public void AutomaticCleanup_WhenDomainObjectCtorThrows_DoesNotRequireDeletePermissions() { _securityProviderStub.Stub(mock => mock.GetAccess(_securityContextStub, _securityPrincipalStub)).Return(new AccessType[0]); _functionalSecurityStrategyStub .Stub( mock => mock.HasAccess( Arg.Is(typeof(SecurableObject)), Arg.Is(_securityProviderStub), Arg.Is(_securityPrincipalStub), Arg <IReadOnlyList <AccessType> > .List.Equal(new[] { AccessType.Get(GeneralAccessTypes.Create) }))) .Return(true); var exception = new Exception("Test."); SecurableObject throwingObject = null; Assert.That( () => CreateSecurableObject( _securityContextFactoryStub, action: obj => { throwingObject = obj; throw exception; }), Throws.Exception.SameAs(exception)); Assert.That(_clientTransaction.IsEnlisted(throwingObject), Is.False); }
private SecurableObject CreateSecurableObject(ISecurityContextFactory securityContextFactory, ClientTransaction clientTransaction = null, Action <SecurableObject> action = null) { return(SecurableObject.NewObject( clientTransaction ?? _clientTransaction, ObjectSecurityStrategy.Create(securityContextFactory, InvalidationToken.Create()), action)); }
public void Test_ManySideRemove_AccessedViaDomainObject() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); SecurableObject oldObject = _testHelper.CreateSecurableObject(); var childrenPropertyInfo = typeof(SecurableObject).GetProperty("Children"); _testHelper.Transaction.ExecuteInScope(() => securableObject.Children.Add(oldObject)); _testHelper.AddExtension(_extension); using (_testHelper.Ordered()) { _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(MethodInfoAdapter.Create(childrenPropertyInfo.GetGetMethod()), TestAccessTypes.First); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, TestAccessTypes.First, true); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(_setMethodInformation, TestAccessTypes.Second); _testHelper.ExpectObjectSecurityStrategyHasAccess(oldObject, TestAccessTypes.Second, true); var childrenSetMethodInformation = new NullMethodInformation(); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(childrenSetMethodInformation, GeneralAccessTypes.Edit); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, GeneralAccessTypes.Edit, true); } _testHelper.ReplayAll(); _testHelper.Transaction.ExecuteInScope(() => securableObject.Children.Remove(oldObject)); _testHelper.VerifyAll(); }
private void SetInheritance(SecurableObject objectToSecure, SecureObjectCreator definition) { if (definition.BreakInheritance) { objectToSecure.BreakRoleInheritance(definition.CopyExisting, definition.ResetChildPermissions); } }
private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); //context.Load(securableObject); //context.ExecuteQueryWithTrace(); if (!securableObject.IsPropertyAvailable("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); context.ExecuteQueryWithTrace(); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); context.Load(securableObject.RoleAssignments); context.ExecuteQueryWithTrace(); while (securableObject.RoleAssignments.Count > 0) securableObject.RoleAssignments[0].DeleteObject(); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
public void Test_ManySide_RecursiveSecurity_ChecksAccessOnNestedCall() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); SecurableObject otherObject = _testHelper.CreateSecurableObject(); _testHelper.Transaction.ExecuteInScope(() => securableObject.OtherChildren.Add(_testHelper.CreateSecurableObject())); var setMethodInformation = MethodInfoAdapter.Create(typeof(SecurableObject).GetProperty("Children").GetGetMethod()); var securableEndPointDefintion = securableObject.ID.ClassDefinition.GetRelationEndPointDefinition(typeof(SecurableObject).FullName + ".Children"); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(setMethodInformation, TestAccessTypes.First); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(setMethodInformation, TestAccessTypes.First); HasAccessDelegate hasAccess = delegate { _extension.RelationReading(_testHelper.Transaction, otherObject, securableEndPointDefintion, ValueAccess.Current); return(true); }; _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, TestAccessTypes.First, hasAccess); _testHelper.ExpectObjectSecurityStrategyHasAccess(otherObject, TestAccessTypes.First, true); _testHelper.ReplayAll(); _extension.RelationReading(_testHelper.Transaction, securableObject, securableEndPointDefintion, ValueAccess.Current); _testHelper.VerifyAll(); }
/// <summary> /// Export the properties of a securable objet to CSV /// </summary> /// <param name="securableObject">Securable object</param> private void WriteCsv(SecurableObject securableObject) { LoadSecurableObject(securableObject); SecurableObjectInfo securableObjectInfo = null; foreach (RoleAssignment roleAssignment in securableObject.RoleAssignments) { switch (securableObject) { case Web web: securableObjectInfo = new SecurableObjectInfo(web, roleAssignment); break; case List list: securableObjectInfo = new SecurableObjectInfo(list, roleAssignment); break; case ListItem listItem: securableObjectInfo = new SecurableObjectInfo(listItem, roleAssignment); break; } // Write CSV permissionsFileWriter.WriteRecord(securableObjectInfo); if (roleAssignment.Member.PrincipalType == PrincipalType.SharePointGroup && !groupIds.Contains(roleAssignment.Member.Id)) { groupIds.Add(roleAssignment.Member.Id); } } }
void WritePermissionsForObject(ClientContext clientContext, User user, SecurableObject so) { if (!so.HasUniqueRoleAssignments) { return; } HashSet <string> permissionLevels = new HashSet <string>(); clientContext.Load(so.RoleAssignments, rac => rac.Where(ra => ra.Member.LoginName == user.LoginName)); clientContext.ExecuteQuery(); foreach (var ra in so.RoleAssignments) { clientContext.Load(ra.Member); clientContext.Load(ra.RoleDefinitionBindings); clientContext.ExecuteQuery(); foreach (var definition in ra.RoleDefinitionBindings) { clientContext.Load(definition); clientContext.ExecuteQuery(); permissionLevels.Add(definition.Name); } } if (permissionLevels.Count > 0) { AddToPermFile(user, so, GetUrlOfObject(clientContext, so), permissionLevels); } }
private void ProcessRoleAssignments(SecurableObject securableObject, ClientContext clientContext) { clientContext.Load(securableObject, x => x.HasUniqueRoleAssignments); clientContext.ExecuteQuery(); if (!securableObject.HasUniqueRoleAssignments) { outPutText += "Same perms as parent" + "<br/>"; } else { RoleAssignmentCollection roleAssignments = securableObject.RoleAssignments; clientContext.Load <RoleAssignmentCollection>(roleAssignments); clientContext.ExecuteQuery(); foreach (RoleAssignment roleAssignment in roleAssignments) { Principal member = roleAssignment.Member; RoleDefinitionBindingCollection roleDef = roleAssignment.RoleDefinitionBindings; clientContext.Load(member); clientContext.Load <RoleDefinitionBindingCollection>(roleDef); clientContext.ExecuteQuery(); foreach (var binding in roleDef) { outPutText += string.Format("[{0}]{1}: {2}<br/>", member.PrincipalType, member.LoginName, binding.Name); } } } }
/// <summary> /// Assigns item level permission /// </summary> /// <param name="clientContext">Client context object</param> /// <param name="listName">List name</param> /// <param name="listItemId">List item id</param> internal static void AssignItemPermission(ClientContext clientContext, string listName, int listItemId) { try { if (null != clientContext && !string.IsNullOrEmpty(listName)) { ListItem listItem = clientContext.Web.Lists.GetByTitle(listName).GetItemById(listItemId); clientContext.Load(listItem, item => item.HasUniqueRoleAssignments); clientContext.ExecuteQuery(); if (listItem.HasUniqueRoleAssignments) { SecurableObject listItemObject = listItem; ClientRuntimeContext clientRuntimeContext = clientContext; // get the user object Principal userPrincipal = clientContext.Web.AssociatedOwnerGroup; string roleName = ConfigurationManager.AppSettings["Role"]; RoleDefinition roleDefinition = clientContext.Web.RoleDefinitions.GetByName(roleName); // create the role definition binding collection RoleDefinitionBindingCollection roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(clientRuntimeContext); // add the role definition to the collection roleDefinitionBindingCollection.Add(roleDefinition); // create a RoleAssigment with the user and role definition listItemObject.RoleAssignments.Add(userPrincipal, roleDefinitionBindingCollection); clientRuntimeContext.ExecuteQuery(); } } } catch (Exception exception) { ErrorLogger.DisplayErrorMessage(string.Format(CultureInfo.InvariantCulture, Constants.AssigningPermissionsExceptionMessage, Constants.SettingsPage, exception.Message)); } }
public static Web GetAssociatedWeb(this SecurableObject securable) { if (securable is Web) { return((Web)securable); } if (securable is List) { var list = (List)securable; var web = list.ParentWeb; securable.Context.Load(web); securable.Context.ExecuteQueryRetry(); return(web); } if (securable is ListItem) { var listItem = (ListItem)securable; var web = listItem.ParentList.ParentWeb; securable.Context.Load(web); securable.Context.ExecuteQueryRetry(); return(web); } throw new Exception("Only Web, List, ListItem supported as SecurableObjects"); }
public static void SetSecurity(this SecurableObject securable, TokenParser parser, ObjectSecurity security) { //using (var scope = new PnPMonitoredScope("Set Security")) //{ var context = securable.Context as ClientContext; var groups = context.LoadQuery(context.Web.SiteGroups.Include(g => g.LoginName)); var webRoleDefinitions = context.LoadQuery(context.Web.RoleDefinitions); context.ExecuteQueryRetry(); securable.BreakRoleInheritance(security.CopyRoleAssignments, security.ClearSubscopes); foreach (var roleAssignment in security.RoleAssignments) { Principal principal = groups.FirstOrDefault(g => g.LoginName == parser.ParseString(roleAssignment.Principal)); if (principal == null) { principal = context.Web.EnsureUser(roleAssignment.Principal); } var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context); var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignment.RoleDefinition); if (roleDefinition != null) { roleDefinitionBindingCollection.Add(roleDefinition); } securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection); } context.ExecuteQueryRetry(); //} }
private NullSecurityClientTestHelper() { _mocks = new MockRepository(); _mockObjectSecurityStrategy = _mocks.StrictMock <IObjectSecurityStrategy>(); _securableObject = new SecurableObject(_mockObjectSecurityStrategy); }
public void Test_RecursiveSecurity_ChecksAccessOnNestedCall() { SecurableObject allowedObject = _testHelper.CreateSecurableObject(); SecurableObject deniedObject = _testHelper.CreateSecurableObject(); IQuery nestedQuery = _testHelper.CreateSecurableObjectQuery(); var nestedQueryResult = new QueryResult <DomainObject> (nestedQuery, new DomainObject[] { allowedObject, deniedObject }); HasAccessDelegate hasAccess = delegate { var filteredResult = _extension.FilterQueryResult(_testHelper.Transaction, nestedQueryResult); Assert.That(filteredResult.ToArray(), Is.EqualTo(new[] { allowedObject })); return(true); }; _testHelper.ExpectObjectSecurityStrategyHasAccess(allowedObject, GeneralAccessTypes.Find, true); _testHelper.ExpectObjectSecurityStrategyHasAccess(deniedObject, GeneralAccessTypes.Find, false); SecurableObject securableObject = _testHelper.CreateSecurableObject(); IQuery query = _testHelper.CreateSecurableObjectQuery(); var queryResult = new QueryResult <DomainObject> (query, new DomainObject[] { securableObject }); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, GeneralAccessTypes.Find, hasAccess); _testHelper.ReplayAll(); var finalResult = _extension.FilterQueryResult(_testHelper.Transaction, queryResult); _testHelper.VerifyAll(); Assert.That(finalResult.ToArray(), Is.EqualTo(new[] { securableObject })); }
private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, BreakRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); if (!securableObject.IsObjectPropertyInstantiated("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (!securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is FALSE. Breaking role inheritance with CopyRoleAssignments: [{0}] and ClearSubscopes: [{1}]", new object[] { breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes }); securableObject.BreakRoleInheritance(breakRoleInheritanceModel.CopyRoleAssignments, breakRoleInheritanceModel.ClearSubscopes); context.ExecuteQueryWithTrace(); } if (breakRoleInheritanceModel.ForceClearSubscopes) { TraceService.Verbose((int)LogEventId.ModelProvisionCoreCall, "ForceClearSubscopes is TRUE. Removing all role assignments."); context.Load(securableObject.RoleAssignments); context.ExecuteQueryWithTrace(); while (securableObject.RoleAssignments.Count > 0) { securableObject.RoleAssignments[0].DeleteObject(); } } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
private static void ApplySecurity(SecurableObject securable, TokenParser parser, ClientContext context, IEnumerable <Microsoft.SharePoint.Client.Group> groups, IEnumerable <Microsoft.SharePoint.Client.RoleDefinition> webRoleDefinitions, IEnumerable <Microsoft.SharePoint.Client.RoleAssignment> securableRoleAssignments, IEnumerable <Model.RoleAssignment> roleAssignmentsToHandle) { foreach (var roleAssignment in roleAssignmentsToHandle) { if (!roleAssignment.Remove) { var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal); Principal principal = TryGetGroupPrincipal(groups, roleAssignmentPrincipal); if (principal == null) { principal = context.Web.EnsureUser(roleAssignmentPrincipal); } if (principal != null) { var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context); var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition); var roleDefinition = webRoleDefinitions.FirstOrDefault(r => r.Name == roleAssignmentRoleDefinition); if (roleDefinition != null) { roleDefinitionBindingCollection.Add(roleDefinition); securable.RoleAssignments.Add(principal, roleDefinitionBindingCollection); } } } else { var roleAssignmentPrincipal = parser.ParseString(roleAssignment.Principal); Principal principal = TryGetGroupPrincipal(groups, roleAssignmentPrincipal); if (principal == null) { principal = context.Web.EnsureUser(roleAssignmentPrincipal); } principal.EnsureProperty(p => p.Id); if (principal != null) { var assignmentsForPrincipal = securableRoleAssignments.Where(t => t.PrincipalId == principal.Id); foreach (var assignmentForPrincipal in assignmentsForPrincipal) { var roleAssignmentRoleDefinition = parser.ParseString(roleAssignment.RoleDefinition); var binding = assignmentForPrincipal.EnsureProperty(r => r.RoleDefinitionBindings).FirstOrDefault(b => b.Name == roleAssignmentRoleDefinition); if (binding != null) { assignmentForPrincipal.DeleteObject(); context.ExecuteQueryRetry(); break; } } } } } }
public static PermissionCollection GetPermissions(this SecurableObject secObj) { Type secType = secObj.GetType(); string name = secType.Name.Equals("ListItem") ? "DisplayName" : "Title"; secObj.Context.Load(secObj, s => s.HasUniqueRoleAssignments, s => s.RoleAssignments); try { secObj.Context.ExecuteQuery(); } catch (ServerException) { return(null); } bool?check = secObj.IsPropertyAvailable("HasUniqueRoleAssignments") ? (bool?)secObj.HasUniqueRoleAssignments : null; if (!check.HasValue) { return(null); } //if (!(secObj is Web)) //{ // MethodInfo genMeth = typeof(ClientObjectExtensions) // .GetMethod("GetClientObjectExpression", BindingFlags.Static | BindingFlags.NonPublic) // .MakeGenericMethod(secType); // object nameExpression = genMeth.Invoke(null, new object[] // { // secObj, name // }); // object idExpression = genMeth.Invoke(null, new object[] // { // secObj, "Id" // }); // MethodInfo genLoad = typeof(ClientObjectExtensions) // .GetMethod("SpecialLoad", BindingFlags.NonPublic | BindingFlags.Static) // .MakeGenericMethod(secType); // genLoad.Invoke(secObj, new object[] // { // secObj, nameExpression // }); // genLoad.Invoke(secObj, new object[] // { // secObj, idExpression // }); // secObj.Context.ExecuteQuery(); //} PermissionCollection permissions = PermissionCollection.ResolvePermissions(secObj); //ValueTuple<string, object> tuple = GetNameAndIdValue(secObj, name); return(permissions); }
public void ExpectObjectSecurityStrategyHasAccessWithMatchingScope(SecurableObject securableObject, ClientTransactionScope expectedScope) { IObjectSecurityStrategy objectSecurityStrategy = securableObject.GetSecurityStrategy(); Expect.Call(objectSecurityStrategy.HasAccess(null, null, null)) .IgnoreArguments() .WhenCalled(mi => CheckScope(expectedScope)) .Return(true); }
private void AddSecuringObject(SecurableObject secObj) { if (this.InnerList.Count > 0) { this.InnerList.ForEach((a) => { a.SecuringObject = secObj; }); } }
public static bool HasClearSubscopes(this SecurableObject secObject) { if (!secObject.IsPropertyAvailable("RoleAssignments")) { secObject.Context.Load(secObject, s => s.RoleAssignments); secObject.Context.ExecuteQuery(); } return(secObject.RoleAssignments.Count == 0); }
public void Test_WithNewObject_DoesNotPerformSecurityCheck() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); _testHelper.ReplayAll(); _extension.ObjectDeleting(_testHelper.Transaction, securableObject); _testHelper.VerifyAll(); }
private static ValueTuple <string, object> GetNameAndIdValue(SecurableObject secObj, string nameProperty) { Type objType = secObj.GetType(); PropertyInfo namePi = objType.GetProperty(nameProperty, BindingFlags.Instance | BindingFlags.Public); PropertyInfo idPi = objType.GetProperty("Id", BindingFlags.Instance | BindingFlags.Public); string nameVal = namePi.GetValue(secObj) as string; object idVal = idPi.GetValue(secObj); return(new ValueTuple <string, object>(nameVal, idVal)); }
public void Test_AccessDenied_ThrowsPermissionDeniedException() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); _testHelper.Transaction.Commit(); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, GeneralAccessTypes.Delete, false); _testHelper.ReplayAll(); _extension.ObjectDeleting(_testHelper.Transaction, securableObject); }
public void Test_AccessDenied_ThrowsPermissionDeniedException() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(_getMethodInformation, TestAccessTypes.First); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, TestAccessTypes.First, false); _testHelper.ReplayAll(); _extension.PropertyValueReading(_testHelper.Transaction, securableObject, _stringPropertyDefinition, ValueAccess.Current); }
public void Test_ID_DoesNotPerformSecurityCheck() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); _testHelper.AddExtension(_extension); _testHelper.ReplayAll(); Dev.Null = _testHelper.Transaction.ExecuteInScope(() => securableObject.ID); _testHelper.VerifyAll(); }
public void CheckAccess_AccessDenied() { ExpectObjectSecurityStrategyHasAccessForSecurableObject(GeneralAccessTypes.Read, false); SecurableObject thisObject = new SecurableObject(_mockObjectSecurityStrategy); TestFunctionWithPermissionsFromInstanceMethod function = new TestFunctionWithPermissionsFromInstanceMethod(thisObject); function.ThisObject = thisObject; // Required because in this test the WxeFunction has not started executing. _mocks.ReplayAll(); _securityAdapter.CheckAccess(function); }
/// <summary> /// Adds the specified securable object,inserts the ISecurableObject object. /// </summary> /// <param name="securableObject">The securable object.</param> public void Add(ISecurableObject securableObject) { SecurableObject obj = new SecurableObject() { Application = securableObject.Application, SecurableObjectType = securableObject.SecurableObjectType, Guid = securableObject.SecurableObjectGuid }; this.securableObjectDao.Add(obj); }
public void BreakRoleInheritance(bool copyRoleAssignments, object clearSubscopes) { if (clearSubscopes == Undefined.Value || clearSubscopes == Null.Value || clearSubscopes == null) { SecurableObject.BreakRoleInheritance(copyRoleAssignments); } else { SecurableObject.BreakRoleInheritance(copyRoleAssignments, TypeConverter.ToBoolean(clearSubscopes)); } }
public void Test_AccessedViaDomainObject() { IObjectSecurityStrategy objectSecurityStrategy = _testHelper.CreateObjectSecurityStrategy(); _testHelper.AddExtension(_extension); _testHelper.ExpectFunctionalSecurityStrategyHasAccess(typeof(SecurableObject), GeneralAccessTypes.Create, true); _testHelper.ReplayAll(); SecurableObject.NewObject(_testHelper.Transaction, objectSecurityStrategy); _testHelper.VerifyAll(); }
public void Test_AccessGranted_DowsNotThrow() { SecurableObject securableObject = _testHelper.CreateSecurableObject(); _testHelper.ExpectPermissionReflectorGetRequiredMethodPermissions(_setMethodInformation, TestAccessTypes.First); _testHelper.ExpectObjectSecurityStrategyHasAccess(securableObject, TestAccessTypes.First, true); _testHelper.ReplayAll(); _extension.PropertyValueChanging(_testHelper.Transaction, securableObject, _stringPropertyDefinition, "old", "new"); _testHelper.VerifyAll(); }
private static IEnumerable <RoleAssignment> RoleAssignmentsLoadQuery(SecurableObject obj, ClientContext clientContext) { IEnumerable <RoleAssignment> listRoles = clientContext.LoadQuery( obj.RoleAssignments.Include( roleAsg => roleAsg.Member, roleAsg => roleAsg.RoleDefinitionBindings.Include( roleDef => roleDef.Id, roleDef => roleDef.Name, roleDef => roleDef.Description))); return(listRoles); }
public void ExpectObjectSecurityStrategyHasAccess(SecurableObject securableObject, Enum accessTypeEnum, HasAccessDelegate doDelegate) { IObjectSecurityStrategy objectSecurityStrategy = securableObject.GetSecurityStrategy(); Expect.Call( objectSecurityStrategy.HasAccess( Arg.Is(_mockSecurityProvider), Arg.Is(_stubUser), Arg <IReadOnlyList <AccessType> > .List.Equal(new[] { AccessType.Get(accessTypeEnum) }))) .WhenCalled(mi => CheckTransaction()) .Do(doDelegate); }
protected Web ExtractWeb(SecurableObject securableObject) { if (securableObject is Web) return securableObject as Web; if (securableObject is List) return (securableObject as List).ParentWeb; if (securableObject is ListItem) return (securableObject as ListItem).ParentList.ParentWeb; throw new Exception(string.Format("Can't extract SPWeb for securableObject of type: [{0}]", securableObject.GetType())); }
public static SPDGRoleAssignment GetRoleAssignmentByPrincipal(SecurableObject securableObject, ClientContext context, SPDGPrincipal principal) { var principalId = principal.ID; var roleAss = securableObject.RoleAssignments.Where(x => x.PrincipalId == principalId).Include(x => x.RoleDefinitionBindings, x => x.Member, x => x.PrincipalId); var results = context.LoadQuery(roleAss); context.ExecuteQuery(); if (results.Any()) { return new SPDGClientRoleAssignment(results.First(), principal, results.First().RoleDefinitionBindings.Select(x => new SPDGClientRoleDefinition(x))); } else { return null; } }
public static void AddRoleAssignment(SecurableObject securableObject, ClientContext context, SPDGPrincipal principal, IEnumerable<SPDGRoleDefinition> roleDefinitions) { Principal p; if (principal is SPDGClientUser) { p = ((SPDGClientUser)principal).User; } else { p = ((SPDGClientGroup)principal).Group; } var roleDefinitionBindingCollection = new RoleDefinitionBindingCollection(context); foreach (var spdgRoleDefinition in roleDefinitions) { roleDefinitionBindingCollection.Add(((SPDGClientRoleDefinition)spdgRoleDefinition).Definition); } securableObject.RoleAssignments.Add(p, roleDefinitionBindingCollection); context.ExecuteQuery(); }
private void ProcessRoleInheritance(object modelHost, SecurableObject securableObject, ResetRoleInheritanceDefinition breakRoleInheritanceModel) { var context = securableObject.Context; InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioning, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); if (!securableObject.IsObjectPropertyInstantiated("HasUniqueRoleAssignments")) { context.Load(securableObject, s => s.HasUniqueRoleAssignments); context.ExecuteQueryWithTrace(); } if (securableObject.HasUniqueRoleAssignments) { TraceService.VerboseFormat((int)LogEventId.ModelProvisionCoreCall, "HasUniqueRoleAssignments is TRUE. Resetting role inheritance", null); securableObject.ResetRoleInheritance(); context.ExecuteQueryWithTrace(); } InvokeOnModelEvent(this, new ModelEventArgs { CurrentModelNode = null, Model = null, EventType = ModelEventType.OnProvisioned, Object = securableObject, ObjectType = typeof(SecurableObject), ObjectDefinition = breakRoleInheritanceModel, ModelHost = modelHost }); }
/// <summary> /// Saves the specified securable object,inserts the ISecurableObject object into the system . /// </summary> /// <param name="securableObject">The securable object.</param> public void Save(SecurableObject securableObject) { //securableObject.SecurableObjectGuid = this.GetNewSecurableObjectGuid(); this.securableObjectDao.Add(securableObject); }
public void Add(Guid? securableParentUid, SecurableObject securableObject) { Guid permissionSourceObject; if (securableParentUid == null || securableObject.BreaksInheritance) { /// This means it's a domain object or has broken inheritance. permissionSourceObject = securableObject.SecurableObjectUid; } else { /// Assume inheritance as we were only given a GUID. permissionSourceObject = securableParentUid.Value; } /// We can now call the other overloaded version. As we have filled in the securableParentUid field, /// this will be what is used to store our SecurableObjectUid against. Add(permissionSourceObject, securableObject.SecurableObjectUid); }
private bool CheckPermissionOnPrinciple(SecurableObject securableObject, Principal principle, string roleDefinitionName) { //Get Roles for the User RoleDefinitionBindingCollection roleDefinitionBindingCollection = securableObject.RoleAssignments.GetByPrincipal(principle).RoleDefinitionBindings; securableObject.Context.Load(roleDefinitionBindingCollection); securableObject.Context.ExecuteQueryRetry(); //Check if assigned role is found bool roleExists = false; foreach (RoleDefinition rd in roleDefinitionBindingCollection) { if (rd.Name == roleDefinitionName) { roleExists = true; } } return roleExists; }
private void ProcessRoleAssignments(SecurableObject securableObject, ClientContext clientContext) { clientContext.Load(securableObject, x => x.HasUniqueRoleAssignments); clientContext.ExecuteQuery(); if (!securableObject.HasUniqueRoleAssignments) { outPutText += "Same perms as parent" + "<br/>"; } else { RoleAssignmentCollection roleAssignments = securableObject.RoleAssignments; clientContext.Load<RoleAssignmentCollection>(roleAssignments); clientContext.ExecuteQuery(); foreach (RoleAssignment roleAssignment in roleAssignments) { Principal member = roleAssignment.Member; RoleDefinitionBindingCollection roleDef = roleAssignment.RoleDefinitionBindings; clientContext.Load(member); clientContext.Load<RoleDefinitionBindingCollection>(roleDef); clientContext.ExecuteQuery(); foreach (var binding in roleDef) { outPutText += string.Format("[{0}]{1}: {2}<br/>", member.PrincipalType, member.LoginName, binding.Name); } } } }
/// <summary> /// Load properties of the current securable object and get child securable objects with unique role assignments if any. /// </summary> /// <param name="obj">The current securable object.</param> /// <param name="leafBreadthLimit">Skip further visiting on this branch if the number of child items or documents with unique role assignments exceeded leafBreadthLimit.</param> /// <returns>The child securable objects.</returns> internal static IEnumerable<SecurableObject> Preload(this SecurableObject obj, int leafBreadthLimit) { var context = obj.Context; IEnumerable<SecurableObject> subObjects = new SecurableObject[] { }; if (obj is Web) { var web = obj as Web; context.Load(web, w => w.Url, w => w.HasUniqueRoleAssignments); context.ExecuteQueryRetry(); if (web.HasUniqueRoleAssignments) { context.Load(web.RoleAssignments); context.Load(web.RoleAssignments.Groups); context.ExecuteQueryRetry(); } var lists = context.LoadQuery(web.Lists.Where(l => l.BaseType == BaseType.DocumentLibrary)); var webs = context.LoadQuery(web.Webs); context.ExecuteQueryRetry(); subObjects = lists.Select(l => l as SecurableObject).Union(webs.Select(w => w as SecurableObject)); } else if (obj is List) { var list = obj as List; context.Load(list, l => l.ItemCount, l => l.DefaultViewUrl, l => l.HasUniqueRoleAssignments); context.ExecuteQueryRetry(); if (list.ItemCount <= 0 || Constants.SkipPathes.Any(p => list.DefaultViewUrl.IndexOf(p) != -1)) return null; if (list.HasUniqueRoleAssignments) { context.Load(list.RoleAssignments); context.Load(list.RoleAssignments.Groups); context.ExecuteQueryRetry(); } if (leafBreadthLimit > 0 && list.ItemCount > 0) { var query = new CamlQuery(); query.ViewXml = String.Format(Constants.AllItemCamlQuery, Constants.ListItemDirField, Constants.ListItemFileNameField); var items = context.LoadQuery(list.GetItems(query).Where(i => i.HasUniqueRoleAssignments)); context.ExecuteQueryRetry(); if (items.Count() <= leafBreadthLimit) { subObjects = items; } else { Trace.TraceWarning(CoreResources.SecurityExtensions_Warning_SkipFurtherVisitingForTooManyChildObjects, obj.GetPath(), list.ItemCount, leafBreadthLimit); } } } else if (obj is ListItem) { var item = obj as ListItem; context.Load(item.RoleAssignments); context.Load(item.RoleAssignments.Groups); context.ExecuteQueryRetry(); } return subObjects; }
/// <summary> /// Deletes the specified securable object. /// </summary> /// <param name="securableObject">The securable object.</param> public void Delete(SecurableObject securableObject) { this.securableObjectDao.Delete(securableObject); }
/// <summary> /// Ensure all users of a given SharePoint group has been cached. /// </summary> /// <param name="obj">The current securable object.</param> /// <param name="groupLoginName">The group login name.</param> private static void EnsureGroupCache(SecurableObject obj, string groupLoginName) { var context = obj.Context; if (!MockupGroupCache.ContainsKey(groupLoginName)) { var users = context.LoadQuery(obj.RoleAssignments.Groups.First(g => g.LoginName == groupLoginName).Users); context.ExecuteQueryRetry(); MockupGroupCache[groupLoginName] = (from u in users select new UserEntity() { Title = u.Title, Email = u.Email, LoginName = u.LoginName }).ToArray(); } }
/// <summary> /// Adds the specified securable object,inserts the ISecurableObject object. /// </summary> /// <param name="securableObject">The securable object.</param> public void Add(SecurableObject securableObject) { this.securableObjectDao.Add(securableObject); }
internal SecurableObject CreateSecurableObject(bool breaksInheritance) { SecurableObject createdSecurableObject = null; SPSecurity.RunWithElevatedPrivileges(delegate() { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(Context.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { SecurableObject securableObject = new SecurableObject(); securableObject.SecurableObjectUid = SecurableObject.SecurableObjectUid; securableObject.BreaksInheritance = breaksInheritance; securableObject.SecurableContextId = SecurableContextId; dataContext.SecurableObjects.InsertOnSubmit(securableObject); dataContext.SubmitChanges(); // Return the group that was created securableObject = (from so in dataContext.SecurableObjects where so.SecurableObjectUid == SecurableObject.SecurableObjectUid && so.SecurableContextId == SecurableContextId select so).First(); createdSecurableObject = securableObject; } } } }); return createdSecurableObject; }