/// <summary> /// Initializes the object and performs all the initial security checks /// </summary> public AdamSecureState(IBlockBuilder blockBuilder, int appId, string contentType, string field, Guid guid, bool usePortalRoot, ILog log) : base(blockBuilder, appId, contentType, log) { // only do checks on field/guid if it's actually accessing that, if it's on the portal root, don't. if (!usePortalRoot) { Field = field; Guid = guid; } var firstChecker = PermissionCheckers.First().Value; var userMayAdminSomeFiles = firstChecker.UserMay(GrantSets.WritePublished); UserMayAdminSiteFiles = firstChecker.GrantedBecause == Conditions.EnvironmentGlobal || firstChecker.GrantedBecause == Conditions.EnvironmentInstance; UserIsRestricted = !(usePortalRoot ? UserMayAdminSiteFiles : userMayAdminSomeFiles); Log.Add($"AdamSecureState - field:{field}, guid:{guid}, adminSome:{userMayAdminSomeFiles}, restricted:{UserIsRestricted}"); SecurityChecks.ThrowIfAccessingRootButNotAllowed(usePortalRoot, UserIsRestricted); Log.Add("check if feature enabled"); if (UserIsRestricted && !Feats.Enabled(FeaturesForRestrictedUsers)) { throw Http.PermissionDenied( $"low-permission users may not access this - {Feats.MsgMissingSome(FeaturesForRestrictedUsers)}"); } PrepCore(App, guid, field, usePortalRoot); if (string.IsNullOrEmpty(contentType) || string.IsNullOrEmpty(field)) { return; } Attribute = Definition(appId, contentType, field); if (!FileTypeIsOkForThisField(out var exp)) { throw exp; } }
/// <summary> /// Initializes the object and performs all the initial security checks /// </summary> protected AdamState(IBlock block, int appId, string contentType, string field, Guid guid, bool usePortalRoot, ILog log) : base("Adm.State", log) { var callLog = Log.Call($"field:{field}, guid:{guid}"); App = Factory.Resolve <Apps.App>().Init(appId, log, block); Permissions = new MultiPermissionsTypes() .Init(block.Context, App, contentType, Log); Block = block; // only do checks on field/guid if it's actually accessing that, if it's on the portal root, don't. UseTenantRoot = usePortalRoot; if (!usePortalRoot) { ItemField = field; ItemGuid = guid; } Security = Factory.Resolve <SecurityChecksBase>().Init(this, usePortalRoot, Log); SecurityCheckHelpers.ThrowIfAccessingRootButNotAllowed(usePortalRoot, Security.UserIsRestricted); Log.Add("check if feature enabled"); if (Security.UserIsRestricted && !ToSic.Eav.Configuration.Features.Enabled(FeaturesForRestrictedUsers)) { throw HttpException.PermissionDenied( $"low-permission users may not access this - {ToSic.Eav.Configuration.Features.MsgMissingSome(FeaturesForRestrictedUsers)}"); } PrepCore(App, guid, field, usePortalRoot); if (string.IsNullOrEmpty(contentType) || string.IsNullOrEmpty(field)) { return; } Attribute = Definition(appId, contentType, field); if (!Security.FileTypeIsOkForThisField(out var exp)) { throw exp; } callLog(null); }