private Attempt <string> AuthorizePath(IUser currentUser, IEnumerable <int> startContentIds, IEnumerable <int> startMediaIds)
{
if (startContentIds != null)
{
foreach (var contentId in startContentIds)
{
if (contentId == Constants.System.Root)
{
var hasAccess = UserExtensions.HasPathAccess("-1", currentUser.CalculateContentStartNodeIds(_entityService), Constants.System.RecycleBinContent);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the content root"));
}
}
else
{
var content = _contentService.GetById(contentId);
if (content == null)
{
continue;
}
var hasAccess = currentUser.HasPathAccess(content, _entityService);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the content path " + content.Path));
}
}
}
}
if (startMediaIds != null)
{
foreach (var mediaId in startMediaIds)
{
if (mediaId == Constants.System.Root)
{
var hasAccess = UserExtensions.HasPathAccess("-1", currentUser.CalculateMediaStartNodeIds(_entityService), Constants.System.RecycleBinMedia);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the media root"));
}
}
else
{
var media = _mediaService.GetById(mediaId);
if (media == null)
{
continue;
}
var hasAccess = currentUser.HasPathAccess(media, _entityService);
if (hasAccess == false)
{
return(Attempt.Fail("The current user does not have access to the media path " + media.Path));
}
}
}
}
return(Attempt <string> .Succeed());
}
/// <summary>
/// Performs a permissions check for the user to check if it has access to the node based on
/// start node and/or permissions for the node
/// </summary>
/// <param name="storage">The storage to add the content item to so it can be reused</param>
/// <param name="user"></param>
/// <param name="mediaService"></param>
/// <param name="nodeId">The content to lookup, if the contentItem is not specified</param>
/// <param name="media">Specifies the already resolved content item to check against, setting this ignores the nodeId</param>
/// <returns></returns>
internal static bool CheckPermissions(IDictionary <string, object> storage, IUser user, IMediaService mediaService, int nodeId, IMedia media = null)
{
if (media == null && nodeId != Constants.System.Root && nodeId != Constants.System.RecycleBinMedia)
{
media = mediaService.GetById(nodeId);
//put the content item into storage so it can be retreived
// in the controller (saves a lookup)
storage[typeof(IMedia).ToString()] = media;
}
if (media == null && nodeId != Constants.System.Root && nodeId != Constants.System.RecycleBinMedia)
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
var hasPathAccess = (nodeId == Constants.System.Root)
? UserExtensions.HasPathAccess(
Constants.System.Root.ToInvariantString(),
user.StartMediaId,
Constants.System.RecycleBinMedia)
: (nodeId == Constants.System.RecycleBinMedia)
? UserExtensions.HasPathAccess(
Constants.System.RecycleBinMedia.ToInvariantString(),
user.StartMediaId,
Constants.System.RecycleBinMedia)
: user.HasPathAccess(media);
return(hasPathAccess);
}
public static bool CheckMediaPermissions(int userId, int nodeId, char[] permissionsToCheck = null)
{
if (nodeId == Constants.System.Root || nodeId == Constants.System.RecycleBinMedia)
{
return(false);
}
var mediaItem = ApplicationContext.Current.Services.MediaService.GetById(nodeId);
if (mediaItem == null)
{
return(false);
}
var user = ApplicationContext.Current.Services.UserService.GetUserById(userId);
var hasPathAccess = (nodeId == Constants.System.Root)
? UserExtensions.HasPathAccess(
Constants.System.Root.ToInvariantString(),
user.StartMediaId,
Constants.System.RecycleBinMedia)
: (nodeId == Constants.System.RecycleBinMedia)
? UserExtensions.HasPathAccess(
Constants.System.RecycleBinMedia.ToInvariantString(),
user.StartMediaId,
Constants.System.RecycleBinMedia)
: user.HasPathAccess(mediaItem);
return(hasPathAccess);
}
/// <summary>
/// Performs a permissions check for the user to check if it has access to the node based on
/// start node and/or permissions for the node
/// </summary>
/// <param name="storage">The storage to add the content item to so it can be reused</param>
/// <param name="user"></param>
/// <param name="userService"></param>
/// <param name="contentService"></param>
/// <param name="nodeId">The content to lookup, if the contentItem is not specified</param>
/// <param name="permissionsToCheck"></param>
/// <param name="contentItem">Specifies the already resolved content item to check against</param>
/// <returns></returns>
internal static bool CheckPermissions(
IDictionary <string, object> storage,
IUser user,
IUserService userService,
IContentService contentService,
int nodeId,
char[] permissionsToCheck = null,
IContent contentItem = null)
{
if (contentItem == null && nodeId != Constants.System.Root && nodeId != Constants.System.RecycleBinContent)
{
contentItem = contentService.GetById(nodeId);
//put the content item into storage so it can be retreived
// in the controller (saves a lookup)
storage[typeof(IContent).ToString()] = contentItem;
}
if (contentItem == null && nodeId != Constants.System.Root && nodeId != Constants.System.RecycleBinContent)
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
var hasPathAccess = (nodeId == Constants.System.Root)
? UserExtensions.HasPathAccess(
Constants.System.Root.ToInvariantString(),
user.StartContentId,
Constants.System.RecycleBinContent)
: (nodeId == Constants.System.RecycleBinContent)
? UserExtensions.HasPathAccess(
Constants.System.RecycleBinContent.ToInvariantString(),
user.StartContentId,
Constants.System.RecycleBinContent)
: user.HasPathAccess(contentItem);
if (hasPathAccess == false)
{
return(false);
}
if (permissionsToCheck == null || permissionsToCheck.Any() == false)
{
return(true);
}
var permission = userService.GetPermissions(user, nodeId).FirstOrDefault();
var allowed = true;
foreach (var p in permissionsToCheck)
{
if (permission == null || permission.AssignedPermissions.Contains(p.ToString(CultureInfo.InvariantCulture)) == false)
{
allowed = false;
}
}
return(allowed);
}
public static bool CheckContentPermissions(int userId, int nodeId, char[] permissionsToCheck = null)
{
if (nodeId == Constants.System.Root || nodeId == Constants.System.RecycleBinContent)
{
return(false);
}
var contentItem = ApplicationContext.Current.Services.ContentService.GetById(nodeId);
if (contentItem == null)
{
return(false);
}
var user = ApplicationContext.Current.Services.UserService.GetUserById(userId);
var hasPathAccess = (nodeId == Constants.System.Root)
? UserExtensions.HasPathAccess(
Constants.System.Root.ToInvariantString(),
user.StartContentId,
Constants.System.RecycleBinContent)
: (nodeId == Constants.System.RecycleBinContent)
? UserExtensions.HasPathAccess(
Constants.System.RecycleBinContent.ToInvariantString(),
user.StartContentId,
Constants.System.RecycleBinContent)
: user.HasPathAccess(contentItem);
if (!hasPathAccess)
{
return(false);
}
if (permissionsToCheck == null || permissionsToCheck.Any() == false)
{
return(true);
}
var permission = ApplicationContext.Current.Services.UserService.GetPermissions(user, nodeId).FirstOrDefault();
var allowed = true;
foreach (var p in permissionsToCheck)
{
if (permission == null || permission.AssignedPermissions.Contains(p.ToString(CultureInfo.InvariantCulture)) == false)
{
allowed = false;
break;
}
}
return(allowed);
}
internal void FilterBasedOnStartNode(IList items, IUser user)
{
var toRemove = new List <dynamic>();
foreach (dynamic item in items)
{
var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, GetUserStartNodes(user), RecycleBinId));
if (hasPathAccess == false)
{
toRemove.Add(item);
}
}
foreach (var item in toRemove)
{
items.Remove(item);
}
}
