/// <summary>
/// This performs the calculations for inherited nodes based on this
/// http://issues.umbraco.org/issue/U4-10075#comment=67-40085
/// </summary>
/// <param name="groupPermissions"></param>
/// <param name="pathIds"></param>
/// <returns></returns>
internal static EntityPermissionSet CalculatePermissionsForPathForUser(
EntityPermission[] groupPermissions,
int[] pathIds)
{
// not sure this will ever happen, it shouldn't since this should return defaults, but maybe those are empty?
if (groupPermissions.Length == 0 || pathIds.Length == 0)
{
return(EntityPermissionSet.Empty());
}
// The actual entity id being looked at (deepest part of the path)
var entityId = pathIds[0];
var resultPermissions = new EntityPermissionCollection();
// create a grouped by dictionary of another grouped by dictionary
var permissionsByGroup = groupPermissions
.GroupBy(x => x.UserGroupId)
.ToDictionary(
x => x.Key,
x => x.GroupBy(a => a.EntityId).ToDictionary(a => a.Key, a => a.ToArray()));
// iterate through each group
foreach (KeyValuePair <int, Dictionary <int, EntityPermission[]> > byGroup in permissionsByGroup)
{
var added = false;
// iterate deepest to shallowest
foreach (var pathId in pathIds)
{
if (byGroup.Value.TryGetValue(pathId, out EntityPermission[]? permissionsForNodeAndGroup) == false)
public void Access_Allowed_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A", "F", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
var userServiceMock = new Mock <IUserService>();
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result);
}
public void No_Access_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9, startContentId: 9876);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void Throws_Exception_When_No_Content_Found()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act/assert
Assert.Throws <HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }));
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' });
//assert
Assert.IsFalse(result);
}
public void Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' });
//assert
Assert.IsTrue(result);
}
private bool CurrentUserHasPermissions(EntityPermissionCollection permissionResults, int nodeId)
{
//This is done for us in 7.7.2
var perms = permissionResults.Where(x => x.EntityId == nodeId).SelectMany(x => x.AssignedPermissions).Distinct().ToArray();
return(perms.Any(x => x == "F"));
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
// Arrange
IUser user = CreateUser(withUserGroup: false);
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
internal void FilterBasedOnPermissions(IList items, IUser user)
{
var length = items.Count;
if (length > 0)
{
var ids = new List <int>();
for (var i = 0; i < length; i++)
{
ids.Add(((dynamic)items[i] !).Id);
}
//get all the permissions for these nodes in one call
EntityPermissionCollection permissions = _userService.GetPermissions(user, ids.ToArray());
var toRemove = new List <dynamic>();
foreach (dynamic item in items)
{
//get the combined permission set across all user groups for this node
//we're in the world of dynamics here so we need to cast
var nodePermission = ((IEnumerable <string>)permissions.GetAllPermissions(item.Id)).ToArray();
//if the permission being checked doesn't exist then remove the item
if (nodePermission.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false)
{
toRemove.Add(item);
}
}
foreach (dynamic item in toRemove)
{
items.Remove(item);
}
}
}
public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(-20, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'B' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result);
}
public void No_Content_Found()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.NotFound, result);
}
public void No_Access_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A", "B", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void Access_To_Root_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1")).Returns(permissionSet);
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(-1, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'A' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result);
}
private bool HasPermissions(EntityPermissionCollection permissionResults, int nodeId)
{
var forNode = permissionResults.Where(x => x.EntityId == nodeId).ToList();
var permissions = forNode.SelectMany(x => x.AssignedPermissions).ToList();
return(permissions.Contains("F"));
}
public void No_Content_Found()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result);
}
public Dictionary <int, string[]> GetPermissions(int[] nodeIds)
{
EntityPermissionCollection permissions = _userService
.GetPermissions(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, nodeIds);
var permissionsDictionary = new Dictionary <int, string[]>();
foreach (var nodeId in nodeIds)
{
var aggregatePerms = permissions.GetAllPermissions(nodeId).ToArray();
permissionsDictionary.Add(nodeId, aggregatePerms);
}
return(permissionsDictionary);
}
/// <summary>
/// Returns explicitly defined permissions for a user group for any number of nodes
/// </summary>
/// <param name="groupIds">
/// The group ids to lookup permissions for
/// </param>
/// <param name="entityIds"></param>
/// <returns></returns>
/// <remarks>
/// This method will not support passing in more than 2000 group IDs when also passing in entity IDs.
/// </remarks>
public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds)
{
var result = new EntityPermissionCollection();
if (entityIds.Length == 0)
{
foreach (IEnumerable <int> group in groupIds.InGroupsOf(Constants.Sql.MaxParameterCount))
{
Sql <ISqlContext> sql = Sql()
.SelectAll()
.From <UserGroup2NodeDto>()
.LeftJoin <UserGroup2NodePermissionDto>().On <UserGroup2NodeDto, UserGroup2NodePermissionDto>(
(left, right) => left.NodeId == right.NodeId && left.UserGroupId == right.UserGroupId)
.Where <UserGroup2NodeDto>(dto => group.Contains(dto.UserGroupId));
List <UserGroup2NodePermissionDto> permissions =
AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (EntityPermission permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
}
else
{
foreach (IEnumerable <int> group in entityIds.InGroupsOf(Constants.Sql.MaxParameterCount -
groupIds.Length))
{
Sql <ISqlContext> sql = Sql()
.SelectAll()
.From <UserGroup2NodeDto>()
.LeftJoin <UserGroup2NodePermissionDto>().On <UserGroup2NodeDto, UserGroup2NodePermissionDto>(
(left, right) => left.NodeId == right.NodeId && left.UserGroupId == right.UserGroupId)
.Where <UserGroup2NodeDto>(dto =>
groupIds.Contains(dto.UserGroupId) && group.Contains(dto.NodeId));
List <UserGroup2NodePermissionDto> permissions =
AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (EntityPermission permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
}
return(result);
}
private static EntityPermissionCollection ConvertToPermissionList(IEnumerable <UserGroup2NodePermissionDto> result)
{
var permissions = new EntityPermissionCollection();
var nodePermissions = result.GroupBy(x => x.NodeId);
foreach (var np in nodePermissions)
{
var userGroupPermissions = np.GroupBy(x => x.UserGroupId);
foreach (var permission in userGroupPermissions)
{
var perms = permission.Select(x => x.Permission).Distinct().ToArray();
permissions.Add(new EntityPermission(permission.Key, np.Key, perms));
}
}
return(permissions);
}
public void Filter_On_Permissions()
{
var list = new List <ContentItemBasic>();
for (var i = 0; i < 10; i++)
{
list.Add(new ContentItemBasic {
Id = i, Name = "Test" + i, ParentId = -1
});
}
var ids = list.Select(x => (int)x.Id).ToArray();
IUser user = CreateUser(id: 9, startContentId: 0);
var userServiceMock = new Mock <IUserService>();
// We're only assigning 3 nodes browse permissions so that is what we expect as a result
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1, new string[] { ActionBrowse.ActionLetter.ToString() }),
new EntityPermission(9876, 2, new string[] { ActionBrowse.ActionLetter.ToString() }),
new EntityPermission(9876, 3, new string[] { ActionBrowse.ActionLetter.ToString() }),
new EntityPermission(9876, 4, new string[] { ActionUpdate.ActionLetter.ToString() })
};
userServiceMock.Setup(x => x.GetPermissions(user, ids)).Returns(permissions);
IUserService userService = userServiceMock.Object;
var att = new FilterAllowedOutgoingContentFilter(
list.GetType(),
null,
ActionBrowse.ActionLetter,
userService,
Mock.Of <IEntityService>(),
AppCaches.Disabled,
Mock.Of <IBackOfficeSecurityAccessor>());
att.FilterBasedOnPermissions(list, user);
Assert.AreEqual(3, list.Count);
Assert.AreEqual(1, list.ElementAt(0).Id);
Assert.AreEqual(2, list.ElementAt(1).Id);
Assert.AreEqual(3, list.ElementAt(2).Id);
}
/// <summary>
/// Returns explicitly defined permissions for a user group for any number of nodes
/// </summary>
/// <param name="groupIds">
/// The group ids to lookup permissions for
/// </param>
/// <param name="entityIds"></param>
/// <returns></returns>
/// <remarks>
/// This method will not support passing in more than 2000 group Ids
/// </remarks>
public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds)
{
var result = new EntityPermissionCollection();
foreach (var groupOfGroupIds in groupIds.InGroupsOf(2000))
{
//copy local
var localIds = groupOfGroupIds.ToArray();
if (entityIds.Length == 0)
{
var sql = Sql()
.SelectAll()
.From <UserGroup2NodePermissionDto>()
.Where <UserGroup2NodePermissionDto>(dto => localIds.Contains(dto.UserGroupId));
var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (var permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
else
{
//iterate in groups of 2000 since we don't want to exceed the max SQL param count
foreach (var groupOfEntityIds in entityIds.InGroupsOf(2000))
{
var ids = groupOfEntityIds;
var sql = Sql()
.SelectAll()
.From <UserGroup2NodePermissionDto>()
.Where <UserGroup2NodePermissionDto>(dto => localIds.Contains(dto.UserGroupId) && ids.Contains(dto.NodeId));
var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (var permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
}
}
return(result);
}
public void Filter_On_Permissions()
{
var list = new List <dynamic>();
for (var i = 0; i < 10; i++)
{
list.Add(new ContentItemBasic {
Id = i, Name = "Test" + i, ParentId = -1
});
}
var ids = list.Select(x => (int)x.Id).ToArray();
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new int[0]);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
//we're only assigning 3 nodes browse permissions so that is what we expect as a result
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1, new string[] { "F" }),
new EntityPermission(9876, 2, new string[] { "F" }),
new EntityPermission(9876, 3, new string[] { "F" }),
new EntityPermission(9876, 4, new string[] { "A" })
};
userServiceMock.Setup(x => x.GetPermissions(user, ids)).Returns(permissions);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable <ContentItemBasic>), userService, entityService);
att.FilterBasedOnPermissions(list, user);
Assert.AreEqual(3, list.Count);
Assert.AreEqual(1, list.ElementAt(0).Id);
Assert.AreEqual(2, list.ElementAt(1).Id);
Assert.AreEqual(3, list.ElementAt(2).Id);
}
/// <summary>
/// Gets explicit and default permissions (if requested) permissions for the group for specified entities
/// </summary>
/// <param name="groups"></param>
/// <param name="fallbackToDefaultPermissions">If true will include the group's default permissions if no permissions are explicitly assigned</param>
/// <param name="nodeIds">Array of entity Ids, if empty will return permissions for the group for all entities</param>
public EntityPermissionCollection GetPermissions(IReadOnlyUserGroup[] groups, bool fallbackToDefaultPermissions, params int[] nodeIds)
{
if (groups == null)
{
throw new ArgumentNullException(nameof(groups));
}
var groupIds = groups.Select(x => x.Id).ToArray();
var explicitPermissions = GetPermissions(groupIds, nodeIds);
var result = new EntityPermissionCollection(explicitPermissions);
// If requested, and no permissions are assigned to a particular node, then we will fill in those permissions with the group's defaults
if (fallbackToDefaultPermissions)
{
//if no node ids are passed in, then we need to determine the node ids for the explicit permissions set
nodeIds = nodeIds.Length == 0
? explicitPermissions.Select(x => x.EntityId).Distinct().ToArray()
: nodeIds;
//if there are still no nodeids we can just exit
if (nodeIds.Length == 0)
{
return(result);
}
foreach (var group in groups)
{
foreach (var nodeId in nodeIds)
{
// TODO: We could/should change the EntityPermissionsCollection into a KeyedCollection and they key could be
// a struct of the nodeid + groupid so then we don't actually allocate this class just to check if it's not
// going to be included in the result!
var defaultPermission = new EntityPermission(group.Id, nodeId, group.Permissions.ToArray(), isDefaultPermissions: true);
//Since this is a hashset, this will not add anything that already exists by group/node combination
result.Add(defaultPermission);
}
}
}
return(result);
}
private static EntityPermissionCollection ConvertToPermissionList(
IEnumerable <UserGroup2NodePermissionDto> result)
{
var permissions = new EntityPermissionCollection();
IEnumerable <IGrouping <int, UserGroup2NodePermissionDto> > nodePermissions = result.GroupBy(x => x.NodeId);
foreach (IGrouping <int, UserGroup2NodePermissionDto> np in nodePermissions)
{
IEnumerable <IGrouping <int, UserGroup2NodePermissionDto> > userGroupPermissions =
np.GroupBy(x => x.UserGroupId);
foreach (IGrouping <int, UserGroup2NodePermissionDto> permission in userGroupPermissions)
{
var perms = permission.Select(x => x.Permission).Distinct().ToArray();
// perms can contain null if there are no permissions assigned, but the node is chosen in the UI.
permissions.Add(new EntityPermission(permission.Key, np.Key, perms.WhereNotNull().ToArray()));
}
}
return(permissions);
}
/// <summary>
/// Returns explicitly defined permissions for a user group for any number of nodes
/// </summary>
/// <param name="groupIds">
/// The group ids to lookup permissions for
/// </param>
/// <param name="entityIds"></param>
/// <returns></returns>
/// <remarks>
/// This method will not support passing in more than 2000 group IDs when also passing in entity IDs.
/// </remarks>
public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds)
{
var result = new EntityPermissionCollection();
if (entityIds.Length == 0)
{
foreach (var group in groupIds.InGroupsOf(Constants.Sql.MaxParameterCount))
{
var sql = Sql()
.SelectAll()
.From <UserGroup2NodePermissionDto>()
.Where <UserGroup2NodePermissionDto>(dto => group.Contains(dto.UserGroupId));
var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (var permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
}
else
{
foreach (var group in entityIds.InGroupsOf(Constants.Sql.MaxParameterCount - groupIds.Length))
{
var sql = Sql()
.SelectAll()
.From <UserGroup2NodePermissionDto>()
.Where <UserGroup2NodePermissionDto>(dto => groupIds.Contains(dto.UserGroupId) && group.Contains(dto.NodeId));
var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql);
foreach (var permission in ConvertToPermissionList(permissions))
{
result.Add(permission);
}
}
}
return(result);
}
internal UserToNodeAccessHelper(IUser currentUser, IUserService userService, IEnumerable <IUmbracoNodeWithPermissions> nodes)
{
_permissions = userService.GetPermissions(currentUser, AllNodeIdsFromPath(nodes));
}
public ContentPermissionSet(IContent content, EntityPermissionCollection permissionsSet)
: base(content.Id, permissionsSet) =>
