private Tuple <App, PermissionCheckBase> AppAndPermissionChecker(int appId, string typeName)
{
var env = Factory.Resolve <IEnvironmentFactory>().Environment(Log);
var tenant = new DnnTenant(PortalSettings.Current);
var uiZoneId = env.ZoneMapper.GetZoneId(tenant.Id);
// now do relevant security checks
var zoneId = SystemManager.ZoneIdOfApp(appId);
var app = new App(tenant, zoneId, appId, parentLog: Log);
var type = typeName == null
? null
: new AppRuntime(zoneId, appId, Log)
.ContentTypes.Get(typeName);
var samePortal = uiZoneId == tenant.Id;
var portalToUseInSecCheck = samePortal ? PortalSettings.Current : null;
// user has edit permissions on this app, and it's the same app as the user is coming from
var checker = new DnnPermissionCheck(Log,
instance: SxcInstance.EnvInstance,
app: app,
portal: portalToUseInSecCheck,
targetType: type);
return(new Tuple <App, PermissionCheckBase>(app, checker));
}
public Dictionary <Guid, int> SaveMany([FromUri] int appId, [FromBody] List <EntityWithHeader> items, [FromUri] bool partOfPage = false)
{
// log and do security check
Log.Add($"save many started with a#{appId}, i⋮{items.Count}, partOfPage:{partOfPage}");
var set = GetAppRequiringPermissionsOrThrow(appId, GrantSets.WriteSomething, items.Select(i => i.Header).ToList());
// list of saved IDs
Dictionary <Guid, int> postSaveIds = null;
// use dnn versioning if partOfPage
if (partOfPage)
{
var versioning = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log);
Log.Add("save with publishing");
versioning.DoInsidePublishing(Dnn.Module.ModuleID, Dnn.User.UserID,
args => postSaveIds = SaveAndProcessGroups(set.Item2, appId, items, partOfPage));
}
else
{
Log.Add("save without publishing");
postSaveIds = SaveAndProcessGroups(set.Item2, appId, items, partOfPage);
}
return(postSaveIds);
}
[AllowAnonymous] // will check security internally, so assume no requirements
public Dictionary <string, object> CreateOrUpdate([FromUri] string contentType, [FromBody] Dictionary <string, object> newContentItem, [FromUri] int?id = null, [FromUri] string appPath = null)
{
Log.Add($"create or update type:{contentType}, id:{id}, path:{appPath}");
// if app-path specified, use that app, otherwise use from context
var appIdentity = AppFinder.GetAppIdFromPathOrContext(appPath, SxcInstance);
// Check that this ID is actually of this content-type,
// this throws an error if it's not the correct type
var itm = id == null
? null
: new EntityApi(appIdentity.AppId, Log).GetOrThrow(contentType, id.Value);
var ok = itm == null
? new MultiPermissionsTypes(SxcInstance, appIdentity.AppId, contentType, Log)
.EnsureAll(Grants.Create.AsSet(), out var exp)
: new MultiPermissionsItems(SxcInstance, appIdentity.AppId, itm, Log)
.EnsureAll(Grants.Update.AsSet(), out exp);
if (!ok)
{
throw exp;
}
//2018-09-15 2dm moved/disabled
//var context = GetContext(SxcInstance, Log);
//PerformSecurityCheck(appIdentity, contentType, perm, appPath == null ? context.Dnn.Module : null, itm);
// Convert to case-insensitive dictionary just to be safe!
newContentItem = new Dictionary <string, object>(newContentItem, StringComparer.OrdinalIgnoreCase);
// Now create the cleaned up import-dictionary so we can create a new entity
var cleanedNewItem = new AppContentEntityBuilder(Log)
.CreateEntityDictionary(contentType, newContentItem, appIdentity.AppId);
var userName = new DnnUser().IdentityToken;
// try to create
var publish = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log);
// 2018-09-22 new
// todo: something looks wrong here, I think create/update would fail if it doesn't have a moduleid
var currentApp = new App(new DnnTenant(PortalSettings), appIdentity.ZoneId, appIdentity.AppId,
ConfigurationProvider.Build(false, publish.IsEnabled(ActiveModule.ModuleID),
SxcInstance.Data.ConfigurationProvider), true, Log);
// 2018-09-22 old
//currentApp.InitData(false,
// publish.IsEnabled(ActiveModule.ModuleID),
// SxcInstance.Data.ConfigurationProvider);
if (id == null)
{
currentApp.Data.Create(contentType, cleanedNewItem, userName);
// Todo: try to return the newly created object
return(null);
}
currentApp.Data.Update(id.Value, cleanedNewItem, userName);
return(InitEavAndSerializer(appIdentity.AppId).Prepare(currentApp.Data.List.One(id.Value)));
}
protected MultiPermissionsApp(IBlockBuilder blockBuilder, int zoneId, int appId, ILog parentLog)
: base("Api.Perms", parentLog)
{
var wrapLog = Log.Call($"..., appId: {appId}, ...");
BlockBuilder = blockBuilder;
var tenant = new DnnTenant(PortalSettings.Current);
var environment = Factory.Resolve <IEnvironmentFactory>().Environment(Log);
var contextZoneId = environment.ZoneMapper.GetZoneId(tenant.Id);
App = new App(tenant, zoneId, appId,
ConfigurationProvider.Build(blockBuilder, true),
false, Log);
SamePortal = contextZoneId == zoneId;
PortalForSecurityCheck = SamePortal ? PortalSettings.Current : null;
wrapLog($"ready for z/a:{zoneId}/{appId} t/z:{tenant.Id}/{contextZoneId} same:{SamePortal}");
}
private void TryToAttachAppFromUrlParams()
{
var wrapLog = Log.Call("TryToAttachAppFromUrlParams");
var found = false;
try
{
var routeAppPath = Route.AppPathOrNull(Request.GetRouteData());
var appId = AppFinder.GetCurrentAppIdFromPath(routeAppPath).AppId;
// Look up if page publishing is enabled - if module context is not available, always false
var publish = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log);
var publishingEnabled = Dnn.Module != null && publish.IsEnabled(Dnn.Module.ModuleID);
var app = (App)Environment.Dnn7.Factory.App(appId, publishingEnabled);
DnnAppAndDataHelpers.LateAttachApp(app);
found = true;
} catch { /* ignore */ }
wrapLog(found.ToString());
}
private void TryToAttachAppFromUrlParams()
{
var wrapLog = Log.Call();
var found = false;
try
{
var routeAppPath = Route.AppPathOrNull(Request.GetRouteData());
var appId = AppFinder.GetAppIdFromPath(routeAppPath).AppId;
// Look up if page publishing is enabled - if module context is not available, always false
var publish = Factory.Resolve <IPagePublishing>().Init(Log);
var publishingEnabled = Dnn.Module != null && publish.IsEnabled(Dnn.Module.ModuleID);
Log.Add($"AppId: {appId}, publishing:{publishingEnabled}");
var app = Sxc.Dnn.Factory.App(appId, publishingEnabled, parentLog: Log);
DynCode.LateAttachApp(app);
found = true;
} catch { /* ignore */ }
wrapLog(found.ToString());
}
/// <summary> /// Preprocess security / context, then get the item based on an passed in method, /// ...then process/finish /// </summary> /// <param name="contentType"></param> /// <param name="getOne"></param> /// <param name="appPath"></param> /// <returns></returns> private Dictionary <string, object> GetAndSerializeOneAfterSecurityChecks(string contentType, Func <EntityApi, IEntity> getOne, string appPath) => Factory.Resolve <AppContent>().Init(Log).GetOne(GetContext(), GetBlock(), contentType, getOne, appPath);
[AllowAnonymous] // will check security internally, so assume no requirements public IEnumerable <Dictionary <string, object> > GetEntities(string contentType, string appPath = null) => Factory.Resolve <AppContent>().Init(Log).GetItems(GetContext(), contentType, GetBlock(), appPath);
[AllowAnonymous] // will check security internally, so assume no requirements public void Delete(string contentType, Guid guid, [FromUri] string appPath = null) => Factory.Resolve <AppContent>().Init(Log).Delete(GetContext(), GetBlock(), contentType, guid, appPath);
[AllowAnonymous] // will check security internally, so assume no requirements
public Dictionary <string, object> CreateOrUpdate([FromUri] string contentType,
[FromBody] Dictionary <string, object> newContentItem, [FromUri] int?id = null,
[FromUri] string appPath = null)
=> Factory.Resolve <AppContent>().Init(Log)
.CreateOrUpdate(GetContext(), GetBlock(), contentType, newContentItem, id, appPath);