private static Dictionary <int, bool> CheckSecurity(SqlConnection sqlConnection, int parentId, IEnumerable <int> testIds, int userId, int startLevel, string entityName, string parentEntityName, string columnName)
{
var granted = new Dictionary <int, bool>();
var securitySql = Common.GetPermittedItemsAsQuery(sqlConnection, userId, 0, startLevel, PermissionLevel.FullAccess,
entityName, parentEntityName, parentId);
var sql = string.Format(
@" select i.id, cast((case when pi.{1} is null then 0 else 1 end) as bit) as granted from @ids i
left join ({0}) as pi on pi.{1} = i.id "
, securitySql, columnName);
using (var cmd = SqlCommandFactory.Create(sql, sqlConnection))
{
cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
{
TypeName = "Ids",
Value = Common.IdsToDataTable(testIds)
});
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
granted[(int)(decimal)reader["id"]] = (bool)reader["granted"];
}
}
}
return(granted);
}
public static Dictionary <int, bool> CheckLockedBy(SqlConnection dbConnection, int[] ids, int currentUserId, bool forceUnlock)
{
const string sql = @"select locked_by, content_item_id from content_item ci with(nolock)
inner join @ids i on i.id = ci.content_item_id where locked_by is not null and locked_by <> @userId " ;
var result = ids.ToDictionary(kvp => kvp, kvp => true);
if (!forceUnlock)
{
using (var cmd = SqlCommandFactory.Create(sql, dbConnection))
{
cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
{
TypeName = "Ids",
Value = Common.IdsToDataTable(ids)
});
cmd.Parameters.AddWithValue("@userId", currentUserId);
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
var id = (int)(decimal)reader["content_item_id"];
result[id] = false;
}
}
}
}
return(result);
}
public static DataRow[] GetRelationSecurityFields(SqlConnection sqlConnection)
{
const string sqlText = @"
select coalesce(ca3.content_id, ca1.content_id) as path_content_id, coalesce(ca4.CONTENT_ID, cl.linked_content_id) as rel_content_id, ca1.content_id,
cast(case when ca1.link_id is not null then 1 else 0 end as bit) as is_m2m,
cast(case when ca2.attribute_id is not null then 1 else 0 end as bit) as is_ext,
ca1.is_classifier,
ca1.attribute_id, ca1.attribute_name, ca1.link_id, ca2.ATTRIBUTE_NAME as agg_attribute_name
from CONTENT_ATTRIBUTE ca1
left join content_link cl on ca1.content_id = cl.content_id and ca1.link_id = cl.link_id
left join CONTENT_ATTRIBUTE ca4 on ca1.RELATED_ATTRIBUTE_ID = ca4.ATTRIBUTE_ID
left join content_attribute ca2 on ca1.content_id = ca2.content_id and ca2.AGGREGATED = 1
left join content_attribute ca3 on ca2.RELATED_ATTRIBUTE_ID = ca3.attribute_Id
where ca1.USE_RELATION_SECURITY = 1
" ;
using (var cmd = SqlCommandFactory.Create(sqlText, sqlConnection))
{
cmd.CommandType = CommandType.Text;
var dt = new DataTable();
new SqlDataAdapter(cmd).Fill(dt);
return(dt.AsEnumerable().ToArray());
}
}
public static RelationSecurityInfo GetRelationSecurityInfo(SqlConnection dbConnection, int contentId, int[] ids)
{
var result = new RelationSecurityInfo();
var pathRows = GetRelationSecurityFields(dbConnection);
var securityPathes = new List <List <RelationSecurityPathItem> >();
var finder = new RelationSecurityPathFinder(pathRows.ToList(), contentId);
finder.Compute();
securityPathes.Add(finder.CurrentPath);
foreach (var extra in finder.ExtraFinders)
{
extra.Compute();
securityPathes.Add(extra.CurrentPath);
}
foreach (var securityPath in securityPathes)
{
if (securityPath.Count <= 0)
{
var isEndNode = finder.PathRows.Any(n => (int)(n.Field <decimal?>("rel_content_id") ?? 0) == contentId);
if (!isEndNode)
{
result.MakeEmpty();
}
else
{
result.AddContentInItemMapping(contentId, ids.ToDictionary(n => n, m => Enumerable.Repeat(m, 1).ToArray()));
}
return(result);
}
var lastItem = securityPath.Last();
var lastItemWithSecondary = Enumerable.Repeat(lastItem, 1).Concat(lastItem.Secondary).ToList();
var contentIds = lastItemWithSecondary.Where(n => !n.IsClassifier).Select(n => n.RelContentId).ToArray();
var attNames = lastItemWithSecondary.Where(n => n.IsClassifier).Select(n => n.AttributeName).ToArray();
foreach (var item in contentIds)
{
result.AddContentInItemMapping(item, new Dictionary <int, int[]>());
}
var sql = GetSecurityPathSql(securityPath, contentId);
using (var cmd = SqlCommandFactory.Create(sql, dbConnection))
{
cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured)
{
TypeName = "Ids",
Value = Common.IdsToDataTable(ids)
});
using (var reader = cmd.ExecuteReader())
{
while (reader.Read())
{
ProcessSecurityPathSqlReader(reader, contentIds, attNames, result);
}
}
}
AppendNotFound(ids, contentIds, result);
}
return(result);
}