/// <summary> The try assert. </summary> /// <param name="context"> The context. </param> /// <param name="entity"> The entity. </param> /// <param name="right"> The right. </param> /// <param name="dependencies"> The dependencies. </param> /// <param name="map"> The map. </param> /// <param name="useScope">Pass true if you need to determine web file permissions throught parent web page</param> /// <returns> The <see cref="bool"/>. </returns> public virtual bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map, bool useScope) { entity.AssertEntityName("adx_webpage"); this.AddDependencies( dependencies, entity, new[] { "adx_webrole", "adx_webrole_contact", "adx_webrole_account", "adx_webpageaccesscontrolrule" }); WebPageNode page; if (!map.TryGetValue(entity, out page)) { // the website context is missing data ADXTrace.Instance.TraceError(TraceCategory.Application, string.Format("Failed to lookup the web page '{0}' ({1}).", entity.GetAttributeValue <string>("adx_name"), entity.Id)); return(false); } dependencies.IsCacheable = false; return(this.TryAssert(page, right, useScope)); }
protected override bool TestWebFile(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { return(_contentMapProvider.Using(map => { WebFileNode file; if (map.TryGetValue(entity, out file) && file.Parent != null) { return !file.Parent.IsReference && TestFileWebPage(context, file.Parent.ToEntity(), right, dependencies, map); } return base.TestWebFile(context, entity, right, dependencies); })); }
public override bool TryAssert(OrganizationServiceContext context, Entity currentEvent, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { currentEvent.AssertEntityName("adx_event"); ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Testing right {0} on event ({1}).", right, currentEvent.Id)); dependencies.AddEntityDependency(currentEvent); dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_eventaccesspermission"); if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "Roles are not enabled for this application. Allowing Read, but not Change."); // If roles are not enabled on the site, grant Read, deny Change. return(right == CrmEntityRight.Read); } // Windows Live ID Server decided to return null for an unauthenticated user's name // A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string. var currentUsername = (HttpContext.Current.User != null && HttpContext.Current.User.Identity != null) ? HttpContext.Current.User.Identity.Name ?? string.Empty : string.Empty; var userRoles = Roles.GetRolesForUser(currentUsername); // Get all rules applicable to the event, grouping equivalent rules. (Rules that // target the same event and confer the same right are equivalent.) var ruleGroupings = from rule in GetRulesApplicableToEvent(context, currentEvent, dependencies) let eventReference = rule.GetAttributeValue <EntityReference>("adx_eventid") let rightOption = rule.GetAttributeValue <OptionSetValue>("adx_right") where eventReference != null && rightOption != null group rule by new { EventID = eventReference.Id, Right = rightOption.Value } into ruleGrouping select ruleGrouping; var websiteReference = currentEvent.GetAttributeValue <EntityReference>("adx_websiteid"); foreach (var ruleGrouping in ruleGroupings) { // Collect the names of all the roles that apply to this rule grouping var ruleGroupingRoles = ruleGrouping.SelectMany(rule => rule.GetRelatedEntities(context, "adx_eventaccesspermission_webrole").ToList() .Where(role => BelongsToWebsite(websiteReference, role)) .Select(role => role.GetAttributeValue <string>("adx_name"))); // Determine if the user belongs to any of the roles that apply to this rule grouping var userIsInAnyRoleForThisRule = ruleGroupingRoles.Any(role => userRoles.Any(userRole => userRole == role)); // If the user belongs to one of the roles... if (userIsInAnyRoleForThisRule) { if (ruleGrouping.Key.Right != RestrictRead) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User has right Change on forum ({0}). Permission granted.", ruleGrouping.Key.EventID)); // ...the user has all rights. return(true); } } // If the user does not belong to any of the roles, the rule restricts read, and the desired right // is read... else if (ruleGrouping.Key.Right == RestrictRead && right == CrmEntityRight.Read) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User does not have right Read due to read restriction on event ({0}). Permission denied.", ruleGrouping.Key.EventID)); // ...the user has no right. return(false); } } //Get all membership type applicable to the event var membershipTypes = currentEvent.GetRelatedEntities(context, "adx_event_membershiptype"); //If the event has membership types, specific user has right to access it. If there is no membership type, every user has right. if (membershipTypes.Any()) { var contact = PortalContext.Current.User; //Anonymouse user has no right. if (contact == null) { return(false); } foreach (var membershipType in membershipTypes) { if (contact.GetRelatedEntities(context, "adx_membership_contact").Any(m => m.GetAttributeValue <EntityReference>("adx_membershiptypeid") == membershipType.ToEntityReference())) { return(true); } } return(false); } // If none of the above rules apply, assert on parent webpage. var parentWebPage = currentEvent.GetRelatedEntity(context, "adx_webpage_event"); // If there is no parent web page, grant Read by default, and deny Change. if (parentWebPage == null) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and event. Allowing Read, but not Change."); return(right == CrmEntityRight.Read); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and event. Asserting right on parent web page."); return(_webPageAccessControlProvider.TryAssert(context, parentWebPage, right, dependencies)); }
/// <summary> The add dependencies. </summary> /// <param name="dependencies"> The dependencies. </param> /// <param name="entity"> The entity. </param> /// <param name="attributes"> The attributes. </param> protected void AddDependencies(CrmEntityCacheDependencyTrace dependencies, Entity entity, string[] attributes) { attributes.ForEach(dependencies.AddEntitySetDependency); dependencies.AddEntityDependency(entity); }
/// <summary> The try assert. </summary> /// <param name="context"> The context. </param> /// <param name="entity"> The entity. </param> /// <param name="right"> The right. </param> /// <param name="dependencies"> The dependencies. </param> /// <returns> The assertion. </returns> public override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { return(this.ContentMapProvider.Using(map => this.TryAssert(context, entity, right, dependencies, map))); }
protected override bool TryAssert(OrganizationServiceContext context, Entity forum, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { forum.AssertEntityName("adx_communityforum"); ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Testing right {0} on forum '{1}' ({2}).", right, forum.GetAttributeValue <string>("adx_name"), forum.Id)); this.AddDependencies(dependencies, forum, new [] { "adx_webrole", "adx_communityforumaccesspermission" }); if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "Roles are not enabled for this application. Allowing Read, but not Change."); // If roles are not enabled on the site, grant Read, deny Change. return(right == CrmEntityRight.Read); } var userRoles = this.GetUserRoles(); // Get all rules applicable to the forum, grouping equivalent rules. (Rules that // target the same forum and confer the same right are equivalent.) var ruleGroupings = from rule in this.GetRulesApplicableToForum(forum, dependencies, map) let forumReference = rule.GetAttributeValue <EntityReference>("adx_forumid") let rightOption = rule.GetAttributeValue <OptionSetValue>("adx_right") where forumReference != null && rightOption != null group rule by new { ForumID = forumReference.Id, Right = ParseRightOption(rightOption.Value) } into ruleGrouping select ruleGrouping; var websiteReference = forum.GetAttributeValue <EntityReference>("adx_websiteid"); // Order the rule groupings so that all GrantChange rules will be evaluated first. ruleGroupings = ruleGroupings.OrderByDescending(grouping => grouping.Key.Right, new RightOptionComparer()); foreach (var ruleGrouping in ruleGroupings) { // Collect the names of all the roles that apply to this rule grouping var ruleGroupingRoles = ruleGrouping.SelectMany(rule => GetRolesForGrouping(map, rule, websiteReference)); // Determine if the user belongs to any of the roles that apply to this rule grouping var userIsInAnyRoleForThisRule = ruleGroupingRoles.Any(role => userRoles.Any(userRole => userRole == role)); // If the user belongs to one of the roles... if (userIsInAnyRoleForThisRule) { // ...and the rule is GrantChange... if (ruleGrouping.Key.Right == RightOption.GrantChange) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User has right Change on forum ({0}). Permission granted.", ruleGrouping.Key.ForumID)); // ...the user has all rights. return(true); } } // If the user does not belong to any of the roles, the rule restricts read, and the desired right // is read... else if (ruleGrouping.Key.Right == RightOption.RestrictRead && right == CrmEntityRight.Read) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User does not have right Read due to read restriction on forum ({0}). Permission denied.", ruleGrouping.Key.ForumID)); // ...the user has no right. return(false); } } // If none of the above rules apply, assert on parent webpage. var parentWebPage = forum.GetAttributeValue <EntityReference>("adx_parentpageid"); WebPageNode parentPageNode; map.TryGetValue(parentWebPage, out parentPageNode); // If there is no parent web page, grant Read by default, and deny Change. if (parentWebPage == null || parentPageNode == null) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and forum. Allowing Read, but not Change."); return(right == CrmEntityRight.Read); } ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and forum. Asserting right on parent web page."); return(this._webPageAccessControlProvider.TryAssert(context, parentPageNode.ToEntity(), right, dependencies)); }
public override bool TryAssert(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { entity.ThrowOnNull("entity"); if (entity.LogicalName == "adx_issueforum") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issueforum ({1}).", right, entity.Id)); dependencies.AddEntityDependency(entity); dependencies.AddEntitySetDependency("adx_webrole"); return(right == CrmEntityRight.Change ? UserInRole("adx_webrole_issueforum_write", false, serviceContext, entity, dependencies) : UserInRole("adx_webrole_issueforum_read", true, serviceContext, entity, dependencies) || UserInRole("adx_webrole_issueforum_write", false, serviceContext, entity, dependencies)); } if (entity.LogicalName == "adx_issue") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issue ({1}).", right, entity.Id)); dependencies.AddEntityDependency(entity); var issueForum = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issueforum_issue")); if (issueForum == null) { return(false); } var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false); // If the right being asserted is Read, and the issue is approved, assert whether the issue forum is readable. if (right == CrmEntityRight.Read && approved) { return(TryAssert(serviceContext, issueForum, right, dependencies)); } return(TryAssert(serviceContext, issueForum, CrmEntityRight.Change, dependencies)); } if (entity.LogicalName == "adx_issuecomment") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issuecomment ({1}).", right, entity.Id)); dependencies.AddEntityDependency(entity); var issue = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issue_issuecomment")); if (issue == null) { return(false); } var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false); // If the right being asserted is Read, and the comment is approved, assert whether the issue is readable. if (right == CrmEntityRight.Read && approved) { return(TryAssert(serviceContext, issue, right, dependencies)); } return(TryAssert(serviceContext, issue, CrmEntityRight.Change, dependencies)); } if (entity.LogicalName == "adx_issuevote") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issuevote ({1}).", entity.Id)); dependencies.AddEntityDependency(entity); var issue = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issue_issuevote")); return(issue != null && TryAssert(serviceContext, issue, right, dependencies)); } throw new NotSupportedException("Entities of type {0} are not supported by this provider.".FormatWith(entity.LogicalName)); }
protected override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { switch (entity.LogicalName) { case "adx_weblink": WebLinkNode link; if (map.TryGetValue(entity, out link)) { return(TryAssert(link) || UserCanPreview(context, entity)); } break; case "adx_webpage": WebPageNode page; if (map.TryGetValue(entity, out page)) { return(TryAssert(page.PublishingState) || UserCanPreview(context, entity)); } break; case "adx_weblinkset": WebLinkSetNode linkset; if (map.TryGetValue(entity, out linkset)) { return(TryAssert(linkset.PublishingState) || UserCanPreview(context, entity)); } break; case "adx_webfile": WebFileNode file; if (map.TryGetValue(entity, out file)) { return(TryAssert(file.PublishingState) || UserCanPreview(context, entity)); } break; case "adx_shortcut": ShortcutNode shortcut; if (map.TryGetValue(entity, out shortcut)) { return(TryAssert(shortcut) || UserCanPreview(context, entity)); } break; case "adx_communityforum": ForumNode forum; if (map.TryGetValue(entity, out forum)) { return(TryAssert(forum.PublishingState) || UserCanPreview(context, entity)); } break; } return(this.TryAssert(context, entity, right, dependencies)); }
private bool TryAssertIdea(OrganizationServiceContext serviceContext, Entity ideaEntity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var ideaForumReference = ideaEntity.GetAttributeValue <EntityReference>("adx_ideaforumid"); IdeaForumNode ideaForumNode; if (!map.TryGetValue(ideaForumReference, out ideaForumNode)) { return(false); } var ideaForum = ideaForumNode.AttachTo(serviceContext); if (ideaForum == null) { return(false); } var approved = ideaEntity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false); // If the right being asserted is Read, and the idea is approved, assert whether the idea forum is readable. if (right == CrmEntityRight.Read && approved) { return(this.TryAssert(serviceContext, ideaForum, right, dependencies, map)); } return(this.TryAssert(serviceContext, ideaForum, CrmEntityRight.Change, dependencies, map)); }
public override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { if (entity == null || right == CrmEntityRight.Change) { return(false); } dependencies.AddEntityDependency(entity); dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_webrole_contact"); dependencies.AddEntitySetDependency("adx_webrole_account"); dependencies.AddEntitySetDependency("adx_websiteaccess"); var entityName = entity.LogicalName; if (entityName == "adx_idea") { return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false)); } if (entityName == "adx_ideacomment") { return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false)); } EntityReference publishingStateReference = null; Entity entityPublishingState = null; switch (entityName) { case "adx_communityforumpost": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_ad": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; // legacy entities case "adx_event": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_event"); break; case "adx_eventschedule": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventschedule"); break; case "adx_eventspeaker": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventspeaker"); break; case "adx_eventsponsor": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventsponsor"); break; case "adx_survey": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_survey"); break; } if (publishingStateReference != null) { entityPublishingState = context.RetrieveSingle( "adx_publishingstate", new[] { "adx_isvisible" }, new Condition("adx_publishingstateid", ConditionOperator.Equal, publishingStateReference.Id)); } if (entityPublishingState == null) { return(true); } dependencies.AddEntityDependency(entityPublishingState); if (entityPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault()) { return(true); } return(UserCanPreview(context, entityPublishingState)); }
public override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { if (entity == null || right == CrmEntityRight.Change) { return(false); } dependencies.AddEntityDependency(entity); dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_webrole_contact"); dependencies.AddEntitySetDependency("adx_webrole_account"); dependencies.AddEntitySetDependency("adx_websiteaccess"); var entityName = entity.LogicalName; // Weblinks require some special handling. if (entityName == "adx_weblink") { var weblinkPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_weblink"); // If a weblink has a publishing state, and that state is not visible, state access is // denied (unless the user can preview). if (weblinkPublishingState != null && !weblinkPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault()) { dependencies.AddEntityDependency(weblinkPublishingState); return(UserCanPreview(context, entity)); } var weblinkPage = context.RetrieveRelatedEntity(entity, "adx_webpage_weblink"); // If a weblink has an associated page, and page validation is not disabled, return the // result of assertion on that page. if (weblinkPage != null && !entity.GetAttributeValue <bool?>("adx_disablepagevalidation").GetValueOrDefault(false)) { return(TryAssert(context, weblinkPage, right, dependencies)); } } if (entityName == "adx_idea") { return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false)); } if (entityName == "adx_ideacomment") { return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false)); } EntityReference publishingStateReference = null; Entity entityPublishingState = null; switch (entityName) { case "adx_webpage": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_weblinkset": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_webfile": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_communityforum": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_communityforumpost": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; case "adx_ad": publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid"); break; // legacy entities case "adx_event": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_event"); break; case "adx_eventschedule": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventschedule"); break; case "adx_eventspeaker": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventspeaker"); break; case "adx_eventsponsor": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventsponsor"); break; case "adx_survey": entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_survey"); break; } if (publishingStateReference != null) { entityPublishingState = context.RetrieveSingle( "adx_publishingstate", new[] { "adx_isvisible" }, new Condition("adx_publishingstateid", ConditionOperator.Equal, publishingStateReference.Id)); } if (entityPublishingState == null) { return(true); } dependencies.AddEntityDependency(entityPublishingState); if (entityPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault()) { return(true); } return(UserCanPreview(context, entityPublishingState)); }
/// <summary> /// Test whether or not an Entity's published dates are visible in the current context. /// </summary> /// <param name="context">OrganizationServiceContext</param> /// <param name="entity">CRM Entity</param> /// <param name="right">Entity Right</param> /// <param name="dependencies">Cache Dependency Trace</param> /// <param name="map">Content Map</param> /// <returns></returns> protected override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { if (entity == null || right == CrmEntityRight.Change) { return(false); } dependencies.AddEntityDependency(entity); dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_websiteaccess"); var entityName = entity.LogicalName; var releaseDate = DateTime.MinValue; var expiryDate = DateTime.MaxValue; if (entityName == "adx_webpage" || entityName == "adx_webfile" || entityName == "adx_event" || entityName == "adx_survey" || entityName == "adx_ad") { releaseDate = entity.GetAttributeValue <DateTime?>("adx_releasedate").GetValueOrDefault(DateTime.MinValue); expiryDate = entity.GetAttributeValue <DateTime?>("adx_expirationdate").GetValueOrDefault(DateTime.MaxValue); } else if (entityName == "adx_weblink") { if (!entity.GetAttributeValue <bool?>("adx_disablepagevalidation").GetValueOrDefault(false)) { var pageReference = entity.GetAttributeValue <EntityReference>("adx_pageid"); if (pageReference != null) { WebPageNode rootPage; if (map.TryGetValue(pageReference, out rootPage)) { var weblinkWebPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false); if (weblinkWebPage != null) { return(TryAssert(context, weblinkWebPage.ToEntity(), right, dependencies)); } } } } return(true); } else if (entityName == "adx_shortcut") { if (!entity.GetAttributeValue <bool?>("adx_disabletargetvalidation").GetValueOrDefault(false)) { var pageReference = entity.GetAttributeValue <EntityReference>("adx_webpageid"); var webFileReference = entity.GetAttributeValue <EntityReference>("adx_webfileid"); if (pageReference != null) { WebPageNode rootPage; if (map.TryGetValue(pageReference, out rootPage)) { var shortcutWebPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false); if (shortcutWebPage != null) { return(TryAssert(context, shortcutWebPage.ToEntity(), right, dependencies)); } } } else if (webFileReference != null) { WebFileNode webFile; if (map.TryGetValue(webFileReference, out webFile)) { return(TryAssert(context, webFile.ToEntity(), right, dependencies)); } } } var parentPageReference = entity.GetAttributeValue <EntityReference>("adx_parentpage_webpageid"); if (parentPageReference != null) { WebPageNode rootPage; if (map.TryGetValue(parentPageReference, out rootPage)) { var parentPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false); return(TryAssert(context, parentPage.ToEntity(), right, dependencies)); } } return(true); } return(UserCanPreview(context, entity) || InnerTryAssert(releaseDate, expiryDate)); }
protected override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var entityName = entity.LogicalName; this.AddDependencies( dependencies, entity, new[] { "adx_webrole", "adx_webrole_contact", "adx_webrole_account", "adx_websiteaccess" }); if (entityName == "adx_weblink") { // Change permission only comes through adx_manageweblinksets on the website. if (right == CrmEntityRight.Change) { return(TryAssertRightProperty(context, "adx_manageweblinksets", dependencies)); } WebLinkNode link; if (map.TryGetValue(entity, out link)) { dependencies.IsCacheable = false; if (link.DisablePageValidation.GetValueOrDefault()) { return(true); } return(link.WebPage == null || link.WebPage.IsReference || (_webPageAccessControlSecurityProvider != null && _webPageAccessControlSecurityProvider.TryAssert(link.WebPage, right, false))); } } WebsiteNode site; if (!map.TryGetValue(_website, out site)) { return(false); } if (entityName == "adx_contentsnippet") { return(right == CrmEntityRight.Read || TryAssertRightProperty(site, rule => rule.ManageContentSnippets)); } if (entityName == "adx_weblinkset") { return(right == CrmEntityRight.Read || TryAssertRightProperty(site, rule => rule.ManageWebLinkSets)); } if (entityName == "adx_sitemarker") { return(right == CrmEntityRight.Read || TryAssertRightProperty(site, rule => rule.ManageSiteMarkers)); } return(false); }
public bool TryAssertRightProperty(OrganizationServiceContext context, string rightPropertyName, CrmEntityCacheDependencyTrace dependencies) { // If Roles are not enabled on the site, deny permission. if (!Roles.Enabled) { ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Permission denied."); return(false); } dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_webrole_contact"); dependencies.AddEntitySetDependency("adx_webrole_account"); dependencies.AddEntityDependency(_website); var userRoles = this.GetUserRoles(); if (!userRoles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No roles were found for the current user. Permission denied."); return(false); } var websiteaccessFetch = new Fetch { Entity = new FetchEntity("adx_websiteaccess", new [] { "adx_manageweblinksets", "adx_previewunpublishedentities" }) { Filters = new[] { new Filter { Conditions = new[] { new Condition( "adx_websiteid", ConditionOperator.Equal, this._website.Id), } } } } }; var rules = context.RetrieveMultiple(websiteaccessFetch).Entities; // If no access permissions are defined for this site, deny permission. if (!rules.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No website access permission rules were found for the current website. Permission denied."); return(false); } dependencies.AddEntityDependencies(rules); foreach (var rule in rules) { var ruleRoles = context.RetrieveRelatedEntities(rule, "adx_websiteaccess_webrole", new [] { "adx_name" }).Entities; if (ruleRoles == null) { continue; } var ruleRoleNames = ruleRoles.Select(role => role.GetAttributeValue <string>("adx_name")); var roleIntersection = ruleRoleNames.Intersect(userRoles, StringComparer.InvariantCulture); // If the user is in any of the roles associated with the permission rule, and // the rightsPredicate evaluates to true for the given rule, grant permission. if (roleIntersection.Any() && rule.GetAttributeValue <bool?>(rightPropertyName).GetValueOrDefault(false)) { return(true); } } // If no permission rules meet the necessary conditions, deny permission. return(false); }
private bool TryAssertBlog(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var pageReference = entity.GetAttributeValue <EntityReference>("adx_parentpageid"); if (pageReference == null) { return(false); } var parentPage = serviceContext.RetrieveSingle( "adx_webpage", new[] { "adx_name" }, new Condition("adx_webpageid", ConditionOperator.Equal, pageReference.Id)); if (right == CrmEntityRight.Read) { return(parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies)); } if (!Roles.Enabled) { ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Denying Change."); return(false); } IEnumerable <Entity> authorRoles = new List <Entity>(); EntityNode blogNode; if (!map.TryGetValue(entity, out blogNode)) { return(false); } if (blogNode is BlogNode) { authorRoles = ((BlogNode)blogNode).WebRoles.Select(wr => wr.ToEntity()); } if (!authorRoles.Any()) { return(false); } dependencies.AddEntityDependencies(authorRoles); var userRoles = this.GetUserRoles(); return(authorRoles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any() || (parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies))); }
private bool TryAssertIdeaComment(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var idea = entity.GetRelatedEntity(serviceContext, new Relationship("adx_idea_ideacomment")); if (idea == null) { return(false); } var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false); // If the right being asserted is Read, and the comment is approved, assert whether the idea is readable. if (right == CrmEntityRight.Read && approved) { return(this.TryAssert(serviceContext, idea, right, dependencies)); } return(this.TryAssert(serviceContext, idea, CrmEntityRight.Change, dependencies, map)); }
private bool UserInRole(string roleRelationship, bool defaultIfNoRoles, OrganizationServiceContext serviceContext, Entity entity, CrmEntityCacheDependencyTrace dependencies) { if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } var website = entity.GetAttributeValue <EntityReference>("adx_websiteid"); if (website == null) { return(false); } var roles = entity.GetRelatedEntities(serviceContext, new Relationship(roleRelationship)) .Where(e => Equals(e.GetAttributeValue <EntityReference>("adx_websiteid"), website)) .ToArray(); if (!roles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } dependencies.AddEntityDependencies(roles); // Windows Live ID Server decided to return null for an unauthenticated user's name // A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string. var currentUsername = HttpContext.Current.User != null && HttpContext.Current.User.Identity != null ? HttpContext.Current.User.Identity.Name ?? string.Empty : string.Empty; var userRoles = Roles.GetRolesForUser(currentUsername); return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any()); }
private bool TryAssertIdeaVote(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var idea = entity.GetRelatedEntity(serviceContext, new Relationship("adx_idea_ideavote")); return(idea != null && this.TryAssert(serviceContext, idea, right, dependencies, map)); }
/// <summary> The try assert. </summary> /// <param name="context"> The context. </param> /// <param name="entity"> The entity. </param> /// <param name="right"> The right. </param> /// <param name="dependencies"> The dependencies. </param> /// <param name="map"> The map. </param> /// <returns> The <see cref="bool"/>. </returns> protected override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { return(this.TryAssert(context, entity, right, dependencies, map, false)); }
protected override bool TryAssert(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { entity.ThrowOnNull("entity"); dependencies.AddEntityDependency(entity); ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on {1} ""{2}"" ({3}).", right, entity.LogicalName, entity.GetAttributeValue <string>("adx_name"), entity.Id)); switch (entity.LogicalName) { case "adx_ideaforum": dependencies.AddEntitySetDependency("adx_webrole"); return(this.TryAssertIdeaForum(entity, right, dependencies, map)); case "adx_idea": return(this.TryAssertIdea(serviceContext, entity, right, dependencies, map)); case "adx_ideacomment": return(this.TryAssertIdeaComment(serviceContext, entity, right, dependencies, map)); case "adx_ideavote": return(this.TryAssertIdeaVote(serviceContext, entity, right, dependencies, map)); default: throw new NotSupportedException("Entities of type {0} are not supported by this provider.".FormatWith(entity.LogicalName)); } }
protected virtual IEnumerable <Entity> GetRulesApplicableToForum(Entity forum, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { forum.AssertEntityName("adx_communityforum"); var rules = new List <Entity>(); ForumNode currentForumNode; if (map.TryGetValue(forum, out currentForumNode)) { var rulesForCurrentForum = currentForumNode.ForumAccessPermissions.Where(fr => fr.StateCode == 0); rules.AddRange(rulesForCurrentForum.Select(r => r.ToEntity())); } dependencies.AddEntityDependencies(rules); return(rules); }
private bool UserInRole(CrmEntityRight right, bool defaultIfNoRoles, Entity ideaForumEntity, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } IEnumerable <Entity> roles = new List <Entity>(); IdeaForumNode ideaForumNode; if (!map.TryGetValue(ideaForumEntity, out ideaForumNode)) { return(false); } if (right == CrmEntityRight.Read) { roles = ideaForumNode.WebRolesRead.Select(wr => wr.ToEntity()); } else if (right == CrmEntityRight.Change) { roles = ideaForumNode.WebRolesWrite.Select(wr => wr.ToEntity()); } if (!roles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } dependencies.AddEntityDependencies(roles); var userRoles = this.GetUserRoles(); return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any()); }
/// <summary> The try assert. </summary> /// <param name="context"> The context. </param> /// <param name="entityReference"> The entity reference. </param> /// <param name="right"> The right. </param> /// <param name="dependencies"> The dependencies. </param> /// <returns> The assertion. </returns> public bool TryAssert(OrganizationServiceContext context, EntityReference entityReference, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { EntityNode entity = null; this.ContentMapProvider.Using(map => map.TryGetValue(entityReference, out entity)); return(entity != null && this.TryAssert(context, entity.ToEntity(), right, dependencies)); }
private bool TryAssertIdeaForum(Entity ideaForumEntity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { return(right == CrmEntityRight.Change ? this.UserInRole(CrmEntityRight.Change, false, ideaForumEntity, dependencies, map) : this.UserInRole(CrmEntityRight.Read, true, ideaForumEntity, dependencies, map) || this.UserInRole(CrmEntityRight.Change, false, ideaForumEntity, dependencies, map)); }
/// <summary> The try assert. </summary> /// <param name="context"> The context. </param> /// <param name="entity"> The entity. </param> /// <param name="right"> The right. </param> /// <param name="dependencies"> The dependencies. </param> /// <param name="map"> The map. </param> /// <returns> The assertion. </returns> protected abstract bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map);
private bool TryAssertBlogPostComment(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { var blogPostReference = entity.GetAttributeValue <EntityReference>("adx_blogpostid"); if (blogPostReference == null) { return(false); } var blogPost = serviceContext.RetrieveSingle( "adx_blogpost", new[] { "adx_blogid" }, new Condition("adx_blogpostid", ConditionOperator.Equal, blogPostReference.Id)); if (blogPost == null) { return(false); } var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false); return(this.TryAssert( serviceContext, blogPost, (right == CrmEntityRight.Read && approved ? CrmEntityRight.Read : CrmEntityRight.Change), dependencies)); }
protected virtual IEnumerable <Entity> GetRulesApplicableToEvent(OrganizationServiceContext context, Entity crmEvent, CrmEntityCacheDependencyTrace dependencies) { crmEvent.AssertEntityName("adx_event"); var rules = new List <Entity>(); var currentEvent = crmEvent; if (currentEvent != null) { var rulesForCurrentEvent = currentEvent.GetRelatedEntities(context, "adx_event_eventaccesspermission"); if (rulesForCurrentEvent != null) { rules.AddRange(rulesForCurrentEvent); } } dependencies.AddEntityDependencies(rules); return(rules); }
protected override bool TryAssert(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { if (entity == null) { throw new ArgumentNullException("entity"); } if (entity.LogicalName == "adx_blog") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_blog ({1}).", right, entity.Id)); return(this.TryAssertBlog(serviceContext, entity, right, dependencies, map)); } if (entity.LogicalName == "adx_blogpost") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_blogpost ({1}).", right, entity.Id)); dependencies.AddEntityDependency(entity); return(this.TryAssertBlogPost(serviceContext, entity, right, dependencies)); } if (entity.LogicalName == "adx_blogpostcomment") { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_blogpostcomment ({1}).", right, entity.Id)); dependencies.AddEntityDependency(entity); return(this.TryAssertBlogPostComment(serviceContext, entity, right, dependencies)); } throw new NotSupportedException("Entities of type {0} are not supported by this provider.".FormatWith(entity.LogicalName)); }
public override bool TryAssert(OrganizationServiceContext context, Entity website, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { if (website == null) { return(false); } var securityProvider = new WebsiteAccessPermissionProvider(website, HttpContext.Current); return(securityProvider.TryAssertRightProperty(context, "adx_previewunpublishedentities", dependencies)); }
protected override bool TestShortcutParent(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies) { return(_contentMapProvider.Using(map => { ShortcutNode shortcut; if (map.TryGetValue(entity, out shortcut)) { return shortcut.Parent != null && !shortcut.Parent.IsReference && TestWebPage(context, shortcut.Parent.ToEntity(), right, dependencies); } return base.TestShortcutParent(context, entity, right, dependencies); })); }