public void TestFixtureSetUp() { // Create test content using (new SecurityDisabler()) { m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
public virtual void Process(AddDbItemArgs args) { var item = args.DbItem; var rules = new AccessRuleCollection(); this.FillAccessRules(rules, item.Access, AccessRight.ItemRead, a => a.CanRead); this.FillAccessRules(rules, item.Access, AccessRight.ItemWrite, a => a.CanWrite); this.FillAccessRules(rules, item.Access, AccessRight.ItemRename, a => a.CanRename); this.FillAccessRules(rules, item.Access, AccessRight.ItemCreate, a => a.CanCreate); this.FillAccessRules(rules, item.Access, AccessRight.ItemDelete, a => a.CanDelete); this.FillAccessRules(rules, item.Access, AccessRight.ItemAdmin, a => a.CanAdmin); if (!rules.Any()) { return; } var serializer = new AccessRuleSerializer(); // TODO: Should not require to check if Security field is exists if (item.Fields.Any(f => f.ID == FieldIDs.Security)) { item.Fields[FieldIDs.Security].Value = serializer.Serialize(rules); } else { item.Fields.Add(new DbField("__Security", FieldIDs.Security) { Value = serializer.Serialize(rules) }); } }
public void TestFixtureSetUp() { // Create test content m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { try { m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); } catch { // this "catch" is used to debug issues with the Paste() method call above int y = 0; y++; } Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
public virtual void Process(AddDbItemArgs args) { var item = args.DbItem; var rules = new AccessRuleCollection(); this.FillAccessRules(rules, item.Access, AccessRight.ItemRead, a => a.CanRead); this.FillAccessRules(rules, item.Access, AccessRight.ItemWrite, a => a.CanWrite); this.FillAccessRules(rules, item.Access, AccessRight.ItemRename, a => a.CanRename); this.FillAccessRules(rules, item.Access, AccessRight.ItemCreate, a => a.CanCreate); this.FillAccessRules(rules, item.Access, AccessRight.ItemDelete, a => a.CanDelete); this.FillAccessRules(rules, item.Access, AccessRight.ItemAdmin, a => a.CanAdmin); if (!rules.Any()) { return; } var serializer = new AccessRuleSerializer(); item.Fields.Add(new DbField("__Security", FieldIDs.Security) { Value = serializer.Serialize(rules) }); }
private void ParseAccount([NotNull] Item item, [NotNull] Account account, [NotNull] AccessRuleCollection accessRules) { Assert.ArgumentNotNull(item, nameof(item)); Assert.ArgumentNotNull(account, nameof(account)); Assert.ArgumentNotNull(accessRules, nameof(accessRules)); var accessRights = AccessRightManager.GetAccessRights(); var first = true; foreach (var accessRight in accessRights) { if (!accessRight.AppliesTo(item)) { continue; } var entityPermission = accessRules.Helper.GetExplicitAccessPermission(account, accessRight, PropagationType.Entity); var descendantsPermission = accessRules.Helper.GetExplicitAccessPermission(account, accessRight, PropagationType.Descendants); if (entityPermission == AccessPermission.NotSet && descendantsPermission == AccessPermission.NotSet) { continue; } if (first) { RenderAccount(account); first = false; } RenderPermissions(accessRight.Title, entityPermission, descendantsPermission); } RenderInheritance(accessRules, account, first); }
private void DownloadRolesExport() { var allright = CurrentRights.GetAllRightsMaster(); var rols = Request.Form.Get("rol"); if (rols != null) { foreach (var rol in rols.Split(',')) { var account = Sitecore.Security.Accounts.Role.FromName(rol); if (account == null) { break; } dowload.Text += "role," + account.Name + ","; int count = 0; foreach (var subrol in RolesInRolesManager.GetRolesInRole(account, false)) { if (count != 0) { dowload.Text += "|"; } dowload.Text += subrol.Name; count++; } dowload.Text += "\n"; } foreach (var rol in rols.Split(',')) { var account = Sitecore.Security.Accounts.Role.FromName(rol); if (account == null) { break; } foreach (var itemWithRights in allright) { var accessRules = itemWithRights.Security.GetAccessRules(); if (accessRules != null) { foreach (var rule in accessRules) { if (rule.Account == account) { AccessRuleCollection ruleCollection = new AccessRuleCollection(); ruleCollection.Add(rule); dowload.Text += itemWithRights.Paths.FullPath + "," + ruleCollection.ToString() + "\n"; } } } } } } Response.Clear(); Response.ContentType = "application/CSV"; Response.AddHeader("Cache-Control", "must-revalidate"); Response.AddHeader("Pragma", "must-revalidate"); Response.AddHeader("Content-type", "application/x-download"); Response.AddHeader("Content-disposition", "attachment; filename=sitecore-roles-export.csv"); }
private string GetAccessPermission(AccessRuleCollection rules, Sitecore.Security.Accounts.Account account, AccessRight accessRight, AccessPermission accessPermission, string sExistingPermissions) { if ((rules.Helper.GetAccessPermission(account, accessRight, PropagationType.Descendants) == accessPermission) && (sExistingPermissions.IndexOf(accessRight.Name) == -1)) { sExistingPermissions += accessRight.Name + "|"; } return(sExistingPermissions); }
public virtual string BuildSecurityValue(ProductCatalog catalog) { AccessRuleCollection accessRulesForUsers = BuildAccessRuleCollectionForUsers(catalog); var serializer = new AccessRuleSerializer(); var value = serializer.Serialize(accessRulesForUsers); return(value); }
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); return(collection); }
private void ApplySecurity(Item item, Dictionary <string, SecurityEntry> entries) { if (item == null) { return; } var securityString = item.Fields[FieldIDs.Security].ContainsStandardValue ? null : item.Security.GetAccessRules().ToString(); var newSecurityString = securityString; if (entries.ContainsKey(item.ID.ToString())) { var entry = entries[item.ID.ToString()]; if (!_options.SkipPathIntegrityCheck && !entry.Path.Equals(item.Paths.FullPath, StringComparison.InvariantCultureIgnoreCase)) { LogError($"Skipping item that failed path integrity check '{item.ID}'. Item path '{item.Paths.FullPath}' does not match entry path '{entry.Path}'"); } else if (entry.Security != securityString) { newSecurityString = entry.Security; } } else if (!string.IsNullOrWhiteSpace(securityString)) { newSecurityString = null; } if (securityString != newSecurityString) { LogMessage($"Updating security for item '{item.Paths.FullPath}' ('{(securityString == null ? "null" : securityString)}' => '{(newSecurityString == null ? "null" : newSecurityString)}')", false); if (!_options.Preview) { using (new EditContext(item, Sitecore.SecurityModel.SecurityCheck.Disable)) { if (newSecurityString == null) { item.Fields[FieldIDs.Security].Reset(); } else { item.Security.SetAccessRules(AccessRuleCollection.FromString(newSecurityString)); } } IncrementProcessed(); } } foreach (Item child in item.GetChildren(Sitecore.Collections.ChildListOptions.IgnoreSecurity | Sitecore.Collections.ChildListOptions.SkipSorting)) { ApplySecurity(child, entries); } }
public FakeAuthorizationProviderTest() { this.provider = new FakeAuthorizationProvider(); this.localProvider = Substitute.For <AuthorizationProvider>(); this.helper = Substitute.For <ItemAuthorizationHelper>(); this.entity = Substitute.For <ISecurable>(); this.item = ItemHelper.CreateInstance(); this.rules = new AccessRuleCollection(); }
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func<DbItemAccess, bool?> canAct) { var canActRest = canAct(itemAccess); if (canActRest == null) { return; } var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess; rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission)); }
public FakeAuthorizationProviderTest() { this.provider = new FakeAuthorizationProvider(); this.localProvider = Substitute.For<AuthorizationProvider>(); this.helper = Substitute.For<ItemAuthorizationHelper>(); this.entity = Substitute.For<ISecurable>(); this.item = ItemHelper.CreateInstance(); this.rules = new AccessRuleCollection(); }
public static List <DefaultRight> GetDefaultRights(string database, string account, out string message) { IEnumerable <string[]> rights; if (database.ToLower() == "core") { rights = GetDefaultCoreRightsByVersion(out message); } else { rights = GetDefaultMasterRightsByVersion(out message); } //Here is a issue, we handle account without looking for user or rol... so if a user has same name as rol, it is mixing. var returnlist = new List <DefaultRight>(); foreach (var r in rights.OrderBy(x => x[0])) { var accessRules = AccessRuleCollection.FromString(r[1]); if (accessRules != null) { foreach (var rule in accessRules) { if (account == "all" || account == rule.Account.Name) { var tmp = new DefaultRight { Path = r[0], Account = rule.Account.Name, AccountType = rule.Account.AccountType, Right = rule.SecurityPermission.ToString(), PropagationType = rule.PropagationType.ToString(), Name = rule.AccessRight.Name, Message = "Default Sitecore", Hit = false }; if (tmp.AccountType != AccountType.Role) { if (tmp.AccountType == AccountType.User) { tmp.Message += " User role not recommend"; } else { tmp.Message += " User role Unknown"; } } returnlist.Add(tmp); } } } } return(returnlist); }
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct) { var canActRest = canAct(itemAccess); if (canActRest == null) { return; } var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess; rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission)); }
public FakeAuthorizationProviderTest() { this.localProvider = Substitute.For <AuthorizationProvider>(); this.helper = Substitute.For <ItemAuthorizationHelper>( Substitute.For <BaseAccessRightManager>(), Substitute.For <BaseRolesInRolesManager>(), Substitute.For <BaseItemManager>()); this.provider = new FakeAuthorizationProvider(helper); this.entity = Substitute.For <ISecurable>(); this.item = ItemHelper.CreateInstance(); this.rules = new AccessRuleCollection(); }
private void SetRight(string strDatabase, string strItem, string strAccount, List <AccessRight> rights) { //Get Access Rules, Set Access Rules try { Sitecore.Data.Database db = Sitecore.Configuration.Factory.GetDatabase(strDatabase); Item item = db.GetItem(strItem); AccountType accountType = AccountType.User; Account account = Account.FromName(strAccount, accountType); AccessPermission rightState = AccessPermission.Allow; if (Sitecore.Security.SecurityUtility.IsRole(strAccount)) { accountType = Sitecore.Security.Accounts.AccountType.Role; } AccessRuleCollection accessRules = item.Security.GetAccessRules(); foreach (AccessRight right in rights) { try { accessRules.Helper.RemoveExactMatches(account, right); } catch (Exception ex) { Log.Debug("accessRules.Helper.RemoveExactMatches " + ex.Message.ToString()); } try { accessRules.Helper.AddAccessPermission(account, right, PropagationType.Entity, rightState); accessRules.Helper.AddAccessPermission(account, right, PropagationType.Descendants, rightState); Log.Debug(account.Name.ToString() + " has access right of " + right.Name.ToString() + " for " + strItem); } catch (Exception ex) { Log.Debug("accessRules.Helper.AddAccessPermission " + ex.Message.ToString()); } } item.Security.SetAccessRules(accessRules); } catch (Exception ex) { Log.Debug(ex.Message.ToString()); } }
private static void RevokeItemAccessRights(User user, string[] items) { Database database = Factory.GetDatabase("master"); foreach (string itempath in items) { Item item = database.GetItem(itempath); if (item != null) { AccessRuleCollection accessRules = item.Security.GetAccessRules(); accessRules.Helper.AddAccessPermission(user, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny); } } }
protected virtual AccessRuleCollection BuildAccessRuleCollectionForUsers(ProductCatalog catalog) { var result = new AccessRuleCollection(); foreach (var user in _userService.GetAllUsers()) { var sitecoreAccount = SitecoreUsers[user.ExternalId]; bool hasAccess = _securityService.UserCanAccess <ProductCatalogRole, ProductCatalog>(catalog, user); var userCollection = BuildAccessRuleCollection(sitecoreAccount, hasAccess); result.AddRange(userCollection); } return(result); }
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); // Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories. collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess)); return(collection); }
public static void AddSecurityRules(this Item item, AccessRuleCollection addRules, bool checkSecurity = false) { Assert.IsNotNull(item, "item cannot be null"); var state = SecurityState.Enabled; if (!checkSecurity) { state = SecurityState.Disabled; } using (new SecurityStateSwitcher(state)) { var accessRules = item.Security.GetAccessRules(); accessRules.AddRange(addRules); item.Security.SetAccessRules(accessRules); } }
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules) { Assert.ArgumentNotNull(entity, "entity"); Assert.ArgumentNotNull(rules, "rules"); if (this.IsLocalProviderSet()) { this.LocalProvider.Value.SetAccessRules(entity, rules); } else { var item = entity as Item; if (item != null) { this.itemHelper.SetAccessRules(item, rules); } } }
public void ShouldRestrictItemSecurity() { // arrange using (var db = new Db { new DbItem("home") { new DbItem("about") } }) { var item = db.GetItem("/sitecore/content/home"); var rules = new AccessRuleCollection { AccessRule.Create(Context.User, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny) }; // act AuthorizationManager.SetAccessRules(item, rules); // assert Assert.NotNull(db.GetItem("/sitecore/content/home")); Assert.Null(db.GetItem("/sitecore/content/home/about")); } }
protected string accessRules2Email(AccessRuleCollection accessRules, string oldUserRolesSetting) { foreach (AccessRule accessRule in accessRules) { string name = accessRule.Account.Name; if (oldUserRolesSetting.Contains(name) || !accessRule.Account.Domain.Name.ToLower().Contains("TheDomainOfUsersYouWannaSent")) { continue; } string comment = accessRule.AccessRight.Comment; var permiss = accessRule.SecurityPermission; oldUserRolesSetting += name + "|"; Sitecore.Diagnostics.Log.Info("Name: " + name + "\\ Comment: " + comment, this); } return(oldUserRolesSetting); }
private void RenderInheritance([NotNull] AccessRuleCollection accessRules, [NotNull] Account account, bool first) { Assert.ArgumentNotNull(accessRules, nameof(accessRules)); Assert.ArgumentNotNull(account, nameof(account)); var entityPermission = accessRules.Helper.GetInheritanceRestriction(account, AccessRight.Any, PropagationType.Entity); var descendantsPermission = accessRules.Helper.GetInheritanceRestriction(account, AccessRight.Any, PropagationType.Descendants); if (entityPermission == InheritancePermission.NotSet && descendantsPermission == InheritancePermission.NotSet) { return; } if (first) { RenderAccount(account); } RenderPermissions("Inheritance", GetAccessPermission(entityPermission), GetAccessPermission(descendantsPermission)); }
private static void Step2(HttpRequest request, Literal rolesexport) { rolesexport.Text += "Export preview<br><br>"; var allright = CurrentRights.GetAllRightsMaster(); var rols = request.Form.Get("rol"); if (rols != null) { foreach (var rol in rols.Split(',')) { rolesexport.Text += "<strong>" + rol + "</strong> :<br> "; var account = Sitecore.Security.Accounts.Role.FromName(rol); if (account == null) { break; } foreach (var itemWithRights in allright) { var accessRules = itemWithRights.Security.GetAccessRules(); if (accessRules != null) { foreach (var rule in accessRules) { if (rule.Account == account) { AccessRuleCollection ruleCollection = new AccessRuleCollection(); ruleCollection.Add(rule); rolesexport.Text += itemWithRights.Paths.FullPath + " " + RightsHelper.RightToHtml(rule) + " " + rule.AccessRight.Name + " " + rule.SecurityPermission.ToString() + "<br>"; } } } } rolesexport.Text += "<br>\n"; } rolesexport.Text += "<form method=\"post\" action=\"/sitecore modules/Shell/Security-Rights-Reporting/Download.aspx?rolesexport=1\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"rol\" name=\"rol\" value=\"" + "" + HttpUtility.HtmlAttributeEncode(rols) + "\"><input type=\"submit\" value=\"Download\" name=\"submit\" ></form>"; } }
public void ShouldApplySecurityCheck() { // Arrange using (var tree = new TTree()) { User user = AuthenticationManager.BuildVirtualUser("User", true); user.RuntimeSettings.IsAdministrator = false; var rules = new AccessRuleCollection { AccessRule.Create(user, AccessRight.ItemRead, PropagationType.Any, AccessPermission.Deny) }; const string Path = "/sitecore/content/home"; var item = tree.Database.GetItem(Path); item.Security.SetAccessRules(rules); // Act & Assert using (var switcher = new UserSwitcher(user)) { tree.Database.GetItem(Path).Should().BeNull(); } } }
public static void AddSecurityRules(this Item item, AccessRuleCollection addRules, bool checkSecurity = false) { Assert.IsNotNull(item, "item cannot be null"); var state = SecurityState.Enabled; if (!checkSecurity) state = SecurityState.Disabled; using (new SecurityStateSwitcher(state)) { var accessRules = item.Security.GetAccessRules(); accessRules.AddRange(addRules); item.Security.SetAccessRules(accessRules); } }
public void TestFixtureSetUp() { // Create test content var db = Sitecore.Configuration.Factory.GetDatabase("master"); var home = db.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite); // Retrieve created content items m_testRoot = home.Axes.GetChild("test content"); m_blog1 = m_testRoot.Axes.GetChild("blog1"); m_blog2 = m_testRoot.Axes.GetChild("blog2"); m_blog3 = m_testRoot.Axes.GetChild("blog3"); // Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created. // Remove the following section once the bug has been fixed // START: Workaround var template = m_blog1.Database.Templates[Settings.EntryTemplateID]; var entry11Check = m_blog1.Axes.GetDescendant("Entry11"); if (entry11Check == null) m_blog1.Add("Entry11", template); var entry12Check = m_blog1.Axes.GetDescendant("Entry12"); if (entry12Check == null) { System.Threading.Thread.Sleep(2000); m_blog1.Add("Entry12", template); } // END: Workaround // Create test users m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD); m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD); // Add users to roles m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring")); var rules = new AccessRuleCollection(); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow)); m_blog1.Security.SetAccessRules(rules); m_blog2.Security.SetAccessRules(rules); ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web")); var entry11 = m_blog1.Axes.GetDescendant("Entry11"); ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web")); var entry12 = m_blog1.Axes.GetDescendant("Entry12"); ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web")); // Rebuild the search index to ensure all manager calls work as expected var index = SearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); } m_api = new Mod.MetaBlogApi(); }
/// <summary> /// Not implemented /// </summary> /// <param name="entity"></param> /// <param name="rules"></param> public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules) { throw new NotImplementedException("GenSqlServerAuthorizationProvider.SetAccessRules"); }
/// <summary> /// The set access rules. /// </summary> /// <param name="entity"> /// The entity. /// </param> /// <param name="rules"> /// The rules. /// </param> public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules) { this.accessRules[entity.GetUniqueId()] = rules; }
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules) { }
public void TestFixtureSetUp() { // Create test content var db = Sitecore.Configuration.Factory.GetDatabase("master"); var home = db.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite); // Retrieve created content items m_testRoot = home.Axes.GetChild("test content"); m_blog1 = m_testRoot.Axes.GetChild("blog1"); m_blog2 = m_testRoot.Axes.GetChild("blog2"); m_blog3 = m_testRoot.Axes.GetChild("blog3"); // Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created. // Remove the following section once the bug has been fixed // START: Workaround var template = m_blog1.Database.Templates[Settings.EntryTemplateID]; var entry11Check = m_blog1.Axes.GetDescendant("Entry11"); if (entry11Check == null) { m_blog1.Add("Entry11", template); } var entry12Check = m_blog1.Axes.GetDescendant("Entry12"); if (entry12Check == null) { System.Threading.Thread.Sleep(2000); m_blog1.Add("Entry12", template); } // END: Workaround // Create test users m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD); m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD); // Add users to roles m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring")); var rules = new AccessRuleCollection(); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow)); m_blog1.Security.SetAccessRules(rules); m_blog2.Security.SetAccessRules(rules); ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web")); var entry11 = m_blog1.Axes.GetDescendant("Entry11"); ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web")); var entry12 = m_blog1.Axes.GetDescendant("Entry12"); ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web")); // Rebuild the search index to ensure all manager calls work as expected var index = SearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); } m_api = new Mod.MetaBlogApi(); }
public void Process(WorkflowPipelineArgs args) { Item contentItem = args.DataItem; var contentWorkflow = contentItem.Database.WorkflowProvider.GetWorkflow(contentItem); var contentHistory = contentWorkflow.GetHistory(contentItem); string oldName, emailTemplateName, emailTemplateBody, workflowComment, userRolesSetting, previewUrl; CheckboxField dontSend2AuthorField; oldName = userRolesSetting = workflowComment = String.Empty; List <User> emailUserList = new List <User>(); try { using (new SecurityDisabler()) { Item processorItem = args.ProcessorItem.InnerItem; // Current workflow state Item nextStateItem = HelperClass.GetNextState(args); // Next workflow state User submittingUser = null; bool hasPresentation = false; Sitecore.Diagnostics.Log.Info("============Work Flow Notification Start==================", this); emailTemplateName = processorItem.Fields["Email template"].Value; dontSend2AuthorField = processorItem.Fields["Dont Send to author"]; workflowComment = (!String.IsNullOrEmpty(args.Comments)) ? args.Comments : "---"; hasPresentation = HelperClass.DoesItemHasPresentationDetails(contentItem.ID.Guid.ToString()); // Generate preview link if (hasPresentation) { previewUrl = string.Format("{0}://{1}/?sc_itemid=%7b{2}%7d&sc_lang={3}&sc_mode=preview", HttpContext.Current.Request.Url.Scheme, HttpContext.Current.Request.Url.Host, contentItem.ID.Guid.ToString().ToUpper(), contentItem.Language.Name); } else { previewUrl = string.Format("{0}://{1}/sitecore/shell/Applications/Content Editor.aspx?la={3}&fo={2}", HttpContext.Current.Request.Url.Scheme, HttpContext.Current.Request.Url.Host, contentItem.ID.Guid.ToString().ToUpper(), contentItem.Language.Name); } Item emailTemplateItem = HelperClass.GetItemByFieldName("Title", "/WhereEverYourEmailTemplateIs/Email Template/Workflow/" + emailTemplateName); if (emailTemplateItem != null) { emailTemplateBody = WebUtility.HtmlDecode(emailTemplateItem.Fields["Text"].Value); // Get all workflow action under next workflow state IEnumerable <Item> items = nextStateItem.Children; foreach (Item singleItem in items) { // Get all rule by access rule, find it's user rules. Finally concat all user roles. AccessRuleCollection accessRules = singleItem.Security.GetAccessRules(); if (accessRules != null) { userRolesSetting = accessRules2Email(accessRules, userRolesSetting); } } // Get all email addresses by user roles if (userRolesSetting.Length > 0) { emailUserList = HelperClass.GetRecipientsToMail(userRolesSetting.Substring(0, userRolesSetting.Length - 1)); } // Get authoer's email address of current content if (contentHistory.Length > 0) { var firstUser = contentHistory.First().User; submittingUser = User.FromName(firstUser, false); if (!String.IsNullOrEmpty(submittingUser.Profile.Email)) { emailUserList.Add(submittingUser); Sitecore.Diagnostics.Log.Info("Added Author mail: " + submittingUser.Profile.Email, this); } else { Sitecore.Diagnostics.Log.Info("Author has no mail! ", this); } } // Preparing to send out emails based on a email teamplate from eamil user list. if (emailUserList.Count > 0) { foreach (User singleEmailUser in emailUserList) { try { string tmpReceiverName = (!String.IsNullOrEmpty(singleEmailUser.Profile.FullName)) ? singleEmailUser.Profile.FullName : singleEmailUser.Profile.UserName; MailMessage tempEmailMessage = new MailMessage { IsBodyHtml = true, From = new MailAddress(ConfigurationManager.AppSettings["EmailReminder.FromAddress"]), Subject = "Workflow Notification: " + contentItem.Name, Body = HelperClass.replacePlaceHodler( emailTemplateBody, new Dictionary <string, string> { { "[ItemName]", contentItem.Name }, { "[ItemURL]", "<a href='" + previewUrl + "' target='_blank'>Preview Item Page</a>" }, { "[WorkflowName]", processorItem.Parent.DisplayName + " Item" }, { "[NextWorkflowName]", nextStateItem.DisplayName }, { "[SubmitComment]", workflowComment }, { "[Receiver]", tmpReceiverName }, { "[CurrentActionUser]", Context.User.Name } } ) }; tempEmailMessage.To.Add(singleEmailUser.Profile.Email); if (tempEmailMessage.To.Count > 0) { Sitecore.MainUtil.SendMail(tempEmailMessage); Sitecore.Diagnostics.Log.Info("Sending Mail to: " + tempEmailMessage.To, this); } } catch (Exception ex) { Sitecore.Diagnostics.Log.Error("Sending Mail Error:" + ex.StackTrace, this); } } } } Sitecore.Diagnostics.Log.Info("============Work Flow notification End==================", this); } } catch (Exception ex) { Sitecore.Diagnostics.Log.Error("NotifyNextStepUser:" + ex, this); } }
private string GetAccessPermission(AccessRuleCollection rules, Sitecore.Security.Accounts.Account account, AccessRight accessRight, AccessPermission accessPermission, string sExistingPermissions) { if ((rules.Helper.GetAccessPermission(account, accessRight, PropagationType.Descendants) == accessPermission) && (sExistingPermissions.IndexOf(accessRight.Name) == -1)) { sExistingPermissions += accessRight.Name + "|"; } return sExistingPermissions; }
public override void SetAccessRules(ISecurable entity, AccessRuleCollection rules) { throw new System.NotImplementedException(); }
public void TestFixtureSetUp() { // Create test content using (new SecurityDisabler()) { m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite); // Retrieve created content items m_testRoot = m_testContentRoot.Axes.GetChild("test content"); m_blog1 = m_testRoot.Axes.GetChild("blog1"); m_blog2 = m_testRoot.Axes.GetChild("blog2"); m_blog3 = m_testRoot.Axes.GetChild("blog3"); // Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created. // Remove the following section once the bug has been fixed // START: Workaround var template = m_blog1.Database.Templates[Settings.EntryTemplateID]; var entry11Check = m_blog1.Axes.GetDescendant("Entry11"); if (entry11Check == null) { var entry = m_blog1.Add("Entry11", template); using (new EditContext(entry)) { entry["Entry Date"] = "20120105T233207"; } } var entry12Check = m_blog1.Axes.GetDescendant("Entry12"); if (entry12Check == null) { System.Threading.Thread.Sleep(2000); var entry = m_blog1.Add("Entry12", template); using (new EditContext(entry)) { entry["Entry Date"] = "20120106T233145"; } } // END: Workaround // Create test users // Use random usernames to ensure we're not trying to create users that might already exist m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD); m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD); // Add users to roles m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring")); var rules = new AccessRuleCollection(); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Any, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemCreate, PropagationType.Any, AccessPermission.Allow)); m_blog1.Security.SetAccessRules(rules); m_blog2.Security.SetAccessRules(rules); ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web")); var entry11 = m_blog1.Axes.GetDescendant("Entry11"); ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web")); var entry12 = m_blog1.Axes.GetDescendant("Entry12"); ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web")); // Rebuild the search index to ensure all manager calls work as expected #if FEATURE_CONTENT_SEARCH var index = ContentSearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); #else var index = SearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); #endif } m_api = new Mod.MetaBlogApi(); }
private static void Import2(HttpRequest request, Literal rolesexport) { if (!CheckOnManagingRights()) { rolesexport.Text += "You need Sitecore Client Securing right for Importing Riols and Users, the follow rol should work: Developer, Admin, Client Account Managing or Client Securing right"; return; } var file = request.Files.Get("fileToUpload"); if (file == null || file.ContentLength == 0) { rolesexport.Text += "Select an import csv file.<br/>"; Import1(rolesexport); return; } rolesexport.Text += "Import size=" + file.ContentLength + " characters<br/>"; var db = Sitecore.Configuration.Factory.GetDatabase("master"); var updatecount = 0; var newcount = 0; List <string> rolsPostponedProcess = new List <string>(); using (StreamReader reader = new StreamReader(file.InputStream)) { string line; int count = 0; while ((line = reader.ReadLine()) != null) { count++; var splitted = line.Split(','); if (splitted.Length == 3 && splitted[0] == "role") { if (!Sitecore.Security.Accounts.Role.Exists(splitted[1])) { try { Roles.CreateRole(splitted[1]); rolesexport.Text += "<br>rol created" + HttpUtility.HtmlEncode(splitted[1]); if (!string.IsNullOrEmpty(splitted[0])) { rolsPostponedProcess.Add(line); } } catch { rolesexport.Text += "<br>Error cannot create rol " + HttpUtility.HtmlEncode(splitted[1]); } } } else if (splitted.Length == 2) { if (rolsPostponedProcess.Any()) { CreateRolInRols(rolsPostponedProcess); rolsPostponedProcess = new List <string>(); } Item item = db.GetItem(splitted[0]); if (item == null) { rolesexport.Text += "<br>Error unknow item path or no read rights" + HttpUtility.HtmlEncode(splitted[0]); } else { var accessRules = item.Security.GetAccessRules(); var rules = AccessRuleCollection.FromString(splitted[1]); if (rules != null) { if (item.Access.CanWrite()) { foreach (var rule in rules) { if (accessRules.Contains(rule)) { accessRules.Remove(rule); updatecount++; } else { newcount++; } accessRules.Add(rule); } item.Editing.BeginEdit(); item.Security.SetAccessRules(accessRules); item.Editing.EndEdit(); rolesexport.Text += "<br>" + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value); } else { rolesexport.Text += "<br><span style=\"color:#880000;\">Skipped: No write Access for " + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value) + "<span>"; } } } } else { rolesexport.Text += "<br>Error unknow line " + count + " : " + line; } } } rolesexport.Text += "<p>Rights are imported, new rights " + newcount + " updated rights " + updatecount + "<br>Remember nothing is deleted, only the items that are in the import file are affected </p>"; }