/// <summary>
/// Initializes the object and performs all the initial security checks
/// </summary>
public AdamSecureState(IBlockBuilder blockBuilder, int appId, string contentType, string field, Guid guid, bool usePortalRoot, ILog log)
: base(blockBuilder, appId, contentType, log)
{
// only do checks on field/guid if it's actually accessing that, if it's on the portal root, don't.
if (!usePortalRoot)
{
Field = field;
Guid = guid;
}
var firstChecker = PermissionCheckers.First().Value;
var userMayAdminSomeFiles = firstChecker.UserMay(GrantSets.WritePublished);
UserMayAdminSiteFiles = firstChecker.GrantedBecause == Conditions.EnvironmentGlobal ||
firstChecker.GrantedBecause == Conditions.EnvironmentInstance;
UserIsRestricted = !(usePortalRoot
? UserMayAdminSiteFiles
: userMayAdminSomeFiles);
Log.Add($"AdamSecureState - field:{field}, guid:{guid}, adminSome:{userMayAdminSomeFiles}, restricted:{UserIsRestricted}");
SecurityChecks.ThrowIfAccessingRootButNotAllowed(usePortalRoot, UserIsRestricted);
Log.Add("check if feature enabled");
if (UserIsRestricted && !Feats.Enabled(FeaturesForRestrictedUsers))
{
throw Http.PermissionDenied(
$"low-permission users may not access this - {Feats.MsgMissingSome(FeaturesForRestrictedUsers)}");
}
PrepCore(App, guid, field, usePortalRoot);
if (string.IsNullOrEmpty(contentType) || string.IsNullOrEmpty(field))
{
return;
}
Attribute = Definition(appId, contentType, field);
if (!FileTypeIsOkForThisField(out var exp))
{
throw exp;
}
}
/// <summary>
/// Initializes the object and performs all the initial security checks
/// </summary>
protected AdamState(IBlock block, int appId, string contentType, string field, Guid guid, bool usePortalRoot, ILog log)
: base("Adm.State", log)
{
var callLog = Log.Call($"field:{field}, guid:{guid}");
App = Factory.Resolve <Apps.App>().Init(appId, log, block);
Permissions = new MultiPermissionsTypes()
.Init(block.Context, App, contentType, Log);
Block = block;
// only do checks on field/guid if it's actually accessing that, if it's on the portal root, don't.
UseTenantRoot = usePortalRoot;
if (!usePortalRoot)
{
ItemField = field;
ItemGuid = guid;
}
Security = Factory.Resolve <SecurityChecksBase>().Init(this, usePortalRoot, Log);
SecurityCheckHelpers.ThrowIfAccessingRootButNotAllowed(usePortalRoot, Security.UserIsRestricted);
Log.Add("check if feature enabled");
if (Security.UserIsRestricted && !ToSic.Eav.Configuration.Features.Enabled(FeaturesForRestrictedUsers))
{
throw HttpException.PermissionDenied(
$"low-permission users may not access this - {ToSic.Eav.Configuration.Features.MsgMissingSome(FeaturesForRestrictedUsers)}");
}
PrepCore(App, guid, field, usePortalRoot);
if (string.IsNullOrEmpty(contentType) || string.IsNullOrEmpty(field))
{
return;
}
Attribute = Definition(appId, contentType, field);
if (!Security.FileTypeIsOkForThisField(out var exp))
{
throw exp;
}
callLog(null);
}
