private DocumentOpenLevel GetDocumentLevel(string path, int creatorId, int lastModifierId)
{
var userId = this.User.Id;
if (userId == -1)
{
return(DocumentOpenLevel.OpenMinor);
}
if (userId < -1)
{
return(DocumentOpenLevel.Denied);
}
bool isCreator = userId == creatorId;
bool isLastModifier = userId == lastModifierId;
var identities = new List <int>(((ContentRepository.User) this.User).Security.GetPrincipals(isCreator, isLastModifier));
SecurityEntry[] entries = null;
using (new SystemAccount())
entries = SecurityHandler.GetEffectiveEntries(path, creatorId, lastModifierId);
uint allowBits = 0;
uint denyBits = 0;
foreach (var entry in entries)
{
if (identities.Contains(entry.PrincipalId))
{
allowBits |= entry.AllowBits;
denyBits |= entry.DenyBits;
}
}
allowBits = allowBits & ~denyBits;
var docLevel = DocumentOpenLevel.Denied;
if ((allowBits & PermissionType.See.Mask) > 0)
{
docLevel = DocumentOpenLevel.See;
}
if ((allowBits & PermissionType.Preview.Mask) > 0)
{
docLevel = DocumentOpenLevel.Preview;
}
if ((allowBits & PermissionType.PreviewWithoutRedaction.Mask) > 0)
{
docLevel = DocumentOpenLevel.Open;
}
if ((allowBits & PermissionType.OpenMinor.Mask) > 0)
{
docLevel = DocumentOpenLevel.OpenMinor;
}
return(docLevel);
}
/// <summary>
/// Returns the current content's effective entries. Current user must have SeePermissions permission.
/// </summary>
/// <param name="entryType">Security entry type. Default: all entries.</param>
public List <AceInfo> GetEffectiveEntries(EntryType?entryType = null)
{
return(_securityHandler.GetEffectiveEntries(_node.Id, null, entryType));
}
private DocumentOpenLevel GetDocumentLevel(int nodeId)
{
var userId = _userId;
if (userId == -1)
{
return(DocumentOpenLevel.OpenMinor);
}
if (userId < -1)
{
return(DocumentOpenLevel.Denied);
}
List <int> identities;
try
{
identities = SecurityHandler.GetIdentitiesByMembership(_user, nodeId);
}
catch (EntityNotFoundException)
{
return(DocumentOpenLevel.Denied);
}
List <AceInfo> entries;
try
{
using (new SystemAccount())
entries = SecurityHandler.GetEffectiveEntries(nodeId);
}
catch (Exception ex) // LOGGED
{
//TODO: collect aggregated errors per query instead of logging every error
SnLog.WriteWarning($"GetEffectiveEntries threw an exception for id {nodeId}. Error: {ex}");
return(DocumentOpenLevel.Denied);
}
var allowBits = 0UL;
var denyBits = 0UL;
foreach (var entry in entries)
{
if (identities.Contains(entry.IdentityId))
{
allowBits |= entry.AllowBits;
denyBits |= entry.DenyBits;
}
}
allowBits = allowBits & ~denyBits;
var docLevel = DocumentOpenLevel.Denied;
if ((allowBits & PermissionType.See.Mask) > 0)
{
docLevel = DocumentOpenLevel.See;
}
if ((allowBits & PermissionType.Preview.Mask) > 0)
{
docLevel = DocumentOpenLevel.Preview;
}
if ((allowBits & PermissionType.PreviewWithoutRedaction.Mask) > 0)
{
docLevel = DocumentOpenLevel.Open;
}
if ((allowBits & PermissionType.OpenMinor.Mask) > 0)
{
docLevel = DocumentOpenLevel.OpenMinor;
}
return(docLevel);
}
