/// <summary>
/// Gets the securable context identifier for the siteID
/// </summary>
/// <returns>The Securable Context ID associated with the SP Site ID or -1 if it doesn't exist</returns>
internal SecurableContext GetSecurableContext()
{
SecurableContext result = null;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl))
{
using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
{
using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
{
var securableContext = from sc in dataContext.SecurableContexts
where sc.SecurableContextId == glymaSession.SecurableContextId
select sc;
if (securableContext.Any())
{
result = securableContext.First();
}
}
}
}
});
return(result);
}
/// <summary>
/// Creates the GroupAssociation
/// </summary>
/// <param name="groupId">The ID of the Group object</param>
internal void CreateGroupAssociation(int groupId)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (IGlymaSession glymaSession = new WebAppSPGlymaSession(Context.WebUrl))
{
using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
{
using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
{
SecurableContext securableContext = Context.GetSecurableContext();
int securableContextId = securableContext.SecurableContextId;
GroupAssociation groupAssociation = new GroupAssociation();
groupAssociation.GroupId = groupId;
groupAssociation.SecurableContextId = securableContextId;
if (SecurableObject.SecurableParentUid != Guid.Empty)
{
//group association is for a root map (not a project)
groupAssociation.SecurableParentUid = SecurableObject.SecurableParentUid;
}
groupAssociation.SecurableObjectUid = SecurableObject.SecurableObjectUid;
dataContext.GroupAssociations.InsertOnSubmit(groupAssociation);
dataContext.SubmitChanges();
}
}
}
});
}
/// <summary>
/// Gets the current security associations for a list of groups against a particular securable object
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="glGroups">A list of groups to get the security assocations for</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns>
internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable <GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject)
{
GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse()
{
HasError = false
};
if (this.CurrentUser.IsUserSecurityManager())
{
SecurityAssociations securityAssociations = new SecurityAssociations();
Dictionary <GlymaSecurityGroup, bool> results = new Dictionary <GlymaSecurityGroup, bool>();
SecurableContext securableContext = GetSecurableContext();
int securableContextId = securableContext.SecurableContextId;
GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
bool isInherited = securableObjectContext.GetIsInherited();
foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups)
{
try
{
GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject);
bool response = securityAssociationContext.HasAssociation();
results.Add(glymaSecurityGroup, response);
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
}
if (!result.HasError)
{
securityAssociations.HasAssociations = results;
securityAssociations.IsInherited = isInherited;
result.Result = securityAssociations;
}
}
else
{
result.HasError = true;
result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
}
return(result);
}
internal GetSecurableContextIdResponse GetSecurableContextId()
{
GetSecurableContextIdResponse result = new GetSecurableContextIdResponse()
{
HasError = false
};
if (this.CurrentUser.IsUserSecurityManager())
{
int securableContextId = -1;
try
{
using (SPSite site = new SPSite(WebUrl))
{
SecurableContext securableContext = this.GetSecurableContext();
if (securableContext != null)
{
securableContextId = securableContext.SecurableContextId;
}
}
}
catch (Exception ex)
{
//If an error occurs getting the security context id
result.HasError = true;
result.ErrorMessage = ex.Message;
}
if (!result.HasError)
{
result.Result = securableContextId;
}
}
else
{
result.HasError = true;
result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
}
return(result);
}
/// <summary>
/// Returns a list presenting the SharePoint Security Groups for the current web that have a specified permission associated with them
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="permissionLevel">The permission level the groups must have</param>
/// <returns>A list of groups (wrapped by a ResponseObject)</returns>
internal GetSecurityGroupsResponse GetSecurityGroups(GlymaPermissionLevel permissionLevel)
{
GetSecurityGroupsResponse result = new GetSecurityGroupsResponse()
{
HasError = false
};
IList <GlymaSecurityGroup> results = new List <GlymaSecurityGroup>();
try
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(WebUrl))
{
using (SPWeb web = site.OpenWeb())
{
SPRoleDefinition roleDefinition = null;
try
{
// Check if the role exists, if it does a definition will exist
roleDefinition = web.RoleDefinitions[GlymaPermissionLevelHelper.GetPermissionLevelName(permissionLevel)];
}
catch (Exception)
{
//if unable to find the role definition it will throw an exception
}
if (roleDefinition != null)
{
SPRoleAssignmentCollection roleAssignments = web.RoleAssignments;
foreach (SPRoleAssignment roleAssignment in roleAssignments)
{
bool hasRoleDefinition = false;
foreach (
SPRoleDefinition definition in roleAssignment.RoleDefinitionBindings)
{
if (definition.Id == roleDefinition.Id)
{
//The role exists for this role assignment
hasRoleDefinition = true;
break;
}
}
if (hasRoleDefinition)
{
SPGroup group = roleAssignment.Member as SPGroup;
//we only want to look at groups
if (group != null)
{
GlymaSecurityGroup glymaGroup = new GlymaSecurityGroup();
glymaGroup.DisplayName = group.Name;
SecurableContext securableContext = this.GetSecurableContext();
glymaGroup.SecurableContextId = securableContext.SecurableContextId;
GlymaSecurityGroupContext sgc = new GlymaSecurityGroupContext(this, securableContext.SecurableContextId, group.ID, web.ID);
Group glGroup = sgc.GetGroup(group.Name);
if (glGroup == null)
{
glGroup = sgc.CreateGroup(group.Name);
}
if (glGroup != null)
{
glymaGroup.GroupId = glGroup.GroupId;
results.Add(glymaGroup);
}
else
{
result.HasError = true;
result.ErrorMessage = "Failed to create the Group in the Glyma Security Database.";
break;
}
}
}
}
}
else
{
results = new List <GlymaSecurityGroup>(); //there was no role by this name, it has no groups
}
}
}
});
}
catch (Exception ex)
{
//If an error occurs getting the group listing return no groups
result.HasError = true;
result.ErrorMessage = ex.Message;
}
if (!result.HasError)
{
result.Result = results;
}
return(result);
}
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user
/// has access to it returns true for the project as well (only true for when working out the filtered lists)</param>
/// <returns>True if the user belongs to a group that has access to the securable object</returns>
internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false)
{
GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse()
{
HasError = false,
HasAccess = false,
HighestPermissionLevel = GlymaPermissionLevel.None
};
try
{
using (SPSite site = new SPSite(Context.WebUrl))
{
using (SPWeb currentWeb = site.OpenWeb())
{
IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel();
if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None)
{
result.HasAccess = false;
result.HighestPermissionLevel = GlymaPermissionLevel.None;
return(result); //an error occured so assume there is no access to the object
}
else
{
if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager)
{
//The Glyma Security Manager permission exists for this user, they can access anything
result.HasAccess = true;
result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager;
return(result);
}
}
GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups();
if (!allSPSecurityGroups.HasError)
{
//GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result);
GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result);
//gets a sorted list of groups highest to lowest permission level
IList <GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser);
SecurableContext securableContext = Context.GetSecurableContext();
//check each glyma group the person has associated with them for access to the maps
foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups)
{
GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject);
bool response = securityAssociation.HasAssociation(checkProjectsChildren);
if (response)
{
result.HasAccess = response;
result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup);
return(result);
}
}
}
}
}
}
catch (Exception e)
{
result.HasError = true;
result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message;
}
return(result); //if it gets all the way to here it's the default no access response
}
partial void DeleteSecurableContext(SecurableContext instance);
partial void UpdateSecurableContext(SecurableContext instance);
partial void InsertSecurableContext(SecurableContext instance);
