public ActionResult EditPost(PostEditContentPermissionViewModel inputModel, string returnUrl) { if (inputModel == null) { inputModel = new PostEditContentPermissionViewModel(); } EditContentPermissionViewModel model = PostEditContentPermissionViewModel.Convert(inputModel); var contentManager = this.orchardServices.ContentManager; var contentItems = contentManager.GetMany <ContentItem>(model.ContentIds, VersionOptions.Published, QueryHints.Empty).ToList(); if (contentItems.Count() == 0) { throw new ArgumentNullException("There is no contentItem with the given Ids"); } if (this.contentOwnershipHelper.IsChangingPermissionsValid(model, contentItems, this.ModelState)) { this.contentOwnershipHelper.Update(model, contentItems); foreach (var contentItem in contentItems) { if (this.masterDetailPermissionManager.HasChildItems(contentItem) && inputModel.ApplyToChildren) { this.masterDetailPermissionManager.GrantPermissionToChildren(model, contentItem); } var documentIndex = this.indexProvider.New(contentItem.Id); contentManager.Index(contentItem, documentIndex); this.indexProvider.Store(TicketController.SearchIndexName, documentIndex); } } else { return(this.View("Edit", this.CreateEditPermissionsModel(model.ContentIds))); } if (string.IsNullOrEmpty(returnUrl)) { if (contentItems.All(c => this.contentOwnershipService.CurrentUserCanChangePermission(c))) { return(this.View("Edit", this.CreateEditPermissionsModel(model.ContentIds))); } else { return(RedirectToAction("Display", "Item", new { area = "Orchard.CRM.Core", id = model.ContentIds.First() })); } } return(this.Redirect(returnUrl)); }
public MilestoneHandler( IRepository <MilestonePartRecord> repository, IContentManager contentManager, IContentOwnershipHelper contentOwnershipHelper) { Filters.Add(StorageFilter.For(repository)); this.OnPublishing <AttachToMilestonePart>((context, part) => { if (part.Record.MilestoneId.HasValue) { var milestone = contentManager.Get(part.Record.MilestoneId.Value); ContentItemSetPermissionsViewModel milestonePermissions = new ContentItemSetPermissionsViewModel(); contentOwnershipHelper.FillPermissions(milestonePermissions, new[] { milestone }); ContentItemSetPermissionsViewModel itemPermissions = new ContentItemSetPermissionsViewModel(); contentOwnershipHelper.FillPermissions(itemPermissions, new[] { part.ContentItem }); EditContentPermissionViewModel editContentPermissionViewModel = new EditContentPermissionViewModel(); editContentPermissionViewModel.AccessType = ContentItemPermissionAccessTypes.SharedForView; editContentPermissionViewModel.RemoveOldPermission = false; // Grant users who don't have access to item foreach (var user in milestonePermissions.Users.Where(c => !itemPermissions.Users.Any(d => d.Value == c.Value))) { editContentPermissionViewModel.Targets.Add(new TargetContentItemPermissionViewModel { UserId = int.Parse(user.Value), Checked = true }); } // Grant customer who don't have access to item foreach (var user in milestonePermissions.Customers.Where(c => !itemPermissions.Customers.Any(d => d.Value == c.Value))) { editContentPermissionViewModel.Targets.Add(new TargetContentItemPermissionViewModel { UserId = int.Parse(user.Value), Checked = true }); } // Grant businessUnits who don't have access to item foreach (var bussinesUnit in milestonePermissions.BusinessUnits.Where(c => !itemPermissions.BusinessUnits.Any(d => d.BusinessUnitId == c.BusinessUnitId))) { editContentPermissionViewModel.Targets.Add(new TargetContentItemPermissionViewModel { BusinessUnitId = bussinesUnit.BusinessUnitId, Checked = true }); } contentOwnershipHelper.Update(editContentPermissionViewModel, new[] { part.ContentItem }, false); } }); }
public bool IsChangingPermissionsValid(EditContentPermissionViewModel model, IList <ContentItem> contentItems, ModelStateDictionary modelState) { if (model.AccessType == default(byte)) { modelState.AddModelError("AccessType", T("AccessType value is not valid").Text); return(false); } foreach (var contentItem in contentItems) { AttachToProjectPart attachToProjectPart = contentItem.As <AttachToProjectPart>(); if (attachToProjectPart != null && attachToProjectPart.Record.Project != null) { var project = this.orchardServices.ContentManager.Get(attachToProjectPart.Record.Project.Id); foreach (var target in model.Targets) { if (!this.HasAccessToTheContent(project, target)) { modelState.AddModelError("Targets", T("The given businessUnit or user doesn't have access to the project").Text); return(false); } } } bool currentUserCanChangePermission = this.crmContentOwnershipService.CurrentUserCanChangePermission(contentItem, modelState); if (!currentUserCanChangePermission) { return(false); } if (model.Targets.Count(c => c.Checked) > 1 && model.AccessType == ContentItemPermissionAccessTypes.Assignee) { modelState.AddModelError("Targets", T("Items atleast must have only one assignee").ToString()); return(false); } foreach (var item in model.Targets.Where(c => c.Checked)) { int?[] temp = new int?[] { item.BusinessUnitId, item.TeamId, item.UserId }; if (temp.Count(c => c.HasValue) != 1) { modelState.AddModelError("targetUserId", T("One of the parameters must have a value").ToString()); return(false); } } } return(true); }
public void GrantPermissionToDetail(EditContentPermissionViewModel parameters, IContent content) { if (!this.HasDetail(content)) { return; } // get all items attached to project var subItems = this.contentManager .Query <AttachToProjectPart>() .Where <AttachToProjectPartRecord>(c => c.Project.Id == content.Id) .List() .Where(c => c.ContentItem.As <ContentItemPermissionPart>() != null) .Select(c => c.ContentItem).ToList(); parameters.ContentIds = subItems.Select(c => c.Id).ToArray(); this.contentOwnershipHelper.Update(parameters, subItems, false); }
public void GrantPermissionToChildren(EditContentPermissionViewModel parameters, IContent content) { EditContentPermissionViewModel temp = new EditContentPermissionViewModel { AccessType = parameters.AccessType, ContentIds = parameters.ContentIds, RemoveOldPermission = parameters.RemoveOldPermission, }; temp.Targets.AddRange(parameters.Targets); foreach (var provider in this.providers) { if (provider.HasDetail(content)) { provider.GrantPermissionToDetail(temp, content); } } }
public ActionResult InvitePost(InviteUserToProjectPostViewModel model) { if (model == null) { return(HttpNotFound("There is no userId in the request")); } if (!ModelState.IsValid) { return(View()); } var user = this.services.ContentManager.Get <IUser>(model.UserId); if (user == null) { return(new HttpNotFoundResult(T("There is no user with the given Id").Text)); } if (!this.contentOwnershipService.IsCustomer(model.UserId) && !this.contentOwnershipService.IsOperator(model.UserId)) { return(new HttpUnauthorizedResult(T("The given user doesn't have customer permission").Text)); } EditContentPermissionViewModel dataModel = new EditContentPermissionViewModel { AccessType = ContentItemPermissionAccessTypes.SharedForView, ContentIds = model.Projects, RemoveOldPermission = false }; dataModel.Targets.Add(new TargetContentItemPermissionViewModel { UserId = model.UserId, Checked = true }); var contentManager = this.services.ContentManager; var projects = contentManager.GetMany <ProjectPart>(dataModel.ContentIds, VersionOptions.Published, QueryHints.Empty).ToList(); if (projects.Count() == 0) { throw new ArgumentNullException("There is no contentItem with the given Ids"); } if (projects.Count() != dataModel.ContentIds.Length) { throw new ArgumentNullException("There is not a project with the given Id"); } var projectsAsContentItems = projects.Select(c => c.ContentItem).ToList(); if (this.contentOwnershipHelper.IsChangingPermissionsValid(dataModel, projectsAsContentItems, this.ModelState)) { this.contentOwnershipHelper.Update(dataModel, projectsAsContentItems); foreach (var contentItem in projectsAsContentItems) { if (this.masterDetailPermissionManager.HasChildItems(contentItem) && this.contentOwnershipService.IsOperator(model.UserId)) { this.masterDetailPermissionManager.GrantPermissionToChildren(dataModel, contentItem); } var documentIndex = this.indexProvider.New(contentItem.Id); contentManager.Index(contentItem, documentIndex); this.indexProvider.Store(TicketController.SearchIndexName, documentIndex); } } return(RedirectToAction("Invite", new { userId = model.UserId })); }
protected override DriverResult Editor(ProjectItemPermissionsPart part, IUpdateModel updater, dynamic shapeHelper) { // only applicable in the Creation mode if (part.ContentItem.VersionRecord.Published == true || part.ContentItem.Record.Versions.Count > 1) { return(null); } ProjectPermissionEditPostViewModel model = new ProjectPermissionEditPostViewModel(); updater.TryUpdateModel(model, Prefix, null, null); if (model.ProjectId == null) { updater.AddModelError(Prefix + ".ProjectId", T("ProjectId is a required field")); return(this.Editor(part, shapeHelper)); } var project = this.projectService.GetProject(model.ProjectId.Value); if (project == null) { updater.AddModelError(Prefix + ".ProjectId", T("There is no project with the given Id")); return(this.Editor(part, shapeHelper)); } bool isOperatorOrCustomer = this.crmContentOwnershipService.IsCurrentUserOperator() || this.crmContentOwnershipService.IsCurrentUserCustomer(); int currentUserId = this.orchardServices.WorkContext.CurrentUser.Id; EditContentPermissionViewModel editContentPermissionViewModel = null; if (model.VisibleToAll) { var projectContentPermissionPart = project.As <ContentItemPermissionPart>(); if (projectContentPermissionPart == null) { throw new System.ArgumentNullException("Project is not associated with ContentItemPermissionPart"); } editContentPermissionViewModel = new EditContentPermissionViewModel { AccessType = ContentItemPermissionAccessTypes.SharedForView, ContentIds = new[] { part.ContentItem.Id }, RemoveOldPermission = false }; var items = projectContentPermissionPart.Record.Items; if (items != null && items.Count > 0) { var projectUsers = items.Where(c => c.User != null).Select(c => c.User).ToList(); // if current user is an operator or customer, then he/she will have Owner/edit access,so he/she must be removed from the list // in order to prevent rewriting his privelege on the item projectUsers = isOperatorOrCustomer ? projectUsers.Where(c => c.Id != currentUserId).ToList() : projectUsers; editContentPermissionViewModel.Targets.AddRange(projectUsers.Select(c => new TargetContentItemPermissionViewModel { UserId = c.Id, Checked = true })); var projectGroups = items.Where(c => c.BusinessUnit != null).Select(c => c.BusinessUnit).ToList(); editContentPermissionViewModel.Targets.AddRange(projectGroups.Select(c => new TargetContentItemPermissionViewModel { BusinessUnitId = c.Id, Checked = true })); } } else { editContentPermissionViewModel = this.Convert(model, part.ContentItem.Id, ContentItemPermissionAccessTypes.SharedForView); } this.contentOwnershipHelper.Update(editContentPermissionViewModel, new List <ContentItem>() { part.ContentItem }); return(null); }
protected EditContentPermissionViewModel Convert(ProjectPermissionEditPostViewModel inputModel, int contentId, byte accessType) { EditContentPermissionViewModel model = new EditContentPermissionViewModel { ContentIds = new[] { contentId }, AccessType = accessType, RemoveOldPermission = false, }; bool isOperatorOrCustomer = this.crmContentOwnershipService.IsCurrentUserOperator() || this.crmContentOwnershipService.IsCurrentUserCustomer(); int currentUserId = this.orchardServices.WorkContext.CurrentUser.Id; if (inputModel.Users != null) { foreach (var user in inputModel.Users) { model.Targets.Add(new TargetContentItemPermissionViewModel { UserId = user, Checked = true }); } } if (inputModel.Customers != null) { foreach (var user in inputModel.Customers) { model.Targets.Add(new TargetContentItemPermissionViewModel { UserId = user, Checked = true }); } } if (inputModel.BusinessUnits != null) { foreach (var item in inputModel.BusinessUnits) { model.Targets.Add(new TargetContentItemPermissionViewModel { BusinessUnitId = item, Checked = true }); } } if (inputModel.Teams != null) { foreach (var item in inputModel.Teams) { model.Targets.Add(new TargetContentItemPermissionViewModel { TeamId = item, Checked = true }); } } // if current user is an operator or customer, then he/she will have Owner/edit access,so he/she must be removed from the list // in order to prevent rewriting his privelege on the item if (isOperatorOrCustomer) { var toDelete = model.Targets.Where(c => c.UserId != null && c.UserId == currentUserId); foreach (var item in toDelete) { model.Targets.Remove(item); } } return(model); }
public void Update(EditContentPermissionViewModel model, IList <ContentItem> contentItems, bool writeToActivityStream) { foreach (var contentItem in contentItems) { var snapshot = this.activityStreamService.TakeSnapshot(contentItem); var contentPermissionPart = contentItem.As <ContentItemPermissionPart>(); if (contentPermissionPart.Record.Items == null) { contentPermissionPart.Record.Items = new List <ContentItemPermissionDetailRecord>(); } var allPermissionRecords = contentPermissionPart.Record.Items; bool isAdmin = this.orchardServices.Authorizer.Authorize(Permissions.AdvancedOperatorPermission); int userId = this.orchardServices.WorkContext.CurrentUser.Id; var currentUserPermissions = isAdmin ? allPermissionRecords.ToList() : this.GetUserPermissionRecordsForItem(contentItem, userId).ToList(); var targets = model.Targets.Where(c => c.Checked).ToList(); bool hasAssignee = allPermissionRecords.Any(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee); // if item has assignee and there are some permissions for the item, but none of them belongs to the user, then the user doesn't have access to the item if (allPermissionRecords.Count > 0 && hasAssignee) { if (!isAdmin && currentUserPermissions.Count(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee || c.AccessType == ContentItemPermissionAccessTypes.SharedForEdit) == 0) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } // only assignee can change the assignee if (!isAdmin && currentUserPermissions.Count(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee) == 0 && model.AccessType == ContentItemPermissionAccessTypes.Assignee) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } } else { // if there is no permission for current user, then he/she must have a EditShare permission if (model.Targets.Count(c => c.UserId == userId) == 0 && !allPermissionRecords.Any(c => c.User != null && c.User.Id == userId)) { ContentItemPermissionDetailRecord newPermission = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.SharedForEdit, ContentItemPermissionPartRecord = contentPermissionPart.Record, User = new Users.Models.UserPartRecord { Id = userId } }; contentPermissionPart.Record.Items.Add(newPermission); this.Create(newPermission, contentItem, false); } } foreach (var item in targets) { int?[] temp = new int?[] { item.BusinessUnitId, item.TeamId, item.UserId }; if (temp.Count(c => c.HasValue) != 1) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } // try to find a permission with the same user, team and business values, if there is such permission, we // must not create a new permission and we just have to change the AccessType of the exsiting one var existingPermission = allPermissionRecords.FirstOrDefault(d => ((item.TeamId == null && d.Team == null) || (item.TeamId.HasValue && d.Team != null && item.TeamId.Value == d.Team.Id)) && ((item.BusinessUnitId == null && d.BusinessUnit == null) || (item.BusinessUnitId.HasValue && d.BusinessUnit != null && item.BusinessUnitId.Value == d.BusinessUnit.Id)) && ((item.UserId == null && d.User == null) || (item.UserId.HasValue && d.User != null && item.UserId.Value == d.User.Id)) ); if (existingPermission != null) { existingPermission.AccessType = model.AccessType; // we should remove the permission from currentUserPermissions in order to prevent it to be deleted currentUserPermissions.Remove(existingPermission); continue; } // setting the parent doesn't have been done. ContentItemPermissionDetailRecord newPermission = new ContentItemPermissionDetailRecord { AccessType = model.AccessType, ContentItemPermissionPartRecord = contentPermissionPart.Record }; if (item.BusinessUnitId.HasValue) { var businessUnitRecord = this.basicDataService.GetBusinessUnits().Select(c => c.As <BusinessUnitPart>()).FirstOrDefault(c => c.Id == item.BusinessUnitId.Value); if (businessUnitRecord != null) { newPermission.BusinessUnit = new BusinessUnitPartRecord { Id = item.BusinessUnitId.Value, Name = businessUnitRecord.Name }; } } if (item.TeamId.HasValue) { var teamRecord = this.basicDataService.GetTeams().Select(c => c.As <TeamPart>()).FirstOrDefault(c => c.Id == item.TeamId.Value); if (teamRecord != null) { newPermission.Team = new TeamPartRecord { Id = item.TeamId.Value, Name = teamRecord.Name }; } } if (item.UserId.HasValue) { var userRecord = this.userRepository.Table.FirstOrDefault(c => c.Id == item.UserId.Value); if (userRecord != null) { newPermission.User = new Users.Models.UserPartRecord { Id = item.UserId.Value, UserName = userRecord.UserName, Email = userRecord.Email }; } } contentPermissionPart.Record.Items.Add(newPermission); this.Create(newPermission, contentItem, true); } if (model.AccessType == ContentItemPermissionAccessTypes.Assignee) { if (model.RemoveOldPermission) { // remove previous assignee and sharedForEdit permissions foreach (var permission in currentUserPermissions.Where(c => c.AccessType != ContentItemPermissionAccessTypes.SharedForView)) { contentPermissionPart.Record.Items.Remove(permission); this.permissionDetailRecordRepository.Delete(permission); } } else { foreach (var permission in currentUserPermissions.Where(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee)) { permission.AccessType = ContentItemPermissionAccessTypes.SharedForEdit; } } } contentPermissionPart.Record.HasOwner = contentPermissionPart .Record .Items .Count(d => d.AccessType == ContentItemPermissionAccessTypes.Assignee && (d.User != null || d.Team != null || d.BusinessUnit != null)) > 0; this.permissionDetailRecordRepository.Flush(); if (writeToActivityStream) { this.activityStreamService.WriteChangesToStreamActivity(contentItem, snapshot, StreamWriters.ContentItemPermissionStreamWriter); } } }
public void Update(EditContentPermissionViewModel model, IList <ContentItem> contentItems) { this.Update(model, contentItems, true); }
protected void EditOwner(ContentItem contentItem, PostedEditOwnerViewModel model, bool createMode, bool writeToActivityStream) { EditContentPermissionViewModel editContentPermissionViewModel = new EditContentPermissionViewModel(); editContentPermissionViewModel.AccessType = ContentItemPermissionAccessTypes.Assignee; editContentPermissionViewModel.RemoveOldPermission = false; if (model.UserId.HasValue) { editContentPermissionViewModel.Targets.Add(new TargetContentItemPermissionViewModel { UserId = model.UserId.Value, Checked = true }); } else if (!string.IsNullOrEmpty(model.GroupId)) { var targetContentItemPermissionViewModel = Converter.DecodeGroupId(model.GroupId); if (targetContentItemPermissionViewModel != null) { editContentPermissionViewModel.Targets.Add(targetContentItemPermissionViewModel); } } // try to check that the owner is changed in the model or not bool ownerIsChanged = false; var contentItemPermissionPart = contentItem.As <ContentItemPermissionPart>(); if (contentItemPermissionPart.Record.Items == null) { contentItemPermissionPart.Record.Items = new List <ContentItemPermissionDetailRecord>(); } var currentPermissionItems = contentItemPermissionPart.Record.Items.Where(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee).ToList(); foreach (var target in editContentPermissionViewModel.Targets) { // user of the model doesn't exist in the current items if (target.UserId.HasValue && currentPermissionItems.Count(c => c.User != null && c.User.Id == target.UserId.Value) == 0) { ownerIsChanged = true; break; } // team of the model doesn't exist in the current items if (target.TeamId.HasValue && currentPermissionItems.Count(c => c.Team != null && c.Team.Id == target.TeamId.Value) == 0) { ownerIsChanged = true; break; } // businessUnit of the model doesn't exist in the current items if (target.BusinessUnitId.HasValue && currentPermissionItems.Count(c => c.BusinessUnit != null && c.BusinessUnit.Id == target.BusinessUnitId.Value) == 0) { ownerIsChanged = true; break; } } // owner is set to null if (currentPermissionItems.Count > 0 && editContentPermissionViewModel.Targets.Count == 0) { ownerIsChanged = true; } // return in case owner doesn't change if (!ownerIsChanged) { return; } if (createMode || this.contentOwnershipHelper.IsChangingPermissionsValid(editContentPermissionViewModel, new[] { contentItem }, ModelState)) { this.contentOwnershipHelper.Update(editContentPermissionViewModel, new[] { contentItem }, writeToActivityStream); } }