private static bool CheckPermission(Project project, UserActivity ua, EngineFactory engineFactory)
{
var additionalDataParts = ua.AdditionalData.Split('|');
if (additionalDataParts.Length == 0)
{
return(false);
}
var entityType = (EntityType)Enum.Parse(typeof(EntityType), additionalDataParts[0], true);
if (entityType == EntityType.Message)
{
return(ProjectSecurity.CanReadMessages(project));
}
if (entityType == EntityType.Task || entityType == EntityType.TimeSpend)
{
if (ProjectSecurity.CanReadTasks(project))
{
return(true);
}
if (entityType == EntityType.Task)
{
var match = GetIdParam.Match(ua.URL);
int taskId;
if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out taskId))
{
var task = engineFactory.GetTaskEngine().GetByID(taskId);
if (ProjectSecurity.CanRead(task))
{
return(true);
}
}
return(false);
}
return(SecurityContext.CurrentAccount.ID == ua.UserID);
}
if (entityType == EntityType.Milestone)
{
var match = GetIdParam.Match(ua.URL);
int milestoneId;
if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out milestoneId))
{
var milestone = engineFactory.GetMilestoneEngine().GetByID(milestoneId);
return(ProjectSecurity.CanRead(milestone));
}
return(false);
}
return(true);
}
public List <SearchGroup> Search(String searchText, int projectId)
{
var queryResult = _searchDao.Search(searchText, projectId);
var groups = new Dictionary <int, SearchGroup>();
foreach (var r in queryResult)
{
var projId = 0;
SearchItem item = null;
if (r is Project)
{
var p = (Project)r;
if (ProjectSecurity.CanRead(p))
{
projId = p.ID;
if (!groups.ContainsKey(projId))
{
groups[projId] = new SearchGroup(projId, p.Title);
}
item = new SearchItem(EntityType.Project, p.ID, p.Title, p.Description, p.CreateOn);
}
}
else
{
if (r is Milestone)
{
var m = (Milestone)r;
if (ProjectSecurity.CanRead(m))
{
projId = m.Project.ID;
if (!groups.ContainsKey(projId))
{
groups[projId] = new SearchGroup(projId, m.Project.Title);
}
item = new SearchItem(EntityType.Milestone, m.ID, m.Title, null, m.CreateOn);
}
}
else if (r is Message)
{
var m = (Message)r;
if (ProjectSecurity.CanReadMessages(m.Project))
{
projId = m.Project.ID;
if (!groups.ContainsKey(projId))
{
groups[projId] = new SearchGroup(projId, m.Project.Title);
}
item = new SearchItem(EntityType.Message, m.ID, m.Title, m.Content, m.CreateOn);
}
}
else if (r is Task)
{
var t = (Task)r;
if (ProjectSecurity.CanRead(t))
{
projId = t.Project.ID;
if (!groups.ContainsKey(projId))
{
groups[projId] = new SearchGroup(projId, t.Project.Title);
}
item = new SearchItem(EntityType.Task, t.ID, t.Title, t.Description, t.CreateOn);
}
}
}
if (0 < projId && item != null)
{
groups[projId].Items.Add(item);
}
}
try
{
// search in files
var fileEntries = new List <Files.Core.FileEntry>();
using (var folderDao = FilesIntegration.GetFolderDao())
using (var fileDao = FilesIntegration.GetFileDao())
{
fileEntries.AddRange(folderDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>());
fileEntries.AddRange(fileDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>());
var projectIds = projectId != 0
? new List <int> {
projectId
}
: fileEntries.GroupBy(f => f.RootFolderId)
.Select(g => folderDao.GetFolder(g.Key))
.Select(f => f != null ? folderDao.GetBunchObjectID(f.RootFolderId).Split('/').Last() : null)
.Where(s => !string.IsNullOrEmpty(s))
.Select(s => int.Parse(s));
var rootProject = projectIds.ToDictionary(id => FilesIntegration.RegisterBunch("projects", "project", id.ToString()));
fileEntries.RemoveAll(f => !rootProject.ContainsKey(f.RootFolderId));
var security = FilesIntegration.GetFileSecurity();
fileEntries.RemoveAll(f => !security.CanRead(f));
foreach (var f in fileEntries)
{
var id = rootProject[f.RootFolderId];
if (!groups.ContainsKey(id))
{
var project = _projDao.GetById(id);
if (project != null && ProjectSecurity.CanRead(project) && ProjectSecurity.CanReadFiles(project))
{
groups[id] = new SearchGroup(id, project.Title);
}
else
{
continue;
}
}
var item = new SearchItem
{
EntityType = EntityType.File,
ID = f is Files.Core.File ? ((Files.Core.File)f).ViewUrl : string.Format("{0}tmdocs.aspx?prjID={1}#{2}", VirtualPathUtility.ToAbsolute("~/products/projects/"), id, f.ID),
Title = f.Title,
CreateOn = f.CreateOn,
};
groups[id].Items.Add(item);
}
}
}
catch (Exception err)
{
LogManager.GetLogger("ASC.Web").Error(err);
}
return(new List <SearchGroup>(groups.Values));
}
private static bool CheckAccess(UserActivity activity, EngineFactory engineFactory)
{
if (!string.IsNullOrEmpty(activity.SecurityId))
{
var data = activity.SecurityId.Split('|');
if (data.Length == 3)
{
try
{
var entityType = (EntityType)Enum.Parse(typeof(EntityType), data[0], true);
var entityId = string.IsNullOrEmpty(data[1]) ? -1 : int.Parse(data[1]);
var projectId = 0;
if (!int.TryParse(data[2], out projectId))
{
return(false);
}
var project = engineFactory.GetProjectEngine().GetByID(projectId);
if (project.Private)
{
//Switch types
switch (entityType)
{
case EntityType.Team:
case EntityType.Project:
return(ProjectSecurity.CanRead(project));
case EntityType.Milestone:
return(ProjectSecurity.CanRead(engineFactory.GetMilestoneEngine().GetByID(entityId)));
case EntityType.Task:
return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId)));
case EntityType.Message:
return(ProjectSecurity.CanReadMessages(project));
case EntityType.File:
return(ProjectSecurity.CanReadFiles(project));
case EntityType.TimeSpend:
{
if (entityId < 0)
{
return(ProjectSecurity.CanRead(project));
}
return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId)));
}
}
}
}
catch (Exception)
{
return(false);
}
}
}
else if (!string.IsNullOrEmpty(activity.ContainerID))
{
//Go long way. Parse old data
int prjId;
if (int.TryParse(activity.ContainerID, out prjId))
{
var prj = engineFactory.GetProjectEngine().GetByID(prjId);
if (prj != null)
{
if (prj.Private)
{
try
{
return(!string.IsNullOrEmpty(activity.AdditionalData) &&
CheckPermission(prj, activity, engineFactory));
}
catch
{
return(false);
}
}
}
}
}
return(true);
}
