/// <summary> /// Each Umbraco User should have an Umbraco Forms permissions record which holds their overall permissions for Umbraco Forms. /// This preserves existing permissions and adds a 'deny all' permission if there is no record. /// </summary> /// <param name="userId">The user.</param> /// <param name="forEveryone">if set to <c>true</c> overwrite all existing permissions with 'deny all'.</param> public void RemoveManageFormsPermissions(int userId, bool forEveryone) { using (UserSecurityStorage userSecurityStorage = new UserSecurityStorage()) { var userSecurity = userSecurityStorage.GetUserSecurity(userId.ToString()).FirstOrDefault(); var hasSecurityAlready = (userSecurity != null); if (!hasSecurityAlready) { userSecurity = UserSecurity.Create(); userSecurity.User = userId.ToString(); } userSecurity.ManageForms = false; userSecurity.ManageDataSources = false; userSecurity.ManagePreValueSources = false; userSecurity.ManageWorkflows = false; if (!hasSecurityAlready) { userSecurityStorage.InsertUserSecurity(userSecurity); } else if (forEveryone) { userSecurityStorage.UpdateUserSecurity(userSecurity); } } }
/// <summary> /// Resets forms security, which removes all permissions and gives everyone access to every form /// </summary> /// <param name="userService">The user service.</param> /// <exception cref="ArgumentNullException">userService</exception> public void ResetFormsSecurity(IUserService userService) { if (userService == null) { throw new ArgumentNullException(nameof(userService)); } // For every Umbraco User including disabled accounts, remove their Umbraco Forms permissions (both deny and allow). // This actually grants everyone Manage Forms permission because the default is to allow everyone. var page = 0; var total = 0; var users = userService.GetAll(page, 10, out total); while (users.Any()) { foreach (var user in users) { using (UserSecurityStorage userSecurityStorage = new UserSecurityStorage()) { var userFormSecurityList = userSecurityStorage.GetUserSecurity(user.Id.ToString()); foreach (var userSecurity in userFormSecurityList) { userSecurityStorage.DeleteUserSecurity(userSecurity); } } } page++; users = userService.GetAll(page, 10, out total); } // For every form in Umbraco Forms, remove all the user permissions (both deny and allow). // This actually grants everyone access to every form because the default is to allow everyone. using (FormStorage formStorage = new FormStorage()) { using (UserFormSecurityStorage formSecurityStorage = new UserFormSecurityStorage()) { IEnumerable <Form> allForms = formStorage.GetAllForms(); foreach (Form form in allForms) { formSecurityStorage.DeleteAllUserFormSecurityForForm(form.Id); } } } }