/// <summary>
/// Check if a specific permission entity allows for the desired permission
/// </summary>
/// <param name="permissionEntity">The entity describing a permission</param>
/// <param name="desiredActionCode">A key like r (for read), u (for update) etc. which is the level you want to check</param>
/// <returns></returns>
private bool DoesPermissionAllow(ToSic.Eav.Interfaces.IEntity permissionEntity, char desiredActionCode)
{
// Check if it's a grant-read permission - otherwise stop here
var grnt = permissionEntity.GetBestValue(Grant).ToString();
if (grnt.IndexOf(desiredActionCode) == -1) // Grant doesn't contain read, so stop here
{
return(false);
}
// Check if the current user fits the reason for this grant
try
{
// check general permissions
var condition = permissionEntity.GetBestValue(Condition).ToString();
if (condition.ToLower().StartsWith(_salPrefix))
{
var salWord = condition.Substring(_salPrefix.Length);
var sal = (SecurityAccessLevel)Enum.Parse(typeof(SecurityAccessLevel), salWord);
// check anonymous - this is always valid, even if not in a module context
if (sal == SecurityAccessLevel.Anonymous)
{
return(true);
}
// check within module context
if (Module == null)
{
throw new Exception("trying to check permission " + _salPrefix + ", but don't have module in context");
}
return(DotNetNuke.Security.Permissions.ModulePermissionController
.HasModuleAccess(sal, CustomPermissionKey, Module));
}
// check owner conditions
if (condition == _keyOwner)
{
// if it's an entity, possibly also check owner-permissions
if (TargetItem != null && TargetItem.Owner == Environment.Dnn7.UserIdentity.CurrentUserIdentityToken)
{
return(true);
}
}
}
catch
{
// something happened, in this case we assume that this rule cannot described a "is allowed"
return(false);
}
// If the code gets here, we apparently don't know what the rule is about - return false
return(false);
}
private string GetBestString(string key) => (string)_templateEntity.GetBestValue(key);
