Read() public static method

Returns Role object from cache. If role does not already exist in cache, it will be read and added to cache
public static Read ( int id ) : Role
id int The id.
return Role
Example #1
0
        /// <summary>
        /// Returns a list of all the possible Roles
        /// </summary>
        /// <returns></returns>
        public static List <Role> AllRoles()
        {
            List <Role> roles = new List <Role>();

            Rock.Groups.GroupService groupService = new Rock.Groups.GroupService();
            foreach (int id in groupService.
                     Queryable().Where(g => g.IsSecurityRole == true).Select(g => g.Id).ToList())
            {
                roles.Add(Role.Read(id));
            }

            return(roles);
        }
Example #2
0
        /// <summary>
        /// Returns a list of all the possible Roles
        /// </summary>
        /// <returns></returns>
        public static List <Role> AllRoles()
        {
            List <Role> roles = new List <Role>();

            Guid securityRoleGuid = Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid();

            Rock.Model.GroupService groupService = new Rock.Model.GroupService(new RockContext());
            foreach (int id in groupService.Queryable()
                     .Where(g =>
                            g.GroupType.Guid.Equals(securityRoleGuid) ||
                            g.IsSecurityRole == true)
                     .OrderBy(g => g.Name)
                     .Select(g => g.Id)
                     .ToList())
            {
                roles.Add(Role.Read(id));
            }

            return(roles);
        }
Example #3
0
        /// <summary>
        /// Returns a list of all the possible Roles
        /// </summary>
        /// <returns></returns>
        public static List <Role> AllRoles()
        {
            List <Role> roles = new List <Role>();

            var securityGroupType   = GroupTypeCache.Read(Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid());
            int securityGroupTypeId = securityGroupType != null ? securityGroupType.Id : 0;

            Rock.Model.GroupService groupService = new Rock.Model.GroupService(new RockContext());
            foreach (int id in groupService.Queryable()
                     .Where(g =>
                            g.IsActive &&
                            (g.GroupTypeId == securityGroupTypeId || g.IsSecurityRole == true))
                     .OrderBy(g => g.Name)
                     .Select(g => g.Id)
                     .ToList())
            {
                roles.Add(Role.Read(id));
            }

            return(roles);
        }
Example #4
0
        /// <summary>
        /// Evaluates whether a selected user is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity"></param>
        /// <param name="action"></param>
        /// <param name="user"></param>
        /// <returns></returns>
        public static bool Authorized(ISecured entity, string action, Rock.CMS.User user)
        {
            //    return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
            //}

            ///// <summary>
            ///// Evaluates whether a selected user is allowed to perform the selected action on the selected
            ///// entity.
            ///// </summary>
            ///// <param name="entity">The entity.</param>
            ///// <param name="action">The action.</param>
            ///// <param name="userName">Name of the user.</param>
            ///// <returns></returns>
            //private static bool Authorized( ISecured entity, string action, string userName )
            //{
            // If there's no Authorizations object, create it
            if (Authorizations == null)
            {
                Load();
            }

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if (Authorizations.Keys.Contains(entity.AuthEntity) &&
                Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) &&
                Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action))
            {
                string userName = user != null?user.Person.Guid.ToString() : string.Empty;

                foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action])
                {
                    // All Users
                    if (authRule.SpecialRole == SpecialRole.AllUsers)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Authenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Unauthenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty)
                    {
                        // See if person has been authorized to entity
                        if (authRule.PersonId.HasValue &&
                            user.PersonId.HasValue &&
                            authRule.PersonId.Value == user.PersonId.Value)
                        {
                            return(authRule.AllowOrDeny == "A");
                        }

                        // See if person is in role authorized
                        if (authRule.GroupId.HasValue)
                        {
                            Role role = Role.Read(authRule.GroupId.Value);
                            if (role != null && role.UserInRole(userName))
                            {
                                return(authRule.AllowOrDeny == "A");
                            }
                        }
                    }
                }
            }

            // If not match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if (entity.ParentAuthority != null)
            {
                return(Authorized(entity.ParentAuthority, action, user));
            }
            else
            {
                return(entity.DefaultAuthorization(action));
            }
        }
Example #5
0
        private static bool?ItemAuthorized(ISecured entity, string action, Rock.Model.Person person)
        {
            // If there's no Authorizations object, create it
            if (Authorizations == null)
            {
                Load();
            }

            var entityTypeId = entity.TypeId;

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if (Authorizations.Keys.Contains(entityTypeId) &&
                Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
                Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
            {
                string userName = person != null?person.Guid.ToString() : string.Empty;

                foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
                {
                    // All Users
                    if (authRule.SpecialRole == SpecialRole.AllUsers)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Authenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Unauthenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    if (authRule.SpecialRole == SpecialRole.None && person != null)
                    {
                        // See if person has been authorized to entity
                        if (authRule.PersonId.HasValue &&
                            authRule.PersonId.Value == person.Id)
                        {
                            return(authRule.AllowOrDeny == "A");
                        }

                        // See if person is in role authorized
                        if (authRule.GroupId.HasValue)
                        {
                            Role role = Role.Read(authRule.GroupId.Value);
                            if (role != null && role.IsUserInRole(userName))
                            {
                                return(authRule.AllowOrDeny == "A");
                            }
                        }
                    }
                }
            }

            // If no match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            bool?parentAuthorized = null;

            if (entity.ParentAuthorityPre != null)
            {
                parentAuthorized = ItemAuthorized(entity.ParentAuthorityPre, action, person);
            }

            if (!parentAuthorized.HasValue && entity.ParentAuthority != null)
            {
                parentAuthorized = ItemAuthorized(entity.ParentAuthority, action, person);
            }

            return(parentAuthorized);
        }