private void CacheRightsForNode(MvcSiteMapNode mvcNode, MvcHandler handler, string permissionCacheKey)
{
lock (this.padlock)
{
// double check
if (!permissionCache.ContainsKey(permissionCacheKey))
{
// check permission attributes and store required rights in the permission cache.
// It's an MvcSiteMapNode, try to figure out the controller class
IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller);
Type controllerType = controller.GetType();
// Find all AuthorizeAttributes on the controller class and action method
ArrayList controllerAttributes = new ArrayList(controllerType.GetCustomAttributes(typeof(PermissionFilterAttribute), true));
ArrayList actionAttributes = new ArrayList();
MethodInfo[] methods = controllerType.GetType().GetMethods(BindingFlags.Public);
foreach (MethodInfo method in methods)
{
object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true);
if (
(attributes.Length == 0 && method.Name == mvcNode.Action) ||
(attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action)
)
{
actionAttributes.AddRange(method.GetCustomAttributes(typeof(PermissionFilterAttribute), true));
}
}
ICollection <string> rights = new List <string>();
// Attributes found?
if (controllerAttributes.Count > 0)
{
PermissionFilterAttribute attribute = controllerAttributes[0] as PermissionFilterAttribute;
foreach (string right in attribute.RightsArray)
{
if (!rights.Contains(right))
{
rights.Add(right);
}
}
}
if (actionAttributes.Count > 0)
{
PermissionFilterAttribute attribute = actionAttributes[0] as PermissionFilterAttribute;
foreach (string right in attribute.RightsArray)
{
if (!rights.Contains(right))
{
rights.Add(right);
}
}
}
permissionCache.Add(permissionCacheKey, rights.ToArray());
}
}
}
private MenuItemData GenerateMenuItemFromSiteMapNode(ActionExecutingContext filterContext, MvcSiteMapNode node, SiteMapNode currentNode, UrlHelper urlHelper)
{
// HACK: it's possible that we have a querystring ?container=true. This is required when for a top-level
// menu item with the same action and controller as one of the children. Leaving the parameter out causes the
// sitemapprovider to crash because it doesn't allow duplicate url's.
string url = node.Url.Replace("?container=true", String.Empty);
return new MenuItemData(VirtualPathUtility.ToAbsolute(url)
, GlobalResources.ResourceManager.GetString(node.ResourceKey, Thread.CurrentThread.CurrentUICulture)
, CheckInPath(node, currentNode, filterContext.RouteData)
, node.Icon != null ? urlHelper.Content("~/manager/Content/images/" + node.Icon) : null);
}
private bool CheckInPath(MvcSiteMapNode node, SiteMapNode currentNode, RouteData currentRouteData)
{
MvcSiteMapNode currentMvcNode = currentNode as MvcSiteMapNode;
if (currentMvcNode != null)
{
return currentMvcNode.Key == node.Key || currentMvcNode.IsDescendantOf(node);
}
// We might have some unmapped actions. Check routedata if the node is in the path. Only check top-level nodes.
if (currentRouteData != null)
{
return node.Controller == currentRouteData.Values["controller"].ToString()
&& node.ParentNode == this._sitemapProvider.RootNode;
}
return false;
}
/// <summary>
/// Determine if a node is accessible for a user
/// </summary>
/// <param name="context">Current HttpContext</param>
/// <param name="node">Sitemap node</param>
/// <param name="site">Cuyahoga site (optional)</param>
/// <returns>True/false if the node is accessible</returns>
public bool IsAccessibleToUser(HttpContextBase context, SiteMapNode node, Site site)
{
// Is security trimming enabled?
if (!this.SecurityTrimmingEnabled)
{
return(true);
}
// Is it a regular node? No need for more things to do!
MvcSiteMapNode mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
return(base.IsAccessibleToUser(HttpContext.Current, node)); // dirty, but the base sitemap provider requires an HttpContext.
}
// Find current handler
MvcHandler handler = context.Handler as MvcHandler;
if (handler != null)
{
User cuyahogaUser = handler.RequestContext.HttpContext.User as User;
if (cuyahogaUser == null)
{
return(false);
}
string permissionCacheKey = mvcNode.Key + "_" + mvcNode.Action;
if (!permissionCache.ContainsKey(permissionCacheKey))
{
CacheRightsForNode(mvcNode, handler, permissionCacheKey);
}
// Determine if the user has the required rights
foreach (string requiredRight in this.permissionCache[permissionCacheKey])
{
if (site == null && !cuyahogaUser.HasRight(requiredRight) ||
site != null && !cuyahogaUser.HasRight(requiredRight, site))
{
return(false);
}
}
return(true); // MVC handler and all required rights are OK.
}
return(false);
}
/// <summary>
/// Maps an XMLElement from the XML file to a SiteMapNode.
/// </summary>
/// <param name="node">The element to map.</param>
/// <returns>A SiteMapNode which represents the XMLElement.</returns>
protected SiteMapNode GetMvcSiteMapNodeFromXMLElement(XElement node)
{
// Get the ID attribute, need this so we can get the key.
string id = GetAttributeValue(node.Attribute("id"));
// Create a new sitemapnode, setting the key and url
var smNode = new MvcSiteMapNode(this, id);
// Create a route data dictionary
IDictionary <string, object> routeValues = new Dictionary <string, object>();
// Add each attribute to our attributes collection on the sitemapnode
// and to a route data dictionary.
foreach (XAttribute attribute in node.Attributes())
{
string attributeName = attribute.Name.ToString();
string attributeValue = attribute.Value;
smNode[attributeName] = attributeValue;
if (!this.ignoreAttributes.Contains(attributeName))
{
routeValues.Add(attributeName, attributeValue);
}
else if (attributeName == "paramid")
{
routeValues.Add("id", attributeValue);
}
}
// Set the other properties on the sitemapnode,
// these are for title and description, these come
// from the nodes attrbutes are we populated all attributes
// from the xml to the node.
smNode.Title = smNode["title"];
smNode.Description = smNode["description"];
smNode.ResourceKey = smNode["resourceKey"];
smNode.Controller = smNode["controller"];
smNode.Action = smNode["action"] ?? "Index";
smNode.Icon = smNode["icon"];
// Verify route values
if (!routeValues.ContainsKey("controller"))
{
routeValues.Add("controller", "Home");
}
if (!routeValues.ContainsKey("action"))
{
routeValues.Add("action", "Index");
}
// Build URL
HttpContextWrapper httpContext = new HttpContextWrapper(HttpContext.Current);
RouteData routeData = RouteTable.Routes.GetRouteData(httpContext);
if (routeData != null)
{
VirtualPathData virtualPath = routeData.Route.GetVirtualPath(new RequestContext(httpContext, routeData), new RouteValueDictionary(routeValues));
if (virtualPath != null)
{
smNode.Url = "~/" + virtualPath.VirtualPath;
}
else
{
canCache = false;
}
}
return(smNode);
}
public MvcSiteMapNode GetMvcParentNode(MvcSiteMapNode node)
{
return(node.ParentNode as MvcSiteMapNode);
}
private void CacheRightsForNode(MvcSiteMapNode mvcNode, MvcHandler handler, string permissionCacheKey)
{
lock (this.padlock)
{
// double check
if (! permissionCache.ContainsKey(permissionCacheKey))
{
// check permission attributes and store required rights in the permission cache.
// It's an MvcSiteMapNode, try to figure out the controller class
IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller);
Type controllerType = controller.GetType();
// Find all AuthorizeAttributes on the controller class and action method
ArrayList controllerAttributes = new ArrayList(controllerType.GetCustomAttributes(typeof(PermissionFilterAttribute), true));
ArrayList actionAttributes = new ArrayList();
MethodInfo[] methods = controllerType.GetType().GetMethods(BindingFlags.Public);
foreach (MethodInfo method in methods)
{
object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true);
if (
(attributes.Length == 0 && method.Name == mvcNode.Action)
|| (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action)
)
{
actionAttributes.AddRange(method.GetCustomAttributes(typeof(PermissionFilterAttribute), true));
}
}
ICollection<string> rights = new List<string>();
// Attributes found?
if (controllerAttributes.Count > 0)
{
PermissionFilterAttribute attribute = controllerAttributes[0] as PermissionFilterAttribute;
foreach (string right in attribute.RightsArray)
{
if (! rights.Contains(right))
{
rights.Add(right);
}
}
}
if (actionAttributes.Count > 0)
{
PermissionFilterAttribute attribute = actionAttributes[0] as PermissionFilterAttribute;
foreach (string right in attribute.RightsArray)
{
if (!rights.Contains(right))
{
rights.Add(right);
}
}
}
permissionCache.Add(permissionCacheKey, rights.ToArray());
}
}
}
/// <summary>
/// Maps an XMLElement from the XML file to a SiteMapNode.
/// </summary>
/// <param name="node">The element to map.</param>
/// <returns>A SiteMapNode which represents the XMLElement.</returns>
protected SiteMapNode GetMvcSiteMapNodeFromXMLElement(XElement node)
{
// Get the ID attribute, need this so we can get the key.
string id = GetAttributeValue(node.Attribute("id"));
// Create a new sitemapnode, setting the key and url
var smNode = new MvcSiteMapNode(this, id);
// Create a route data dictionary
IDictionary<string, object> routeValues = new Dictionary<string, object>();
// Add each attribute to our attributes collection on the sitemapnode
// and to a route data dictionary.
foreach (XAttribute attribute in node.Attributes())
{
string attributeName = attribute.Name.ToString();
string attributeValue = attribute.Value;
smNode[attributeName] = attributeValue;
if (! this.ignoreAttributes.Contains(attributeName))
{
routeValues.Add(attributeName, attributeValue);
}
else if (attributeName == "paramid")
{
routeValues.Add("id", attributeValue);
}
}
// Set the other properties on the sitemapnode,
// these are for title and description, these come
// from the nodes attrbutes are we populated all attributes
// from the xml to the node.
smNode.Title = smNode["title"];
smNode.Description = smNode["description"];
smNode.ResourceKey = smNode["resourceKey"];
smNode.Controller = smNode["controller"];
smNode.Action = smNode["action"] ?? "Index";
smNode.Icon = smNode["icon"];
// Verify route values
if (!routeValues.ContainsKey("controller")) routeValues.Add("controller", "Home");
if (!routeValues.ContainsKey("action")) routeValues.Add("action", "Index");
// Build URL
HttpContextWrapper httpContext = new HttpContextWrapper(HttpContext.Current);
RouteData routeData = RouteTable.Routes.GetRouteData(httpContext);
if (routeData != null)
{
VirtualPathData virtualPath = routeData.Route.GetVirtualPath(new RequestContext(httpContext, routeData), new RouteValueDictionary(routeValues));
if (virtualPath != null)
{
smNode.Url = "~/" + virtualPath.VirtualPath;
}
else
{
canCache = false;
}
}
return smNode;
}
public MvcSiteMapNode GetMvcParentNode(MvcSiteMapNode node)
{
return node.ParentNode as MvcSiteMapNode;
}
