/// <summary>
/// Initializes a new instance of the <see cref="ContentPermissionsResourceHandler" /> class.
/// </summary>
/// <param name="backOfficeSecurityAccessor">Accessor for back-office security.</param>
/// <param name="contentPermissions">Helper for content authorization checks.</param>
public ContentPermissionsResourceHandler(
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
ContentPermissions contentPermissions)
{
_backOfficeSecurityAccessor = backOfficeSecurityAccessor;
_contentPermissions = contentPermissions;
}
/// <summary>
/// Returns a <see cref="TreeNode"/> for the <see cref="IUmbracoEntity"/> and
/// attaches some meta data to the node if the user doesn't have start node access to it when in dialog mode
/// </summary>
/// <param name="e"></param>
/// <param name="parentId"></param>
/// <param name="queryStrings"></param>
/// <returns></returns>
internal TreeNode GetSingleTreeNodeWithAccessCheck(IEntitySlim e, string parentId, FormCollection queryStrings,
int[] startNodeIds, string[] startNodePaths)
{
var entityIsAncestorOfStartNodes = ContentPermissions.IsInBranchOfStartNode(e.Path, startNodeIds, startNodePaths, out var hasPathAccess);
var ignoreUserStartNodes = IgnoreUserStartNodes(queryStrings);
if (ignoreUserStartNodes == false && entityIsAncestorOfStartNodes == false)
{
return(null);
}
var treeNode = GetSingleTreeNode(e, parentId, queryStrings);
if (treeNode == null)
{
//this means that the user has NO access to this node via permissions! They at least need to have browse permissions to see
//the node so we need to return null;
return(null);
}
if (!ignoreUserStartNodes && !hasPathAccess)
{
treeNode.AdditionalData["noAccess"] = true;
}
return(treeNode);
}
public void Access_To_Recycle_Bin_By_Permission()
{
// Arrange
var user = CreateUser();
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(-20, user, out IContent _, new[] { 'A' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
private Attempt <string?> AuthorizePath(IUser currentUser, IEnumerable <int>?startContentIds, IEnumerable <int>?startMediaIds)
{
if (startContentIds != null)
{
foreach (var contentId in startContentIds)
{
if (contentId == Constants.System.Root)
{
var hasAccess = ContentPermissions.HasPathAccess("-1", currentUser.CalculateContentStartNodeIds(_entityService, _appCaches), Constants.System.RecycleBinContent);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the content root"));
}
}
else
{
var content = _contentService.GetById(contentId);
if (content == null)
{
continue;
}
var hasAccess = currentUser.HasPathAccess(content, _entityService, _appCaches);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the content path " + content.Path));
}
}
}
}
if (startMediaIds != null)
{
foreach (var mediaId in startMediaIds)
{
if (mediaId == Constants.System.Root)
{
var hasAccess = ContentPermissions.HasPathAccess("-1", currentUser.CalculateMediaStartNodeIds(_entityService, _appCaches), Constants.System.RecycleBinMedia);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the media root"));
}
}
else
{
var media = _mediaService.GetById(mediaId);
if (media == null)
{
continue;
}
var hasAccess = currentUser.HasPathAccess(media, _entityService, _appCaches);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the media path " + media.Path));
}
}
}
}
return(Attempt <string?> .Succeed());
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
// Arrange
IUser user = CreateUser(withUserGroup: false);
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void Access_Allowed_By_Permission()
{
// Arrange
var user = CreateUser(9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A", "F", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
var userServiceMock = new Mock <IUserService>();
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(1234, user, out IContent _, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void No_Content_Found()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result);
}
public void No_Access_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9, startContentId: 9876);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
private ContentPermissionsResourceHandler CreateHandler(int nodeId, string[] permissionsForPath)
{
Mock <IBackOfficeSecurityAccessor> mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor();
ContentPermissions contentPermissions = CreateContentPermissions(nodeId, permissionsForPath);
return(new ContentPermissionsResourceHandler(mockBackOfficeSecurityAccessor.Object, contentPermissions));
}
public static bool HasMediaPathAccess(this IUser user, IUmbracoEntity entity, IEntityService entityService, AppCaches appCaches)
{
if (entity == null)
{
throw new ArgumentNullException(nameof(entity));
}
return(ContentPermissions.HasPathAccess(entity.Path, user.CalculateMediaStartNodeIds(entityService, appCaches), Constants.System.RecycleBinMedia));
}
public static bool HasPathAccess(this IUser user, IContent content, IEntityService entityService, AppCaches appCaches)
{
if (content == null)
{
throw new ArgumentNullException(nameof(content));
}
return(ContentPermissions.HasPathAccess(content.Path, user.CalculateContentStartNodeIds(entityService, appCaches), Constants.System.RecycleBinContent));
}
private ContentPermissionsQueryStringHandler CreateHandler(IHttpContextAccessor httpContextAccessor, int nodeId, string[] permissionsForPath)
{
Mock <IBackOfficeSecurityAccessor> mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor();
Mock <IEntityService> mockEntityService = CreateMockEntityService();
ContentPermissions contentPermissions = CreateContentPermissions(mockEntityService.Object, nodeId, permissionsForPath);
return(new ContentPermissionsQueryStringHandler(mockBackOfficeSecurityAccessor.Object, httpContextAccessor, mockEntityService.Object, contentPermissions));
}
private ContentPermissionsPublishBranchHandler CreateHandler(IUserService userService, int nodeId)
{
Mock <IEntityService> mockEntityService = CreateMockEntityService();
ContentPermissions contentPermissions = CreateContentPermissions(mockEntityService.Object, userService, nodeId);
Mock <IBackOfficeSecurityAccessor> mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor();
return(new ContentPermissionsPublishBranchHandler(mockEntityService.Object, contentPermissions, mockBackOfficeSecurityAccessor.Object));
}
/// <summary>
/// Initializes a new instance of the <see cref="ContentPermissionsPublishBranchHandler" /> class.
/// </summary>
/// <param name="entityService">Service for entity operations.</param>
/// <param name="contentPermissions">per for user content authorization checks.</param>
/// <param name="backOfficeSecurityAccessor">Accessor for back-office security.</param>
public ContentPermissionsPublishBranchHandler(
IEntityService entityService,
ContentPermissions contentPermissions,
IBackOfficeSecurityAccessor backOfficeSecurityAccessor)
{
_entityService = entityService;
_contentPermissions = contentPermissions;
_backOfficeSecurityAccessor = backOfficeSecurityAccessor;
}
internal void FilterBasedOnStartNode(IList items, IUser user)
{
var toRemove = new List <dynamic>();
foreach (dynamic item in items)
{
var hasPathAccess = (item != null && ContentPermissions.HasPathAccess(item?.Path, GetUserStartNodes(user), RecycleBinId));
if (hasPathAccess == false)
{
toRemove.Add(item);
}
}
foreach (var item in toRemove)
{
items.Remove(item);
}
}
public void Access_To_Recycle_Bin_By_Path()
{
// Arrange
IUser user = CreateUser();
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent _);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public PublicContent(String MemberID, ContentPermissions ContentPermissions, List<String> InterestID, ContentType ContentType)
{
this.MemberID = MemberID;
this.Creater = new Creater.Creater(MemberID);
this.ContentPermissions = ContentPermissions;
this.MyFriends = ContentProvider.getMyFriends(MemberID);
this.City = this.Creater.City.Split('|')[this.Creater.City.Split('|').Length - 1];
this.Sex = this.Creater.Sex == 1 ? BiZ.Content.SexType.Boy : BiZ.Content.SexType.Girl;
this.InterestID = InterestID;
this.ContentType = ContentType;
this.CreatedTime = DateTime.Now;
this.UpdateTime = DateTime.Now;
this.AnswerCount = 0;
this.AnswerList = new List<Comment.Comment>();
this.LikeCount = 0;
this.LikeList = new List<BiZ.Like.LikeMember>();
this.DeleteFlag = Comm.DeletedFlag.No;
}
public InterViewContent(String MemberID, ContentPermissions ContentPermissions, List<String> InterestID, IList<InterView.InterView> InterviewList)
{
PublicContent obj = new PublicContent(MemberID, ContentPermissions, InterestID, ContentType.InterView);
this.MemberID = obj.MemberID;
this.Creater = obj.Creater;
this.ContentPermissions = obj.ContentPermissions;
this.MyFriends = obj.MyFriends;
this.City = obj.City;
this.Sex = obj.Sex;
this.InterestID = obj.InterestID;
this.ContentType = obj.ContentType;
this.CreatedTime = obj.CreatedTime;
this.UpdateTime = obj.UpdateTime;
this.AnswerCount = obj.AnswerCount;
this.AnswerList = obj.AnswerList;
this.LikeCount = obj.LikeCount;
this.LikeList = obj.LikeList;
this.DeleteFlag = obj.DeleteFlag;
this.InterviewList = InterviewList;
}
public void No_Access_To_Recycle_Bin_By_Path()
{
// Arrange
IUser user = CreateUser(startContentId: 1234);
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public MemberContent(String MemberID, ContentPermissions ContentPermissions, List<String> InterestID, Double Lat, Double Lng, String Type)
{
PublicContent obj = new PublicContent(MemberID, ContentPermissions, InterestID, ContentType.Member);
this.MemberID = obj.MemberID;
this.Creater = obj.Creater;
this.ContentPermissions = obj.ContentPermissions;
this.MyFriends = obj.MyFriends;
this.City = obj.City;
this.Sex = obj.Sex;
this.InterestID = obj.InterestID;
this.ContentType = obj.ContentType;
this.CreatedTime = obj.CreatedTime;
this.UpdateTime = obj.UpdateTime;
this.AnswerCount = obj.AnswerCount;
this.AnswerList = obj.AnswerList;
this.LikeCount = obj.LikeCount;
this.LikeList = obj.LikeList;
this.DeleteFlag = obj.DeleteFlag;
this.Lat = Lat;
this.Lng = Lng;
this.Type = Type;
}
public SuiSuiNianContent(String MemberID, ContentPermissions ContentPermissions, List<String> InterestID, String Content, List<Image> ImageList, ImageLayoutType LayOutType, String Type)
{
PublicContent obj = new PublicContent(MemberID, ContentPermissions, InterestID, ContentType.SuiSuiNian);
this.MemberID = obj.MemberID;
this.Creater = obj.Creater;
this.ContentPermissions = obj.ContentPermissions;
this.MyFriends = obj.MyFriends;
this.City = obj.City;
this.Sex = obj.Sex;
this.InterestID = obj.InterestID;
this.ContentType = obj.ContentType;
this.CreatedTime = obj.CreatedTime;
this.UpdateTime = obj.UpdateTime;
this.AnswerCount = obj.AnswerCount;
this.AnswerList = obj.AnswerList;
this.LikeCount = obj.LikeCount;
this.LikeList = obj.LikeList;
this.DeleteFlag = obj.DeleteFlag;
this.Content = Content;
this.ImageList = ImageList;
this.LayOutType = LayOutType;
this.Type = Type;
}
public void Access_Allowed_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
internal static bool HasContentBinAccess(this IUser user, IEntityService entityService, AppCaches appCaches)
{
return(ContentPermissions.HasPathAccess(Constants.System.RecycleBinContentString, user.CalculateContentStartNodeIds(entityService, appCaches), Constants.System.RecycleBinContent));
}
internal static bool HasMediaBinAccess(this IUser user, IEntityService entityService, AppCaches appCaches) =>
ContentPermissions.HasPathAccess(
Constants.System.RecycleBinMediaString,
user.CalculateMediaStartNodeIds(entityService, appCaches),
Constants.System.RecycleBinMedia);
/// <summary>
/// Initializes a new instance of the <see cref="ContentPermissionsQueryStringHandler" /> class.
/// </summary>
/// <param name="backOfficeSecurityAccessor">Accessor for back-office security.</param>
/// <param name="httpContextAccessor">Accessor for the HTTP context of the current request.</param>
/// <param name="entityService">Service for entity operations.</param>
/// <param name="contentPermissions">Helper for content authorization checks.</param>
public ContentPermissionsQueryStringHandler(
IBackOfficeSecurityAccessor backOfficeSecurityAccessor,
IHttpContextAccessor httpContextAccessor,
IEntityService entityService,
ContentPermissions contentPermissions)
: base(backOfficeSecurityAccessor, httpContextAccessor, entityService) =>
