/// <summary>
/// Handles the Delete event of the rGrid control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="RowEventArgs"/> instance containing the event data.</param>
protected void rGrid_Delete(object sender, RowEventArgs e)
{
var rockContext = new RockContext();
var authService = new Rock.Model.AuthService(rockContext);
Rock.Model.Auth auth = authService.Get(e.RowKeyId);
if (auth != null)
{
authService.Delete(auth);
rockContext.SaveChanges();
Authorization.ReloadAction(iSecured.TypeId, iSecured.Id, CurrentAction);
}
BindGrid();
}
/// <summary>
/// Handles the Delete event of the gGroups control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param>
protected void gGroups_Delete( object sender, RowEventArgs e )
{
RockTransactionScope.WrapTransaction( () =>
{
GroupService groupService = new GroupService();
AuthService authService = new AuthService();
Group group = groupService.Get( (int)e.RowKeyValue );
if ( group != null )
{
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdGridWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsSecurityRole;
if ( isSecurityRoleGroup )
{
foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() )
{
authService.Delete( auth, CurrentPersonId );
authService.Save( auth, CurrentPersonId );
}
}
groupService.Delete( group, CurrentPersonId );
groupService.Save( group, CurrentPersonId );
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
Rock.Security.Role.Flush( group.Id );
}
}
} );
BindGrid();
}
/// <summary>
/// Handles the Delete event of the gGroups control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param>
protected void gGroups_Delete( object sender, RowEventArgs e )
{
var rockContext = new RockContext();
GroupService groupService = new GroupService( rockContext );
AuthService authService = new AuthService( rockContext );
Group group = groupService.Get( e.RowKeyId );
if ( group != null )
{
if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) )
{
mdGridWarning.Show( "You are not authorized to delete this group", ModalAlertType.Information );
return;
}
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdGridWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() );
if ( isSecurityRoleGroup )
{
Rock.Security.Role.Flush( group.Id );
foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() )
{
authService.Delete( auth );
}
}
groupService.Delete( group );
rockContext.SaveChanges();
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
}
}
BindGrid();
}
/// <summary>
/// Handles the Click event of the btnDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param>
protected void btnDelete_Click( object sender, EventArgs e )
{
int? parentGroupId = null;
RockContext rockContext = new RockContext();
GroupService groupService = new GroupService( rockContext );
AuthService authService = new AuthService( rockContext );
Group group = groupService.Get( int.Parse( hfGroupId.Value ) );
if ( group != null )
{
if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) )
{
mdDeleteWarning.Show( "You are not authorized to delete this group.", ModalAlertType.Information );
return;
}
parentGroupId = group.ParentGroupId;
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdDeleteWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() );
if ( isSecurityRoleGroup )
{
Rock.Security.Role.Flush( group.Id );
foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() )
{
authService.Delete( auth );
}
}
groupService.Delete( group );
rockContext.SaveChanges();
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
}
}
// reload page, selecting the deleted group's parent
var qryParams = new Dictionary<string, string>();
if ( parentGroupId != null )
{
qryParams["GroupId"] = parentGroupId.ToString();
}
NavigateToPage( RockPage.Guid, qryParams );
}
/// <summary>
/// Handles the Delete event of the rGrid control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="RowEventArgs"/> instance containing the event data.</param>
protected void rGrid_Delete( object sender, RowEventArgs e )
{
var rockContext = new RockContext();
var authService = new Rock.Model.AuthService( rockContext );
Rock.Model.Auth auth = authService.Get( e.RowKeyId );
if ( auth != null )
{
authService.Delete( auth );
rockContext.SaveChanges();
Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, CurrentAction );
}
BindGrid();
}
/// <summary>
/// Handles the Click event of the btnDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param>
protected void btnDelete_Click( object sender, EventArgs e )
{
int? parentGroupId = null;
// NOTE: Very similar code in GroupList.gGroups_Delete
RockTransactionScope.WrapTransaction( () =>
{
GroupService groupService = new GroupService();
AuthService authService = new AuthService();
Group group = groupService.Get( int.Parse( hfGroupId.Value ) );
if ( group != null )
{
parentGroupId = group.ParentGroupId;
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdDeleteWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() );
if ( isSecurityRoleGroup )
{
Rock.Security.Role.Flush( group.Id );
foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() )
{
authService.Delete( auth, CurrentPersonId );
authService.Save( auth, CurrentPersonId );
}
}
groupService.Delete( group, CurrentPersonId );
groupService.Save( group, CurrentPersonId );
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
}
}
} );
// reload page, selecting the deleted group's parent
var qryParams = new Dictionary<string, string>();
if ( parentGroupId != null )
{
qryParams["groupId"] = parentGroupId.ToString();
}
NavigateToPage( RockPage.Guid, qryParams );
}
/// <summary>
/// Removes that two authorization rules that made the entity private.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
public static void MakeUnPrivate( ISecured entity, string action, Person person, RockContext rockContext = null )
{
if ( IsPrivate( entity, action, person ) )
{
rockContext = rockContext ?? new RockContext();
var authService = new AuthService( rockContext );
// if is private, then there are only two rules for this action that should be deleted
foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] )
{
var oldAuth = authService.Get( authRule.Id );
authService.Delete( oldAuth );
}
rockContext.SaveChanges();
Authorizations[entity.TypeId][entity.Id][action] = new List<AuthRule>();
}
}
/// <summary>
/// Handles the Click event of the btnDelete control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param>
protected void btnDelete_Click( object sender, EventArgs e )
{
int? parentGroupId = null;
RockContext rockContext = new RockContext();
GroupService groupService = new GroupService( rockContext );
AuthService authService = new AuthService( rockContext );
Group group = groupService.Get( hfGroupId.Value.AsInteger() );
if ( group != null )
{
if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) )
{
mdDeleteWarning.Show( "You are not authorized to delete this group.", ModalAlertType.Information );
return;
}
parentGroupId = group.ParentGroupId;
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdDeleteWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsActive && ( group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ) );
if ( isSecurityRoleGroup )
{
Rock.Security.Role.Flush( group.Id );
foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() )
{
authService.Delete( auth );
}
}
// If group has a non-named schedule, delete the schedule record.
if ( group.ScheduleId.HasValue )
{
var scheduleService = new ScheduleService( rockContext );
var schedule = scheduleService.Get( group.ScheduleId.Value );
if ( schedule != null && schedule.ScheduleType != ScheduleType.Named )
{
// Make sure this is the only group trying to use this schedule.
if ( !groupService.Queryable().Where( g => g.ScheduleId == schedule.Id && g.Id != group.Id ).Any() )
{
scheduleService.Delete( schedule );
}
}
}
groupService.Delete( group );
rockContext.SaveChanges();
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
}
}
// reload page, selecting the deleted group's parent
var qryParams = new Dictionary<string, string>();
if ( parentGroupId != null )
{
qryParams["GroupId"] = parentGroupId.ToString();
}
qryParams["ExpandedIds"] = PageParameter( "ExpandedIds" );
NavigateToPage( RockPage.Guid, qryParams );
}
/// <summary>
/// Copies the authorizations from one <see cref="ISecured" /> object to another
/// </summary>
/// <param name="sourceEntity">The source entity.</param>
/// <param name="targetEntity">The target entity.</param>
/// <param name="rockContext">The rock context.</param>
/// <remarks>
/// If a rockContext value is included, this method will save any previous changes made to the context
/// </remarks>
public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext = null )
{
rockContext = rockContext ?? new RockContext();
// If there's no Authorizations object, create it
if ( Authorizations == null )
{
Load( rockContext );
}
var sourceEntityTypeId = sourceEntity.TypeId;
var targetEntityTypeId = targetEntity.TypeId;
AuthService authService = new AuthService( rockContext );
// Delete the current authorizations for the target entity
foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ) )
{
authService.Delete( auth );
}
Dictionary<string, List<AuthRule>> newActions = new Dictionary<string, List<AuthRule>>();
int order = 0;
if ( Authorizations.ContainsKey( sourceEntityTypeId ) && Authorizations[sourceEntityTypeId].ContainsKey( sourceEntity.Id ) )
{
foreach ( KeyValuePair<string, List<AuthRule>> action in Authorizations[sourceEntityTypeId][sourceEntity.Id] )
{
if ( targetEntity.SupportedActions.ContainsKey( action.Key ) )
{
newActions.Add( action.Key, new List<AuthRule>() );
foreach ( AuthRule rule in action.Value )
{
Auth auth = new Auth();
auth.EntityTypeId = targetEntityTypeId;
auth.EntityId = targetEntity.Id;
auth.Order = order;
auth.Action = action.Key;
auth.AllowOrDeny = rule.AllowOrDeny;
auth.SpecialRole = rule.SpecialRole;
auth.PersonId = rule.PersonId;
auth.GroupId = rule.GroupId;
authService.Add( auth );
newActions[action.Key].Add( new AuthRule( rule.Id, rule.EntityId, rule.AllowOrDeny, rule.SpecialRole, rule.PersonId, rule.GroupId, rule.Order ) );
order++;
}
}
}
}
rockContext.SaveChanges();
if ( !Authorizations.ContainsKey( targetEntityTypeId ) )
{
Authorizations.Add( targetEntityTypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() );
}
Dictionary<int, Dictionary<string, List<AuthRule>>> entityType = Authorizations[targetEntityTypeId];
if ( !entityType.ContainsKey( targetEntity.Id ) )
{
entityType.Add( targetEntity.Id, new Dictionary<string, List<AuthRule>>() );
}
entityType[targetEntity.Id] = newActions;
}
/// <summary>
/// Makes the entity private by setting up two authorization rules, one granting the selected person, and
/// then another that denies all other users.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
public static void MakePrivate( ISecured entity, string action, Person person, RockContext rockContext = null )
{
if ( !IsPrivate( entity, action, person ) )
{
if ( person != null )
{
rockContext = rockContext ?? new RockContext();
// If there's no Authorizations object, create it
if ( Authorizations == null )
{
Load( rockContext );
}
var authService = new AuthService( rockContext );
// If there are not entries in the Authorizations object for this entity type and entity instance, create
// the dictionary entries
if ( !Authorizations.Keys.Contains( entity.TypeId ) )
{
Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() );
}
if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) )
{
Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() );
}
if ( !Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) )
{
Authorizations[entity.TypeId][entity.Id].Add( action, new List<AuthRule>() );
}
else
{
// If existing rules exist, delete them.
foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] )
{
var oldAuth = authService.Get( authRule.Id );
authService.Delete( oldAuth );
}
}
var rules = new List<AuthRule>();
Auth auth1 = new Auth();
auth1.EntityTypeId = entity.TypeId;
auth1.EntityId = entity.Id;
auth1.Order = 0;
auth1.Action = action;
auth1.AllowOrDeny = "A";
auth1.SpecialRole = SpecialRole.None;
auth1.PersonId = person.Id;
authService.Add( auth1 );
Auth auth2 = new Auth();
auth2.EntityTypeId = entity.TypeId;
auth2.EntityId = entity.Id;
auth2.Order = 1;
auth2.Action = action;
auth2.AllowOrDeny = "D";
auth2.SpecialRole = SpecialRole.AllUsers;
authService.Add( auth2 );
rockContext.SaveChanges();
rules.Add( new AuthRule( auth1 ) );
rules.Add( new AuthRule( auth2 ) );
Authorizations[entity.TypeId][entity.Id][action] = rules;
}
}
}
/// <summary>
/// Copies the authorizations from one <see cref="ISecured" /> object to another
/// </summary>
/// <param name="sourceEntity">The source entity.</param>
/// <param name="targetEntity">The target entity.</param>
/// <param name="rockContext">The rock context.</param>
/// <param name="action">Optional action (if ommitted or left blank, all actions will be copied).</param>
/// <remarks>
/// This method will save any previous changes made to the context
/// </remarks>
public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext, string action = "" )
{
Load();
var sourceEntityTypeId = sourceEntity.TypeId;
var targetEntityTypeId = targetEntity.TypeId;
AuthService authService = new AuthService( rockContext );
// Delete the current authorizations for the target entity
foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ).ToList() )
{
if ( string.IsNullOrWhiteSpace( action ) || auth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) )
{
authService.Delete( auth );
}
}
rockContext.SaveChanges();
// Copy target auths to source auths
int order = 0;
foreach ( Auth sourceAuth in authService.Get( sourceEntityTypeId, sourceEntity.Id ).ToList() )
{
if ( ( string.IsNullOrWhiteSpace( action ) || sourceAuth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) ) &&
targetEntity.SupportedActions.ContainsKey( sourceAuth.Action ) )
{
Auth auth = new Auth();
auth.EntityTypeId = targetEntityTypeId;
auth.EntityId = targetEntity.Id;
auth.Action = sourceAuth.Action;
auth.AllowOrDeny = sourceAuth.AllowOrDeny;
auth.GroupId = sourceAuth.GroupId;
auth.PersonAliasId = sourceAuth.PersonAliasId;
auth.SpecialRole = sourceAuth.SpecialRole;
auth.Order = order++;
authService.Add( auth );
rockContext.SaveChanges();
}
}
ReloadEntity( targetEntityTypeId, targetEntity.Id, rockContext );
}
/// <summary>
/// If the entity is currently private for selected person, removes all the rules
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyMakeUnPrivate( ISecured entity, string action, Person person, RockContext rockContext )
{
if ( IsPrivate( entity, action, person ) )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
}
/// <summary>
/// Makes the entity private for the selected action and person
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyMakePrivate( ISecured entity, string action, Person person, RockContext rockContext )
{
if ( !IsPrivate( entity, action, person ) )
{
if ( person != null )
{
var personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id );
if ( personAlias != null )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
rockContext.SaveChanges();
// Create the rules in the database
Auth auth1 = new Auth();
auth1.EntityTypeId = entity.TypeId;
auth1.EntityId = entity.Id;
auth1.Order = 0;
auth1.Action = action;
auth1.AllowOrDeny = "A";
auth1.SpecialRole = SpecialRole.None;
auth1.PersonAlias = personAlias;
auth1.PersonAliasId = personAlias.Id;
authService.Add( auth1 );
Auth auth2 = new Auth();
auth2.EntityTypeId = entity.TypeId;
auth2.EntityId = entity.Id;
auth2.Order = 1;
auth2.Action = action;
auth2.AllowOrDeny = "D";
auth2.SpecialRole = SpecialRole.AllUsers;
authService.Add( auth2 );
rockContext.SaveChanges();
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
}
}
}
/// <summary>
/// Mies the allow all users.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="rockContext">The rock context.</param>
private static void MyAllowAllUsers( ISecured entity, string action, RockContext rockContext )
{
var authService = new AuthService( rockContext );
// Delete any existing rules in database
foreach ( Auth auth in authService
.GetAuths( entity.TypeId, entity.Id, action ) )
{
authService.Delete( auth );
}
rockContext.SaveChanges();
// Create the rule in the database
Auth auth1 = new Auth();
auth1.EntityTypeId = entity.TypeId;
auth1.EntityId = entity.Id;
auth1.Order = 0;
auth1.Action = action;
auth1.AllowOrDeny = "A";
auth1.SpecialRole = SpecialRole.AllUsers;
authService.Add( auth1 );
rockContext.SaveChanges();
// Reload the static dictionary for this action
ReloadAction( entity.TypeId, entity.Id, action, rockContext );
}
/// <summary>
/// Handles the Delete event of the gGroups control.
/// </summary>
/// <param name="sender">The source of the event.</param>
/// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param>
protected void gGroups_Delete( object sender, RowEventArgs e )
{
// NOTE: Very similar code in GroupDetail.btnDelete_Click
RockTransactionScope.WrapTransaction( () =>
{
GroupService groupService = new GroupService();
AuthService authService = new AuthService();
Group group = groupService.Get( (int)e.RowKeyValue );
if ( group != null )
{
string errorMessage;
if ( !groupService.CanDelete( group, out errorMessage ) )
{
mdGridWarning.Show( errorMessage, ModalAlertType.Information );
return;
}
bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() );
if (isSecurityRoleGroup)
{
Rock.Security.Role.Flush( group.Id );
foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() )
{
authService.Delete( auth, CurrentPersonId );
authService.Save( auth, CurrentPersonId );
}
}
groupService.Delete( group, CurrentPersonId );
groupService.Save( group, CurrentPersonId );
if ( isSecurityRoleGroup )
{
Rock.Security.Authorization.Flush();
}
}
} );
BindGrid();
}
