Exemple #1
0
        private static Dictionary <int, bool> CheckSecurity(SqlConnection sqlConnection, int parentId, IEnumerable <int> testIds, int userId, int startLevel, string entityName, string parentEntityName, string columnName)
        {
            var granted     = new Dictionary <int, bool>();
            var securitySql = Common.GetPermittedItemsAsQuery(sqlConnection, userId, 0, startLevel, PermissionLevel.FullAccess,
                                                              entityName, parentEntityName, parentId);

            var sql = string.Format(
                @" select i.id, cast((case when pi.{1} is null then 0 else 1 end) as bit) as granted from @ids i
				left join ({0}) as pi on pi.{1} = i.id "
                , securitySql, columnName);

            using (var cmd = SqlCommandFactory.Create(sql, sqlConnection))
            {
                cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
                {
                    TypeName = "Ids",
                    Value    = Common.IdsToDataTable(testIds)
                });
                using (var reader = cmd.ExecuteReader())
                {
                    while (reader.Read())
                    {
                        granted[(int)(decimal)reader["id"]] = (bool)reader["granted"];
                    }
                }
            }

            return(granted);
        }
Exemple #2
0
        public static Dictionary <int, bool> CheckLockedBy(SqlConnection dbConnection, int[] ids, int currentUserId, bool forceUnlock)
        {
            const string sql = @"select locked_by, content_item_id from content_item ci with(nolock) 
				inner join @ids i on i.id = ci.content_item_id where locked_by is not null and locked_by <> @userId "                ;

            var result = ids.ToDictionary(kvp => kvp, kvp => true);

            if (!forceUnlock)
            {
                using (var cmd = SqlCommandFactory.Create(sql, dbConnection))
                {
                    cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
                    {
                        TypeName = "Ids",
                        Value    = Common.IdsToDataTable(ids)
                    });

                    cmd.Parameters.AddWithValue("@userId", currentUserId);
                    using (var reader = cmd.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            var id = (int)(decimal)reader["content_item_id"];
                            result[id] = false;
                        }
                    }
                }
            }

            return(result);
        }
Exemple #3
0
        public static DataRow[] GetRelationSecurityFields(SqlConnection sqlConnection)
        {
            const string sqlText = @"
				select coalesce(ca3.content_id, ca1.content_id) as path_content_id, coalesce(ca4.CONTENT_ID, cl.linked_content_id) as rel_content_id, ca1.content_id, 
				cast(case when ca1.link_id is not null then 1 else 0 end as bit) as is_m2m,
				cast(case when ca2.attribute_id is not null then 1 else 0 end as bit) as is_ext,
				ca1.is_classifier,
				ca1.attribute_id, ca1.attribute_name, ca1.link_id, ca2.ATTRIBUTE_NAME as agg_attribute_name
				from CONTENT_ATTRIBUTE ca1
				left join content_link cl on ca1.content_id = cl.content_id and ca1.link_id = cl.link_id
				left join CONTENT_ATTRIBUTE ca4 on ca1.RELATED_ATTRIBUTE_ID = ca4.ATTRIBUTE_ID
				left join content_attribute ca2 on ca1.content_id = ca2.content_id and ca2.AGGREGATED = 1
				left join content_attribute ca3 on ca2.RELATED_ATTRIBUTE_ID = ca3.attribute_Id
				 where ca1.USE_RELATION_SECURITY = 1
			 "            ;

            using (var cmd = SqlCommandFactory.Create(sqlText, sqlConnection))
            {
                cmd.CommandType = CommandType.Text;
                var dt = new DataTable();
                new SqlDataAdapter(cmd).Fill(dt);
                return(dt.AsEnumerable().ToArray());
            }
        }
Exemple #4
0
        public static RelationSecurityInfo GetRelationSecurityInfo(SqlConnection dbConnection, int contentId, int[] ids)
        {
            var result   = new RelationSecurityInfo();
            var pathRows = GetRelationSecurityFields(dbConnection);

            var securityPathes = new List <List <RelationSecurityPathItem> >();
            var finder         = new RelationSecurityPathFinder(pathRows.ToList(), contentId);

            finder.Compute();
            securityPathes.Add(finder.CurrentPath);
            foreach (var extra in finder.ExtraFinders)
            {
                extra.Compute();
                securityPathes.Add(extra.CurrentPath);
            }

            foreach (var securityPath in securityPathes)
            {
                if (securityPath.Count <= 0)
                {
                    var isEndNode = finder.PathRows.Any(n => (int)(n.Field <decimal?>("rel_content_id") ?? 0) == contentId);
                    if (!isEndNode)
                    {
                        result.MakeEmpty();
                    }
                    else
                    {
                        result.AddContentInItemMapping(contentId, ids.ToDictionary(n => n, m => Enumerable.Repeat(m, 1).ToArray()));
                    }

                    return(result);
                }

                var lastItem = securityPath.Last();
                var lastItemWithSecondary = Enumerable.Repeat(lastItem, 1).Concat(lastItem.Secondary).ToList();
                var contentIds            = lastItemWithSecondary.Where(n => !n.IsClassifier).Select(n => n.RelContentId).ToArray();
                var attNames = lastItemWithSecondary.Where(n => n.IsClassifier).Select(n => n.AttributeName).ToArray();
                foreach (var item in contentIds)
                {
                    result.AddContentInItemMapping(item, new Dictionary <int, int[]>());
                }

                var sql = GetSecurityPathSql(securityPath, contentId);
                using (var cmd = SqlCommandFactory.Create(sql, dbConnection))
                {
                    cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
                    {
                        TypeName = "Ids",
                        Value    = Common.IdsToDataTable(ids)
                    });
                    using (var reader = cmd.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            ProcessSecurityPathSqlReader(reader, contentIds, attNames, result);
                        }
                    }
                }

                AppendNotFound(ids, contentIds, result);
            }

            return(result);
        }