private void EnsurePermissions()
{
var user = MembershipContext.AuthenticatedUser;
var modules = new[]
{
ModuleName.PERSONAS,
ModuleName.CONTACTMANAGEMENT
};
string readPermission = UserSecurityHelper.GetPermissionName(PermissionsEnum.Read);
foreach (var module in modules)
{
if (!user.IsAuthorizedPerResource(module, readPermission))
{
RedirectToAccessDenied(module, readPermission);
}
}
}
public bool UserHasPermission(int UserID, string ResourceName, string PermissionName, string SiteName)
{
return(UserSecurityHelper.IsAuthorizedPerResource(ResourceName, PermissionName, SiteName, _Helper.GetUser(UserID)));
}
/// <summary>
/// Checks Roles, Users, Resource Names, and Page ACL depending on configuration
/// </summary>
/// <param name="httpContext">The Route Context</param>
/// <returns>If the request is authorized.</returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
AuthorizingEventArgs AuthorizingArgs = new AuthorizingEventArgs()
{
CurrentUser = GetCurrentUser(httpContext),
FoundPage = GetTreeNode(httpContext),
Authorized = false
};
bool IsAuthorized = false;
// Start event, allow user to overwrite FoundPage
using (var KenticoAuthorizeAuthorizingTaskHandler = AuthorizeEvents.Authorizing.StartEvent(AuthorizingArgs))
{
if (!AuthorizingArgs.SkipDefaultValidation)
{
AuthorizingArgs.Authorized = CacheHelper.Cache(cs =>
{
bool Authorized = false;
List <string> CacheDependencies = new List <string>();
// Will remain true only if no other higher priority authorization items were specified
bool OnlyAuthenticatedCheck = true;
// Roles
if (!Authorized && !string.IsNullOrWhiteSpace(Roles))
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
foreach (string Role in Roles.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
if (AuthorizingArgs.CurrentUser.IsInRole(Role, SiteContext.CurrentSiteName, true, true))
{
Authorized = true;
break;
}
}
}
// Users
if (!Authorized && !string.IsNullOrWhiteSpace(Users))
{
OnlyAuthenticatedCheck = false;
foreach (string User in Users.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
if (User.ToLower().Trim() == AuthorizingArgs.CurrentUser.UserName.ToLower().Trim())
{
Authorized = true;
break;
}
}
}
// Explicit Permissions
if (!Authorized && !string.IsNullOrWhiteSpace(ResourceAndPermissionNames))
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
CacheDependencies.Add("cms.permission|all");
CacheDependencies.Add("cms.rolepermission|all");
foreach (string ResourcePermissionName in ResourceAndPermissionNames.Split(";,|".ToCharArray(), StringSplitOptions.RemoveEmptyEntries))
{
string[] StringParts = ResourcePermissionName.Split('.');
string PermissionName = StringParts.Last();
string ResourceName = string.Join(".", StringParts.Take(StringParts.Length - 1));
if (UserSecurityHelper.IsAuthorizedPerResource(ResourceName, PermissionName, SiteContext.CurrentSiteName, AuthorizingArgs.CurrentUser))
{
Authorized = true;
break;
}
}
}
// Check page level security
if (!Authorized && CheckPageACL)
{
if (AuthorizingArgs.FoundPage != null)
{
OnlyAuthenticatedCheck = false;
CacheDependencies.Add("cms.role|all");
CacheDependencies.Add("cms.userrole|all");
CacheDependencies.Add("cms.membershiprole|all");
CacheDependencies.Add("cms.membershipuser|all");
CacheDependencies.Add("nodeid|" + AuthorizingArgs.FoundPage.NodeID);
CacheDependencies.Add("cms.acl|all");
CacheDependencies.Add("cms.aclitem|all");
if (TreeSecurityProvider.IsAuthorizedPerNode(AuthorizingArgs.FoundPage, NodePermissionToCheck, AuthorizingArgs.CurrentUser) != AuthorizationResultEnum.Denied)
{
Authorized = true;
}
}
}
// If there were no other authentication properties, check if this is purely an "just requires authentication" area
if (OnlyAuthenticatedCheck && (!UserAuthenticationRequired || !AuthorizingArgs.CurrentUser.IsPublic()))
{
Authorized = true;
}
if (cs.Cached)
{
cs.CacheDependency = CacheHelper.GetCacheDependency(CacheDependencies.Distinct().ToArray());
}
return(Authorized);
}, new CacheSettings(CacheAuthenticationResults ? CacheHelper.CacheMinutes(SiteContext.CurrentSiteName) : 0, "AuthorizeCore", AuthorizingArgs.CurrentUser.UserID, (AuthorizingArgs.FoundPage != null ? AuthorizingArgs.FoundPage.DocumentID : -1), SiteContext.CurrentSiteName, Users, Roles, ResourceAndPermissionNames, CheckPageACL, NodePermissionToCheck, CustomUnauthorizedRedirect, UserAuthenticationRequired));
}
IsAuthorized = AuthorizingArgs.Authorized;
}
return(IsAuthorized);
}
