/// <summary> /// Checks if current user has privilegies to access the given resource /// </summary> /// <param name="resource">Resource name</param> /// <param name="acl">ACL</param> /// <param name="assign">Assig roles and resources to ACL</param> public void checkACL(string resource, CMS_Acl acl, bool assign) { CMS_Login login = new CMS_Login(); if (assign) { using (ACLDataContext DataContext = new ACLDataContext()) { var roles = DataContext.roles .OrderBy(x=>x.parentid) .Select(x=>new{RoleName = x.name, RoleID = x.id,RoleParentId = x.parentid, RoleParentName = x.role1.name}).ToList(); ////var roles = from r in DataContext.roles //// join r2 in DataContext.roles on r.parentid equals r2.id into joined //// from a in joined.DefaultIfEmpty() //// orderby r.parentid //// select new { RoleName = r.name, RoleID = r.id, RoleParentId = r.parentid, RoleParentName = a.role1.name }; Dictionary<long?, CMS_Role> parentals = new Dictionary<long?, CMS_Role>(); foreach (var a in roles) { if (a.RoleParentId != null && parentals.ContainsKey(a.RoleParentId)) { CMS_Role r = new CMS_Role(a.RoleName, parentals[a.RoleParentId]); acl.addRole(r); parentals.Add(a.RoleID, r); } else { CMS_Role r = new CMS_Role(a.RoleName); acl.addRole(r); parentals.Add(a.RoleID, r); } } var resources = from res in DataContext.resources select new { ResourceName = res.name, Action = res.action, Controller = res.controller }; foreach (var a in resources) { acl.addResource(new CMS_Resource(a.Controller + ":" + a.Action)); } var rules = from r in DataContext.roles join cr in DataContext.role_resources on r.id equals cr.rolesid join res in DataContext.resources on cr.resourcesid equals res.id orderby r.id select new { Role = r.name, Controller = res.controller, Action = res.action }; if (rules.Count() > 0) { foreach (var a in rules) { acl.allow(a.Role, a.Controller + ":" + a.Action); } } } } user user; string role; if (login.hasIdentity()) { user = login.getIdentity(); role = this.roles().getById(user.rolesid).name; } else { user = null; role = "guest"; } if (!acl.isAllowed(role, resource)) { if (!login.hasIdentity()) { throw new Exception("You are not logged in! Log in and try again."); } else { //trigger error throw new Exception("You are not allowed to view this datasource!"); //TODO } } }
/// <summary> /// Constructor /// </summary> public CMS_App() { //set class members _articles = new CMS_App_Articles(this); _users = new CMS_App_Users(this); _roles = new CMS_App_Roles(this); _categories = new CMS_App_Categories(this); _resources = new CMS_App_Resources(this); _acl = new CMS_Acl(); _comments = new CMS_App_Comments(this); using (SettingsDataContext s = new SettingsDataContext()) { _listLength = int.Parse(s.settings.Where(x => x.name == "list_length").Single().value); _unregComm = bool.Parse(s.settings.Where(x => x.name == "unregistered_comments").Single().value); } }
/// <summary> /// Checks if current user has privilegies to access the given resource /// </summary> /// <param name="resource">Resource name</param> public void checkACL(string resource, CMS_Acl acl) { this.checkACL(resource, acl, true); }