/// <summary> /// Each Umbraco User should have an Umbraco Forms permissions record for each form. /// This preserves existing permissions and adds a 'deny' permission if there is no record. /// </summary> /// <param name="userId">The user.</param> /// <param name="forEveryone">if set to <c>true</c> overwrite all existing permissions with 'deny'.</param> public void RemoveDefaultAccessToForms(int userId, bool forEveryone) { using (FormStorage formStorage = new FormStorage()) { using (UserFormSecurityStorage formSecurityStorage = new UserFormSecurityStorage()) { IEnumerable <Form> allForms = formStorage.GetAllForms(); foreach (Form form in allForms) { var formSecurityForUser = formSecurityStorage.GetUserFormSecurity(userId, form.Id).FirstOrDefault(); var hasSecurityAlready = (formSecurityForUser != null); if (!hasSecurityAlready) { formSecurityForUser = UserFormSecurity.Create(); formSecurityForUser.User = userId.ToString(); formSecurityForUser.Form = form.Id; } formSecurityForUser.HasAccess = false; if (!hasSecurityAlready) { formSecurityStorage.InsertUserFormSecurity(formSecurityForUser); } else if (forEveryone) { formSecurityStorage.UpdateUserFormSecurity(formSecurityForUser); } } } } }
/// <summary> /// Returns a list of users granted access to an Umbraco Form. /// </summary> /// <param name="userService">The user service.</param> /// <param name="formId">The form identifier.</param> /// <returns></returns> public FormSecurity PermissionsToForm(IUserService userService, Guid formId) { if (userService == null) { throw new ArgumentNullException(nameof(userService)); } var formSecurity = new FormSecurity(); using (FormStorage formStorage = new FormStorage()) { var form = formStorage.GetForm(formId); if (form != null) { formSecurity.FormName = form.Name; } } using (UserFormSecurityStorage formSecurityStorage = new UserFormSecurityStorage()) { var permissions = formSecurityStorage.GetUserFormSecurityForAllUsers(formId).Where <UserFormSecurity>(permission => permission.HasAccess == true); foreach (var permission in permissions) { var userId = Int32.Parse(permission.User, CultureInfo.InvariantCulture); formSecurity.Users.Add(new FormUser() { UserId = userId, UserDisplayName = userService.GetUserById(userId).Name }); } } return(formSecurity); }
/// <summary> /// Checks whether a back office User has access to a particular form. /// </summary> /// <param name="userId">The user identifier.</param> /// <param name="formId">The form identifier.</param> /// <returns></returns> public bool UserHasAccessToForm(int userId, Guid formId) { using (FormStorage formStorage = new FormStorage()) { using (UserFormSecurityStorage formSecurityStorage = new UserFormSecurityStorage()) { var form = formStorage.GetForm(formId); var formSecurityForUser = formSecurityStorage.GetUserFormSecurity(userId, formId).FirstOrDefault(); if (formSecurityForUser == null || !formSecurityForUser.HasAccess) { return(false); } } } return(true); }
/// <summary> /// Resets forms security, which removes all permissions and gives everyone access to every form /// </summary> /// <param name="userService">The user service.</param> /// <exception cref="ArgumentNullException">userService</exception> public void ResetFormsSecurity(IUserService userService) { if (userService == null) { throw new ArgumentNullException(nameof(userService)); } // For every Umbraco User including disabled accounts, remove their Umbraco Forms permissions (both deny and allow). // This actually grants everyone Manage Forms permission because the default is to allow everyone. var page = 0; var total = 0; var users = userService.GetAll(page, 10, out total); while (users.Any()) { foreach (var user in users) { using (UserSecurityStorage userSecurityStorage = new UserSecurityStorage()) { var userFormSecurityList = userSecurityStorage.GetUserSecurity(user.Id.ToString()); foreach (var userSecurity in userFormSecurityList) { userSecurityStorage.DeleteUserSecurity(userSecurity); } } } page++; users = userService.GetAll(page, 10, out total); } // For every form in Umbraco Forms, remove all the user permissions (both deny and allow). // This actually grants everyone access to every form because the default is to allow everyone. using (FormStorage formStorage = new FormStorage()) { using (UserFormSecurityStorage formSecurityStorage = new UserFormSecurityStorage()) { IEnumerable <Form> allForms = formStorage.GetAllForms(); foreach (Form form in allForms) { formSecurityStorage.DeleteAllUserFormSecurityForForm(form.Id); } } } }