public SPGlymaUser(SPWeb web, IGlymaSession glymaSession)
{
Web = web;
GlymaSession = glymaSession;
if (web.Properties.ContainsKey("Glyma.SecurityDatabaseServer") && web.Properties.ContainsKey("Glyma.SecurityDatabaseName") && web.Properties.ContainsKey("Glyma.SecurableContextId"))
{
SecurityDatabaseServer = web.Properties["Glyma.SecurityDatabaseServer"];
SecurityDatabaseName = web.Properties["Glyma.SecurityDatabaseName"];
SecurableContextId = int.Parse(web.Properties["Glyma.SecurableContextId"]);
}
using (SecurityDBDataContext dataContext = new SecurityDBDataContext(Connection))
{
var securableContext = (from dcSecurableContext in dataContext.SecurableContexts
where dcSecurableContext.SecurableContextId == SecurableContextId
select dcSecurableContext).FirstOrDefault();
if (securableContext == null)
{
return;
}
SecurableContextName = securableContext.SecurableContextName;
SecurableContextUid = securableContext.SecurableContextUid;
}
}
public IEnumerable <Guid> IsAuthorised(Guid?domainUid, IEnumerable <Guid> rootMapUids, params IRight[] requiredRights)
{
using (SecurityDBDataContext dataContext = new SecurityDBDataContext(Connection))
{
List <Guid> authorisedObjects = new List <Guid>();
/// Only get the securable objects for the securable context ID we have access and the domain ID we were provided.
var accessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
where securableObject.SecurableContextId == SecurableContextId// && securableObject.SecurableParentUid == domainUid && securableObject.Group.GroupSPID != null
select securableObject;
//foreach (Guid rootMapUid in rootMapUids)
//{
// accessibleGroupAssociations = from securableObject in accessibleGroupAssociations
// where securableObject.SecurableObjectUid == rootMapUid
// select securableObject;
//}
/// Only get the securable objects for the root map IDs we were supplied with.
//var accessibleAndRelevantGroupAssociations = from securableObject in accessibleGroupAssociations
// where rootMapUids.Any(x => x == securableObject.SecurableObjectUid)
// select securableObject;
Dictionary <int, List <Guid> > organisedGroupAssociations = new Dictionary <int, List <Guid> >();
foreach (var groupAssociation in accessibleGroupAssociations)
{
if (groupAssociation.Group.GroupSPID == null)
{
continue;
}
List <Guid> groupAssociations;
if (!organisedGroupAssociations.ContainsKey(groupAssociation.Group.GroupSPID.Value))
{
groupAssociations = new List <Guid>();
organisedGroupAssociations[groupAssociation.Group.GroupSPID.Value] = groupAssociations;
}
else
{
groupAssociations = organisedGroupAssociations[groupAssociation.Group.GroupSPID.Value];
}
if (groupAssociation.SecurableObjectUid != null)
{
groupAssociations.Add(groupAssociation.SecurableObjectUid.Value);
}
}
List <Guid> accessibleObjects = new List <Guid>();
foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
{
SPGroup group = roleAssignment.Member as SPGroup;
/// Check that we're actually looking at a group, and that this group is on the list of accessible groups, and that this group contains the current user.
if (group != null && group.ContainsCurrentUser)
{
/// Do a check that this group actually has the required right.
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
IRole role = null;
switch (roleDefinition.Name)
{
case GlymaSecurityManagerRoleName:
/// This user is a Glyma Security Manager, they have access to everything.
return(rootMapUids);
case GlymaProjectManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
break;
case GlymaMapManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
break;
case GlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case GlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
case OldGlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case OldGlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
default:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
}
if (organisedGroupAssociations.ContainsKey(group.ID))
{
if (role.HasRights(requiredRights))
{
accessibleObjects.AddRange(organisedGroupAssociations[group.ID]);
}
}
}
}
}
return(accessibleObjects.ToArray());
//Dictionary<Guid, SecurityPair> sortedGroups = accessibleGroups.ToDictionary(x => x.SecurableObjectUid.Value);
//foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
//{
// SPGroup group = roleAssignment.Member as SPGroup;
// /// Check that we're actually looking at a group, that this group contains the current user, and that this group is on the list of accessible groups.
// if (group != null && group.ContainsCurrentUser && sortedGroups.ContainsKey(group.ID))
// {
// /// Do a check that this group actually has the required right.
// foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
// {
// IRole role = null;
// switch (roleDefinition.Name)
// {
// case GlymaSecurityManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaSecurityManagerRole;
// break;
// case GlymaProjectManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
// break;
// case GlymaMapManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
// break;
// case GlymaMapAuthorRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
// break;
// case GlymaMapReaderRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// case OldGlymaMapAuthorRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
// break;
// case OldGlymaMapReaderRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// default:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// }
// if (role.HasRights(requiredRights))
// {
// }
// }
// }
//}
//return false;
}
}
public bool IsAuthorised(Guid?domainUid, Guid rootMapUid, params IRight[] requiredRights)
{
using (SecurityDBDataContext dataContext = new SecurityDBDataContext(Connection))
{
var accessibleGroups = from securableObject in dataContext.GroupAssociations
where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == domainUid && securableObject.SecurableObjectUid == rootMapUid && securableObject.Group.GroupSPID != null
select securableObject.Group;
Dictionary <int, Group> sortedGroups = accessibleGroups.ToDictionary(x => x.GroupSPID.Value);
foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
{
SPGroup group = roleAssignment.Member as SPGroup;
/// Check that we're actually looking at a group, that this group contains the current user, and that this group is on the list of accessible groups.
if (group != null && group.ContainsCurrentUser)
{
/// Do a check that this group actually has the required right.
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
IRole role = null;
switch (roleDefinition.Name)
{
case GlymaSecurityManagerRoleName:
/// This user is a Glyma Security Manager, they have access to everything.
return(true);
case GlymaProjectManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
break;
case GlymaMapManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
break;
case GlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case GlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
case OldGlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case OldGlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
default:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
}
if (sortedGroups.ContainsKey(group.ID))
{
if (role.HasRights(requiredRights))
{
return(true);
}
}
}
}
}
return(false);
}
}
