public ContentTypeController() { eavCtc = new Eav.WebApi.ContentTypeController(); }
protected override void Initialize(HttpControllerContext controllerContext) { base.Initialize(controllerContext); // very important!!! Log.Rename("2sCTC"); _eavCtc = new Eav.WebApi.ContentTypeController(Log); }
/// <summary> /// Check if a user may do something - and throw an error if the permission is not given /// </summary> /// <param name="contentType"></param> /// <param name="grant"></param> private void PerformSecurityCheck(string contentType, PermissionGrant grant, bool autoAllowAdmin = false) { // Check if we can find this content-type var ct = new Eav.WebApi.ContentTypeController().GetSingle(App.AppId, contentType, null); if(ct == null) ThrowHttpError(HttpStatusCode.NotFound, "Could not find Content Type '" + contentType + "'.", "content-types"); // Check if the content-type has a GUID as name - only these can have permission assignments Guid ctGuid; var staticNameIsGuid = Guid.TryParse(ct.StaticName, out ctGuid); if(!staticNameIsGuid) ThrowHttpError(HttpStatusCode.Unauthorized, "Content Type '" + contentType + "' is not a standard Content Type - no permissions possible."); // Check permissions in 2sxc - or check if the user has admin-right (in which case he's always granted access for these types of content) var permissionChecker = new PermissionController(App.ZoneId, App.AppId, ctGuid, Dnn.Module); var allowed = permissionChecker.UserMay(grant); var isAdmin = autoAllowAdmin && DotNetNuke.Security.Permissions.ModulePermissionController.CanAdminModule(Dnn.Module); if(!(allowed || isAdmin)) ThrowHttpError(HttpStatusCode.Unauthorized, "Request not allowed. User needs permissions to " + grant + " for Content Type '" + contentType + "'.", "permissions"); }
public ContentTypeController() { eavCtc = new Eav.WebApi.ContentTypeController(); eavCtc.SetUser(Environment.Dnn7.UserIdentity.CurrentUserIdentityToken); }