// //==================================================================================================== /// <summary> /// Permissions this user has for this content. /// </summary> public static UserContentPermissions getUserContentPermissions(CoreController core, ContentMetadataModel cdef) { var result = new UserContentPermissions { allowDelete = false, allowAdd = false, allowSave = false, allowEdit = false }; try { if ((!core.session.isAuthenticated) || (cdef == null)) { // // -- exit with no rights return(result); } if (core.session.isAuthenticatedDeveloper()) { // // developers are always content managers result.allowEdit = true; result.allowSave = true; result.allowAdd = cdef.allowAdd; result.allowDelete = cdef.allowDelete; } else if (core.session.isAuthenticatedAdmin()) { // // admin is content manager if the CDef is not developer only if (!cdef.developerOnly) { result.allowEdit = true; result.allowSave = true; result.allowAdd = cdef.allowAdd; result.allowDelete = cdef.allowDelete; } } else { // // Authenticated and not admin or developer result = getUserAuthoringPermissions_ContentManager(core, cdef, new List <int>()); } } catch (Exception ex) { LogController.logError(core, ex); } return(result); }
// //==================================================================================================== /// <summary> /// Checks if the member is a content manager for the specific content, Which includes transversing up the tree to find the next rule that applies. Member must be checked for authenticated and main_IsAdmin already /// </summary> /// <param name="core"></param> /// <param name="contentId"></param> /// <param name="returnAllowEdit"></param> /// <param name="returnAllowAdd"></param> /// <param name="returnAllowDelete"></param> /// <param name="usedContentIdList"></param> //======================================================================== // private static UserContentPermissions getUserAuthoringPermissions_ContentManager(CoreController core, ContentMetadataModel cdef, List <int> usedContentIdList) { var result = new UserContentPermissions { allowAdd = false, allowDelete = false, allowEdit = false, allowSave = false }; try { if (usedContentIdList.Contains(cdef.id)) { // // failed usedContentIdList test, this content id was in the child path // throw new ArgumentException("ContentID [" + cdef.id + "] was found to be in it's own parentid path."); } else if (cdef.id < 1) { // // ----- not a valid contentname // } else if (core.doc.contentAccessRights_NotList.Contains(cdef.id)) { // // ----- was previously found to not be a Content Manager // } else if (core.doc.contentAccessRights_List.Contains(cdef.id)) { // // ----- was previously found to be a Content Manager // result.allowEdit = true; result.allowSave = true; result.allowAdd = core.doc.contentAccessRights_AllowAddList.Contains(cdef.id); result.allowDelete = core.doc.contentAccessRights_AllowDeleteList.Contains(cdef.id); } else { // // ----- Must test it // string SQL = "SELECT ccGroupRules.ContentID,allowAdd,allowDelete" + " FROM ccGroupRules RIGHT JOIN ccMemberRules ON ccGroupRules.GroupId = ccMemberRules.GroupID" + " WHERE (" + " (ccMemberRules.memberId=" + DbController.encodeSQLNumber(core.session.user.id) + ")" + " AND(ccMemberRules.active<>0)" + " AND(ccGroupRules.active<>0)" + " AND(ccGroupRules.ContentID=" + cdef.id + ")" + " AND((ccMemberRules.DateExpires is null)OR(ccMemberRules.DateExpires>" + DbController.encodeSQLDate(core.doc.profileStartTime) + "))" + ");"; using (var csData = new CsModel(core)) { csData.openSql(SQL); if (csData.ok()) { result.allowEdit = true; result.allowSave = true; result.allowAdd = csData.getBoolean("allowAdd"); result.allowDelete = csData.getBoolean("allowDelete"); } } // if (!result.allowEdit) { // // ----- Not a content manager for this one, check the parent if (cdef.parentId > 0) { var parentCdef = ContentMetadataModel.create(core, cdef.parentId); usedContentIdList.Add(cdef.id); getUserAuthoringPermissions_ContentManager(core, cdef, usedContentIdList); } } if (result.allowEdit) { // // ----- Was found to be true // core.doc.contentAccessRights_List.Add(cdef.id); if (result.allowEdit) { core.doc.contentAccessRights_AllowAddList.Add(cdef.id); } if (result.allowDelete) { core.doc.contentAccessRights_AllowDeleteList.Add(cdef.id); } } else { // // ----- Was found to be false // core.doc.contentAccessRights_NotList.Add(cdef.id); } } } catch (Exception ex) { LogController.logError(core, ex); throw; } return(result); }