private void AddRole(string roleName, AccessLevel accessLevel, IContentSecurityRepository securityRepository)
{
if (!UIRoleProvider.RoleExists(roleName))
{
UIRoleProvider.CreateRole(roleName);
var permissions = (IContentSecurityDescriptor)securityRepository.Get(ContentReference.RootPage).CreateWritableClone();
permissions.AddEntry(new AccessControlEntry(roleName, accessLevel));
securityRepository.Save(ContentReference.RootPage, permissions, SecuritySaveType.Replace);
securityRepository.Save(ContentReference.WasteBasket, permissions, SecuritySaveType.Replace);
}
}
private void SetSecurity(ContentReference reference, string role, AccessLevel level)
{
IContentSecurityDescriptor permissions = securityRepository.Get(reference).CreateWritableClone() as IContentSecurityDescriptor;
permissions.AddEntry(new AccessControlEntry(role, level));
securityRepository.Save(reference, permissions, SecuritySaveType.Replace);
}
private void SetFullAccessToWebAdmin()
{
var permissions = _contentSecurityRepository.Get(ContentReference.RootPage).CreateWritableClone() as IContentSecurityDescriptor;
permissions.AddEntry(new AccessControlEntry(AdminRoleName, AccessLevel.FullAccess));
_contentSecurityRepository.Save(ContentReference.RootPage, permissions, SecuritySaveType.Replace);
}
public ContentApprovalsManagerPageController(
IApprovalDefinitionRepository repoDefinitions,
IContentRepository repoContent,
IApprovalRepository repoApprovals,
IApprovalEngine engine,
UIRoleProvider roles,
UIUserProvider users,
IContentSecurityRepository repoSecurity)
{
this.repoDefinitions = repoDefinitions;
this.repoContent = repoContent;
this.repoApprovals = repoApprovals;
this.engine = engine;
// if the editors role does not exist, create it and assign access rights
if (!roles.RoleExists(editors))
{
roles.CreateRole(editors);
var permissions = repoSecurity.Get(ContentReference.RootPage).CreateWritableClone() as IContentSecurityDescriptor;
permissions.AddEntry(new AccessControlEntry(editors,
AccessLevel.Create | AccessLevel.Edit | AccessLevel.Delete | AccessLevel.Read | AccessLevel.Publish));
repoSecurity.Save(ContentReference.RootPage, permissions, SecuritySaveType.Replace);
}
// create three users and add them to roles
UIUserCreateStatus status;
IEnumerable <string> errors = Enumerable.Empty <string>();
if (users.GetUser(userName1) == null)
{
users.CreateUser(
userName1, password,
email: userName1.ToLower() + emailBase,
passwordQuestion: null, passwordAnswer: null,
isApproved: true, status: out status, errors: out errors);
roles.AddUserToRoles(userName1, new string[] { admins });
}
if (users.GetUser(userName2) == null)
{
users.CreateUser(
userName2, password, userName2.ToLower() + emailBase,
null, null, true, out status, out errors);
roles.AddUserToRoles(userName2, new string[] { editors });
}
if (users.GetUser(userName3) == null)
{
users.CreateUser(
userName3, password, userName3.ToLower() + emailBase,
null, null, true, out status, out errors);
roles.AddUserToRoles(userName3, new string[] { editors });
}
}
private void SetSecurity(ContentReference reference, string role, AccessLevel level, bool overrideInherited = false)
{
IContentSecurityDescriptor permissions = securityRepository.Get(reference).CreateWritableClone() as IContentSecurityDescriptor;
if (overrideInherited)
{
if (permissions.IsInherited)
{
permissions.ToLocal();
}
}
permissions.AddEntry(new AccessControlEntry(role, level));
securityRepository.Save(reference, permissions, SecuritySaveType.Replace);
}
public override string Execute()
{
if (_contentLoader.TryGet(_referenceConverter.GetRootLink(), out IContent content))
{
var securableContent = (IContentSecurable)content;
var defaultAccessControlList = (IContentSecurityDescriptor)securableContent.GetContentSecurityDescriptor().CreateWritableClone();
defaultAccessControlList.AddEntry(new AccessControlEntry(RoleNames.CommerceAdmins, AccessLevel.FullAccess, SecurityEntityType.Role));
defaultAccessControlList.AddEntry(new AccessControlEntry(EveryoneRole.RoleName, AccessLevel.Read, SecurityEntityType.Role));
_contentSecurityRepository.Save(content.ContentLink, defaultAccessControlList, SecuritySaveType.Replace);
return("fix");
}
return("nothing to fix");
}
private void SetAccessControlListForContent(ContentReference reference, string role, AccessLevel level)
{
IContentSecurityRepository contentSecurityRepository = ServiceLocator.Current.GetInstance <IContentSecurityRepository>();
IContentSecurityDescriptor permissions = contentSecurityRepository.Get(reference).CreateWritableClone() as IContentSecurityDescriptor;
//Not IContentSecurityDescriptor
if (permissions == null)
{
return;
}
permissions.AddEntry(new AccessControlEntry(role, level));
contentSecurityRepository.Save(reference, permissions, SecuritySaveType.Replace);
}
private ContentReference CreateRootFolder(string rootName, Guid rootGuid)
{
_contentRootService.Register <ContentFolder>(rootName, rootGuid, ContentReference.RootPage);
var fieldRoot = _contentRootService.Get(rootName);
var securityDescriptor = _contentSecurityRepository.Get(fieldRoot).CreateWritableClone() as IContentSecurityDescriptor;
if (securityDescriptor != null)
{
securityDescriptor.IsInherited = false;
var everyoneEntry = securityDescriptor.Entries.FirstOrDefault(e => e.Name.Equals("everyone", StringComparison.InvariantCultureIgnoreCase));
if (everyoneEntry != null)
{
securityDescriptor.RemoveEntry(everyoneEntry);
_contentSecurityRepository.Save(fieldRoot, securityDescriptor, SecuritySaveType.Replace);
}
}
return(fieldRoot);
}
