private void EnsurePermissions() { var user = MembershipContext.AuthenticatedUser; var modules = new[] { ModuleName.PERSONAS, ModuleName.CONTACTMANAGEMENT }; string readPermission = UserSecurityHelper.GetPermissionName(PermissionsEnum.Read); foreach (var module in modules) { if (!user.IsAuthorizedPerResource(module, readPermission)) { RedirectToAccessDenied(module, readPermission); } } }
public bool UserHasPermission(int UserID, string ResourceName, string PermissionName, string SiteName) { return(UserSecurityHelper.IsAuthorizedPerResource(ResourceName, PermissionName, SiteName, _Helper.GetUser(UserID))); }
/// <summary> /// Checks Roles, Users, Resource Names, and Page ACL depending on configuration /// </summary> /// <param name="httpContext">The Route Context</param> /// <returns>If the request is authorized.</returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { AuthorizingEventArgs AuthorizingArgs = new AuthorizingEventArgs() { CurrentUser = GetCurrentUser(httpContext), FoundPage = GetTreeNode(httpContext), Authorized = false }; bool IsAuthorized = false; // Start event, allow user to overwrite FoundPage using (var KenticoAuthorizeAuthorizingTaskHandler = AuthorizeEvents.Authorizing.StartEvent(AuthorizingArgs)) { if (!AuthorizingArgs.SkipDefaultValidation) { AuthorizingArgs.Authorized = CacheHelper.Cache(cs => { bool Authorized = false; List <string> CacheDependencies = new List <string>(); // Will remain true only if no other higher priority authorization items were specified bool OnlyAuthenticatedCheck = true; // Roles if (!Authorized && !string.IsNullOrWhiteSpace(Roles)) { OnlyAuthenticatedCheck = false; CacheDependencies.Add("cms.role|all"); CacheDependencies.Add("cms.userrole|all"); CacheDependencies.Add("cms.membershiprole|all"); CacheDependencies.Add("cms.membershipuser|all"); foreach (string Role in Roles.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)) { if (AuthorizingArgs.CurrentUser.IsInRole(Role, SiteContext.CurrentSiteName, true, true)) { Authorized = true; break; } } } // Users if (!Authorized && !string.IsNullOrWhiteSpace(Users)) { OnlyAuthenticatedCheck = false; foreach (string User in Users.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)) { if (User.ToLower().Trim() == AuthorizingArgs.CurrentUser.UserName.ToLower().Trim()) { Authorized = true; break; } } } // Explicit Permissions if (!Authorized && !string.IsNullOrWhiteSpace(ResourceAndPermissionNames)) { OnlyAuthenticatedCheck = false; CacheDependencies.Add("cms.role|all"); CacheDependencies.Add("cms.userrole|all"); CacheDependencies.Add("cms.membershiprole|all"); CacheDependencies.Add("cms.membershipuser|all"); CacheDependencies.Add("cms.permission|all"); CacheDependencies.Add("cms.rolepermission|all"); foreach (string ResourcePermissionName in ResourceAndPermissionNames.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)) { string[] StringParts = ResourcePermissionName.Split('.'); string PermissionName = StringParts.Last(); string ResourceName = string.Join(".", StringParts.Take(StringParts.Length - 1)); if (UserSecurityHelper.IsAuthorizedPerResource(ResourceName, PermissionName, SiteContext.CurrentSiteName, AuthorizingArgs.CurrentUser)) { Authorized = true; break; } } } // Check page level security if (!Authorized && CheckPageACL) { if (AuthorizingArgs.FoundPage != null) { OnlyAuthenticatedCheck = false; CacheDependencies.Add("cms.role|all"); CacheDependencies.Add("cms.userrole|all"); CacheDependencies.Add("cms.membershiprole|all"); CacheDependencies.Add("cms.membershipuser|all"); CacheDependencies.Add("nodeid|" + AuthorizingArgs.FoundPage.NodeID); CacheDependencies.Add("cms.acl|all"); CacheDependencies.Add("cms.aclitem|all"); if (TreeSecurityProvider.IsAuthorizedPerNode(AuthorizingArgs.FoundPage, NodePermissionToCheck, AuthorizingArgs.CurrentUser) != AuthorizationResultEnum.Denied) { Authorized = true; } } } // If there were no other authentication properties, check if this is purely an "just requires authentication" area if (OnlyAuthenticatedCheck && (!UserAuthenticationRequired || !AuthorizingArgs.CurrentUser.IsPublic())) { Authorized = true; } if (cs.Cached) { cs.CacheDependency = CacheHelper.GetCacheDependency(CacheDependencies.Distinct().ToArray()); } return(Authorized); }, new CacheSettings(CacheAuthenticationResults ? CacheHelper.CacheMinutes(SiteContext.CurrentSiteName) : 0, "AuthorizeCore", AuthorizingArgs.CurrentUser.UserID, (AuthorizingArgs.FoundPage != null ? AuthorizingArgs.FoundPage.DocumentID : -1), SiteContext.CurrentSiteName, Users, Roles, ResourceAndPermissionNames, CheckPageACL, NodePermissionToCheck, CustomUnauthorizedRedirect, UserAuthenticationRequired)); } IsAuthorized = AuthorizingArgs.Authorized; } return(IsAuthorized); }