private static void ValidateO2MRelationSecurity(List <KeyValuePair <int, FieldValue> > o2MValues)
{
var fieldsToCheck = o2MValues.Select(n => n.Value.Field).Distinct().Where(n => n.UseRelationSecurity);
foreach (var field in fieldsToCheck)
{
var ids = o2MValues.Where(n => Equals(n.Value.Field, field))
.Select(n => n.Value.Value)
.Distinct()
.Select(int.Parse)
.ToArray();
if (field.RelateToContentId != null)
{
var notAccessed = new HashSet <string>(ArticleRepository.CheckRelationSecurity(field.RelateToContentId.Value, ids, false)
.Where(n => !n.Value)
.Select(n => n.Key.ToString())
.ToArray());
if (notAccessed.Any())
{
var errorItem = o2MValues.First(n => notAccessed.Contains(n.Value.Value));
throw new ArgumentException(string.Format(ImportStrings.InaccessibleO2M, errorItem.Key, field.Name, errorItem.Value.Value));
}
}
}
}
public Dictionary <int, bool> CheckRelationSecurity(int contentId, int[] ids, bool isDeletable)
{
using (new QPConnectionScope(ConnectionString))
{
QPContext.CurrentUserId = TestedUserId;
var result = ArticleRepository.CheckRelationSecurity(contentId, ids, isDeletable);
QPContext.CurrentUserId = 0;
return(result);
}
}
public static CheckIdResult <Article> CreateForPublish(int contentId, int[] ids, bool disableSecurityCheck)
{
var result = new CheckIdResult <Article>();
var list = EntityObjectRepository.GetList(EntityTypeCode.Article, ids).Cast <Article>();
if (list == null)
{
result._NotFoundIds.AddRange(ids);
}
else
{
result._NotFoundIds.AddRange(ids.Except(list.Select(n => n.Id)));
var checkResult = ArticleRepository.CheckSecurity(contentId, ids, false, disableSecurityCheck);
var relationCheckResult = ArticleRepository.CheckRelationSecurity(contentId, ids, false);
foreach (var article in list)
{
if (article.StatusTypeId == article.ActualWorkflowBinding.MaxStatus.Id && !article.Splitted)
{
result._RedundantIds.Add(article.Id);
}
else if (article.LockedByAnyoneElse && !QPContext.CanUnlockItems)
{
result._LockedItems.Add(article);
}
else if (!checkResult[article.Id])
{
result._NotAccessedIds.Add(article.Id);
}
else if (!article.IsPublishableWithWorkflow)
{
result._BlockedByWorkflowIds.Add(article.Id);
}
else if (!relationCheckResult[article.Id])
{
result._BlockedByRelationSecurityIds.Add(article.Id);
}
else
{
result._ValidItems.Add(article);
}
}
}
return(result);
}
public static CheckIdResult <Article> CreateForRemove(int contentId, int[] ids, bool disableSecurityCheck)
{
var result = new CheckIdResult <Article>();
var list = EntityObjectRepository.GetList(EntityTypeCode.Article, ids).Cast <Article>();
if (list == null)
{
result._NotFoundIds.AddRange(ids);
}
else
{
result._NotFoundIds.AddRange(ids.Except(list.Select(n => n.Id)));
var checkResult = ArticleRepository.CheckSecurity(contentId, ids, true, disableSecurityCheck);
var relationCheckResult = ArticleRepository.CheckRelationSecurity(contentId, ids, true);
foreach (var article in list)
{
if (article.LockedByAnyoneElse)
{
result._LockedItems.Add(article);
}
else if (!checkResult[article.Id])
{
result._NotAccessedIds.Add(article.Id);
}
else if (!article.IsRemovableWithWorkflow)
{
result._BlockedByWorkflowIds.Add(article.Id);
}
else if (!relationCheckResult[article.Id])
{
result._BlockedByRelationSecurityIds.Add(article.Id);
}
else
{
result._ValidItems.Add(article);
}
}
}
return(result);
}
private static void UpdateM2MValues(List <KeyValuePair <int, FieldValue> > values)
{
var m2MFields = new Dictionary <string, Field>();
foreach (var fieldV in values)
{
if (!m2MFields.Keys.Contains(fieldV.Value.Field.Name))
{
m2MFields.Add(fieldV.Value.Field.Name, fieldV.Value.Field);
}
}
var doc = new XDocument();
var items = new XElement("items");
doc.Add(items);
foreach (var field in m2MFields.Values)
{
var m2MField = field;
var condition = m2MField.RelationCondition;
var linkId = m2MField.LinkId ?? 0;
if (m2MField.RelateToContentId != null)
{
var contentId = m2MField.RelateToContentId.Value;
var filteredValues = values.Where(f => f.Value.Field.Name == m2MField.Name).ToArray();
var relatedIds = filteredValues
.Where(n => n.Value.NewRelatedItems != null)
.SelectMany(n => n.Value.NewRelatedItems)
.Distinct()
.ToList();
var validatedIds = new HashSet <int>(ArticleRepository.CheckForArticleExistence(relatedIds, condition, contentId));
var grantedIds = field.UseRelationSecurity
? new HashSet <int>(ArticleRepository.CheckRelationSecurity(contentId, validatedIds.ToArray(), false).Where(n => n.Value).Select(m => m.Key))
: validatedIds;
foreach (var item in filteredValues)
{
var value = string.Empty;
if (item.Value.NewRelatedItems != null)
{
var notValidIds = item.Value.NewRelatedItems.Where(n => !validatedIds.Contains(n)).ToArray();
if (notValidIds.Any())
{
throw new ArgumentException(string.Format(ImportStrings.IncorrectM2M, item.Key, item.Value.Field.Name, string.Join(",", notValidIds)));
}
var notGrantedIds = item.Value.NewRelatedItems.Where(n => !grantedIds.Contains(n)).ToArray();
if (notGrantedIds.Any())
{
throw new ArgumentException(string.Format(ImportStrings.InaccessibleM2M, item.Key, item.Value.Field.Name, string.Join(",", notGrantedIds)));
}
value = string.Join(",", item.Value.NewRelatedItems);
}
var itemXml = new XElement("item");
itemXml.Add(new XAttribute("id", item.Key));
itemXml.Add(new XAttribute("linkId", linkId));
itemXml.Add(new XAttribute("value", value));
doc.Root?.Add(itemXml);
}
}
}
ArticleRepository.UpdateM2MValues(doc.ToString(SaveOptions.None));
}
