
// Determine the return value based on what the calling method wanted.
if (secActionsOption == SecurityActionsOption.RequireAll)
{
return(authResults.Count > 0 ? authResults.TrueForAll(delegate(bool value) { return value; }) : false);
}
else if (secActionsOption == SecurityActionsOption.RequireOne)
{
return(authResults.Contains(true));
}
else
{
throw new InvalidEnumArgumentException("secActionsOption", (int)secActionsOption, typeof(SecurityActionsOption));
}
}
}
/// <summary>
/// Check to ensure user has permission to perform the specified security actions against the current album (identified in
/// <see cref="GetAlbumId()" />). Throw a <see cref="GallerySecurityException"/>
/// if the permission isn't granted to the logged on user. When multiple security actions are passed, use
/// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
/// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that is, this method
/// returns false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or
/// <see cref="SecurityActions.ViewOriginalMediaObject"/>, since Gallery Server is configured by default to allow anonymous viewing access
/// but it does not allow anonymous editing of any kind. This method behaves similarly to
/// <see cref="IsUserAuthorized(SecurityActions, SecurityActionsOption)"/> except that
/// it throws an exception instead of returning false when the user is not authorized.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: <see cref="SecurityActions.AdministerSite" /> | <see cref="SecurityActions.AdministerGallery" />).
/// If multiple actions are specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied
/// to be successful or only one item must be satisfied.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one. This parameter is applicable only when <paramref name="securityActions" /> contains more than one item.</param>
/// <exception cref="GalleryServerPro.Events.CustomExceptions.GallerySecurityException">Thrown when the logged on user
/// does not belong to a role that authorizes the specified security action, or if an anonymous user is requesting any permission
/// other than a viewing-related permission (i.e., <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or
/// <see cref="SecurityActions.ViewOriginalMediaObject"/>).</exception>
public void CheckUserSecurity(SecurityActions securityActions, SecurityActionsOption secActionsOption)
{
if (!Utils.IsUserAuthorized(securityActions, GetGalleryServerRolesForUser(), this.GetAlbumId(), this.GalleryId, this.GetAlbum().IsPrivate, secActionsOption, this.GetAlbum().IsVirtualAlbum))
{
if (this.IsAnonymousUser)
{
throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "Anonymous user does not have permission '{0}' for album ID {1}.", securityActions.ToString(), this.GetAlbumId()));
}
else
{
throw new GallerySecurityException(String.Format(CultureInfo.CurrentCulture, "User '{0}' does not have permission '{1}' for album ID {2}.", Utils.UserName, securityActions.ToString(), this.GetAlbumId()));
}
}
}
/// <summary>
/// Determine whether user has permission to perform the specified security actions. Un-authenticated users
/// (anonymous users) are always considered NOT authorized (that is, this method returns false) except when the requested
/// security action is <see cref="SecurityActions.ViewAlbumOrMediaObject"/> or <see cref="SecurityActions.ViewOriginalImage"/>,
/// since Gallery Server is configured by default to allow anonymous viewing access
/// but it does not allow anonymous editing of any kind. This method will continue to work correctly if the webmaster configures
/// Gallery Server to require users to log in in order to view objects, since at that point there will be no such thing as
/// un-authenticated users, and the standard gallery server role functionality applies.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: SecurityActions.AdministerSite | SecurityActions.AdministerGallery).</param>
/// <param name="albumId">The album ID to which the security action applies.</param>
/// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId"/> must exist in
/// this gallery. This parameter is not required <paramref name="securityActions"/> is SecurityActions.AdministerSite (you can specify
/// <see cref="int.MinValue"/>).</param>
/// <param name="isPrivate">Indicates whether the specified album is private (hidden from anonymous users). The parameter
/// is ignored for logged on users.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one.</param>
/// <returns>
/// Returns true when the user is authorized to perform the specified security action against the specified album;
/// otherwise returns false.
/// </returns>
public static bool IsUserAuthorized(SecurityActions securityActions, int albumId, int galleryId, bool isPrivate, SecurityActionsOption secActionsOption)
{
return IsUserAuthorized(securityActions, RoleController.GetGalleryServerRolesForUser(), albumId, galleryId, isPrivate, secActionsOption);
}
/// <summary>
/// Determine whether user has permission to perform the specified security actions. When multiple security actions are passed, use
/// <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or only one item
/// must be satisfied. Un-authenticated users (anonymous users) are always considered NOT authorized (that is, this method returns
/// false) except when the requested security action is <see cref="SecurityActions.ViewAlbumOrMediaObject" /> or
/// <see cref="SecurityActions.ViewOriginalImage" />, since Gallery Server is configured by default to allow anonymous viewing access
/// but it does not allow anonymous editing of any kind. This method will continue to work correctly if the webmaster configures
/// Gallery Server to require users to log in in order to view objects, since at that point there will be no such thing as
/// un-authenticated users, and the standard gallery server role functionality applies.
/// </summary>
/// <param name="securityActions">Represents the permission or permissions being requested. Multiple actions can be specified by using
/// a bitwise OR between them (example: SecurityActions.AdministerSite | SecurityActions.AdministerGallery). If multiple actions are
/// specified, use <paramref name="secActionsOption" /> to specify whether all of the actions must be satisfied to be successful or
/// only one item must be satisfied.</param>
/// <param name="roles">A collection of Gallery Server roles to which the currently logged-on user belongs. This parameter is ignored
/// for anonymous users. The parameter may be null.</param>
/// <param name="albumId">The album ID to which the security action applies.</param>
/// <param name="galleryId">The ID for the gallery the user is requesting permission in. The <paramref name="albumId" /> must exist in
/// this gallery. This parameter is not required <paramref name="securityActions" /> is SecurityActions.AdministerSite (you can specify
/// <see cref="int.MinValue" />).</param>
/// <param name="isPrivate">Indicates whether the specified album is private (hidden from anonymous users). The parameter
/// is ignored for logged on users.</param>
/// <param name="secActionsOption">Specifies whether the user must have permission for all items in <paramref name="securityActions" />
/// to be successful or just one.</param>
/// <returns>
/// Returns true when the user is authorized to perform the specified security action against the specified album;
/// otherwise returns false.
/// </returns>
public static bool IsUserAuthorized(SecurityActions securityActions, IGalleryServerRoleCollection roles, int albumId, int galleryId, bool isPrivate, SecurityActionsOption secActionsOption)
{
return SecurityManager.IsUserAuthorized(securityActions, roles, albumId, galleryId, IsAuthenticated, isPrivate, secActionsOption);
}