public async Task Invoke(HttpContext context, IAuthorizationService authorizationService) { if(context.Request.Path.StartsWithSegments(_path)) { if(await authorizationService.AuthorizeAsync(context.User, null, _policy)) { await _next(context); } } }
public async Task Invoke(HttpContext httpContext, IAuthorizationService authorizationService) { if(httpContext.Request.Path.StartsWithSegments(_path)) { var authorized = await authorizationService.AuthorizeAsync( httpContext.User, null, _policyName); if (!authorized) { await httpContext.Authentication.ChallengeAsync(); return; } } await _next(httpContext); }
public async Task Invoke(HttpContext httpContext, IAuthorizationService authorizationService) { var middlewarePlugins = new List<IMiddlewarePlugin>(); foreach (var record in _settings.Value.GlobalPath.OptIn) { foreach (var path in record.Paths) { if (httpContext.Request.Path.StartsWithSegments(path)) { // gotcha. var authorized = await authorizationService.AuthorizeAsync( httpContext.User, null, _policyName); if (!authorized) { await httpContext.Authentication.ChallengeAsync(); return; } } } } await _next(httpContext); }
public async Task <SaveSiteAccountResponse> Save([FromBody] SaveSiteAccountRequest request) { SaveSiteAccountResponse response = new SaveSiteAccountResponse(); if (response.InitializeFromModelStateIfInvalid(ModelState)) { return(response); } if (request.ShouldUpdateAllProps) { await _siteAccountUpsert.ExecuteAsync(request.SiteAccount); } else { var existingSite = _siteAccountSearch.Execute(new SiteAccountSearchCriteria { IncludedSiteAccounts = new List <Guid> { request.SiteAccount.ID } }).First(); request.SiteAccount.CopyProperties(existingSite, (propInfo, source, target) => request.PropsToUpdate.Contains(propInfo.Name)); if (request.SiteAccountUserAccounts.Any(saua => saua.RoleID != Role.GuestRoleID || saua.IsActive)) { string email = User.FindFirst(c => c.Type == ClaimTypes.Email)?.Value; UserAccount user = await _userAccountGetByEmail.ExecuteAsync(email, true); AuthorizationResult authResult = await _authorizationService.AuthorizeAsync(User, new SiteAccountUserAccountRoleModel { SiteAccountID = request.SiteAccount.ID, UserAccount = user }, new SiteAccountRoleRequirement(new Role[] { Role.AdminRole, Role.OwnerRole, Role.BasicRole })); if (!authResult.Succeeded) { return new SaveSiteAccountResponse { ResponseError = new ResponseError { ErrorMessage = "Not Authed" } } } ; } foreach (var saua in request.SiteAccountUserAccounts) { saua.SiteAccountID = existingSite.ID; var existingSiteUser = existingSite.SiteAccountUserAccounts.FirstOrDefault(user => user.UserAccountID == saua.UserAccountID); if (existingSiteUser != null) { existingSite.SiteAccountUserAccounts.Remove(existingSiteUser); } existingSite.SiteAccountUserAccounts.Add(saua); } await _siteAccountUpsert.ExecuteAsync(existingSite); } return(response); } }
private async Task <IEnumerable <ContentTypeDefinition> > GetCreatableTypesAsync() { var creatable = new List <ContentTypeDefinition>(); foreach (var ctd in _contentDefinitionManager.ListTypeDefinitions()) { if (ctd.Settings.ToObject <ContentTypeSettings>().Creatable) { var authorized = await _authorizationService.AuthorizeAsync(User, Permissions.EditContent, _contentManager.New(ctd.Name)); if (authorized) { creatable.Add(ctd); } } } return(creatable); }
public async Task <ActionResult> Index() { var installThemes = await _authorizationService.AuthorizeAsync(User, StandardPermissions.SiteOwner); // only site owners if (!installThemes) { return(Forbid()); } var currentSiteThemeExtensionInfo = await _siteThemeService.GetSiteThemeAsync(); var currentAdminThemeExtensionInfo = await _adminThemeService.GetAdminThemeAsync(); var currentAdminTheme = currentAdminThemeExtensionInfo != null ? new ThemeEntry(currentAdminThemeExtensionInfo) : default(ThemeEntry); var currentSiteTheme = currentSiteThemeExtensionInfo != null ? new ThemeEntry(currentSiteThemeExtensionInfo) : default(ThemeEntry); var enabledFeatures = await _shellFeaturesManager.GetEnabledFeaturesAsync(); var themes = (await _shellFeaturesManager.GetAvailableFeaturesAsync()) .Where(f => { if (!f.IsTheme()) { return(false); } var tags = f.Extension.Manifest.Tags.ToArray(); var isHidden = tags.Any(t => String.Equals(t, "hidden", StringComparison.OrdinalIgnoreCase)); if (isHidden) { return(false); } return(true); }) .Select(f => { var isAdmin = IsAdminTheme(f.Extension.Manifest); var themeId = isAdmin ? currentAdminTheme?.Extension.Id : currentSiteTheme?.Extension.Id; var isCurrent = f.Id == themeId; var isEnabled = enabledFeatures.Any(e => e.Id == f.Id); var themeEntry = new ThemeEntry(f.Extension) { Enabled = isEnabled, CanUninstall = installThemes, IsAdmin = isAdmin, IsCurrent = isCurrent }; return(themeEntry); }) .OrderByDescending(t => t.IsCurrent); var model = new SelectThemesViewModel { CurrentSiteTheme = currentSiteTheme, CurrentAdminTheme = currentAdminTheme, Themes = themes }; return(View(model)); }
public static async Task <bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, IEnumerable <IAuthorizationRequirement> requirements) { return((await authorizationService.AuthorizeAsync(resource, requirements)).Succeeded); }
public async Task <bool> GetModifyAuthorization() { return((await _authorizationService.AuthorizeAsync(User, Authorizations.Administrator)).Succeeded); }
public async Task ShouldNotAllow_SesshinRead_WhenNotAccountant() { //Arrange //Act var allowed = await _authorizationService.AuthorizeAsync(_user, new Sesshin(), UserOperations.Read); // Assert Assert.False(allowed.Succeeded); }
public async Task <IActionResult> Pin(string id) { // Ensure we have a valid id var ok = int.TryParse(id, out var entityId); if (!ok) { return(NotFound()); } var topic = await _entityStore.GetByIdAsync(entityId); // Ensure the topic exists if (topic == null) { return(NotFound()); } // Ensure we have permission if (!await _authorizationService.AuthorizeAsync(User, topic.CategoryId, ModeratorPermissions.PinTopics)) { return(Unauthorized()); } var user = await _contextFacade.GetAuthenticatedUserAsync(); // Update topic topic.ModifiedUserId = user?.Id ?? 0; topic.ModifiedDate = DateTimeOffset.UtcNow; topic.IsPinned = true; // Save changes and return results var result = await _topicManager.UpdateAsync(topic); if (result.Succeeded) { _alerter.Success(T["Topic Pinned Successfully"]); } else { _alerter.Danger(T["Could not remove topic from SPAM"]); } // Redirect back to topic return(Redirect(_contextFacade.GetRouteUrl(new RouteValueDictionary() { ["area"] = "Plato.Discuss", ["controller"] = "Home", ["action"] = "Display", ["opts.id"] = topic.Id, ["opts.alias"] = topic.Alias }))); }
public async Task <IActionResult> Index() { if (!await _authorizationService.AuthorizeAsync(User, Permissions.ManageOwnMedia)) { return(Unauthorized()); } return(View()); }
public override async Task <IViewProviderResult> BuildDisplayAsync(Topic topic, IViewProviderContext context) { var viewModel = context.Controller.HttpContext.Items[typeof(EntityViewModel <Topic, Reply>)] as EntityViewModel <Topic, Reply>; if (viewModel == null) { throw new Exception($"A view model of type {typeof(EntityViewModel<Topic, Reply>).ToString()} has not been registered on the HttpContext!"); } // Get the entity we are viewing var entity = await _entityStore.GetByIdAsync(topic.Id); // Ensure we found the entity if (entity == null) { return(default(IViewProviderResult)); } // Get search settings var searchSettings = await _searchSettingsStore.GetAsync(); // Build keywords to search var keywordList = entity.Title .ToDistinctList() .StripCommonWords() .ToList(); // Configured search method var searchType = SearchTypes.Tsql; if (searchSettings != null) { searchType = searchSettings.SearchType; } // Default sort by var sort = SortBy.LastReply; if (searchType != SearchTypes.Tsql) { sort = SortBy.Rank; } // Get similar entities var entities = await _entityService .ConfigureDb(o => { o.SearchType = searchType; }) .ConfigureQuery(async q => { // Hide current entity q.Id.NotEqual(entity.Id); // Hide private? if (!await _authorizationService.AuthorizeAsync(context.Controller.HttpContext.User, Permissions.ViewPrivateTopics)) { q.HidePrivate.True(); } // Hide hidden? if (!await _authorizationService.AuthorizeAsync(context.Controller.HttpContext.User, Permissions.ViewHiddenTopics)) { q.HideHidden.True(); } // Hide spam? if (!await _authorizationService.AuthorizeAsync(context.Controller.HttpContext.User, Permissions.ViewSpamTopics)) { q.HideSpam.True(); } // Hide deleted? if (!await _authorizationService.AuthorizeAsync(context.Controller.HttpContext.User, Permissions.ViewDeletedTopics)) { q.HideDeleted.True(); } // Search for similar entities if (keywordList.Count > 0) { var keywords = String.Join(" ", keywordList.ToArray()); q.Keywords.Like(keywords); } }) .GetResultsAsync( new EntityIndexOptions() { FeatureId = entity.FeatureId, Sort = sort }, new PagerOptions() { Page = 1, Size = 10 }); // Build similar topics view model var similarEntitiesViewModel = new SimilarEntitiesViewModel() { Results = entities }; // Return view return(Views( View <SimilarEntitiesViewModel>("Topic.Similar.Display.Sidebar", model => similarEntitiesViewModel).Zone("sidebar").Order(6) )); }
async Task <IEnumerable <IUser> > ReduceUsersAsync(IEnumerable <Follows.Models.Follow> follows, TEntityReply reply) { // We always need follows to process if (follows == null) { return(null); } // Get entity for reply var entity = await _entityStore.GetByIdAsync(reply.EntityId); // No need to send notifications if the entity is hidden if (entity.IsHidden()) { return(null); } // Get all users following the entity // Exclude the author so they are not notified of there own posts var users = await _platoUserStore.QueryAsync() .Select <UserQueryParams>(q => { q.Id.IsIn(follows .Select(f => f.CreatedUserId) .ToArray()); }) .ToList(); // No users to further process if (users?.Data == null) { return(null); } // Build users reducing for permissions var result = new Dictionary <int, IUser>(); foreach (var user in users.Data) { if (!result.ContainsKey(user.Id)) { result.Add(user.Id, user); } // If the entity is hidden but the user does // not have permission to view hidden entities if (reply.IsHidden) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Discuss.Permissions.ViewHiddenReplies)) { result.Remove(user.Id); } } // The entity has been flagged as SPAM but the user does // not have permission to view entities flagged as SPAM if (reply.IsSpam) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Discuss.Permissions.ViewSpamReplies)) { result.Remove(user.Id); } } // The entity is soft deleted but the user does // not have permission to view soft deleted entities if (reply.IsDeleted) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Discuss.Permissions.ViewDeletedReplies)) { result.Remove(user.Id); } } } return(result.Count > 0 ? result.Values : null); }
public async Task <ActionResult> Index() { var installThemes = await _authorizationService.AuthorizeAsync(User, StandardPermissions.SiteOwner); // only site owners if (!installThemes) { return(Forbid()); } //&& _shellSettings.Name == ShellSettings.; // of the default tenant //&& _featureManager.GetEnabledFeatures().FirstOrDefault(f => f.Id == "PackagingServices") != null //var featuresThatNeedUpdate = _dataMigrationManager.GetFeaturesThatNeedUpdate(); var currentSiteThemeExtensionInfo = await _siteThemeService.GetSiteThemeAsync(); var currentAdminThemeExtensionInfo = await _adminThemeService.GetAdminThemeAsync(); var currentAdminTheme = currentAdminThemeExtensionInfo != null ? new ThemeEntry(currentAdminThemeExtensionInfo) : default(ThemeEntry); var currentSiteTheme = currentSiteThemeExtensionInfo != null ? new ThemeEntry(currentSiteThemeExtensionInfo) : default(ThemeEntry); var enabledFeatures = await _shellFeaturesManager.GetEnabledFeaturesAsync(); var themes = _extensionManager.GetExtensions().OfType <IThemeExtensionInfo>().Where(extensionDescriptor => { var tags = extensionDescriptor.Manifest.Tags.ToArray(); var isHidden = tags.Any(x => string.Equals(x, "hidden", StringComparison.OrdinalIgnoreCase)); // Is the theme allowed for this tenant? // allowed = _shellSettings.Themes.Length == 0 || _shellSettings.Themes.Contains(extensionDescriptor.Id); return(!isHidden); }) .Select(extensionDescriptor => { var isAdmin = IsAdminTheme(extensionDescriptor.Manifest); var themeId = isAdmin ? currentAdminTheme?.Extension.Id : currentSiteTheme?.Extension.Id; var isCurrent = extensionDescriptor.Id == themeId; var isEnabled = enabledFeatures.Any(x => x.Extension.Id == extensionDescriptor.Id); var themeEntry = new ThemeEntry(extensionDescriptor) { //NeedsUpdate = featuresThatNeedUpdate.Contains(extensionDescriptor.Id), //IsRecentlyInstalled = _themeService.IsRecentlyInstalled(extensionDescriptor), Enabled = isEnabled, CanUninstall = installThemes, IsAdmin = isAdmin, IsCurrent = isCurrent }; //if (_extensionDisplayEventHandler != null) //{ // foreach (string notification in _extensionDisplayEventHandler.Displaying(themeEntry.Descriptor, ControllerContext.RequestContext)) // { // themeEntry.Notifications.Add(notification); // } //} return(themeEntry); }) .OrderByDescending(x => x.IsCurrent); var model = new SelectThemesViewModel { CurrentSiteTheme = currentSiteTheme, CurrentAdminTheme = currentAdminTheme, Themes = themes }; return(View(model)); }
private async Task <bool> CanUseInternalLightning() { return((await _settingsRepository.GetPolicies()).AllowLightningInternalNodeForAll || (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanUseInternalLightningNode))).Succeeded); }
public async Task <IActionResult> Index() { ViewData["Title"] = sr["Content Settings"]; var projectSettings = await projectService.GetCurrentProjectSettings(); var model = new ContentSettingsViewModel(); model.ChannelCategoriesCsv = projectSettings.ChannelCategoriesCsv; //model.ChannelRating = projectSettings.ChannelRating; //model.ChannelTimeToLive = projectSettings.ChannelTimeToLive; model.CommentNotificationEmail = projectSettings.CommentNotificationEmail; model.DaysToComment = projectSettings.DaysToComment; model.Description = projectSettings.Description; model.IncludePubDateInPostUrls = projectSettings.IncludePubDateInPostUrls; model.LanguageCode = projectSettings.LanguageCode; model.ManagingEditorEmail = projectSettings.ManagingEditorEmail; model.ModerateComments = projectSettings.ModerateComments; model.PostsPerPage = projectSettings.PostsPerPage; model.PubDateFormat = projectSettings.PubDateFormat; //model.RemoteFeedProcessorUseAgentFragment = projectSettings.RemoteFeedProcessorUseAgentFragment; model.RemoteFeedUrl = projectSettings.RemoteFeedUrl; model.ShowTitle = projectSettings.ShowTitle; model.Title = projectSettings.Title; //aka Blog Page Title //model.UseMetaDescriptionInFeed = projectSettings.UseMetaDescriptionInFeed; model.WebmasterEmail = projectSettings.WebmasterEmail; model.Publisher = projectSettings.Publisher; model.PublisherLogoUrl = projectSettings.PublisherLogoUrl; model.PublisherLogoHeight = projectSettings.PublisherLogoHeight; model.PublisherLogoWidth = projectSettings.PublisherLogoWidth; model.PublisherEntityType = projectSettings.PublisherEntityType; model.DisqusShortName = projectSettings.DisqusShortName; model.PostsPerPage = projectSettings.PostsPerPage; model.BlogMenuLinksToNewestPost = projectSettings.BlogMenuLinksToNewestPost; model.DefaultPageSlug = projectSettings.DefaultPageSlug; model.ShowRecentPostsOnDefaultPage = projectSettings.ShowRecentPostsOnDefaultPage; model.ShowFeaturedPostsOnDefaultPage = projectSettings.ShowFeaturedPostsOnDefaultPage; model.AddBlogToPagesTree = projectSettings.AddBlogToPagesTree; model.BlogPagePosition = projectSettings.BlogPagePosition; model.BlogPageText = projectSettings.BlogPageText; model.BlogPageNavComponentVisibility = projectSettings.BlogPageNavComponentVisibility; model.LocalMediaVirtualPath = projectSettings.LocalMediaVirtualPath; model.CdnUrl = projectSettings.CdnUrl; model.FacebookAppId = projectSettings.FacebookAppId; model.SiteName = projectSettings.SiteName; model.TwitterCreator = projectSettings.TwitterCreator; model.TwitterPublisher = projectSettings.TwitterPublisher; model.DefaultContentType = projectSettings.DefaultContentType; model.TeasersDisabled = _teasersDisabled; model.TeaserMode = projectSettings.TeaserMode; model.TeaserTruncationMode = projectSettings.TeaserTruncationMode; model.TeaserTruncationLength = projectSettings.TeaserTruncationLength; model.DefaultFeedItems = projectSettings.DefaultFeedItems; model.MaxFeedItems = projectSettings.MaxFeedItems; model.AboutContent = projectSettings.AboutContent; model.AboutHeading = projectSettings.AboutHeading; model.ShowAboutBox = projectSettings.ShowAboutBox; model.ShowRelatedPosts = projectSettings.ShowRelatedPosts; bool canManageUsers = false; try { var result = await authorizationService.AuthorizeAsync(User, "UserManagementPolicy"); canManageUsers = result.Succeeded; } catch (InvalidOperationException) { } // thrown if policy doesn't exist if (canManageUsers) { var contentEditors = await userQueries.GetUsersForClaim( new Guid(projectSettings.Id), ProjectConstants.ContentEditorClaimType, projectSettings.Id ); if (contentEditors != null) { model.Editors.AddRange(contentEditors); } var blogEditors = await userQueries.GetUsersForClaim( new Guid(projectSettings.Id), ProjectConstants.BlogEditorClaimType, projectSettings.Id ); if (blogEditors != null) { model.Editors.AddRange(blogEditors); } var pageEditors = await userQueries.GetUsersForClaim( new Guid(projectSettings.Id), ProjectConstants.PageEditorClaimType, projectSettings.Id ); if (pageEditors != null) { model.Editors.AddRange(pageEditors); } } return(View(model)); }
public async Task <IEnumerable <ViewModels.Notification> > GetAsync(CancellationToken ct) { if (!(await _authorizationService.AuthorizeAsync(_user, null, new FullRightsRequirement())).Succeeded) { throw new ForbiddenException(); } var items = await _context.Notifications.ToListAsync(ct); // Databases do not preserve DateTimeKind, so we need to add UTC kind items.ForEach(item => item.BroadcastTime = DateTime.SpecifyKind(item.BroadcastTime, DateTimeKind.Utc)); return(_mapper.Map <IEnumerable <ViewModels.Notification> >(items)); }
public async Task <ActionResult <ApplicationUserData> > CreateUser(CreateApplicationUserRequest request, CancellationToken cancellationToken = default) { if (request?.Email is null) { return(BadRequest(CreateValidationProblem(nameof(request.Email), "Email is missing"))); } if (!Validation.EmailValidator.IsEmail(request.Email)) { return(BadRequest(CreateValidationProblem(nameof(request.Email), "Invalid email"))); } if (request?.Password is null) { return(BadRequest(CreateValidationProblem(nameof(request.Password), "Password is missing"))); } var anyAdmin = (await _userManager.GetUsersInRoleAsync(Roles.ServerAdmin)).Any(); var policies = await _settingsRepository.GetSettingAsync <PoliciesSettings>() ?? new PoliciesSettings(); var isAuth = User.Identity.AuthenticationType == APIKeyConstants.AuthenticationType; // If registration are locked and that an admin exists, don't accept unauthenticated connection if (anyAdmin && policies.LockSubscription && !isAuth) { return(Unauthorized()); } // Even if subscription are unlocked, it is forbidden to create admin unauthenticated if (anyAdmin && request.IsAdministrator is true && !isAuth) { return(Forbid(AuthenticationSchemes.Greenfield)); } // You are de-facto admin if there is no other admin, else you need to be auth and pass policy requirements bool isAdmin = anyAdmin ? (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanModifyServerSettings))).Succeeded && (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.Unrestricted))).Succeeded && isAuth : true; // You need to be admin to create an admin if (request.IsAdministrator is true && !isAdmin) { return(Forbid(AuthenticationSchemes.Greenfield)); } if (!isAdmin && policies.LockSubscription) { // If we are not admin and subscriptions are locked, we need to check the Policies.CanCreateUser.Key permission var canCreateUser = (await _authorizationService.AuthorizeAsync(User, null, new PolicyRequirement(Policies.CanCreateUser))).Succeeded; if (!isAuth || !canCreateUser) { return(Forbid(AuthenticationSchemes.Greenfield)); } } var user = new ApplicationUser { UserName = request.Email, Email = request.Email, RequiresEmailConfirmation = policies.RequiresConfirmedEmail }; var passwordValidation = await this._passwordValidator.ValidateAsync(_userManager, user, request.Password); if (!passwordValidation.Succeeded) { foreach (var error in passwordValidation.Errors) { ModelState.AddModelError(nameof(request.Password), error.Description); } return(BadRequest(new ValidationProblemDetails(ModelState))); } if (!isAdmin) { if (!await _throttleService.Throttle(ZoneLimits.Register, this.HttpContext.Connection.RemoteIpAddress, cancellationToken)) { return(new TooManyRequestsResult(ZoneLimits.Register)); } } var identityResult = await _userManager.CreateAsync(user, request.Password); if (!identityResult.Succeeded) { foreach (var error in identityResult.Errors) { ModelState.AddModelError(string.Empty, error.Description); } return(BadRequest(new ValidationProblemDetails(ModelState))); } if (request.IsAdministrator is true) { if (!anyAdmin) { await _roleManager.CreateAsync(new IdentityRole(Roles.ServerAdmin)); } await _userManager.AddToRoleAsync(user, Roles.ServerAdmin); if (!anyAdmin) { if (_options.DisableRegistration) { // automatically lock subscriptions now that we have our first admin Logs.PayServer.LogInformation("First admin created, disabling subscription (disable-registration is set to true)"); policies.LockSubscription = true; await _settingsRepository.UpdateSetting(policies); } } } _eventAggregator.Publish(new UserRegisteredEvent() { Request = Request, User = user, Admin = request.IsAdministrator is true });
private async Task <bool> CheckPrivileges() { var authorizationResult = await _authorizationService.AuthorizeAsync(_identityService.GetUser(), Policies.PostOpClosedPolicy); return(authorizationResult.Succeeded); }
public async Task <IActionResult> Render() { if (!await _authorizationService.AuthorizeAsync(User, CommonPermissions.PreviewContent)) { return(this.ChallengeOrForbid()); } // Mark request as a `Preview` request so that drivers / handlers or underlying services can be aware of an active preview mode. HttpContext.Features.Set(new ContentPreviewFeature()); var contentItemType = Request.Form["ContentItemType"]; var contentItem = await _contentManager.NewAsync(contentItemType); // Assign the ids from the currently edited item so that validation thinks // it's working on the same item. For instance if drivers are checking name unicity // they need to think this is the same existing item (AutoroutePart). var contentItemId = Request.Form["PreviewContentItemId"]; var contentItemVersionId = Request.Form["PreviewContentItemVersionId"]; // Unique contentItem.Id that only Preview is using such that another // stored document can't have the same one in the IContentManagerSession index contentItem.Id = -1; contentItem.ContentItemId = contentItemId; contentItem.ContentItemVersionId = contentItemVersionId; contentItem.CreatedUtc = _clock.UtcNow; contentItem.ModifiedUtc = _clock.UtcNow; contentItem.PublishedUtc = _clock.UtcNow; contentItem.Published = true; // TODO: we should probably get this value from the main editor as it might impact validators var model = await _contentItemDisplayManager.UpdateEditorAsync(contentItem, _updateModelAccessor.ModelUpdater, true); if (!ModelState.IsValid) { var errors = new List <string>(); foreach (var modelState in ValidationHelpers.GetModelStateList(ViewData, false)) { for (var i = 0; i < modelState.Errors.Count; i++) { var modelError = modelState.Errors[i]; var errorText = ValidationHelpers.GetModelErrorMessageOrDefault(modelError); errors.Add(errorText); } } return(StatusCode(500, new { errors = errors })); } var previewAspect = await _contentManager.PopulateAspectAsync(contentItem, new PreviewAspect()); if (!String.IsNullOrEmpty(previewAspect.PreviewUrl)) { // The PreviewPart is configured, we need to set the fake content item _contentManagerSession.Store(contentItem); if (!previewAspect.PreviewUrl.StartsWith('/')) { previewAspect.PreviewUrl = "/" + previewAspect.PreviewUrl; } Request.HttpContext.Items["PreviewPath"] = previewAspect.PreviewUrl; return(Ok()); } model = await _contentItemDisplayManager.BuildDisplayAsync(contentItem, _updateModelAccessor.ModelUpdater, "Detail"); return(View(model)); }
public async Task <IActionResult> VaultBridgeConnection(string cryptoCode = null, [ModelBinder(typeof(WalletIdModelBinder))] WalletId walletId = null) { if (!HttpContext.WebSockets.IsWebSocketRequest) { return(NotFound()); } cryptoCode = cryptoCode ?? walletId.CryptoCode; bool versionChecked = false; using (var cts = new CancellationTokenSource(TimeSpan.FromMinutes(10))) { var cancellationToken = cts.Token; var network = Networks.GetNetwork <BTCPayNetwork>(cryptoCode); if (network == null) { return(NotFound()); } var websocket = await HttpContext.WebSockets.AcceptWebSocketAsync(); var hwi = new Hwi.HwiClient(network.NBitcoinNetwork) { Transport = new HwiWebSocketTransport(websocket) }; Hwi.HwiDeviceClient device = null; HwiEnumerateEntry deviceEntry = null; HDFingerprint? fingerprint = null; string password = null; var websocketHelper = new WebSocketHelper(websocket); async Task <bool> RequireDeviceUnlocking() { if (deviceEntry == null) { await websocketHelper.Send("{ \"error\": \"need-device\"}", cancellationToken); return(true); } if (deviceEntry.Code is HwiErrorCode.DeviceNotInitialized) { await websocketHelper.Send("{ \"error\": \"need-initialized\"}", cancellationToken); return(true); } if (deviceEntry.Code is HwiErrorCode.DeviceNotReady) { if (IsTrezorT(deviceEntry)) { await websocketHelper.Send("{ \"error\": \"need-passphrase-on-device\"}", cancellationToken); return(true); } else if (deviceEntry.NeedsPinSent is true) { await websocketHelper.Send("{ \"error\": \"need-pin\"}", cancellationToken); return(true); } else if (deviceEntry.NeedsPassphraseSent is true && password is null) { await websocketHelper.Send("{ \"error\": \"need-passphrase\"}", cancellationToken); return(true); } } return(false); } JObject o = null; try { while (true) { var command = await websocketHelper.NextMessageAsync(cancellationToken); switch (command) { case "set-passphrase": device.Password = await websocketHelper.NextMessageAsync(cancellationToken); password = device.Password; break; case "ask-sign": if (await RequireDeviceUnlocking()) { continue; } if (walletId == null) { await websocketHelper.Send("{ \"error\": \"invalid-walletId\"}", cancellationToken); continue; } if (fingerprint is null) { fingerprint = (await device.GetXPubAsync(new KeyPath("44'"), cancellationToken)).ExtPubKey.ParentFingerprint; } await websocketHelper.Send("{ \"info\": \"ready\"}", cancellationToken); o = JObject.Parse(await websocketHelper.NextMessageAsync(cancellationToken)); var authorization = await _authorizationService.AuthorizeAsync(User, Policies.CanModifyStoreSettings); if (!authorization.Succeeded) { await websocketHelper.Send("{ \"error\": \"not-authorized\"}", cancellationToken); continue; } var psbt = PSBT.Parse(o["psbt"].Value <string>(), network.NBitcoinNetwork); var derivationSettings = GetDerivationSchemeSettings(walletId); derivationSettings.RebaseKeyPaths(psbt); var signing = derivationSettings.GetSigningAccountKeySettings(); if (signing.GetRootedKeyPath()?.MasterFingerprint != fingerprint) { await websocketHelper.Send("{ \"error\": \"wrong-wallet\"}", cancellationToken); continue; } var signableInputs = psbt.Inputs .SelectMany(i => i.HDKeyPaths) .Where(i => i.Value.MasterFingerprint == fingerprint) .ToArray(); if (signableInputs.Length > 0) { var actualPubKey = (await device.GetXPubAsync(signableInputs[0].Value.KeyPath)).GetPublicKey(); if (actualPubKey != signableInputs[0].Key) { await websocketHelper.Send("{ \"error\": \"wrong-keypath\"}", cancellationToken); continue; } } try { psbt = await device.SignPSBTAsync(psbt, cancellationToken); } catch (Hwi.HwiException) { await websocketHelper.Send("{ \"error\": \"user-reject\"}", cancellationToken); continue; } o = new JObject(); o.Add("psbt", psbt.ToBase64()); await websocketHelper.Send(o.ToString(), cancellationToken); break; case "display-address": if (await RequireDeviceUnlocking()) { continue; } var k = RootedKeyPath.Parse(await websocketHelper.NextMessageAsync(cancellationToken)); await device.DisplayAddressAsync(GetScriptPubKeyType(k), k.KeyPath, cancellationToken); await websocketHelper.Send("{ \"info\": \"ok\"}", cancellationToken); break; case "ask-pin": if (device == null) { await websocketHelper.Send("{ \"error\": \"need-device\"}", cancellationToken); continue; } try { await device.PromptPinAsync(cancellationToken); } catch (HwiException ex) when(ex.ErrorCode == HwiErrorCode.DeviceAlreadyUnlocked) { await websocketHelper.Send("{ \"error\": \"device-already-unlocked\"}", cancellationToken); continue; } await websocketHelper.Send("{ \"info\": \"prompted, please input the pin\"}", cancellationToken); var pin = int.Parse(await websocketHelper.NextMessageAsync(cancellationToken), CultureInfo.InvariantCulture); if (await device.SendPinAsync(pin, cancellationToken)) { goto askdevice; } else { await websocketHelper.Send("{ \"error\": \"incorrect-pin\"}", cancellationToken); continue; } case "ask-xpub": if (await RequireDeviceUnlocking()) { continue; } await websocketHelper.Send("{ \"info\": \"ok\"}", cancellationToken); var askedXpub = JObject.Parse(await websocketHelper.NextMessageAsync(cancellationToken)); var addressType = askedXpub["addressType"].Value <string>(); var accountNumber = askedXpub["accountNumber"].Value <int>(); JObject result = new JObject(); var factory = network.NBXplorerNetwork.DerivationStrategyFactory; if (fingerprint is null) { fingerprint = (await device.GetXPubAsync(new KeyPath("44'"), cancellationToken)).ExtPubKey.ParentFingerprint; } result["fingerprint"] = fingerprint.Value.ToString(); DerivationStrategyBase strategy = null; KeyPath keyPath = null; BitcoinExtPubKey xpub = null; if (!network.NBitcoinNetwork.Consensus.SupportSegwit && addressType != "legacy") { await websocketHelper.Send("{ \"error\": \"segwit-notsupported\"}", cancellationToken); continue; } if (!network.NBitcoinNetwork.Consensus.SupportTaproot && addressType == "taproot") { await websocketHelper.Send("{ \"error\": \"taproot-notsupported\"}", cancellationToken); continue; } if (addressType == "taproot") { keyPath = new KeyPath("86'").Derive(network.CoinType).Derive(accountNumber, true); xpub = await device.GetXPubAsync(keyPath); strategy = factory.CreateDirectDerivationStrategy(xpub, new DerivationStrategyOptions() { ScriptPubKeyType = ScriptPubKeyType.TaprootBIP86 }); } else if (addressType == "segwit") { keyPath = new KeyPath("84'").Derive(network.CoinType).Derive(accountNumber, true); xpub = await device.GetXPubAsync(keyPath); strategy = factory.CreateDirectDerivationStrategy(xpub, new DerivationStrategyOptions() { ScriptPubKeyType = ScriptPubKeyType.Segwit }); } else if (addressType == "segwitWrapped") { keyPath = new KeyPath("49'").Derive(network.CoinType).Derive(accountNumber, true); xpub = await device.GetXPubAsync(keyPath); strategy = factory.CreateDirectDerivationStrategy(xpub, new DerivationStrategyOptions() { ScriptPubKeyType = ScriptPubKeyType.SegwitP2SH }); } else if (addressType == "legacy") { keyPath = new KeyPath("44'").Derive(network.CoinType).Derive(accountNumber, true); xpub = await device.GetXPubAsync(keyPath); strategy = factory.CreateDirectDerivationStrategy(xpub, new DerivationStrategyOptions() { ScriptPubKeyType = ScriptPubKeyType.Legacy }); } else { await websocketHelper.Send("{ \"error\": \"invalid-addresstype\"}", cancellationToken); continue; } result.Add(new JProperty("strategy", strategy.ToString())); result.Add(new JProperty("accountKey", xpub.ToString())); result.Add(new JProperty("keyPath", keyPath.ToString())); await websocketHelper.Send(result.ToString(), cancellationToken); break; case "ask-passphrase": if (command == "ask-passphrase") { if (deviceEntry == null) { await websocketHelper.Send("{ \"error\": \"need-device\"}", cancellationToken); continue; } // The make the trezor T ask for password await device.GetXPubAsync(new KeyPath("44'"), cancellationToken); } goto askdevice; case "ask-device": askdevice: if (!versionChecked) { var version = await hwi.GetVersionAsync(cancellationToken); if (version.Major < 2) { await websocketHelper.Send("{ \"error\": \"vault-outdated\"}", cancellationToken); continue; } versionChecked = true; } password = null; deviceEntry = null; device = null; var entries = (await hwi.EnumerateEntriesAsync(cancellationToken)).ToList(); deviceEntry = entries.FirstOrDefault(); if (deviceEntry == null) { await websocketHelper.Send("{ \"error\": \"no-device\"}", cancellationToken); continue; } device = new HwiDeviceClient(hwi, deviceEntry.DeviceSelector, deviceEntry.Model, deviceEntry.Fingerprint); fingerprint = device.Fingerprint; JObject json = new JObject(); json.Add("model", device.Model); json.Add("fingerprint", device.Fingerprint?.ToString()); await websocketHelper.Send(json.ToString(), cancellationToken); break; } } } catch (FormatException ex) { JObject obj = new JObject(); obj.Add("error", "invalid-network"); obj.Add("details", ex.ToString()); try { await websocketHelper.Send(obj.ToString(), cancellationToken); } catch { } } catch (Exception ex) { JObject obj = new JObject(); obj.Add("error", "unknown-error"); obj.Add("message", ex.Message); obj.Add("details", ex.ToString()); try { await websocketHelper.Send(obj.ToString(), cancellationToken); } catch { } } finally { await websocketHelper.DisposeAsync(cancellationToken); } } return(new EmptyResult()); }
// ----------------- // Index // Displays a summary from StopForumSpam. // ----------------- public async Task <IActionResult> Index(EntityOptions opts) { if (opts == null) { opts = new EntityOptions(); } // We always need an entity Id if (opts.Id <= 0) { throw new ArgumentOutOfRangeException(nameof(opts.Id)); } // We always need an entity var entity = await _entityStore.GetByIdAsync(opts.Id); if (entity == null) { return(NotFound()); } // Ensure we have permission if (!await _authorizationService.AuthorizeAsync(User, entity.CategoryId, Permissions.ViewStopForumSpam)) { return(Unauthorized()); } // Get reply IEntityReply reply = null; if (opts.ReplyId > 0) { reply = await _entityReplyStore.GetByIdAsync(opts.ReplyId); if (reply == null) { return(NotFound()); } } // Get user to validate var user = reply != null ? await GetUserToValidateAsync(reply) : await GetUserToValidateAsync(entity); // Ensure we found the user if (user == null) { return(NotFound()); } // Build view model var viewModel = new StopForumSpamViewModel() { Options = opts, Checker = await _spamChecker.CheckAsync(user) }; // Return view return(View(viewModel)); }
public async Task <bool> IsAuthorized(ClaimsPrincipal user, string policyName) { var result = await _authorizationService.AuthorizeAsync(user, policyName); return(result.Succeeded); }
public static async Task <bool> IsGrantedAsync(this IAuthorizationService authorizationService, AuthorizationPolicy policy) { return((await authorizationService.AuthorizeAsync(policy)).Succeeded); }
public async Task <IActionResult> ReviewEquipement(int id, int?roundSquadID) { var user = await GetUser(); if (user == null) { return(Forbid()); } var match = await _context.Matchs .Include(m => m.Sides) .Include(m => m.MatchTechnicalInfos) .Include(m => m.Users).ThenInclude(u => u.User) .Include(m => m.Rounds).ThenInclude(r => r.Sides).ThenInclude(s => s.Squads).ThenInclude(s => s.Slots).ThenInclude(s => s.AssignedUser).ThenInclude(u => u.User) .Include(m => m.Rounds).ThenInclude(r => r.Sides).ThenInclude(s => s.Faction) .FirstOrDefaultAsync(m => m.MatchID == id); if (match == null) { return(NotFound()); } var matchUser = match.Users.FirstOrDefault(u => u.UserID == user.UserID); if (matchUser == null) { return(Forbid()); } var squads = match.Rounds.SelectMany(r => r.Sides).SelectMany(s => s.Squads); RoundSquad squad; if (roundSquadID == null) { squad = squads.First(s => s.Slots.Any(s => s.AssignedUser == matchUser && s.Role >= Role.SquadLeader)); if (squad == null) { return(Forbid()); } } else { if (!(await _auth.AuthorizeAsync(User, "Admin")).Succeeded) { return(Forbid()); } squad = match.Rounds.SelectMany(r => r.Sides).SelectMany(s => s.Squads).FirstOrDefault(s => s.RoundSquadID == roundSquadID); if (squad == null) { return(NotFound()); } } var backup = _persist.GetBackups().FirstOrDefault(); var vm = new ReviewEquipementViewModel(); vm.Match = match; vm.Squad = squad; vm.Backup = backup; await LoadTacMap(vm.Match); return(View(vm)); }
public static async Task <bool> IsGrantedAsync(this IAuthorizationService authorizationService, object resource, string policyName) { return((await authorizationService.AuthorizeAsync(resource, policyName)).Succeeded); }
public virtual async Task <IActionResult> RequesterInfo(int id) { var request = _requestService.GetRequest(id); var authResult = await _authService.AuthorizeAsync(User, request, "CanEditRequest"); if (!authResult.Succeeded) { return(new ForbidResult()); } ViewData["request"] = request; return(View(request.RequestedFor)); }
public async Task <IActionResult> Post() { // Ensure we have permission if (!await _authorizationService.AuthorizeAsync(User, Permissions.AddFiles)) { return(Unauthorized()); } // Get authenticated user var user = await base.GetAuthenticatedUserAsync(); // We need to be authenticated if (user == null) { return(base.UnauthorizedException()); } // Get current feature var feature = await _featureFacade.GetFeatureByIdAsync(ModuleId); // Ensure the feature exists if (feature == null) { throw new Exception($"A feature named \"{ModuleId}\" could not be found!"); } // Validate & process multi-part request // ------------------- var result = await _multiPartRequestHandler.ProcessAsync(Request); // Return any errors parsing the multi-part request if (!result.Succeeded) { foreach (var error in result.Errors) { return(BadRequest(error)); } } // Build file // ------------------- var md5 = result.Response.ContentBytes?.ToMD5().ToHex() ?? string.Empty; var newFile = new File { FeatureId = feature.Id, Name = result.Response.Name, Extension = result.Response.Extension, ContentType = result.Response.ContentType, ContentLength = result.Response.ContentLength, ContentBlob = result.Response.ContentBytes, ContentCheckSum = md5, CreatedUserId = user.Id, CreatedDate = DateTimeOffset.Now }; // Validate file // ------------------- var output = new List <UploadResult>(); var validationResult = await _fileValidator.ValidateAsync(newFile); if (validationResult.Succeeded) { // Create file var fileResult = await _fileManager.CreateAsync(newFile); // Build friendly results if (fileResult.Succeeded) { output.Add(new UploadResult() { Id = fileResult.Response.Id, Name = fileResult.Response.Name, ContentType = fileResult.Response.ContentType, ContentLength = fileResult.Response.ContentLength, FriendlySize = fileResult.Response.ContentLength.ToFriendlyFileSize() }); } else { foreach (var error in fileResult.Errors) { output.Add(new UploadResult() { Name = result.Response.Name, Error = error.Description }); } } } else { foreach (var error in validationResult.Errors) { output.Add(new UploadResult() { Name = result.Response.Name, Error = error.Description }); } } return(base.Result(output)); }
public async Task <IActionResult> Index() { bool isAllowed = await authorizationService.AuthorizeAsync(User, "SetupSystemPolicy"); if (!setupOptions.AllowAnonymous && !isAllowed) { log.LogInformation("returning 404 because allowAnonymous is false and user is either not authenticated or not allowed by policy"); Response.StatusCode = 404; return(new EmptyResult()); } //scriptTimeout = Server.ScriptTimeout; //Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache); //Response.BufferOutput = true; // Server.ScriptTimeout = int.MaxValue; startTime = DateTime.UtcNow; await WritePageHeader(HttpContext.Response); if (!setupOptions.AllowAnonymous && isAllowed) { await WritePageContent(Response, "RunningSetupForAllowedUser" //SetupResources.RunningSetupForAdminUser ); } // SetupManager and ISetupTasks will use this function to write to the response Func <string, bool, Task> outputWriter = async(string message, bool showTime) => { await WritePageContent(Response, message, showTime); }; // this locking strategy did not work as expected perhaps because we are doing things async //int lockTimeoutMilliseconds = config.GetOrDefault("AppSetings:SetupLockTimeoutMilliseconds", 60000); // 1 minute //if(!Monitor.TryEnter(Lock, lockTimeoutMilliseconds)) //{ // //throw new Exception("setup is already locked and runnning") // await WritePageContent(Response, // "SetupAlreadyInProgress" //SetupResources.SetupAlreadyInProgress // ); //} //else //{ bool keepGoing; try { await setupManager.ProbeSystem(outputWriter); // the setup system must be bootstrapped first // to make sure mp_SchemaVersion table exists // which is used to keep track of script versions that have already been run bool needSetupUpdate = setupManager.NeedsUpgrade("cloudscribe-setup"); if (needSetupUpdate) { keepGoing = await setupManager.SetupCloudscribeSetup(outputWriter); } else { keepGoing = true; } if (keepGoing) { // this runs the scripts for other apps including cloudscribe-core, // cloudscribe-logging, and any custom apps that use the setup system keepGoing = await setupManager.SetupOtherApplications(outputWriter); } if (setupSteps != null) { foreach (ISetupTask step in setupSteps) { try { await step.DoSetupStep( outputWriter, setupManager.NeedsUpgrade, setupManager.GetSchemaVersion, setupManager.GetCodeVersion ); } catch (Exception ex) { await WriteException(Response, ex); } } } } catch (Exception ex) { await WriteException(Response, ex); } finally { //ClearSetupLock(); //Monitor.Exit(Lock); } if (setupOptions.ShowSchemaListOnSetupPage) { await WriteInstalledSchemaSummary(Response); } await WritePageFooter(Response); return(new EmptyResult()); }
public async Task <IActionResult> Search(SearchIndexViewModel viewModel, PagerSlimParameters pagerParameters) { var permissionsProvider = _permissionProviders.FirstOrDefault(x => x.GetType().FullName == "OrchardCore.Lucene.Permissions"); var permissions = await permissionsProvider.GetPermissionsAsync(); var siteSettings = await _siteService.GetSiteSettingsAsync(); var searchSettings = siteSettings.As <LuceneSettings>(); if (permissions.FirstOrDefault(x => x.Name == "QueryLucene" + searchSettings.SearchIndex + "Index") != null) { if (!await _authorizationService.AuthorizeAsync(User, permissions.FirstOrDefault(x => x.Name == "QueryLucene" + searchSettings.SearchIndex + "Index"))) { return(this.ChallengeOrForbid()); } } else { _logger.LogInformation("Couldn't execute search. The search index doesn't exist."); return(BadRequest("Search is not configured.")); } if (searchSettings.SearchIndex != null && !_luceneIndexProvider.Exists(searchSettings.SearchIndex)) { _logger.LogInformation("Couldn't execute search. The search index doesn't exist."); return(BadRequest("Search is not configured.")); } var luceneSettings = await _luceneIndexingService.GetLuceneSettingsAsync(); if (luceneSettings == null || luceneSettings?.DefaultSearchFields == null) { _logger.LogInformation("Couldn't execute search. No Lucene settings was defined."); return(BadRequest("Search is not configured.")); } var luceneIndexSettings = await _luceneIndexSettingsService.GetSettingsAsync(searchSettings.SearchIndex); if (luceneIndexSettings == null) { _logger.LogInformation($"Couldn't execute search. No Lucene index settings was defined for ({searchSettings.SearchIndex}) index."); return(BadRequest($"Search index ({searchSettings.SearchIndex}) is not configured.")); } if (string.IsNullOrWhiteSpace(viewModel.Terms)) { return(View(new SearchIndexViewModel { SearchForm = new SearchFormViewModel("Search__Form") { }, })); } var pager = new PagerSlim(pagerParameters, siteSettings.PageSize); // We Query Lucene index var analyzer = _luceneAnalyzerManager.CreateAnalyzer(await _luceneIndexSettingsService.GetIndexAnalyzerAsync(luceneIndexSettings.IndexName)); var queryParser = new MultiFieldQueryParser(LuceneSettings.DefaultVersion, luceneSettings.DefaultSearchFields, analyzer); var query = queryParser.Parse(QueryParser.Escape(viewModel.Terms)); // Fetch one more result than PageSize to generate "More" links var start = 0; var end = pager.PageSize + 1; if (pagerParameters.Before != null) { start = Convert.ToInt32(pagerParameters.Before) - pager.PageSize - 1; end = Convert.ToInt32(pagerParameters.Before); } else if (pagerParameters.After != null) { start = Convert.ToInt32(pagerParameters.After); end = Convert.ToInt32(pagerParameters.After) + pager.PageSize + 1; } var contentItemIds = (await _searchQueryService.ExecuteQueryAsync(query, searchSettings.SearchIndex, start, end)) .ToList(); // We Query database to retrieve content items. IQuery <ContentItem> queryDb; if (luceneIndexSettings.IndexLatest) { queryDb = _session.Query <ContentItem, ContentItemIndex>() .Where(x => x.ContentItemId.IsIn(contentItemIds) && x.Latest == true) .Take(pager.PageSize + 1); } else { queryDb = _session.Query <ContentItem, ContentItemIndex>() .Where(x => x.ContentItemId.IsIn(contentItemIds) && x.Published == true) .Take(pager.PageSize + 1); } // Sort the content items by their rank in the search results returned by Lucene. var containedItems = (await queryDb.ListAsync()).OrderBy(x => contentItemIds.IndexOf(x.ContentItemId)); // We set the PagerSlim before and after links if (pagerParameters.After != null || pagerParameters.Before != null) { if (start + 1 > 1) { pager.Before = (start + 1).ToString(); } else { pager.Before = null; } } if (containedItems.Count() == pager.PageSize + 1) { pager.After = (end - 1).ToString(); } else { pager.After = null; } var model = new SearchIndexViewModel { Terms = viewModel.Terms, SearchForm = new SearchFormViewModel("Search__Form") { Terms = viewModel.Terms }, SearchResults = new SearchResultsViewModel("Search__Results") { ContentItems = containedItems.Take(pager.PageSize) }, Pager = (await New.PagerSlim(pager)).UrlParams(new Dictionary <string, string>() { { "Terms", viewModel.Terms } }) }; return(View(model)); }
async Task <IEnumerable <IUser> > ReduceUsersAsync(IEnumerable <Follows.Models.Follow> follows, TEntity entity) { // We always need follows to process if (follows == null) { return(null); } // Get all users from the label follows var users = await _platoUserStore.QueryAsync() .Select <UserQueryParams>(q => { q.Id.IsIn(follows .Select(f => f.CreatedUserId) .ToArray()); }) .ToList(); // No users to further process if (users?.Data == null) { return(null); } // Build users reducing for permissions var result = new Dictionary <int, IUser>(); foreach (var user in users.Data) { // Ensure the user is only ever added once if (!result.ContainsKey(user.Id)) { result.Add(user.Id, user); } // If the entity is hidden but the user does // not have permission to view hidden entities if (entity.IsHidden) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Docs.Permissions.ViewHiddenDocs)) { result.Remove(user.Id); } } // If we are not the entity author and the entity is private // ensure we have permission to view private entities if (user.Id != entity.CreatedUserId && entity.IsPrivate) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Docs.Permissions.ViewPrivateDocs)) { result.Remove(user.Id); } } // The entity has been flagged as SPAM but the user does // not have permission to view entities flagged as SPAM if (entity.IsSpam) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Docs.Permissions.ViewSpamDocs)) { result.Remove(user.Id); } } // The entity is soft deleted but the user does // not have permission to view soft deleted entities if (entity.IsDeleted) { var principal = await _claimsPrincipalFactory.CreateAsync(user); if (!await _authorizationService.AuthorizeAsync(principal, entity.CategoryId, Docs.Permissions.ViewDeletedDocs)) { result.Remove(user.Id); } } } return(result.Count > 0 ? result.Values : null); }
public async Task <IActionResult> GetRequestsAsync( [FromQuery] PagingOptions pagingOptions, [FromQuery] SortOptions <Request, RequestEntity> sortOptions, [FromQuery] SearchOptions <Request, RequestEntity> searchOptions, CancellationToken ct) { if (!ModelState.IsValid) { return(BadRequest(new ApiError(ModelState))); } pagingOptions.Offset = pagingOptions.Offset ?? _defaultPagingOptions.Offset; pagingOptions.Limit = pagingOptions.Limit ?? _defaultPagingOptions.Limit; // var collectionLink = Link.ToCollection(nameof(GetRequestsAsync)); // Logic if user is Sales then only return theirs, else return all for Admin and Sign Shop if (User.Identity.IsAuthenticated) { var canSeeAll = await _authzService.AuthorizeAsync( User, "ViewAllRequestsPolicy"); if (canSeeAll.Succeeded) // User is Administrator or Sign Shop { var requests = await _requestService.GetRequestsAsync( pagingOptions, sortOptions, searchOptions, ct); var collection = PagedCollection <Request> .Create <RequestResponse>( Link.ToCollection(nameof(GetRequestsAsync)), requests.Items.ToArray(), requests.TotalSize, pagingOptions); collection.RequestsQuery = FormMetadata.FromResource <Request>( Link.ToForm( nameof(GetRequestsAsync), null, Link.GetMethod, Form.QueryRelation)); return(Ok(collection)); } else // User is Sales (Could technically be any other authenticated user) { // Build collection only with requests for the User var currentUserId = await _userService.GetUserIdAsync(User); var requests = await _requestService.GetUserRequestsAsync( currentUserId, pagingOptions, sortOptions, searchOptions, ct); var collection = PagedCollection <Request> .Create <RequestResponse>( Link.ToCollection(nameof(GetRequestsAsync)), requests.Items.ToArray(), requests.TotalSize, pagingOptions); collection.RequestsQuery = FormMetadata.FromResource <Request>( Link.ToForm( nameof(GetRequestsAsync), null, Link.GetMethod, Form.QueryRelation)); return(Ok(collection)); } } // User is not authenticated. return(NotFound()); }
public async Task <ActionResult> ListPOST(ContentOptionsViewModel options, IEnumerable <int> itemIds) { if (itemIds?.Count() > 0) { // Load items so that loading handlers are invoked. var checkedContentItems = await _session.Query <ContentItem, ContentItemIndex>().Where(x => x.DocumentId.IsIn(itemIds) && x.Latest).ListAsync(_contentManager); switch (options.BulkAction) { case ContentsBulkAction.None: break; case ContentsBulkAction.PublishNow: foreach (var item in checkedContentItems) { if (!await _authorizationService.AuthorizeAsync(User, CommonPermissions.PublishContent, item)) { await _notifier.WarningAsync(H["Couldn't publish selected content."]); await _session.CancelAsync(); return(Forbid()); } await _contentManager.PublishAsync(item); } await _notifier.SuccessAsync(H["Content published successfully."]); break; case ContentsBulkAction.Unpublish: foreach (var item in checkedContentItems) { if (!await IsAuthorizedAsync(CommonPermissions.PublishContent, item)) { await _notifier.WarningAsync(H["Couldn't unpublish selected content."]); await _session.CancelAsync(); return(Forbid()); } await _contentManager.UnpublishAsync(item); } await _notifier.SuccessAsync(H["Content unpublished successfully."]); break; case ContentsBulkAction.Remove: foreach (var item in checkedContentItems) { if (!await IsAuthorizedAsync(CommonPermissions.DeleteContent, item)) { await _notifier.WarningAsync(H["Couldn't remove selected content."]); await _session.CancelAsync(); return(Forbid()); } await _contentManager.RemoveAsync(item); } await _notifier.SuccessAsync(H["Content removed successfully."]); break; default: throw new ArgumentOutOfRangeException(); } } return(RedirectToAction(nameof(List))); }