/// <summary> /// Rules visualisation in umbraco backoffice /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void TreeControllerBase_TreeNodesRendering(TreeControllerBase sender, TreeNodesRenderingEventArgs e) { if (KeepOutRulesFolderId == 0) { return; } if (!VisualiseRules) { return; } if (sender.TreeAlias != "content") { return; } using (var context = _factory.EnsureUmbracoContext()) { foreach (var node in e.Nodes) { var intCurrentNodeId = int.Parse(node.Id.ToString()); var page = context.UmbracoContext.Content.GetById(intCurrentNodeId); if (page == null) { continue; } // if the current node is secured by a rule (or is the rule itself), colour the node var isRule = page.ContentType.Alias == "keepOutSecurityRule"; var path = page.Path.Split(',').ToList(); var hasRule = RulesPages.Intersect(path).ToList(); if (!hasRule.Any() && !isRule) { continue; } node.CssClasses.Add("keepout"); if (isRule) { // node is the rule itself var ruleColour = page.GetProperty("coverageColour").GetValue() as ColorPickerValueConverter.PickedColor; node.CssClasses.Add($"keepout-{ruleColour.Label}"); node.CssClasses.Add("keepoutrule"); } else { // node is content that is covered by a rule var ruleNdx = RulesPages.IndexOf(hasRule.Last()); // if multiple rules overlap, last wins var activeRule = Rules[ruleNdx]; node.CssClasses.Add(activeRule.CoverageColour); } } } }
private void TreeControllerBase_TreeNodesRendering(TreeControllerBase sender, TreeNodesRenderingEventArgs e) { if (!VisualiseRules) { return; } switch (sender.TreeAlias) { case "content": foreach (var node in e.Nodes) { // if the current node is secured by a rule, find it and colour the node var id = int.Parse(node.Id.ToString()); // need IContent object to gain access to Path, node Path is always null :( //var page = ApplicationContext.Current.Services.ContentService.GetById(id); // get IPublishedContent from cache var page = UmbracoContext.Current.ContentCache.GetById(id); if (page == null) { break; } var path = page.Path.Split(new[] { ',' }).ToList(); var hasRule = RulesPages.Intersect(path); if (hasRule.Any()) { var ruleIndex = RulesPages.IndexOf(hasRule.First()); // if multiple rules overlap, take the first var activeRule = Rules[ruleIndex]; node.CssClasses.Add("keepout"); node.CssClasses.Add(activeRule.Colour); } // colour the actual rule node to indicate the rule assignment if (page.ContentType.Alias == "keepOutSecurityRule") { node.CssClasses.Add("keepout"); var colourJson = page.GetProperty("contentColour").DataValue.ToString(); node.CssClasses.Add("keepout-" + KeepOutHelper.Json.Deserialize <RuleColour>(colourJson).Label); } } break; } }
/// <summary> /// The event that fires whenever a resource is requested /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void UmbracoApplication_PreRequestHandlerExecute(object sender, EventArgs e) { var context = ((UmbracoApplicationBase)sender).Context; // if no context, session or anonymous user return if (context == null) { return; } if (context.Session == null) { return; } if (context.Request.LogonUserIdentity == null) { return; } if (context.Items == null) { return; } var umbPageId = context.Items["pageID"]; var umbPage = context.Items["UmbPage"]; var umbracoContext = (UmbracoContext)context.Items["Umbraco.Web.UmbracoContext"]; if (umbPageId == null || umbPage == null || umbracoContext == null) { return; } // if accessing via the umbraco admin return var isUmbraco = umbPage.ToString().StartsWith("/umbraco/"); if (isUmbraco) { return; } var umbracoHelper = new UmbracoHelper(umbracoContext); if (!umbracoContext.PageId.HasValue) { return; } // First we check if this page is part of a rule var page = umbracoHelper.TypedContent(umbracoContext.PageId.Value); var path = page.Path.Split(new[] { ',' }).ToList(); // if the current page should be secured, the page path will contain the root page that was secured // this is how we know that this is a descendant of the secured page var hasRule = RulesPages.Intersect(path); if (hasRule.Any()) { LogHelper.Debug <KeepOutHandler>("Access rule was found"); var ruleIndex = RulesPages.IndexOf(hasRule.First()); // if multiple rules overlap, take the first var activeRule = Rules[ruleIndex]; // now we have found a rule we check if it applies to the current member LogHelper.Debug <KeepOutHandler>("Checking member '" + context.Request.LogonUserIdentity.Name + "' for membership"); var memberRoles = System.Web.Security.Roles.GetRolesForUser(context.Request.LogonUserIdentity.Name).ToList(); LogHelper.Debug <KeepOutHandler>("Found " + memberRoles.Count() + " roles for member"); if (!memberRoles.Any()) { return; } var appliesToUser = activeRule.MemberRoles.Intersect(memberRoles); if (appliesToUser.Any()) { LogHelper.Debug <KeepOutHandler>("Applicable group membership found, attempting redirect to no-access page"); // member is in a group that has been denied access, so redirect to the no access page defined by the rule var noAccessPage = umbracoHelper.NiceUrl(activeRule.NoAccessPage); umbracoContext.HttpContext.Response.Redirect(noAccessPage); } } }
/// <summary> /// The event that fires whenever a resource is requested, so we can check if it is allowed /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private void UmbracoApplication_PreRequestHandlerExecute(object sender, EventArgs e) { // we can cast sender to HttpApplication to get the logged in member var httpApp = sender as HttpApplication; if (httpApp == null) { return; } var loggedInMember = httpApp.User.Identity.Name; if (string.IsNullOrEmpty(loggedInMember)) { return; } var memberRoles = Roles.GetRolesForUser(loggedInMember); if (!memberRoles.Any()) { return; } // attempt to get the umbraco context if (!(httpApp.Context.Items["Umbraco.Web.HybridUmbracoContextAccessor"] is UmbracoContext umbracoContext)) { return; } // stop now if this is an umbraco backend request if (!umbracoContext.IsFrontEndUmbracoRequest) { return; } //// First we check if the requested page is part of a rule var pageId = umbracoContext.PublishedRequest.PublishedContent.Id; var page = umbracoContext.Content.GetById(pageId); var path = page.Path.Split(',').ToList(); // if the current page should be secured, the page path will contain the root page that was secured // this is how we know that this is a descendant of the secured page var hasRule = RulesPages.Intersect(path).ToList(); if (!hasRule.Any()) { return; } var ruleIndex = RulesPages.IndexOf(hasRule.Last()); // if multiple rules overlap, take the last, rules are cumulative var activeRule = Rules[ruleIndex]; var appliesToUser = activeRule.DeniedMemberGroups.Intersect(memberRoles); if (!appliesToUser.Any()) { return; } // member is in a group that has been denied access, so redirect to the no access page defined by the rule var noAccessPage = umbracoContext.Content.GetById(activeRule.NoAccessPage); umbracoContext.HttpContext.Response.Redirect(noAccessPage.Url); }