public void Before(EntityOperation operation, EntityOperationContext context)
{
var update = operation as EntityUpdate;
if (update != null)
{
if (operation.IsEntity(EntityConsts.Issue))
{
if (update.IsCreate() && !update.ContainsProperty("Year"))
{
update.Set("Year", DateTime.Now.Year);
}
if (update.ContainsProperty("Sent"))//TODO: mymagazines issue send (sent flag used)
{
context.Set <bool>(CTXKEY_SEND_ISSUE, true);
}
}
else if (operation.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive") && update.Id.HasValue)
{
if (update.Get <bool>("IsActive") == false)
{
var q = new EntityQuery2(EntityConsts.Magazine, update.Id.Value);
q.AddProperty("IsActive");
var magazine = _repository.Read(q);
context.Set <bool>(CTXKEY_ISACTIVEOLD, magazine.GetData <bool>("IsActive"));
}
}
}
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (operation.IsEntity(Notification.ENTITY) &&
operation is EntityUpdate &&
context.Get <bool>(CTXKEY_CREATENOTIFICATION) &&
result.Success)
{
var update = operation as EntityUpdate;
var method = ReplyMethods.ByNotification;//default
if (update.ContainsProperty("Method"))
{
method = update.Get <ReplyMethods>("Method");
}
var recipientUpdate = update.GetRelationUpdate(User.ENTITY, Roles.Recipient);
var attachments = update.GetMultipleRelationUpdates(NbuLibrary.Core.Domain.File.ENTITY, Roles.Attachment);
if (attachments != null)
{
foreach (var att in attachments)
{
_fileService.GrantAccess(att.Id.Value, FileAccessType.Read, new User(recipientUpdate.Id.Value));
}
}
var recipientQuery = new EntityQuery2(User.ENTITY, recipientUpdate.Id.Value);
recipientQuery.AddProperty("Email");
var recipient = _repository.Read(recipientQuery);
var to = recipient.GetData <string>("Email");
var body = update.Get <string>("Body");
var subject = update.Get <string>("Subject");
}
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate())
{
update.Set("Date", DateTime.Now);
var sender = update.GetRelationUpdate(User.ENTITY, Roles.Sender);
if (sender == null)
{
update.Attach(User.ENTITY, Roles.Sender, _securityService.CurrentUser.Id);
}
else
{
sender.Id = _securityService.CurrentUser.Id;
}
context.Set <bool>(CTXKEY_CREATENOTIFICATION, true);
}
if (update.ContainsProperty("Body"))
{
var text = System.Web.HttpUtility.HtmlEncode(update.Get <string>("Body"));
var newText = HtmlProcessor.ProcessEncodedHtml(text);
update.Set("Body", newText);
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate())
{
return(InspectionResult.Allow);
}
else if (update.PropertyUpdates.Count == 1 && (update.ContainsProperty("Received") || update.ContainsProperty("Archived")))
{
EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
q.Include(User.ENTITY, Roles.Recipient);
var recipient = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Recipient);
if (recipient != null && recipient.Entity.Id == _securityService.CurrentUser.Id)
{
return(InspectionResult.Allow);
}
}
else if (update.PropertyUpdates.Count == 1 && update.ContainsProperty("ArchivedSent"))
{
EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
q.Include(User.ENTITY, Roles.Sender);
var sender = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Sender);
if (sender != null && sender.Entity.Id == _securityService.CurrentUser.Id)
{
return(InspectionResult.Allow);
}
}
}
return(InspectionResult.None);
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate() && _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.Upload))
{
return(InspectionResult.Allow);
}
else if ((_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageOwn) || _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll)) &&
_fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Owner))
{
return(InspectionResult.Allow);
}
else if (_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll) &&
_fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Full))
{
return(InspectionResult.Allow);
}
}
else if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityDelete)
{
//TODO: file delete permission
if (_fileService.HasAccess(_securityService.CurrentUser, operation.Id.Value, FileAccessType.Owner))
{
return(InspectionResult.Allow);
}
}
else if (operation.IsEntity(User.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsProperty("DiskUsageLimit") && _securityService.CurrentUser.UserType != UserTypes.Admin)
{
return(InspectionResult.Deny);
}
}
return(InspectionResult.None);
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(EntityConsts.Magazine) || operation.IsEntity(EntityConsts.Issue))
{
if (_securityService.CurrentUser.UserType == UserTypes.Librarian &&
_securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use) &&
operation is EntityUpdate)
{
return(InspectionResult.Allow);
}
}
else if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
{
var update = operation as EntityUpdate;
if (update.IsCreate() &&
_securityService.CurrentUser.UserType == UserTypes.Librarian &&
_securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use))
{
return(InspectionResult.Allow);
}
}
return(InspectionResult.None);
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (!operation.IsEntity(Inquery.EntityType))
{
return;
}
if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (_securityService.CurrentUser.UserType == UserTypes.Customer && update.IsCreate())
{
update.Attach(User.ENTITY, RelationConsts.Customer, _securityService.CurrentUser.Id);
}
else if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
{
bool attach = false;
if (update.IsCreate())
{
attach = true;
}
else
{
var q = new EntityQuery2(User.ENTITY);
q.WhereRelated(new RelationQuery(Inquery.EntityType, RelationConsts.ProcessedBy, update.Id.Value));
var user = _repository.Read(q);
if (user == null)
{
attach = true;
}
else if (user.Id != _securityService.CurrentUser.Id)
{
update.Detach(User.ENTITY, RelationConsts.ProcessedBy, user.Id);
attach = true;
}
}
if (attach)
{
update.Attach(User.ENTITY, RelationConsts.ProcessedBy, _securityService.CurrentUser.Id);
}
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(User.ENTITY))
{
if (_securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserManagement))
{
return(InspectionResult.Allow);
}
if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsProperty("RecoveryCode"))
{
return(InspectionResult.Deny); //Only users with UserManagement permission can access this property
}
}
if (operation.Id.HasValue && _securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserActivation))
{
EntityQuery2 query = new EntityQuery2("User", operation.Id.Value);
query.AddProperty("isActive");
var e = _repository.Read(query);
if (e.GetData <bool>("IsActive") == false)
{
return(InspectionResult.Allow);
}
}
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.Id.HasValue &&
update.Id.Value == _securityService.CurrentUser.Id &&
!update.ContainsProperty("IsActive")) //TODO: allowing the user to edit his data and relations
{
return(InspectionResult.Allow);
}
}
}
return(InspectionResult.None);
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
{
var update = operation as EntityUpdate;
if (update.IsCreate() && !update.ContainsProperty("Password")) //generate random password
{
update.Set("Password", GenerateRandomPassword());
}
if (update.ContainsProperty("password"))
{
var newPassword = update.PropertyUpdates["password"] as string;
context.Set <string>(CTXKEY_PASSWORD_UPDATE, newPassword);
string hash = null;
using (SHA1 sha1 = SHA1.Create())
{
hash = Convert.ToBase64String(sha1.ComputeHash(Encoding.UTF8.GetBytes(newPassword)));
}
update.Set("password", hash);
update.Set("FailedLoginsCount", 0);
}
if (update.ContainsProperty("RecoveryCode"))
{
context.Set <bool>(CTXKEY_USER_PASSWORDRECOVERY, true);
}
if (update.IsCreate())
{
context.Set <bool>(CTXKEY_USER_CREATION, true);
}
else if (update.Id.Value == _securityService.CurrentUser.Id)
{
context.Set <int>(CTXKEY_UPDATE_PROFILE, _securityService.CurrentUser.Id);
}
}
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (!result.Success)
{
return;
}
if (!operation.IsEntity(User.ENTITY))
{
return;
}
var update = operation as EntityUpdate;
if (update == null)
{
return;
}
if (context.Get <bool>(CTXKEY_USER_PASSWORDRECOVERY))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
{
AllProperties = true
}));
var template = _templateService.Get(new Guid(NotificationTemplates.USER_PASSWORDRECOVERY));
string subject = null, body = null;
Dictionary <string, Entity> templateContext = new Dictionary <string, Entity>(StringComparer.InvariantCultureIgnoreCase);
templateContext.Add("User", user);
_templateService.Render(template, templateContext, out subject, out body);
//TODO: async execution
_notificationService.SendEmail(user.Email, subject, body, null);
}
if (context.Get <bool>(CTXKEY_USER_CREATION))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
{
AllProperties = true
}));
var pwd = context.Get <string>(CTXKEY_PASSWORD_UPDATE);
user.SetData <String>("Password", pwd);
var template = _templateService.Get(new Guid(NotificationTemplates.USER_CREATED));
string subject = null, body = null;
Dictionary <string, Entity> templateContext = new Dictionary <string, Entity>(StringComparer.InvariantCultureIgnoreCase);
templateContext.Add("User", user);
_templateService.Render(template, templateContext, out subject, out body);
//TODO: async execution
_notificationService.SendEmail(user.Email, subject, body, null);
if (update.ContainsProperty("IsActive") && update.Get <bool>("IsActive"))
{
SendUserActivationEmail(user);
}
}
else if (update.ContainsProperty("IsActive") && update.Get <bool>("IsActive"))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value)
{
AllProperties = true
}));
SendUserActivationEmail(user);
}
else if (context.Get <int>(CTXKEY_UPDATE_PROFILE) > 0)
{
if (update.ContainsRelation("UserGroup", "UserGroup") ||
update.ContainsProperty("FacultyNumber") ||
update.ContainsProperty("CardNumber"))
{
var user = new User(context.Get <int>(CTXKEY_UPDATE_PROFILE));
user.IsActive = false;
_repository.Update(user);
_securityService.Logout();
result.Data.Add("account_warning_logged_out", true);
}
if (update.ContainsProperty("Email"))
{
_securityService.UpdateCurrentUserEmail(update.Get <string>("Email"));
result.Data.Add("account_event_email_changed", update.Get <string>("Email"));
}
}
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (!result.Success)
{
return;
}
if (operation.IsEntity(EntityConsts.Issue) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (context.Get <bool>(CTXKEY_SEND_ISSUE))
{
SendIssueToSubscribers(operation as EntityUpdate);
}
if (update.ContainsRelation(File.ENTITY, Roles.Content))
{
var filesAttached = update.GetMultipleRelationUpdates(File.ENTITY, Roles.Content).Where(fu => fu.Operation == RelationOperation.Attach);
if (filesAttached.Count() > 0)
{
var issue = update.ToEntity();
var q = new EntityQuery2(EntityConsts.Magazine);
q.WhereRelated(new RelationQuery(EntityConsts.Issue, Roles.Issue, issue.Id));
q.Include(User.ENTITY, Roles.Subscriber);
var mag = _repository.Read(q);
var subscribers = mag.GetManyRelations(User.ENTITY, Roles.Subscriber).Select(r => new User(r.Entity));
foreach (var subscriber in subscribers)
{
foreach (var fileUpdate in filesAttached)
{
if (!_fileService.HasAccess(subscriber, fileUpdate.Id.Value))
{
_fileService.GrantAccess(fileUpdate.Id.Value, FileAccessType.Read, subscriber);
}
}
}
}
}
}
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsEntity(User.ENTITY) && update.ContainsRelation(EntityConsts.Magazine, Roles.Subscriber))
{
var rus = update.GetMultipleRelationUpdates(EntityConsts.Magazine, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);
foreach (var ru in rus)
{
var q = new EntityQuery2(EntityConsts.Issue);
q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, ru.Id.Value));
q.Include(File.ENTITY, Roles.Content);
var issues = _repository.Search(q);
foreach (var issue in issues)
{
//The user cannot give himself an access to file - only owner or administrator can.
using (_securityService.BeginSystemContext())
{
GiveFileAccessForIssue(issue, new User(update.ToEntity()));
}
}
}
}
else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsRelation(User.ENTITY, Roles.Subscriber))
{
var rus = update.GetMultipleRelationUpdates(User.ENTITY, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);
if (rus.Count() > 0)
{
var q = new EntityQuery2(EntityConsts.Issue);
q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, update.Id.Value));
q.Include(File.ENTITY, Roles.Content);
var issues = _repository.Search(q);
foreach (var ru in rus)
{
foreach (var issue in issues)
{
GiveFileAccessForIssue(issue, new User(ru.Id.Value));
}
}
}
}
else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive"))
{
var isActiveNew = update.Get <bool>("IsActive");
if (isActiveNew == false && context.Get <bool>(CTXKEY_ISACTIVEOLD))
{
SendMagazineNotActiveToSubscribers(update);
}
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity("Inquery"))
{
if (_securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use))
{
if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
{
return(InspectionResult.Allow);
}
else if (_securityService.CurrentUser.UserType == UserTypes.Customer)
{
if (operation is EntityUpdate && (operation as EntityUpdate).IsCreate())
{
return(InspectionResult.Allow);
}
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsRelation(User.ENTITY, RelationConsts.Customer))
{
return(InspectionResult.Deny);
}
var q = new EntityQuery2(Inquery.EntityType, update.Id.Value);
q.AddProperties("Status");
q.Include(User.ENTITY, RelationConsts.Customer);
var inquery = _repository.Read(q);
if (inquery.GetData <QueryStatus>("Status") != QueryStatus.New)
{
return(InspectionResult.Deny);
}
if (update.ContainsProperty("Status") &&
update.Get <QueryStatus>("Status") != QueryStatus.Canceled)
{
return(InspectionResult.Deny);
}
var customer = inquery.GetSingleRelation(User.ENTITY, RelationConsts.Customer);
if (customer != null && customer.Entity.Id == _securityService.CurrentUser.Id)
{
return(InspectionResult.Allow);
}
}
}
}
}
else if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate() &&
update.ContainsRelation(Inquery.EntityType, RelationConsts.Inquery) &&
_securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use) &&
_securityService.CurrentUser.UserType == UserTypes.Librarian)
{
return(InspectionResult.Allow);
}
}
return(InspectionResult.None);
}