private void CheckImportPermission() { string strFuncCode = AccreditResource.Func_CreateOrg + "," + AccreditResource.Func_CreateGroup + "," + AccreditResource.Func_CreateUser; ExceptionHelper.FalseThrow( SecurityCheck.DoesUserHasPermissions(this.LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, strFuncCode, UserValueType.LogonName, DelegationMaskType.All), "对不起,你现在还不能向机构“" + _RootAllPathName + "”中导入数据!"); DataSet dsScopes = SecurityCheck.GetUserFunctionsScopes(this.LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, strFuncCode, UserValueType.LogonName, DelegationMaskType.All, ScopeMaskType.All); ExceptionHelper.FalseThrow(OGUWriter.IsObjectIsIncludeInObjects("ORGANIZATIONS", _RootAllPathName, SearchObjectColumn.SEARCH_ALL_PATH_NAME, string.Empty, dsScopes), "对不起,您没有权限在该机构“" + _RootAllPathName + "”中创建新的子对象!"); }
public IActionResult CancelPolicy(string change, int id) { int? activeId = HttpContext.Session.GetInt32("activeUser"); bool isValid = SecurityCheck.CheckIfUserAuthorized(activeId, id); if (isValid == false) { //Redirected to Logout as user may be malicious return(RedirectToAction("Logout")); } PetOwner activeUser = _context.petowner.Include(o => o.OwnedPets).Single(o => o.Id == id); //Switch case allows one route/method to handle different yet similar logic as needed switch (change) { case "Cancel": activeUser.Active = false; foreach (Pet pet in activeUser.OwnedPets) { pet.Active = false; } break; case "Activate": activeUser.Active = true; break; } _context.SaveChanges(); return(RedirectToAction("Dashboard")); }
public DataSet GetUserAllowDelegteRoles(string userValue, string appCodeName, UserValueType userValueType, RightMaskType rightMask) { return(SecurityCheck.GetUserAllowDelegteRoles(userValue, appCodeName, userValueType, rightMask)); }
public IActionResult CancelPetPolicy(string change, int id) { int? activeId = HttpContext.Session.GetInt32("activeUser"); bool isValid = SecurityCheck.CheckActiveUserVsPet(activeId, id, _context); if (isValid == false) { //Redirected to Logout as user may be malicious return(RedirectToAction("Logout", "PetOwner")); } var changingPet = _context.pet.SingleOrDefault(p => p.Id == id); //Switch case allows one route/method to handle different yet similar logic as needed switch (change) { case "Transfer": return(RedirectToAction("Transfer", new{ id = id })); case "Cancel": changingPet.Active = false; break; case "Activate": changingPet.Active = true; break; } _context.SaveChanges(); return(RedirectToAction("Dashboard", "PetOwner")); }
/// <summary> /// 获取当前登录用户在当前“机构人员管理系统”中的全部权限 /// </summary> /// <returns></returns> public static string GetOGUPemission() { string strResult = "setNoPermission"; bool IsCustomsAuthentication = AccreditSection.GetConfig().AccreditSettings.CustomsAuthentication; if (IsCustomsAuthentication) { DataSet ds = SecurityCheck.GetUserPermissions(GlobalInfo.UserLogOnInfo.UserLogOnName, AccreditResource.AppCodeName, UserValueType.LogonName, RightMaskType.App, DelegationMaskType.All); strResult = string.Empty; foreach (DataRow row in ds.Tables[0].Rows) { if (strResult.Length > 0) { strResult += ","; } strResult += OGUCommonDefine.DBValueToString(row["CODE_NAME"]); } } return(strResult); }
public DataSet GetUserApplications(string userValue, UserValueType userValueType, RightMaskType rightMask, DelegationMaskType delegationMask) { return(SecurityCheck.GetUserApplications(userValue, userValueType, rightMask, delegationMask)); }
public async Task <ActionResult <SecurityCheck> > PostSecurityCheck(SecurityCheck securityCheck) { var device = await _context.Devices.FindAsync(securityCheck.DeviceId); if (device == null) { return(NotFound()); } string userName = User.GetUserName(); if (device.UserName != userName) { return(Forbid()); } await _context.Database.CreateExecutionStrategy().ExecuteAsync(async() => { var trans = _context.Database.BeginTransaction(); device.Status = DeviceStatus.Submitted; _context.UpdateProperties(device, d => d.Status); securityCheck.SubmissionDate = DateTime.Now; securityCheck.UserName = userName; _context.SecurityChecks.Add(securityCheck); await _context.SaveChangesAsync(); await trans.CommitAsync(); }); return(CreatedAtAction("GetSecurityCheck", new { id = securityCheck.Id }, securityCheck)); }
public IActionResult ProcessTransfer(TransferOwner transfer, int petId, int ownerId) { int? activeId = HttpContext.Session.GetInt32("activeUser"); bool isValid = SecurityCheck.CheckUserCanTransfer(activeId, petId, ownerId, _context); if (!isValid) { //Redirected to Logout as user may be malicious return(RedirectToAction("Logout", "PetOwner")); } var transferPet = _context.pet.SingleOrDefault(p => p.Id == petId); if (ModelState.IsValid) { int newOwnerId = _context.petowner.Single(o => o.Email == transfer.Email).Id; transferPet.PetOwnerId = newOwnerId; transferPet.Active = false; _context.SaveChanges(); return(RedirectToAction("Dashboard", "PetOwner")); } transfer.PetToBeTransferred = (Pet)transferPet; transfer.CurrentOwner = _context.petowner.SingleOrDefault(o => o.Id == (int)activeId); transfer.Email = ""; return(View("Transfer", transfer)); }
protected void Page_Load(object sender, System.EventArgs e) { // 在此处放置用户代码以初始化页面 XmlDocument xmlUserInfo = new XmlDocument(); xmlUserInfo.LoadXml("<UserInfo/>"); XmlHelper.AppendNode(xmlUserInfo.FirstChild, "UserGuid", LogOnUserInfo.UserGuid); XmlHelper.AppendNode(xmlUserInfo.FirstChild, "UserLogOnName", LogOnUserInfo.UserLogOnName); for (int i = 0; i < LogOnUserInfo.OuUsers.Length; i++) { XmlNode OuUsersNode = XmlHelper.AppendNode(xmlUserInfo.FirstChild, "OuUsers"); XmlHelper.AppendNode(OuUsersNode, "UserGuid", LogOnUserInfo.OuUsers[i].UserGuid); XmlHelper.AppendNode(OuUsersNode, "AllPathName", LogOnUserInfo.OuUsers[i].AllPathName); XmlHelper.AppendNode(OuUsersNode, "UserDisplayName", LogOnUserInfo.OuUsers[i].UserDisplayName); XmlHelper.AppendNode(OuUsersNode, "UserObjName", LogOnUserInfo.OuUsers[i].UserObjName); XmlHelper.AppendNode(OuUsersNode, "Sideline", LogOnUserInfo.OuUsers[i].Sideline.ToString()); } if (SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName)) { XmlHelper.AppendAttr(xmlUserInfo.FirstChild, "AdminUser", "true"); } else { XmlHelper.AppendAttr(xmlUserInfo.FirstChild, "AdminUser", "false"); } userInfo.Value = xmlUserInfo.OuterXml; }
/// <summary> /// Update a SecurityCheck /// </summary> /// <param name="currentUser"></param> /// <param name="user"></param> /// <param name="appID"></param> /// <param name="overrideID"></param> /// <param name="code"></param> /// <param name="lockID"></param> /// <param name="dataRepository"></param> /// <param name="uow"></param> public void DeleteSecurityCheck(string currentUser, string user, string appID, string overrideID, string code, string lockID, IRepository <SecurityCheck> dataRepository, IUnitOfWork uow) { try { #region Parameter validation // Validate parameters if (string.IsNullOrEmpty(currentUser)) { throw new ArgumentOutOfRangeException("currentUser"); } if (string.IsNullOrEmpty(user)) { throw new ArgumentOutOfRangeException("user"); } if (string.IsNullOrEmpty(appID)) { throw new ArgumentOutOfRangeException("appID"); } if (string.IsNullOrEmpty(code)) { throw new ArgumentOutOfRangeException("code"); } if (string.IsNullOrEmpty(lockID)) { throw new ArgumentOutOfRangeException("lockID"); } if (null == dataRepository) { throw new ArgumentOutOfRangeException("dataRepository"); } if (null == uow) { throw new ArgumentOutOfRangeException("uow"); } #endregion using (uow) { // Convert string to guid Guid codeGuid = Guid.Parse(code); // Find item based on ID SecurityCheck dataEntity = dataRepository.Single(x => x.Code == codeGuid); // Delete the item dataRepository.Delete(dataEntity); // Commit unit of work uow.Commit(); } } catch (Exception e) { //Prevent exception from propogating across the service interface ExceptionManager.ShieldException(e); } }
public DataSet GetDelegatedUser(string userValues, string appCodeName, string roleCodeNames, UserValueType userValueType, bool includeDisabled) { return(SecurityCheck.GetDelegatedUser(userValues, appCodeName, roleCodeNames, userValueType, includeDisabled)); }
public DataSet GetUserPermissions(string userValue, string appCodeName, UserValueType userValueType, RightMaskType rightMask, DelegationMaskType delegationMask) { return(SecurityCheck.GetUserPermissions(userValue, appCodeName, userValueType, rightMask, delegationMask)); }
public bool DoesUserHasAllPermissions(string userValue, string appCodeName, string funcCodeNames, UserValueType userValueType, DelegationMaskType delegationMask) { return(SecurityCheck.DoesUserHasAllPermissions(userValue, appCodeName, funcCodeNames, userValueType, delegationMask)); }
public bool IsUserInAllRoles(string userValue, string appCodeName, string roleCodeNames, UserValueType userValueType, DelegationMaskType delegationMask) { return(SecurityCheck.IsUserInAllRoles(userValue, appCodeName, roleCodeNames, userValueType, delegationMask)); }
public override bool DeleteItem(Item item, SecurityCheck securityCheck) { var args = new DeleteItemArgs(this.DefaultProvider, item, securityCheck); CorePipeline.Run("deleteItem", args); return(args.Result); }
public AddVersionArgs(ItemProvider defaultProvider, Item item, SecurityCheck securityCheck) : base(defaultProvider) { Assert.ArgumentNotNull(item, "item"); this.item = item; this.securityCheck = securityCheck; }
public DeleteItemArgs([NotNull] ItemProvider defaultProvider, [NotNull] Item item, SecurityCheck securityCheck) : base(defaultProvider) { Assert.ArgumentNotNull(item, "item"); this.item = item; this.securityCheck = securityCheck; }
public override Item AddVersion(Item item, SecurityCheck securityCheck) { var args = new AddVersionArgs(this.DefaultProvider, item, securityCheck); CorePipeline.Run("addVersion", args); return(args.Result); }
static void Main(string[] args) { Welcome.WelcomeToAirport(); string name = Console.ReadLine(); string firstNames, lastName; SplitFullName.SplitName(name, out firstNames, out lastName); Console.WriteLine($"{firstNames}, welcome to check-in desk. Please answer for a few questions."); Console.WriteLine($"First of all, please input your date of birthday (yyyy,mm,d): "); Passport passport = new Passport(); passport.DateOfBirth = CheckType.GetDateFromConsole(); CheckDB.CheckDateOfBirth(passport); Console.WriteLine($"Are you have a visa, {firstNames}? (yes or no)"); Visa visa = new Visa(); visa.Status = CheckVisa.CheckOfVisa(); Console.WriteLine($"{firstNames}, please input your passport number: "); passport.Number = Console.ReadLine(); Console.WriteLine($"{firstNames}, now please input passport issued (yyyy,mm,d): "); passport.Issued = CheckType.GetDateFromConsole(); Console.WriteLine($"{firstNames}, now please input passport expired (yyyy,mm,d): "); passport.Expired = CheckType.GetDateFromConsole(); CheckPassport.CheckDatesOfPassport(passport); Console.WriteLine($"Are you have a online registration, {firstNames}? (yes or no)"); Ticket ticket = new Ticket(); ticket.NumberOfTicket = CheckTicket.CheckOnlineRegistration(ticket); Console.WriteLine($"\nDo you have any luggage, {firstNames}? (yes or no)"); Bag bag = new Bag(); CheckBag.CheckWeightOfBag(bag); Console.WriteLine($"{firstNames}, allright! Please go to security check. (any key)"); Console.ReadKey(); Console.WriteLine($"{firstNames}, welcome to security check. Open your case for examination, please." + $"\nDo you have anything forbidden in your suitcase: drugs, guns, explosive materials? (yes or no)"); SecurityEmployee security = new SecurityEmployee(); security.ForbiddenItem = SecurityCheck.CheckForbiddenItem(security); Console.WriteLine($"{firstNames}, welcome to passport control. May I see your passport and ticket, please? (yes or no)"); Passanger passanger = new Passanger(name, passport, ticket, visa, bag); PassportControlEmployee passportControlEmployee = new PassportControlEmployee(); passportControlEmployee.Passanger = PassportControl.CheckPassanger(passanger); }
public DataSet GetFunctionsUsers(string orgRoot, string appCodeName, string funcCodeNames, DelegationMaskType delegationMask, SidelineMaskType sidelineMask, string extAttr) { return(SecurityCheck.GetFunctionsUsers(orgRoot, appCodeName, funcCodeNames, delegationMask, sidelineMask, extAttr)); }
private void CheckPermission(string strOPType) { bool bPermission = true; bool isCustomsAuthentication = AccreditSection.GetConfig().AccreditSettings.CustomsAuthentication; if (isCustomsAuthentication) { switch (strOPType) { case "Update": bPermission = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, AccreditResource.Func_ModifyUser, UserValueType.LogonName, DelegationMaskType.All); if (bPermission) { DataSet ds = SecurityCheck.GetUserFunctionsScopes(LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, AccreditResource.Func_ModifyUser, UserValueType.LogonName, DelegationMaskType.All, ScopeMaskType.All); string strObjGuid = (string)GetRequestData("objGuid", string.Empty); bPermission = IsObjectIsIncludeInObjects("USERS", strObjGuid, SearchObjectColumn.SEARCH_GUID, ds); } break; case "AddSideline": case "Insert": bPermission = SecurityCheck.DoesUserHasPermissions(LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, AccreditResource.Func_CreateUser, UserValueType.LogonName, DelegationMaskType.All); ExceptionHelper.FalseThrow(bPermission, "对不起,您没有权限创建新的“用户”!"); if (bPermission) { DataSet ds = SecurityCheck.GetUserFunctionsScopes(LogOnUserInfo.UserLogOnName, AccreditResource.AppCodeName, AccreditResource.Func_CreateUser, UserValueType.LogonName, DelegationMaskType.All, ScopeMaskType.All); ExceptionHelper.FalseThrow(IsObjectIsIncludeInObjects("ORGANIZATIONS", parentAllPathName.Value, SearchObjectColumn.SEARCH_ALL_PATH_NAME, ds), "对不起,您没有在当前机构中创建“用户”的权限!"); } break; } } opPermission.Value = bPermission.ToString().ToLower(); }
public DataSet GetUserFunctionsScopes(string userValue, string appCodeName, string funcCodeNames, UserValueType userValueType, DelegationMaskType delegationMask, ScopeMaskType scopeMask) { return(SecurityCheck.GetUserFunctionsScopes(userValue, appCodeName, funcCodeNames, userValueType, delegationMask, scopeMask)); }
public DataSet GetChildrenInRoles(string orgRoot, string appCodeName, string roleCodeNames, bool doesMixSort, bool doesSortRank, bool includeDelegate) { return(SecurityCheck.GetChildrenInRoles(orgRoot, appCodeName, roleCodeNames, doesMixSort, doesSortRank, includeDelegate)); }
/// <summary> /// 查询应用(app_id)中包含用户(UserID)的所有角色 /// </summary> /// <param name="xmlDoc"></param> /// <remarks> /// <code> /// <getAppDelegationRoles logonName="userLogonName" appID="app_id" appCodeName="app_code_name"></getAppDelegationRoles> /// </code> /// </remarks> protected void GetAppDelegationRoles(XmlDocument xmlDoc) { string strLogonName = xmlDoc.DocumentElement.GetAttribute("logonName"); string strAppCodeName = xmlDoc.DocumentElement.GetAttribute("appCodeName"); DataSet ds = SecurityCheck.GetUserAllowDelegteRoles(strLogonName, strAppCodeName, UserValueType.LogonName, RightMaskType.All); _XmlResult = InnerCommon.GetXmlDoc(ds); }
public GetItemArgs([NotNull] ItemProvider defaultProvider, [NotNull] Language language, [NotNull] Version version, [NotNull] Database database, SecurityCheck securityCheck) : base(defaultProvider) { Assert.ArgumentNotNull(language, "language"); Assert.ArgumentNotNull(version, "version"); Assert.ArgumentNotNull(database, "database"); this.language = language; this.version = version; this.database = database; this.securityCheck = securityCheck; }
private void DoQueryRoleToExp() { using (DbContext context = DbContext.GetContext(AppResource.ConnAlias)) { XmlElement root = _XmlRequest.DocumentElement; string strAppID = root.GetAttribute("app_id"); string strRoleID = root.GetAttribute("role_id"); //string strSQL = "SELECT ID, ROLE_ID, NAME, EXPRESSION, DESCRIPTION, SORT_ID, INHERITED, CLASSIFY " // + " FROM EXPRESSIONS " // + " WHERE ROLE_ID = " + TSqlBuilder.Instance.CheckQuotationMark(strRoleID) // + " ORDER BY CLASSIFY DESC, DESCRIPTION, SORT_ID"; string strSQL = string.Format("SELECT CODE_NAME FROM APPLICATIONS WHERE ID = {0}; SELECT CODE_NAME FROM ROLES WHERE ID={1}", TSqlBuilder.Instance.CheckQuotationMark(strAppID, true), TSqlBuilder.Instance.CheckQuotationMark(strRoleID, true)); DataSet ds = InnerCommon.ExecuteDataset(strSQL); string strAppCodeName = string.Empty; string strRoleCodeName = string.Empty; if (ds.Tables[0].Rows.Count > 0) { strAppCodeName = ds.Tables[0].Rows[0]["CODE_NAME"].ToString(); } if (ds.Tables[1].Rows.Count > 0) { strRoleCodeName = ds.Tables[1].Rows[0]["CODE_NAME"].ToString(); } //如果不是总管理员,则得到机构管理范围 string strOrgRoot = string.Empty; if (false == SecurityCheck.IsAdminUser(LogOnUserInfo.UserLogOnName)) { ds = SecurityCheck.GetUserFunctionsScopes(LogOnUserInfo.UserLogOnName, strAppCodeName, "ADD_OBJECT_FUNC,DELETE_OBJECT_FUNC,MODIFY_OBJECT_FUNC"); for (int i = 0; i < ds.Tables[0].Rows.Count; i++) { if (strOrgRoot == string.Empty) { strOrgRoot += ds.Tables[0].Rows[i]["DESCRIPTION"].ToString(); } else { strOrgRoot += "," + ds.Tables[0].Rows[i]["DESCRIPTION"].ToString(); } } if (strOrgRoot == string.Empty) { strOrgRoot = "NoOrgRoot"; } } ds = SecurityCheck.GetChildrenInRoles(strOrgRoot, strAppCodeName, strRoleCodeName, false, false, false); _XmlResult = InnerCommon.GetXmlDoc(ds); } }
public IActionResult Update(string id, SecurityCheck securityCheckIn) { var securityCheck = _securityCheckService.Get(id); if (securityCheck == null) { return(NotFound()); } _securityCheckService.Update(id, securityCheckIn); return(NoContent()); }
/// <summary> /// Exports a list of strings to a file. </summary> /// <param name="filename"> the name of the file to write. </param> /// <param name="strings"> a non-null Vector of Strings, each element of which will be /// another line in the file. </param> //JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET: //ORIGINAL LINE: protected void export(String filename, java.util.List<String> strings) throws Exception protected internal virtual void export(string filename, IList <string> strings) { string routine = "StateMod_Data_JFrame.export"; // First see if we can write the file given the security // settings... if (!SecurityCheck.canWriteFile(filename)) { Message.printWarning(1, routine, "Cannot save \"" + filename + "\"."); throw new Exception("Security check failed - unable to write \"" + filename + "\""); } JGUIUtil.setWaitCursor(this, true); // Create a new FileOutputStream wrapped with a DataOutputStream // for writing to a file. PrintWriter oStream = null; try { oStream = new PrintWriter(new StreamWriter(filename)); } catch (Exception) { JGUIUtil.setWaitCursor(this, false); throw new Exception("Error opening file \"" + filename + "\"."); } try { // Write each element of the strings Vector to a file. // For some reason, when just using println in an // applet, the cr-nl pair is not output like it should // be on Windows95. Java Bug??? string linesep = System.getProperty("line.separator"); int size = strings.Count; for (int i = 0; i < size; i++) { oStream.print(strings[i].ToString() + linesep); } oStream.flush(); oStream.close(); } catch (Exception) { JGUIUtil.setWaitCursor(this, false); throw new Exception("Error writing to file \"" + filename + "\"."); } JGUIUtil.setWaitCursor(this, false); }
public CreateItemArgs([NotNull] ItemProvider defaultProvider, [NotNull] string itemName, [NotNull] Item destination, [NotNull] ID templateId, [NotNull] ID newId, SecurityCheck securityCheck) : base(defaultProvider) { Assert.ArgumentNotNullOrEmpty(itemName, "itemName"); Assert.ArgumentNotNull(templateId, "templateId"); Assert.ArgumentNotNull(destination, "destination"); Assert.ArgumentNotNull(newId, "newId"); this.itemName = itemName; this.templateId = templateId; this.destination = destination; this.newId = newId; this.securityCheck = securityCheck; }
/// <summary> /// 得到当前人员指定功能的,相应服务范围 /// </summary> /// <example> /// <code> /// <queryUserFuncScopes app_code_name="asdf" func_code_names="ADD_OBJECT_FUNC" delegation_mask="3" scope_mask="1"/> /// </code> /// </example> protected void DoQueryUserFuncScopes() { XmlElement root = _XmlRequest.DocumentElement; string appCodeName = root.GetAttribute("app_code_name"); string funcCodeNames = root.GetAttribute("func_code_names"); string delegationMask = root.GetAttribute("delegation_mask"); string scopeMask = root.GetAttribute("scope_mask"); DelegationMaskType dm = DelegationMaskType.All; ScopeMaskType sm = ScopeMaskType.All; if (delegationMask != string.Empty) { dm = (DelegationMaskType)int.Parse(delegationMask); } if (scopeMask != string.Empty) { sm = (ScopeMaskType)int.Parse(scopeMask); } string userID = LogOnUserInfo.UserLogOnName; //得到服务范围 DataTable dt = SecurityCheck.GetUserFunctionsScopes(userID, appCodeName, funcCodeNames, UserValueType.LogonName, dm, sm).Tables[0]; _XmlResult = new XmlDocument(); _XmlResult.LoadXml("<DataSet/>"); XmlHelper.AppendNode(_XmlResult.FirstChild, "Table"); string strRootOrg; string[] arrRootOrg; for (int i = 0; i < dt.Rows.Count; i++) { strRootOrg = dt.Rows[i]["DESCRIPTION"].ToString(); arrRootOrg = strRootOrg.Split(new char[] { ',', ';' }); for (int j = 0; j < arrRootOrg.Length; j++) { if (arrRootOrg[j] != string.Empty) { if (_XmlResult.SelectSingleNode(string.Format(".//ORGANIZATIONS[.='{0}']", arrRootOrg[j])) == null) { XmlHelper.AppendNode(_XmlResult.FirstChild.FirstChild, "ORGANIZATIONS", arrRootOrg[j]); } } } } }
protected override Item ApplySecurity(Item item, SecurityCheck securityCheck) { // if this item's a template, just return standard security if (item.TemplateID == ID.Parse(STANDARD_TEMPLATE_ID)) { return base.ApplySecurity(item, securityCheck); } // detect if running the CMS or the end site // && make sure we're supposed to do security checks // && check if the item is derived from the custom security template if (Context.Site != null && Context.Site.Name.ToLower() == WEBSITE_NAME && securityCheck != SecurityCheck.Disable && Context.PageMode.IsNormal && item.IsDerivedFrom(ID.Parse(SECURITY_TEMPLATE_ID))) { // here you can apply custom security rules based on your security template. // in this case, I have... // 1. a concept called "Span of Control" and an extension method to check it against the user // 2. a set of roles on the security template that the user needs to have. In this case, I perform the check with an extension method. // 3. a concept around "Departments", and an extension method hanging off the user to perform this check. // Be extremely mindful of the efficiency of this check. Sitecore will run through this code each time you touch an item through the sitecore API. if (item.HasSpanOfControlOver(Context.User) && Context.User.IsInDepartmentFor(item) && Context.User.HasRolesFor(item)) { return base.ApplySecurity(item, securityCheck); } else { // trick sitecore into thinking that the item doesn't exist return null; } } return base.ApplySecurity(item, securityCheck); }
public override Item GetRootItem(Language language, Version version, Database database, SecurityCheck securityCheck) { var fakeDatabase = database as FakeDatabase; return fakeDatabase == null ? ((FakeDatabase)Factory.GetDatabase(database.Name)).RootItem : fakeDatabase.RootItem; }
public override Item GetParent(Item item, SecurityCheck securityCheck) { return ((FakeItem) item).FakeParent; }
public override Item GetItem(ID itemId, Language language, Version version, Database database, SecurityCheck securityCheck) { var fakeDatabase = database as FakeDatabase; return fakeDatabase == null ? ((FakeDatabase) Factory.GetDatabase(database.Name)).FakeGetItem(itemId) : ((FakeDatabase) database).FakeGetItem(itemId); }
public override ChildList GetChildren(Item item, SecurityCheck securityCheck) { return new ChildList(item,((FakeItem)item).FakeChildren); }