private Tuple <App, PermissionCheckBase> AppAndPermissionChecker(int appId, string typeName) { var env = Factory.Resolve <IEnvironmentFactory>().Environment(Log); var tenant = new DnnTenant(PortalSettings.Current); var uiZoneId = env.ZoneMapper.GetZoneId(tenant.Id); // now do relevant security checks var zoneId = SystemManager.ZoneIdOfApp(appId); var app = new App(tenant, zoneId, appId, parentLog: Log); var type = typeName == null ? null : new AppRuntime(zoneId, appId, Log) .ContentTypes.Get(typeName); var samePortal = uiZoneId == tenant.Id; var portalToUseInSecCheck = samePortal ? PortalSettings.Current : null; // user has edit permissions on this app, and it's the same app as the user is coming from var checker = new DnnPermissionCheck(Log, instance: SxcInstance.EnvInstance, app: app, portal: portalToUseInSecCheck, targetType: type); return(new Tuple <App, PermissionCheckBase>(app, checker)); }
public Dictionary <Guid, int> SaveMany([FromUri] int appId, [FromBody] List <EntityWithHeader> items, [FromUri] bool partOfPage = false) { // log and do security check Log.Add($"save many started with a#{appId}, i⋮{items.Count}, partOfPage:{partOfPage}"); var set = GetAppRequiringPermissionsOrThrow(appId, GrantSets.WriteSomething, items.Select(i => i.Header).ToList()); // list of saved IDs Dictionary <Guid, int> postSaveIds = null; // use dnn versioning if partOfPage if (partOfPage) { var versioning = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log); Log.Add("save with publishing"); versioning.DoInsidePublishing(Dnn.Module.ModuleID, Dnn.User.UserID, args => postSaveIds = SaveAndProcessGroups(set.Item2, appId, items, partOfPage)); } else { Log.Add("save without publishing"); postSaveIds = SaveAndProcessGroups(set.Item2, appId, items, partOfPage); } return(postSaveIds); }
[AllowAnonymous] // will check security internally, so assume no requirements public Dictionary <string, object> CreateOrUpdate([FromUri] string contentType, [FromBody] Dictionary <string, object> newContentItem, [FromUri] int?id = null, [FromUri] string appPath = null) { Log.Add($"create or update type:{contentType}, id:{id}, path:{appPath}"); // if app-path specified, use that app, otherwise use from context var appIdentity = AppFinder.GetAppIdFromPathOrContext(appPath, SxcInstance); // Check that this ID is actually of this content-type, // this throws an error if it's not the correct type var itm = id == null ? null : new EntityApi(appIdentity.AppId, Log).GetOrThrow(contentType, id.Value); var ok = itm == null ? new MultiPermissionsTypes(SxcInstance, appIdentity.AppId, contentType, Log) .EnsureAll(Grants.Create.AsSet(), out var exp) : new MultiPermissionsItems(SxcInstance, appIdentity.AppId, itm, Log) .EnsureAll(Grants.Update.AsSet(), out exp); if (!ok) { throw exp; } //2018-09-15 2dm moved/disabled //var context = GetContext(SxcInstance, Log); //PerformSecurityCheck(appIdentity, contentType, perm, appPath == null ? context.Dnn.Module : null, itm); // Convert to case-insensitive dictionary just to be safe! newContentItem = new Dictionary <string, object>(newContentItem, StringComparer.OrdinalIgnoreCase); // Now create the cleaned up import-dictionary so we can create a new entity var cleanedNewItem = new AppContentEntityBuilder(Log) .CreateEntityDictionary(contentType, newContentItem, appIdentity.AppId); var userName = new DnnUser().IdentityToken; // try to create var publish = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log); // 2018-09-22 new // todo: something looks wrong here, I think create/update would fail if it doesn't have a moduleid var currentApp = new App(new DnnTenant(PortalSettings), appIdentity.ZoneId, appIdentity.AppId, ConfigurationProvider.Build(false, publish.IsEnabled(ActiveModule.ModuleID), SxcInstance.Data.ConfigurationProvider), true, Log); // 2018-09-22 old //currentApp.InitData(false, // publish.IsEnabled(ActiveModule.ModuleID), // SxcInstance.Data.ConfigurationProvider); if (id == null) { currentApp.Data.Create(contentType, cleanedNewItem, userName); // Todo: try to return the newly created object return(null); } currentApp.Data.Update(id.Value, cleanedNewItem, userName); return(InitEavAndSerializer(appIdentity.AppId).Prepare(currentApp.Data.List.One(id.Value))); }
protected MultiPermissionsApp(IBlockBuilder blockBuilder, int zoneId, int appId, ILog parentLog) : base("Api.Perms", parentLog) { var wrapLog = Log.Call($"..., appId: {appId}, ..."); BlockBuilder = blockBuilder; var tenant = new DnnTenant(PortalSettings.Current); var environment = Factory.Resolve <IEnvironmentFactory>().Environment(Log); var contextZoneId = environment.ZoneMapper.GetZoneId(tenant.Id); App = new App(tenant, zoneId, appId, ConfigurationProvider.Build(blockBuilder, true), false, Log); SamePortal = contextZoneId == zoneId; PortalForSecurityCheck = SamePortal ? PortalSettings.Current : null; wrapLog($"ready for z/a:{zoneId}/{appId} t/z:{tenant.Id}/{contextZoneId} same:{SamePortal}"); }
private void TryToAttachAppFromUrlParams() { var wrapLog = Log.Call("TryToAttachAppFromUrlParams"); var found = false; try { var routeAppPath = Route.AppPathOrNull(Request.GetRouteData()); var appId = AppFinder.GetCurrentAppIdFromPath(routeAppPath).AppId; // Look up if page publishing is enabled - if module context is not available, always false var publish = Factory.Resolve <IEnvironmentFactory>().PagePublisher(Log); var publishingEnabled = Dnn.Module != null && publish.IsEnabled(Dnn.Module.ModuleID); var app = (App)Environment.Dnn7.Factory.App(appId, publishingEnabled); DnnAppAndDataHelpers.LateAttachApp(app); found = true; } catch { /* ignore */ } wrapLog(found.ToString()); }
private void TryToAttachAppFromUrlParams() { var wrapLog = Log.Call(); var found = false; try { var routeAppPath = Route.AppPathOrNull(Request.GetRouteData()); var appId = AppFinder.GetAppIdFromPath(routeAppPath).AppId; // Look up if page publishing is enabled - if module context is not available, always false var publish = Factory.Resolve <IPagePublishing>().Init(Log); var publishingEnabled = Dnn.Module != null && publish.IsEnabled(Dnn.Module.ModuleID); Log.Add($"AppId: {appId}, publishing:{publishingEnabled}"); var app = Sxc.Dnn.Factory.App(appId, publishingEnabled, parentLog: Log); DynCode.LateAttachApp(app); found = true; } catch { /* ignore */ } wrapLog(found.ToString()); }
/// <summary> /// Preprocess security / context, then get the item based on an passed in method, /// ...then process/finish /// </summary> /// <param name="contentType"></param> /// <param name="getOne"></param> /// <param name="appPath"></param> /// <returns></returns> private Dictionary <string, object> GetAndSerializeOneAfterSecurityChecks(string contentType, Func <EntityApi, IEntity> getOne, string appPath) => Factory.Resolve <AppContent>().Init(Log).GetOne(GetContext(), GetBlock(), contentType, getOne, appPath);
[AllowAnonymous] // will check security internally, so assume no requirements public IEnumerable <Dictionary <string, object> > GetEntities(string contentType, string appPath = null) => Factory.Resolve <AppContent>().Init(Log).GetItems(GetContext(), contentType, GetBlock(), appPath);
[AllowAnonymous] // will check security internally, so assume no requirements public void Delete(string contentType, Guid guid, [FromUri] string appPath = null) => Factory.Resolve <AppContent>().Init(Log).Delete(GetContext(), GetBlock(), contentType, guid, appPath);
[AllowAnonymous] // will check security internally, so assume no requirements public Dictionary <string, object> CreateOrUpdate([FromUri] string contentType, [FromBody] Dictionary <string, object> newContentItem, [FromUri] int?id = null, [FromUri] string appPath = null) => Factory.Resolve <AppContent>().Init(Log) .CreateOrUpdate(GetContext(), GetBlock(), contentType, newContentItem, id, appPath);