/// <summary> /// Handles the Delete event of the gGroups control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param> protected void gGroups_Delete( object sender, RowEventArgs e ) { RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( (int)e.RowKeyValue ); if ( group != null ) { string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdGridWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole; if ( isSecurityRoleGroup ) { foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); Rock.Security.Role.Flush( group.Id ); } } } ); BindGrid(); }
/// <summary> /// Handles the Click event of the btnDelete control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param> protected void btnDelete_Click( object sender, EventArgs e ) { int? parentGroupId = null; // NOTE: Very similar code in GroupList.gGroups_Delete RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( int.Parse( hfGroupId.Value ) ); if ( group != null ) { parentGroupId = group.ParentGroupId; string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdDeleteWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if ( isSecurityRoleGroup ) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } } ); // reload page, selecting the deleted group's parent var qryParams = new Dictionary<string, string>(); if ( parentGroupId != null ) { qryParams["groupId"] = parentGroupId.ToString(); } NavigateToPage( RockPage.Guid, qryParams ); }
/// <summary> /// Handles the Delete event of the gGroups control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param> protected void gGroups_Delete( object sender, RowEventArgs e ) { // NOTE: Very similar code in GroupDetail.btnDelete_Click RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( (int)e.RowKeyValue ); if ( group != null ) { string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdGridWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if (isSecurityRoleGroup) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } } ); BindGrid(); }
/// <summary> /// Copies the authorizations from one <see cref="ISecured"/> object to another /// </summary> /// <param name="sourceEntity">The source entity.</param> /// <param name="targetEntity">The target entity.</param> /// <param name="personId">The person id.</param> public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, int? personId ) { // If there's no Authorizations object, create it if ( Authorizations == null ) { Load(); } var sourceEntityTypeId = sourceEntity.TypeId; var targetEntityTypeId = targetEntity.TypeId; AuthService authService = new AuthService(); // Delete the current authorizations for the target entity foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ) ) { authService.Delete( auth, personId ); } Dictionary<string, List<AuthRule>> newActions = new Dictionary<string, List<AuthRule>>(); int order = 0; if ( Authorizations.ContainsKey( sourceEntityTypeId ) && Authorizations[sourceEntityTypeId].ContainsKey( sourceEntity.Id ) ) { foreach ( KeyValuePair<string, List<AuthRule>> action in Authorizations[sourceEntityTypeId][sourceEntity.Id] ) { if ( targetEntity.SupportedActions.Contains( action.Key ) ) { newActions.Add( action.Key, new List<AuthRule>() ); foreach ( AuthRule rule in action.Value ) { Auth auth = new Auth(); auth.EntityTypeId = targetEntityTypeId; auth.EntityId = targetEntity.Id; auth.Order = order; auth.Action = action.Key; auth.AllowOrDeny = rule.AllowOrDeny; auth.SpecialRole = rule.SpecialRole; auth.PersonId = rule.PersonId; auth.GroupId = rule.GroupId; authService.Add( auth, personId ); authService.Save( auth, personId ); newActions[action.Key].Add( new AuthRule( rule.Id, rule.EntityId, rule.AllowOrDeny, rule.SpecialRole, rule.PersonId, rule.GroupId, rule.Order ) ); order++; } } } } if ( !Authorizations.ContainsKey( targetEntityTypeId ) ) { Authorizations.Add( targetEntityTypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } Dictionary<int, Dictionary<string, List<AuthRule>>> entityType = Authorizations[targetEntityTypeId]; if ( !entityType.ContainsKey( targetEntity.Id ) ) { entityType.Add( targetEntity.Id, new Dictionary<string, List<AuthRule>>() ); } entityType[targetEntity.Id] = newActions; }
/// <summary> /// Updates authorization rules for the entity so that the current person is allowed to perform the specified action. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="personId">The person identifier.</param> public static void AllowPerson( ISecured entity, string action, Person person, int? personId ) { if ( person != null ) { // If there's no Authorizations object, create it if ( Authorizations == null ) { Load(); } var authService = new AuthService(); // If there are not entries in the Authorizations object for this entity type and entity instance, create // the dictionary entries if ( !Authorizations.Keys.Contains( entity.TypeId ) ) { Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) ) { Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() ); } List<AuthRule> rules = null; if ( Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) ) { rules = Authorizations[entity.TypeId][entity.Id][action]; } else { rules = new List<AuthRule>(); Authorizations[entity.TypeId][entity.Id].Add( action, rules ); } int order = 0; Rock.Data.RockTransactionScope.WrapTransaction( () => { Auth auth = new Auth(); auth.EntityTypeId = entity.TypeId; auth.EntityId = entity.Id; auth.Order = order++; auth.Action = action; auth.AllowOrDeny = "A"; auth.SpecialRole = SpecialRole.None; auth.PersonId = person.Id; authService.Add( auth, personId ); authService.Save( auth, personId ); foreach(var rule in rules) { var existingAuth = authService.Get( rule.Id ); existingAuth.Order = order++; authService.Save( existingAuth, personId ); } rules.Insert(0, new AuthRule( auth ) ); } ); } }
/// <summary> /// Makes the private. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="personId">The person id.</param> public static void MakePrivate( ISecured entity, string action, Person person, int? personId ) { if ( !IsPrivate( entity, action, person ) ) { if ( person != null ) { // If there's no Authorizations object, create it if ( Authorizations == null ) { Load(); } var authService = new AuthService(); // If there are not entries in the Authorizations object for this entity type and entity instance, create // the dictionary entries if ( !Authorizations.Keys.Contains( entity.TypeId ) ) { Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) ) { Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() ); } if ( !Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) ) { Authorizations[entity.TypeId][entity.Id].Add( action, new List<AuthRule>() ); } else { // If existing rules exist, delete them. foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] ) { var oldAuth = authService.Get( authRule.Id ); authService.Delete( oldAuth, personId ); } } var rules = new List<AuthRule>(); Auth auth = new Auth(); auth.EntityTypeId = entity.TypeId; auth.EntityId = entity.Id; auth.Order = 0; auth.Action = action; auth.AllowOrDeny = "A"; auth.SpecialRole = SpecialRole.None; auth.PersonId = person.Id; authService.Add( auth, personId ); authService.Save( auth, personId ); rules.Add( new AuthRule( auth ) ); auth = new Auth(); auth.EntityTypeId = entity.TypeId; auth.EntityId = entity.Id; auth.Order = 1; auth.Action = action; auth.AllowOrDeny = "D"; auth.SpecialRole = SpecialRole.AllUsers; authService.Add( auth, personId ); authService.Save( auth, personId ); rules.Add( new AuthRule( auth ) ); Authorizations[entity.TypeId][entity.Id][action] = rules; } } }