internal GetSecurityAssociationsResponse RestoreRootMapInheritance(GlymaSecurableObject securableObject)
{
GetSecurityAssociationsResponse response = new GetSecurityAssociationsResponse() { HasError = false };
try
{
GetSecurableContextIdResponse securableContextIdResponse = GetSecurableContextId();
if (!securableContextIdResponse.HasError)
{
int securableContextId = securableContextIdResponse.Result;
SecurableObject obj = GetSecurableObject(securableContextId, securableObject.SecurableObjectUid);
GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
if (obj == null)
{
obj = securableObjectContext.CreateSecurableObject(false);
}
if (obj.BreaksInheritance)
{
securableObjectContext.SetSecurableObjectInheritance(false);
}
RemoveRootMapGroupAssociations(securableObject);
GlymaSecurableObject parentObject = new GlymaSecurableObject();
parentObject.SecurableParentUid = Guid.Empty;
parentObject.SecurableObjectUid = securableObject.SecurableParentUid;
GetAllSecurityGroupsResponse res = GetAllGlymaSecurityGroups();
if (!res.HasError)
{
IList<GlymaSecurityGroup> groups = ConversionUtility.ConvertDictToList(res.Result);
response = GetSecurityAssociations(groups, parentObject);
}
else
{
response.HasError = true;
response.ErrorMessage = "Failed returning the Glyma security groups. " + res.ErrorMessage;
}
}
else
{
response.HasError = true;
response.ErrorMessage = "Failed to restore root map inheritance. " + securableContextIdResponse.ErrorMessage;
}
}
catch (Exception ex)
{
response.HasError = true;
response.ErrorMessage = ex.Message;
}
return response;
}
private void CopyGroupAssociationsToRootMap(GlymaSecurableObject rootMapSecurableObject)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl))
{
using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
{
using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
{
var groupAssociations = from ga in dataContext.GroupAssociations
where ga.SecurableObjectUid == rootMapSecurableObject.SecurableParentUid
select ga;
if (groupAssociations.Any())
{
foreach (GroupAssociation groupAssociation in groupAssociations)
{
GlymaSecurableObject securableObject = new GlymaSecurableObject();
securableObject.SecurableParentUid = groupAssociation.SecurableObjectUid; //the parent is now the project uid
securableObject.SecurableObjectUid = rootMapSecurableObject.SecurableObjectUid; //the object is now the root map being copied to
GlymaSecurityAssociationContext securityAssocationContext = new GlymaSecurityAssociationContext(this, rootMapSecurableObject);
securityAssocationContext.CreateGroupAssociation(groupAssociation.GroupId);
}
}
}
}
}
});
}
private void RemoveRootMapGroupAssociations(GlymaSecurableObject rootMapSecurableObject)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl))
{
using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection())
{
using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection))
{
var groupAssociations = from ga in dataContext.GroupAssociations
where ga.SecurableObjectUid == rootMapSecurableObject.SecurableObjectUid &&
ga.SecurableParentUid == rootMapSecurableObject.SecurableParentUid
select ga;
if (groupAssociations.Any())
{
foreach (GroupAssociation groupAssociation in groupAssociations)
{
dataContext.GroupAssociations.DeleteOnSubmit(groupAssociation);
}
dataContext.SubmitChanges();
}
}
}
}
});
}
/// <summary>
/// Gets the current security associations for a list of groups against a particular securable object
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="glGroups">A list of groups to get the security assocations for</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns>
internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable<GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject)
{
GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false };
if (this.CurrentUser.IsUserSecurityManager())
{
SecurityAssociations securityAssociations = new SecurityAssociations();
Dictionary<GlymaSecurityGroup, bool> results = new Dictionary<GlymaSecurityGroup, bool>();
SecurableContext securableContext = GetSecurableContext();
int securableContextId = securableContext.SecurableContextId;
GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
bool isInherited = securableObjectContext.GetIsInherited();
foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups)
{
try
{
GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject);
bool response = securityAssociationContext.HasAssociation();
results.Add(glymaSecurityGroup, response);
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
}
if (!result.HasError)
{
securityAssociations.HasAssociations = results;
securityAssociations.IsInherited = isInherited;
result.Result = securityAssociations;
}
}
else
{
result.HasError = true;
result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
}
return result;
}
internal ResponseObject BreakRootMapInheritance(GlymaSecurableObject securableObject)
{
ResponseObject response = new ResponseObject() { HasError = false };
try
{
GetSecurableContextIdResponse securableContextIdResponse = GetSecurableContextId();
if (!securableContextIdResponse.HasError)
{
int securableContextId = securableContextIdResponse.Result;
SecurableObject obj = GetSecurableObject(securableContextId, securableObject.SecurableObjectUid);
GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject);
if (obj == null)
{
obj = securableObjectContext.CreateSecurableObject(true);
}
if (!obj.BreaksInheritance)
{
securableObjectContext.SetSecurableObjectInheritance(true);
}
CopyGroupAssociationsToRootMap(securableObject);
}
}
catch (Exception ex)
{
response.HasError = true;
response.ErrorMessage = ex.Message;
}
return response;
}
public ResponseObject BreakRootMapInheritance(string webUrl, GlymaSecurableObject securableObject)
{
ResponseObject result = new ResponseObject() { HasError = false };
try
{
SecurityContextManager context = new SecurityContextManager(webUrl);
result = context.BreakRootMapInheritance(securableObject);
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
return result;
}
public GetSecurityAssociationsResponse RestoreRootMapInheritance(string webUrl, GlymaSecurableObject securableObject)
{
GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false };
try
{
SecurityContextManager context = new SecurityContextManager(webUrl);
result = context.RestoreRootMapInheritance(securableObject);
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
return result;
}
/// <summary>
/// Gets the highest permission (role) name that the current user has if they have access to the object
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <returns>The Glyma permission level name if the user has access or null if the user doens't have access</returns>
public GetPermissionLevelResponse GetPermissionLevelForObject(string webUrl, GlymaSecurableObject securableObject)
{
GetPermissionLevelResponse result = new GetPermissionLevelResponse() { HasError = false };
SecurityContextManager securityContext = new SecurityContextManager(webUrl);
if (securityContext.CurrentUser.IsUserMapReader())
{
GlymaPermissionLevel highestPermissionLevel = GlymaPermissionLevel.None;
try
{
GetCurrentUserAccessToObjectResponse response = securityContext.CurrentUser.GetCurrentUserAccessToObject(securableObject, false);
if (!response.HasError)
{
if (response.HasAccess)
{
//if the user has access to the object (project or root map) get there highest permission level
highestPermissionLevel = response.HighestPermissionLevel;
}
else
{
//The user has no access
result.Result = GlymaPermissionLevel.None;
}
}
else
{
result.HasError = true;
result.ErrorMessage = response.ErrorMessage;
}
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
if (!result.HasError)
{
result.Result = highestPermissionLevel;
}
}
else
{
result.HasError = true;
result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
}
return result;
}
/// <summary>
/// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to
/// with the newly created project.
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="securableObject">Describes the project that was just added</param>
/// <returns>A response object indicating if the operation completed without error.</returns>
public ResponseObject SetProjectManagerGroupAssociations(string webUrl, GlymaSecurableObject securableObject)
{
ResponseObject result = new ResponseObject() { HasError = false };
try
{
SecurityContextManager context = new SecurityContextManager(webUrl);
result = context.CurrentUser.SetProjectManagerGroupAssociations(securableObject);
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
return result;
}
/// <summary>
/// Gets the current security associations for a list of groups against a particular securable object
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="groups">A list of groups to get the security assocations for</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns>
public GetSecurityAssociationsResponse GetSecurityAssociations(string webUrl, IEnumerable<GlymaSecurityGroup> groups, GlymaSecurableObject securableObject)
{
GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false };
SecurityContextManager securityContext = new SecurityContextManager(webUrl);
result = securityContext.GetSecurityAssociations(groups, securableObject);
return result;
}
/// <summary>
/// Gets the highest permission (role) name that the current user has if they have access to the object
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <returns>The Glyma permission level name if the user has access or null if the user doens't have access</returns>
public GetPermissionNameResponse GetPermissionNameForObject(string webUrl, GlymaSecurableObject securableObject)
{
GetPermissionNameResponse result = new GetPermissionNameResponse() { HasError = false };
GetPermissionLevelResponse response = GetPermissionLevelForObject(webUrl, securableObject);
if (!response.HasError)
{
result.Result = GlymaPermissionLevelHelper.GetPermissionLevelName(response.Result);
}
else
{
result.HasError = true;
result.ErrorMessage = response.ErrorMessage;
}
return result;
}
internal GlymaSecurableObjectContext(SecurityContextManager context, int securableContextId, GlymaSecurableObject securableObject)
{
SecurableContextId = securableContextId;
SecurableObject = securableObject;
Context = context;
}
/// <summary>
/// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to
/// with the newly created project.
/// </summary>
/// <param name="securableObject">Describes the project that was just added</param>
/// <returns>A response object indicating if the operation completed without error.</returns>
internal ResponseObject SetProjectManagerGroupAssociations(GlymaSecurableObject securableObject)
{
ResponseObject result = new ResponseObject() { HasError = false };
try
{
if (this.IsUserProjectManager()) //ensure they are a project manager
{
using (SPSite site = new SPSite(Context.WebUrl))
{
using (SPWeb currentWeb = site.OpenWeb())
{
GetSecurityGroupsResponse response = Context.GetSecurityGroups(GlymaPermissionLevel.GlymaProjectManager);
if (!response.HasError)
{
IList<GlymaSecurityGroup> pmGroupsToAssociate = new List<GlymaSecurityGroup>();
IList<GlymaSecurityGroup> pmGroups = response.Result;
//for any group that is a Glyma Project Manager group
foreach (SPGroup group in CurrentSPUser.Groups)
{
foreach (GlymaSecurityGroup projectManagerGroup in pmGroups)
{
Group glGroup = Context.GetGroup(projectManagerGroup);
if (group.ID == glGroup.GroupSPID)
{
pmGroupsToAssociate.Add(projectManagerGroup);
}
}
}
//Add the security association for every Glyma Project Manager group the current user belongs to.
foreach (GlymaSecurityGroup glGroup in pmGroupsToAssociate)
{
GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(Context, glGroup, securableObject);
ResponseObject addResponse = securityAssociationContext.SetSecurityAssociation(false);
if (addResponse.HasError)
{
//if an error occurs adding the security association for any of the groups stop and return the error
result.HasError = true;
result.ErrorMessage = addResponse.ErrorMessage;
break;
}
}
}
else
{
//there was an error get the groups that have been assigned the permission level of Glyma Project Manager
result.HasError = true;
result.ErrorMessage = response.ErrorMessage;
}
}
}
}
else
{
//Only a Glyma Project Manager can call this method
result.HasError = true;
result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method.";
}
}
catch (Exception ex)
{
result.HasError = true;
result.ErrorMessage = ex.Message;
}
return result;
}
/// </summary>
/// <param name="webUrl">The URL for the SP site</param>
/// <param name="securableObject">An object that contains the Parent and Object ID's
/// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects),
/// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param>
/// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user
/// has access to it returns true for the project as well (only true for when working out the filtered lists)</param>
/// <returns>True if the user belongs to a group that has access to the securable object</returns>
internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false)
{
GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse() {
HasError = false,
HasAccess = false,
HighestPermissionLevel = GlymaPermissionLevel.None
};
try
{
using (SPSite site = new SPSite(Context.WebUrl))
{
using (SPWeb currentWeb = site.OpenWeb())
{
IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel();
if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None)
{
result.HasAccess = false;
result.HighestPermissionLevel = GlymaPermissionLevel.None;
return result; //an error occured so assume there is no access to the object
}
else
{
if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager)
{
//The Glyma Security Manager permission exists for this user, they can access anything
result.HasAccess = true;
result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager;
return result;
}
}
GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups();
if (!allSPSecurityGroups.HasError)
{
//GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result);
GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result);
//gets a sorted list of groups highest to lowest permission level
IList<GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser);
SecurableContext securableContext = Context.GetSecurableContext();
//check each glyma group the person has associated with them for access to the maps
foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups)
{
GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject);
bool response = securityAssociation.HasAssociation(checkProjectsChildren);
if (response)
{
result.HasAccess = response;
result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup);
return result;
}
}
}
}
}
}
catch (Exception e)
{
result.HasError = true;
result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message;
}
return result; //if it gets all the way to here it's the default no access response
}
internal GlymaSecurityAssociationContext(SecurityContextManager context, GlymaSecurableObject securableObject)
{
Context = context;
SecurableObject = securableObject;
}
internal GlymaSecurityAssociationContext(SecurityContextManager context, GlymaSecurityGroup group, GlymaSecurableObject securableObject)
{
Group = group;
SecurableObject = securableObject;
Context = context;
}