/// <summary>
/// Check if a user may do something - and throw an error if the permission is not given
/// </summary>
/// <param name="contentType"></param>
/// <param name="grant"></param>
/// <param name="autoAllowAdmin"></param>
/// <param name="specificItem"></param>
private void PerformSecurityCheck(string contentType, PermissionGrant grant, bool autoAllowAdmin = false, IEntity specificItem = null)
{
// Check if we can find this content-type
var ctc = new ContentTypeController();
ctc.SetAppIdAndUser(App.AppId);
var cache = DataSource.GetCache(null, App.AppId);
var ct = cache.GetContentType(contentType);
if (ct == null)
{
ThrowHttpError(HttpStatusCode.NotFound, "Could not find Content Type '" + contentType + "'.",
"content-types");
return;
}
// Check if the content-type has a GUID as name - only these can have permission assignments
Guid ctGuid;
var staticNameIsGuid = Guid.TryParse(ct.StaticName, out ctGuid);
if(!staticNameIsGuid)
ThrowHttpError(HttpStatusCode.Unauthorized, "Content Type '" + contentType + "' is not a standard Content Type - no permissions possible.");
// Check permissions in 2sxc - or check if the user has admin-right (in which case he's always granted access for these types of content)
var permissionChecker = new PermissionController(App.ZoneId, App.AppId, ctGuid, specificItem, Dnn.Module);
var allowed = permissionChecker.UserMay(grant);
var isAdmin = autoAllowAdmin && DotNetNuke.Security.Permissions.ModulePermissionController.CanAdminModule(Dnn.Module);
if(!(allowed || isAdmin))
ThrowHttpError(HttpStatusCode.Unauthorized, "Request not allowed. User needs permissions to " + grant + " for Content Type '" + contentType + "'.", "permissions");
}
