public bool DenyPagePermission(string groupid, string pagename)
{
bool flag = true;
try
{
PagePermission pagepermission = new PagePermission();
int uid = int.Parse(groupid);
var pid = (from pg in PageRepo.All() where pg.PageName == pagename select pg.PageID).FirstOrDefault();
var record = PagePermissionRepo.All().FirstOrDefault(model => (model.PageID == pid && model.GroupID == uid));
if (record == null)
{
pagepermission.GroupID = uid;
pagepermission.PageID = pid;
pagepermission.PermissionStatus = true;
PagePermissionRepo.Create(pagepermission);
}
}
catch (SqlException e)
{
throw e;
}
catch (Exception ex)
{
throw ex;
}
return(flag);
}
public static void Save(object arr)
{
int i = 0;
IEnumerable <Role> iRoleList = RoleList.Where(r => r.Name != System.Configuration.ConfigurationManager.AppSettings["GroupAdmin"]);
foreach (object[] item in (object[])arr)
{
int j = 0;
foreach (bool subItem in item)
{
if (subItem != AuthenticationList[i][j])
{
Role role = iRoleList.ElementAt(i);
PagePermission pagePermission = PagePermissionList[j];
if (subItem)
{
PageAuthenticationManager.AddPermission(pagePermission, role);
}
else
{
PageAuthenticationManager.RemovePermission(pagePermission, role);
}
}
j++;
}
i++;
}
}
public static PermissionType PageAccessMode(IDbContext db, CmsUser cmsUser, CmsPage page)
{
PermissionType mode = PermissionType.Default;
if (cmsUser != null && cmsUser.RoleId >= RoleType.Super)
{
//supervisor
mode = PermissionType.Admin;
}
else if (cmsUser != null && page != null)
{
PagePermission pp = db.Set <PagePermission>().SingleOrDefault(
e => e.User.Id == cmsUser.Id && e.Page.Id == page.Id);
if (pp != null)
{
mode = pp.AccessMode;
}
else
{
mode = NaviAccessMode(db, cmsUser, page.NaviNode);
}
}
// TODO: Add site specific access checking
if (CmsHelper.Site == "fratalk" && page.Type.Title == "PAGE" && mode != PermissionType.Admin)
{
return(PermissionType.Default);
}
return(mode);
}
public bool HasPermission()
{
if (!string.IsNullOrEmpty(this.Target))
{
// Get the page permission for the navigation item's target page.
PagePermission pagePermission = base.PermissionCore.PagePermissions[this.Target.Split('?')[0]];
// Check if there is a restriction for the navigation item's target page.
if (pagePermission != null)
{
// Check if the current's session authenticated
// user has the permission for this page.
if (!base.UserHasPermission(pagePermission.Permission.Id))
{
return(false);
}
}
}
else
{
bool result = false;
foreach (NavigationItem subNavigationItem in this.SubNavigationItems)
{
if (subNavigationItem.HasPermission())
{
result = true;
}
}
return(result);
}
return(true);
}
public void CanCreateNavigationWithPermissions()
{
int permissions = 3;
using (TransactionScope ts = new TransactionScope())
{
// create a role
Role role = new Role(_portal.Tenant, "Test role for navigation permission");
_roleRepository.Save(role);
_deletedRoles.Add(role);
// create pages with a permission each
for (int i = 0; i < permissions; i++)
{
Page page = new Page(_portal.Tenant, "Test navigation item with permissions", "", "~/");
_pageRepository.Save(page);
_deletedItems.Add(page);
PagePermission permission = new PagePermission(page, role, true, true, false);
_pagePermissionRepository.Save(permission);
_deletedPermissions.Add(permission);
}
ts.Complete();
}
}
/// <summary>
/// پس از به روز رسانی لیست کاربران شاید نیاز به به روز رسانی وضعیت کاربر جاری باشد
/// </summary>
/// <param name="usersList">لیست کاربران</param>
public bool HasAccess(string typeName, Permission permission)
{
Permission p = 0;
if (typeName != null && PagePermission != null)
{
PagePermission.TryGetValue(typeName, out p);
}
return(p.HasFlag(permission));
}
public bool PageAccessAllowed(string role, string pagename)
{
var roleIdQuery = _dbContext.Roles.Where(p => p.Name == role);
Role roleObj = roleIdQuery.Cast <Role>().ToList()[0];
int roleId = roleObj.Id;
var PageNameQuery = _dbContext.Pages.Where(p => p.Name.Equals(pagename));
Page pageObj = PageNameQuery.Cast <Page>().ToList()[0];
int pageId = pageObj.Id;
var PagePermissionQuery = _dbContext.PagePermissions.Where(p => p.RoleId == roleId && p.PageId == pageId);
PagePermission pagePermission = PagePermissionQuery.Cast <PagePermission>().ToList()[0];
return(pagePermission.IsAllowed);
}
private void ParsePagePermissions(XmlNode xmlNode)
{
XmlNodeList xmlNodesPages = xmlNode.SelectNodes("Page");
foreach (XmlNode xmlNodePage in xmlNodesPages)
{
string pageName = xmlNodePage.Attributes["Name"].Value;
int idPermission;
if (int.TryParse(xmlNodePage.Attributes["Permission"].Value, out idPermission))
{
Permission permission = this.Permissions[idPermission];
if (permission != null)
{
PagePermission pagePermission = new PagePermission(this, pageName, permission);
XmlNode xmlNodeButtons = xmlNodePage.SelectSingleNode("Buttons");
if (xmlNodeButtons != null)
{
foreach (ButtonPermission buttonPermission in ParseButtonPermissions(xmlNodeButtons))
{
pagePermission.ButtonPermissions.Add(buttonPermission);
}
}
XmlNode xmlNodeGridColumns = xmlNodePage.SelectSingleNode("GridColumns");
if (xmlNodeGridColumns != null)
{
pagePermission.GridColumnPermissions = new GridColumnPermissionCollection(this, xmlNodeGridColumns);
}
XmlNode xmlNodeControls = xmlNodePage.SelectSingleNode("Controls");
if (xmlNodeControls != null)
{
foreach (ControlPermission buttonPermission in ParseControlPermissions(xmlNodeControls))
{
pagePermission.ControlPermissions.Add(buttonPermission);
}
}
this.PagePermissions.Add(pagePermission);
}
}
}
}
public PagePermission GetUserPermissions(string userId, string moduleUrl, string moduleCode, int userTypeId)
{
var pagePermission = new PagePermission();
var encryptModuleUrl = EncryptDecryptHelper.EncryptUrl(moduleUrl);
var encryptModuleCode = EncryptDecryptHelper.EncryptUrl(moduleCode);
var uri = API.UserPermission.GetUserPermission(_path, userId, encryptModuleUrl, encryptModuleCode, userTypeId);
HttpResponseMessage response = _client.GetAsync(uri).Result;
if (response.IsSuccessStatusCode)
{
var jsonDataProviders = response.Content.ReadAsStringAsync().Result;
pagePermission = EntityMapper <string, PagePermission> .MapFromJson(jsonDataProviders);
}
return(pagePermission);
}
// extracting the page permission
public List <PagePermission> PagePermissionList(XmlNode page)
{
List <PagePermission> objPagePermissionList = new List <PagePermission>();
XmlNodeList permissionList = page.SelectNodes("PagePermissions/PagePermission");
foreach (XmlNode permission in permissionList)
{
PagePermission objPagePermission = new PagePermission();
objPagePermission.PageID = int.Parse(Utils.CleanString(permission["PageID"].InnerText));
objPagePermission.PermissionID = int.Parse(Utils.CleanString(permission["PermissionID"].InnerText));
objPagePermission.RoleName = permission["RoleName"].InnerText;
objPagePermission.AllowAcess = bool.Parse(Utils.CleanString(permission["Allowacess"].InnerText));
objPagePermission.IsActive = bool.Parse(Utils.CleanString(permission["IsActive"].InnerText));
objPagePermissionList.Add(objPagePermission);
}
return(objPagePermissionList);
}
public virtual IHtmlString Position(string positionID, bool requireMembershipAuthentication, params string[] membershipGroups)
{
if (PageContext.PageRequestContext.RequestChannel == FrontRequestChannel.Design)
{
return(new PageDesignHolder(this, positionID));
}
else
{
if (requireMembershipAuthentication)
{
var permission = new PagePermission()
{
RequireMember = requireMembershipAuthentication, AllowGroups = membershipGroups
};
if (!permission.Authorize(Html.ViewContext.HttpContext.Membership().GetMember()))
{
return(new HtmlString(""));
}
}
return(Position(positionID));
}
}
public bool AllowPagePermission(string groupid, string pagename)
{
bool flag = true;
try
{
PagePermission pagepermission = new PagePermission();
int uid = int.Parse(groupid);
int pid = (from pg in PageRepo.All() where pg.PageName == pagename select pg.PageID).FirstOrDefault();
var record = PagePermissionRepo.All().FirstOrDefault(model => (model.PageID == pid && model.GroupID == uid));
PagePermissionRepo.Delete(record);
}
catch (SqlException e)
{
throw e;
}
catch (Exception ex)
{
throw ex;
}
return(flag);
}
//void tutLink_Command(object sender, CommandEventArgs e)
//{
// if ((HttpContext.Current.Session != null) && (HttpContext.Current.Session.Mode != System.Web.SessionState.SessionStateMode.Off))
// {
// this.Page.Session["showTutorial"] = true;
// }
//}
void hintsPanel_DataBound(object sender, EventArgs e)
{
CmsManager manager = new CmsManager();
HtmlGenericControl pagesLi = GetLi("pagesLi", this.hintsPanel);
HtmlAnchor pagesLink = GetLink("pagesLink", this.hintsPanel);
HtmlGenericControl modulesLi = GetLi("modulesLi", this.hintsPanel);
HtmlAnchor modulesLink = GetLink("modulesLink", this.hintsPanel);
HtmlGenericControl filesLi = GetLi("filesLi", this.hintsPanel);
HtmlAnchor filesLink = GetLink("filesLink", this.hintsPanel);
HtmlGenericControl administrationLi = GetLi("administrationLi", this.hintsPanel);
HtmlAnchor administrationLink = GetLink("administrationLink", this.hintsPanel);
bool hasPerm = false;
foreach (ICmsPage page in manager.GetPages())
{
Telerik.Cms.Security.PagePermission testPerm = new Telerik.Cms.Security.PagePermission(page);
if (testPerm.CheckDemand(PageRights.View))
{
hasPerm = true;
break;
}
}
Telerik.Cms.Security.GlobalPermission perm = new Telerik.Cms.Security.GlobalPermission(GlobalRights.ManageUsers);
bool canEditTemplates = perm.CheckDemand(GlobalRights.EditTemplates);
PagePermission pagePerm = new PagePermission(manager.GetRootPage(), PageRights.View);
bool canViewPages = pagePerm.CheckDemand();
if (!canViewPages)
{
int totalRows;
if (manager.GetPages(0, 1, "", System.ComponentModel.ListSortDirection.Ascending, out totalRows, true).Count > 0)
canViewPages = true;
}
if (canViewPages)
pagesLink.HRef = "~/Sitefinity/Admin/Pages.aspx";
else if (canEditTemplates)
pagesLink.HRef = "~/Sitefinity/Admin/Templates.aspx";
else if (pagesLi != null && pagesLink != null)
{
pagesLi.Attributes["class"] += " dis";
pagesLink.Attributes["href"] = "#";
}
bool canManageServices = false;
foreach (IWebModule module in Telerik.Framework.ServiceHost.GetServiceModules())
{
if (Util.CheckMinimalServicePermissions(new ServicesPermissions(module.GetType())))
{
canManageServices = true;
break;
}
}
perm = new Telerik.Cms.Security.GlobalPermission(Telerik.Cms.Security.GlobalRights.ManageUsers | GlobalRights.ManagePermissions);
if (administrationLi != null && administrationLink != null && (!perm.CheckDemand() && !canManageServices))
{
administrationLi.Attributes["class"] += " dis";
administrationLink.Attributes["href"] = "#";
}
perm = new Telerik.Cms.Security.GlobalPermission(Telerik.Cms.Security.GlobalRights.ManageFiles);
if (filesLi != null && filesLink != null && !perm.CheckDemand())
{
filesLi.Attributes["class"] += " dis";
filesLink.Attributes["href"] = "#";
}
bool showModules = false;
List<IWebModule> webModules = new List<IWebModule>();
foreach (IWebModule module in ModuleManager.GetWebModulesValues())
{
if (module is IModule)
showModules = Util.CheckMinimalPermissions(module as IModule);
if (showModules)
break;
}
if (modulesLi != null && modulesLink != null && !showModules)
{
modulesLi.Attributes["class"] += " dis";
modulesLink.Attributes["href"] = "#";
}
}
private void LoadAll(int id)
{
ddlAction.DataSource = Enum.GetNames(typeof(PermissionAction));
ddlAction.DataBind();
lblTitle.Text = "Creación de Permiso";
if (id != 0)
{
Permission p = ControllerManager.Permission.GetById(id);
txtName.Text = p.Name;
txtCode.Text = p.Code;
txtDescription.Text = p.Description;
txtCode.Enabled = false;
ddlAction.SelectedValue = ddlAction.Items.FindByValue(p.PermissionAction.ToString()).Value;
if (p is PagePermission)
{
PagePermission pp = (p as PagePermission);
ddlPermission.SelectedValue = "Page";
MakeVisible(ddlPermission.SelectedValue);
txtPermission1.Text = pp.PageName;
txtPermission2.Text = pp.FolderName;
}
else
if (p is MethodPermission)
{
MethodPermission mp = (p as MethodPermission);
ddlPermission.SelectedValue = "Method";
MakeVisible(ddlPermission.SelectedValue);
txtPermission1.Text = mp.MethodName;
txtPermission2.Text = mp.ClassName;
}
else
if (p is EntityPermission)
{
EntityPermission ep = (p as EntityPermission);
ddlPermission.SelectedValue = "Entity";
MakeVisible(ddlPermission.SelectedValue);
txtPermission1.Text = ep.Identifier;
txtPermission2.Text = ep.ClassName;
}
else
if (p is WebControlPermission)
{
WebControlPermission wp = (p as WebControlPermission);
ddlPermission.SelectedValue = "Web";
MakeVisible(ddlPermission.SelectedValue);
txtPermission1.Text = wp.RelativePath;
txtPermission2.Text = wp.ControlIdentifier;
}
else
if (p is ExecutePermission)
{
ExecutePermission exp = (p as ExecutePermission);
ddlPermission.SelectedValue = "Execute";
MakeVisible(ddlPermission.SelectedValue);
txtPermission1.Text = exp.KeyIdentifier;
txtPermission2.Text = exp.ClassName;
}
lblTitle.Text = "Edición " + ddlPermission.SelectedItem;
}
else
{
lblPermission.Visible = true;
ddlPermission.Visible = true;
lblFolderName.Visible = true;
lblPageName.Visible = true;
}
}
void hintsPanel_DataBound(object sender, EventArgs e)
{
CmsManager manager = new CmsManager();
HtmlGenericControl pagesLi = GetLi("pagesLi", this.hintsPanel);
HtmlAnchor pagesLink = GetLink("pagesLink", this.hintsPanel);
HtmlGenericControl modulesLi = GetLi("modulesLi", this.hintsPanel);
HtmlAnchor modulesLink = GetLink("modulesLink", this.hintsPanel);
HtmlGenericControl filesLi = GetLi("filesLi", this.hintsPanel);
HtmlAnchor filesLink = GetLink("filesLink", this.hintsPanel);
HtmlGenericControl administrationLi = GetLi("administrationLi", this.hintsPanel);
HtmlAnchor administrationLink = GetLink("administrationLink", this.hintsPanel);
Telerik.Cms.Security.GlobalPermission perm = new Telerik.Cms.Security.GlobalPermission(GlobalRights.ManageUsers);
bool canEditTemplates = perm.CheckDemand(GlobalRights.EditTemplates);
PagePermission pagePerm = new PagePermission(manager.GetRootPage(), PageRights.View);
bool canViewPages = pagePerm.CheckDemand();
if (canViewPages)
{
pagesLink.HRef = "~/Sitefinity/Admin/Pages.aspx";
}
else if (canEditTemplates)
{
pagesLink.HRef = "~/Sitefinity/Admin/Templates.aspx";
}
else if (pagesLi != null && pagesLink != null)
{
pagesLi.Attributes["class"] += " dis";
pagesLink.Attributes["href"] = "#";
}
bool canManageServices = false;
foreach (IWebModule module in Telerik.Framework.ServiceHost.GetServiceModules())
{
if (Util.CheckMinimalServicePermissions(new ServicesPermissions(module.GetType())))
{
canManageServices = true;
break;
}
}
perm = new Telerik.Cms.Security.GlobalPermission(Telerik.Cms.Security.GlobalRights.ManageUsers | GlobalRights.ManagePermissions);
if (administrationLi != null && administrationLink != null && (!perm.CheckDemand() && !canManageServices))
{
administrationLi.Attributes["class"] += " dis";
administrationLink.Attributes["href"] = "#";
}
perm = new Telerik.Cms.Security.GlobalPermission(Telerik.Cms.Security.GlobalRights.ManageFiles);
if (filesLi != null && filesLink != null && !perm.CheckDemand())
{
filesLi.Attributes["class"] += " dis";
filesLink.Attributes["href"] = "#";
}
bool showModules = false;
List <IWebModule> webModules = new List <IWebModule>();
foreach (IWebModule module in ModuleManager.GetWebModulesValues())
{
if (module is IModule)
{
showModules = Util.CheckMinimalPermissions(module as IModule);
}
if (showModules)
{
break;
}
}
if (modulesLi != null && modulesLink != null && !showModules)
{
modulesLi.Attributes["class"] += " dis";
modulesLink.Attributes["href"] = "#";
}
}
public ViewResult Change(string sectionId, string pageId, string userName, PermissionType permission, bool overwrite = false)
{
CmsUser currentUser = SecurityHelper.CurrentCmsUser(db);
if (currentUser.RoleId < RoleType.Super)
{
throw new Exception("Access Denided.");
}
//user
if (string.IsNullOrEmpty(userName))
{
ViewBag.Message = "User Name is Required";
return(View("error"));
}
userName = userName.ToLower();
CmsUser user = db.Set <CmsUser>().SingleOrDefault(e => e.AdName == userName);
if (user == null && permission != PermissionType.Denied)
{
//new user
user = new CmsUser();
user.AdName = userName;
user.UserName = HtmlHelpers.FormatName(null, userName).ToString();
user.RoleId = RoleType.Normal;
db.Set <CmsUser>().Add(user);
db.SaveChanges();
}
else if (user != null)
{
if (permission == PermissionType.Denied)
{
//remove users
ClearPermissions(user);
db.Set <CmsUser>().Remove(user);
db.SaveChanges();
}
else
{
if (string.IsNullOrEmpty(pageId))
{
//navi
int sid = Convert.ToInt32(sectionId);
//handle overwrite
NaviNode currentNode = db.Set <NaviNode>().Single(e => e.Id == sid);
if (overwrite == true)
{
ClearPermissions(user);
}
NaviPermission np = db.Set <NaviPermission>().SingleOrDefault(e => e.Section.Id == sid && e.User.Id == user.Id);
//new navi permission
if (np == null)
{
np = new NaviPermission();
np.User = user;
np.AccessMode = permission;
np.Section = db.Set <NaviNode>().Single(e => e.Id == sid);
db.Set <NaviPermission>().Add(np);
}
//modify
else if (np != null)
{
if (permission != np.AccessMode)
{
np.AccessMode = permission;
((DbContext)db).Entry(np).State = EntityState.Modified;
}
}
db.SaveChanges();
}
else
{
//page
int pid = Convert.ToInt32(pageId);
PagePermission pp = db.Set <PagePermission>().SingleOrDefault(e => e.Page.Id == pid && e.User.Id == user.Id);
//new page permission
if (pp == null)
{
pp = new PagePermission();
pp.User = user;
pp.AccessMode = permission;
pp.Page = db.Set <CmsPage>().Single(e => e.Id == pid);
db.Set <PagePermission>().Add(pp);
}
//modify
else if (pp != null)
{
if (permission != pp.AccessMode)
{
pp.AccessMode = permission;
((DbContext)db).Entry(pp).State = EntityState.Modified;
}
}
db.SaveChanges();
}
}
}
ViewBag.RoleId = SecurityHelper.CurrentCmsUserRole(db);
return(View("PermissionGranted"));
}
public ActionResult Save(PageModel model)
{
Page page = null;
Role adminRole, memberRole, guestRole;
bool isNew = model.Id == Guid.Empty;
if (isNew) // if page is new create it
{
page = new Page(new Tenant(Portal.Tenant.Id));
if (model.ParentId.HasValue)
{
page.Parent = new Page(model.ParentId.Value);
}
}
using (TransactionScope ts = new TransactionScope())
{
// check if slug is unique
var anotherPageWithSameSlug = _pageRepository.FindBy(p => p.Tenant.Id == Portal.Tenant.Id && p.Slug == model.Slug && p.Id != model.Id) != null;
if (anotherPageWithSameSlug == true)
{
Alert(AlertType.warning, "Slug not unique", "Another page with this slug already exists.");
return(View("Page", model));
}
// if page exists, retrieve page and permissions
if (!isNew)
{
page = (from p in _pageRepository.All()
where p.Id == model.Id
select p).FetchMany(p => p.Permissions).Single();
}
// retrieve system roles
adminRole = _roleRepository.FindBy(r => r.Tenant.Id == Portal.Tenant.Id && r.Name == "Administrator");
memberRole = _roleRepository.FindBy(r => r.Tenant.Id == Portal.Tenant.Id && r.Name == "Member");
guestRole = _roleRepository.FindBy(r => r.Tenant.Id == Portal.Tenant.Id && r.Name == "Guest");
ts.Complete();
}
// update page model with new data
Mapper.Map <PageModel, Page>(model, page);
try
{
/* add / update page permissions */
var permissions = page.Permissions;
// add / update admin permission
PagePermission adminPermission = permissions.SingleOrDefault(p => p.Role.Name == adminRole.Name);
if (adminPermission == null)
{
permissions.Add(new PagePermission(page, adminRole, true, true, true));
}
else
{
adminPermission.SetPermissionRights(true, true, true);
}
// add / update member permission
PagePermission memberPermission = permissions.SingleOrDefault(p => p.Role.Name == memberRole.Name);
if (memberPermission == null && model.MembersVisible)
{
permissions.Add(new PagePermission(page, memberRole, true, false, false));
}
else if (memberPermission != null)
{
memberPermission.SetPermissionRights(model.MembersVisible, false, false);
}
// add / update guest permission
PagePermission guestPermission = permissions.SingleOrDefault(p => p.Role.Name == guestRole.Name);
if (guestPermission == null && model.GuestsVisible)
{
permissions.Add(new PagePermission(page, guestRole, true, false, false));
}
else if (guestPermission != null)
{
guestPermission.SetPermissionRights(model.GuestsVisible, false, false);
}
// save the page with permissions
using (TransactionScope ts = new TransactionScope())
{
_pageRepository.Save(page); //save the page
foreach (var permission in permissions)
{
_pagePermissionRepository.Save(permission);
}
ts.Complete();
}
model = Mapper.Map <PageModel>(page); //todo: reads permissions without transaction
}
catch
{
Alert(AlertType.danger, "Error", "Failed to create/update page.");
return(View("Page", model));
}
Alert(AlertType.success, "Success", "Page successfully created/updated.");
return(RedirectToAction("edit", "page", new { slug = model.Slug }));
}
partial void InsertPagePermission(PagePermission instance) {
int rc;
string errorinfo = null;
rc = this.P_PagePermission_I(
m_UserContext,
(int?)instance.PageID,
(int?)instance.PermissionID,
ref errorinfo);
if (rc != 0) {
throw new Exception(errorinfo != String.Empty ? errorinfo : string.Format(UnknownError, rc));
}
}
public void CanReadNavigationForRole()
{
int rolesNo = 3;
int pagesNo = 3;
int permissionsNo = rolesNo * pagesNo;
List <Role> roles = new List <Role>();
List <Page> pages = new List <Page>();
// create the roles
for (int r = 0; r < rolesNo; r++)
{
string rolename = string.Format("TNP Role {0}", r);
using (TransactionScope ts = new TransactionScope())
{
// create a role
Role role = new Role(_portal.Tenant, rolename);
_roleRepository.Save(role);
roles.Add(role);
_deletedRoles.Add(role);
ts.Complete();
}
}
// create the pages
for (int p = 0; p < pagesNo; p++)
{
string pagename = string.Format("TNP Page {0}", p);
using (TransactionScope ts = new TransactionScope())
{
Page page = new Page(_portal.Tenant, pagename, pagename, "");
_pageRepository.Save(page);
pages.Add(page);
_deletedItems.Add(page);
ts.Complete();
}
}
// create permissions
foreach (var role in roles)
{
foreach (var page in pages)
{
using (TransactionScope ts = new TransactionScope())
{
PagePermission permission = new PagePermission(page, role, true, true, true);
_pagePermissionRepository.Save(permission);
_deletedPermissions.Add(permission);
ts.Complete();
}
}
}
// get the navigation with permissions for each role
foreach (var role in roles)
{
using (TransactionScope ts = new TransactionScope())
{
List <Page> navigation = _navigationProvider.GetRoleNavigation(role.Name);
Console.Write("{0}", role.Name);
Console.WriteLine("{0} pages", navigation.Count);
foreach (var page in navigation)
{
Console.WriteLine("{0} permissions for page {1}", page.Permissions.Count, page.Title);
}
ts.Complete();
}
}
} // todo: check why it does not return correct permissions for page (seems to work if they have been already created before)
public PagePermission GetUserPermissions(string userId, string moduleUrl, string moduleCode, int userTypeId)
{
PagePermission permission = new PagePermission();
//permission.UserId = userId;
using (var conn = GetOpenConnection())
{
if (/*userTypeId == (int)UserTypes.StoreAdmin ||*/ userTypeId == (int)UserTypes.SuperAdmin)//Admin
{
//Get ModuleId
string query = "SELECT top 1 ModuleId FROM Admin.ActivePowerPackModuleStructure";
DynamicParameters parameter = new DynamicParameters();
if (!string.IsNullOrEmpty(moduleUrl))
{
query += " WHERE lower(dbo.FormatModuleUrl(ModuleUrl)) = lower(dbo.FormatModuleUrl(@ModuleUrl))";
parameter.Add("@ModuleUrl", moduleUrl, DbType.String);
}
else
{
query += " WHERE lower(ModuleCode) = lower(@ModuleCode)";
parameter.Add("@ModuleCode", moduleCode, DbType.String);
}
permission.ModuleId = conn.QueryFirstOrDefault <int>(query, parameter, commandType: CommandType.Text);
permission.CanView = permission.CanAdd = permission.CanEdit = permission.CanDelete = true;
}
else
{
var parameters = new DynamicParameters();
parameters.Add("@UserId", userId, DbType.String);
parameters.Add("@ModuleUrl", moduleUrl, DbType.String);
if (!string.IsNullOrEmpty(moduleCode))
{
parameters.Add("@ModuleCode", moduleCode, DbType.String);
}
var modulePermission = conn.QueryFirstOrDefault <ModulePermission>("[Admin].[GetUserPermissions]", parameters, commandType: CommandType.StoredProcedure);
permission = new PagePermission();
if (modulePermission != null)
{
permission.ModuleId = modulePermission.ModuleId;
if (!string.IsNullOrEmpty(modulePermission.PermissionCategoryIds))
{
string[] permissionCategories = modulePermission.PermissionCategoryIds.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
if (permissionCategories.Count() > 0)
{
if (permissionCategories.Contains(((int)PermissionCategory.View).ToString()))
{
permission.CanView = true;
if (permissionCategories.Contains(((int)PermissionCategory.AddEditDelete).ToString()))
{
permission.CanAdd = true; permission.CanEdit = true; permission.CanDelete = true;
}
else
{
if (permissionCategories.Contains(((int)PermissionCategory.Add).ToString()))
{
permission.CanAdd = true;
}
if (permissionCategories.Contains(((int)PermissionCategory.Update).ToString()))
{
permission.CanEdit = true;
}
if (permissionCategories.Contains(((int)PermissionCategory.Delete).ToString()))
{
permission.CanDelete = true;
}
}
}
}
}
}
}
}
return(permission);
}
/// <summary>
/// Gets the list permission by user.
/// </summary>
/// <param name="username">The username.</param>
/// <returns>Get List permission By User</returns>
public List <PagePermission> GetListPermissionByUser(string username)
{
List <PagePermission> lstPagePermission = new List <PagePermission>();
List <PagePermission> lstData = new List <PagePermission>();
using (var data = new Entities())
{
var query = from u in data.C_UserPermission
join p in data.C_UserPage on u.page_id equals p.id
where u.user == username
select new
{
u.user, u.page_id, u.del, u.add, u.edit, u.view, p.Title, p.ParentId, p.OrderDisplay
};
if (query.Any())
{
foreach (var obj in query)
{
PagePermission page = new PagePermission();
page.Page_ID = (int)obj.page_id;
page.User_Name = obj.user;
page.Title = obj.Title;
page.Add = (bool)obj.add;
page.Edit = (bool)obj.edit;
page.Delete = (bool)obj.del;
page.View = (bool)obj.view;
page.Parent_ID = (int)obj.ParentId;
page.OrderDisplay = (int)obj.OrderDisplay;
lstPagePermission.Add(page);
}
List <C_UserPermission> lstUserPermission = data.C_UserPermission.Where(u => u.user == username).ToList();
var dataID = from c in data.C_UserPermission
where c.user == username
select new
{
c.page_id
};
List <int> lstPageID = new List <int>();
if (dataID.Any())
{
foreach (var obj in dataID)
{
lstPageID.Add((int)obj.page_id);
}
}
List <C_UserPage> lstUserPage = data.C_UserPage.Where(c => !lstPageID.Contains(c.id) && c.ParentId > 0).ToList();
if (lstUserPage.Any())
{
foreach (var obj in lstUserPage)
{
PagePermission page = new PagePermission();
page.Page_ID = obj.id;
page.User_Name = username;
page.Title = obj.Title;
page.Add = false;
page.Edit = false;
page.Delete = false;
page.View = false;
page.Parent_ID = (int)obj.ParentId;
page.OrderDisplay = (int)obj.OrderDisplay;
lstPagePermission.Add(page);
}
}
}
else
{
List <C_UserPage> lstUserPage = data.C_UserPage.Where(p => p.ParentId > 0).ToList();
if (lstUserPage.Any())
{
foreach (var obj in lstUserPage)
{
PagePermission page = new PagePermission();
page.Page_ID = obj.id;
page.User_Name = username;
page.Title = obj.Title;
page.Add = false;
page.Edit = false;
page.Delete = false;
page.View = false;
page.Parent_ID = (int)obj.ParentId;
page.OrderDisplay = (int)obj.OrderDisplay;
lstPagePermission.Add(page);
}
}
}
List <C_UserPage> lstUserPageParent = data.C_UserPage.Where(p => p.ParentId == 0).OrderBy(p => p.OrderDisplay).ToList();
foreach (var parent in lstUserPageParent)
{
PagePermission page = new PagePermission();
page.Page_ID = parent.id;
page.User_Name = username;
page.Title = parent.Title;
page.Add = false;
page.Edit = false;
page.Delete = false;
page.View = false;
page.Parent_ID = (int)parent.ParentId;
page.OrderDisplay = (int)parent.OrderDisplay;
lstData.Add(page);
lstData.AddRange(lstPagePermission.Where(p => p.Parent_ID == parent.id).OrderBy(p => p.OrderDisplay));
}
}
return(lstData);
}
