/// <summary> /// Gets the securable context identifier for the siteID /// </summary> /// <returns>The Securable Context ID associated with the SP Site ID or -1 if it doesn't exist</returns> internal SecurableContext GetSecurableContext() { SecurableContext result = null; SPSecurity.RunWithElevatedPrivileges(delegate() { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { var securableContext = from sc in dataContext.SecurableContexts where sc.SecurableContextId == glymaSession.SecurableContextId select sc; if (securableContext.Any()) { result = securableContext.First(); } } } } }); return(result); }
/// <summary> /// Creates the GroupAssociation /// </summary> /// <param name="groupId">The ID of the Group object</param> internal void CreateGroupAssociation(int groupId) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(Context.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { SecurableContext securableContext = Context.GetSecurableContext(); int securableContextId = securableContext.SecurableContextId; GroupAssociation groupAssociation = new GroupAssociation(); groupAssociation.GroupId = groupId; groupAssociation.SecurableContextId = securableContextId; if (SecurableObject.SecurableParentUid != Guid.Empty) { //group association is for a root map (not a project) groupAssociation.SecurableParentUid = SecurableObject.SecurableParentUid; } groupAssociation.SecurableObjectUid = SecurableObject.SecurableObjectUid; dataContext.GroupAssociations.InsertOnSubmit(groupAssociation); dataContext.SubmitChanges(); } } } }); }
/// <summary> /// Gets the current security associations for a list of groups against a particular securable object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="glGroups">A list of groups to get the security assocations for</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns> internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable <GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; if (this.CurrentUser.IsUserSecurityManager()) { SecurityAssociations securityAssociations = new SecurityAssociations(); Dictionary <GlymaSecurityGroup, bool> results = new Dictionary <GlymaSecurityGroup, bool>(); SecurableContext securableContext = GetSecurableContext(); int securableContextId = securableContext.SecurableContextId; GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); bool isInherited = securableObjectContext.GetIsInherited(); foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups) { try { GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject); bool response = securityAssociationContext.HasAssociation(); results.Add(glymaSecurityGroup, response); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } } if (!result.HasError) { securityAssociations.HasAssociations = results; securityAssociations.IsInherited = isInherited; result.Result = securityAssociations; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return(result); }
internal GetSecurableContextIdResponse GetSecurableContextId() { GetSecurableContextIdResponse result = new GetSecurableContextIdResponse() { HasError = false }; if (this.CurrentUser.IsUserSecurityManager()) { int securableContextId = -1; try { using (SPSite site = new SPSite(WebUrl)) { SecurableContext securableContext = this.GetSecurableContext(); if (securableContext != null) { securableContextId = securableContext.SecurableContextId; } } } catch (Exception ex) { //If an error occurs getting the security context id result.HasError = true; result.ErrorMessage = ex.Message; } if (!result.HasError) { result.Result = securableContextId; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return(result); }
/// <summary> /// Returns a list presenting the SharePoint Security Groups for the current web that have a specified permission associated with them /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="permissionLevel">The permission level the groups must have</param> /// <returns>A list of groups (wrapped by a ResponseObject)</returns> internal GetSecurityGroupsResponse GetSecurityGroups(GlymaPermissionLevel permissionLevel) { GetSecurityGroupsResponse result = new GetSecurityGroupsResponse() { HasError = false }; IList <GlymaSecurityGroup> results = new List <GlymaSecurityGroup>(); try { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = new SPSite(WebUrl)) { using (SPWeb web = site.OpenWeb()) { SPRoleDefinition roleDefinition = null; try { // Check if the role exists, if it does a definition will exist roleDefinition = web.RoleDefinitions[GlymaPermissionLevelHelper.GetPermissionLevelName(permissionLevel)]; } catch (Exception) { //if unable to find the role definition it will throw an exception } if (roleDefinition != null) { SPRoleAssignmentCollection roleAssignments = web.RoleAssignments; foreach (SPRoleAssignment roleAssignment in roleAssignments) { bool hasRoleDefinition = false; foreach ( SPRoleDefinition definition in roleAssignment.RoleDefinitionBindings) { if (definition.Id == roleDefinition.Id) { //The role exists for this role assignment hasRoleDefinition = true; break; } } if (hasRoleDefinition) { SPGroup group = roleAssignment.Member as SPGroup; //we only want to look at groups if (group != null) { GlymaSecurityGroup glymaGroup = new GlymaSecurityGroup(); glymaGroup.DisplayName = group.Name; SecurableContext securableContext = this.GetSecurableContext(); glymaGroup.SecurableContextId = securableContext.SecurableContextId; GlymaSecurityGroupContext sgc = new GlymaSecurityGroupContext(this, securableContext.SecurableContextId, group.ID, web.ID); Group glGroup = sgc.GetGroup(group.Name); if (glGroup == null) { glGroup = sgc.CreateGroup(group.Name); } if (glGroup != null) { glymaGroup.GroupId = glGroup.GroupId; results.Add(glymaGroup); } else { result.HasError = true; result.ErrorMessage = "Failed to create the Group in the Glyma Security Database."; break; } } } } } else { results = new List <GlymaSecurityGroup>(); //there was no role by this name, it has no groups } } } }); } catch (Exception ex) { //If an error occurs getting the group listing return no groups result.HasError = true; result.ErrorMessage = ex.Message; } if (!result.HasError) { result.Result = results; } return(result); }
/// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param> /// <returns>True if the user belongs to a group that has access to the securable object</returns> internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false) { GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse() { HasError = false, HasAccess = false, HighestPermissionLevel = GlymaPermissionLevel.None }; try { using (SPSite site = new SPSite(Context.WebUrl)) { using (SPWeb currentWeb = site.OpenWeb()) { IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel(); if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None) { result.HasAccess = false; result.HighestPermissionLevel = GlymaPermissionLevel.None; return(result); //an error occured so assume there is no access to the object } else { if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager) { //The Glyma Security Manager permission exists for this user, they can access anything result.HasAccess = true; result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager; return(result); } } GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups(); if (!allSPSecurityGroups.HasError) { //GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result); GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result); //gets a sorted list of groups highest to lowest permission level IList <GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser); SecurableContext securableContext = Context.GetSecurableContext(); //check each glyma group the person has associated with them for access to the maps foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups) { GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject); bool response = securityAssociation.HasAssociation(checkProjectsChildren); if (response) { result.HasAccess = response; result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup); return(result); } } } } } } catch (Exception e) { result.HasError = true; result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message; } return(result); //if it gets all the way to here it's the default no access response }
partial void DeleteSecurableContext(SecurableContext instance);
partial void UpdateSecurableContext(SecurableContext instance);
partial void InsertSecurableContext(SecurableContext instance);