public void Throws_Exception_When_No_Content_Found()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act/assert
Assert.Throws <HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }));
}
public void No_Access_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9, startContentId: 9876);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
// Arrange
IUser user = CreateUser(withUserGroup: false);
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void Access_Allowed_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A", "F", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
var userServiceMock = new Mock <IUserService>();
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result);
}
public async Task <IEnumerable <EntityPermissionSet> > GetEntityPermissionsForRole(IUnitOfWork uofw, string roleID)
{
var rolePermissions = await uofw.GetRepository <AccessLevel>().All()
.Where(x => !x.Hidden && x.RoleID == roleID)
.Select(x => new
{
x.Entity.TypeName,
x.AccessModifier
})
.ToListAsync();
var allEntities = await _mappedBaseEntityService.GetEntitiesAsync();
var ret = new List <EntityPermissionSet>();
foreach (var item in allEntities)
{
var inRoleForType = rolePermissions.Where(x => x.TypeName == item.TypeName);
var el = new EntityPermissionSet()
{
EntityType = item.TypeName,
Create = inRoleForType.Any(x => x.AccessModifier == Base.Enums.AccessModifier.Create),
Read = inRoleForType.Any(x => x.AccessModifier == Base.Enums.AccessModifier.Read),
Update = inRoleForType.Any(x => x.AccessModifier == Base.Enums.AccessModifier.Update),
Delete = inRoleForType.Any(x => x.AccessModifier == Base.Enums.AccessModifier.Delete),
};
ret.Add(el);
}
return(ret);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(-20, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'B' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result);
}
public void No_Content_Found()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.NotFound, result);
}
public async Task <EntityPermissionSet> GetPermissionsForType <T>(IUnitOfWork uofw, T type, IEnumerable <string> roleIDs = null)
{
var typeName = typeof(T).FullName;
if (AppContext.UserID == null)
{
return(EntityPermissionSet.ReadOnly(typeName));
}
if (roleIDs == null && await _userManager.IsInRoleAsync(AppContext.UserID, Roles.Admin))
{
return(EntityPermissionSet.FullAccess(typeName));
}
roleIDs = roleIDs ?? await _userManager.GetRolesAsync(AppContext.UserID);
var accessModifiers = await uofw.GetRepository <AccessLevel>().All()
.Where(x => roleIDs.Contains(x.RoleID) && x.Entity.TypeName == typeName)
.Select(x => new { x.AccessModifier })
.ToListAsync();
return(new EntityPermissionSet()
{
Create = accessModifiers.Any(x => x.AccessModifier == AccessModifier.Create),
Update = accessModifiers.Any(x => x.AccessModifier == AccessModifier.Update),
Delete = accessModifiers.Any(x => x.AccessModifier == AccessModifier.Delete),
Read = accessModifiers.Any(x => x.AccessModifier == AccessModifier.Read),
EntityType = typeName
});
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' });
//assert
Assert.IsFalse(result);
}
public void No_Content_Found()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result);
}
public void No_Access_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A", "B", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
//assert
Assert.IsFalse(result);
}
public void Access_To_Recycle_Bin_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
//act
var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' });
//assert
Assert.IsTrue(result);
}
public void Access_Allowed_By_Permission()
{
// Arrange
var user = CreateUser(9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A", "F", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
var userServiceMock = new Mock <IUserService>();
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(1234, user, out IContent _, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void Access_To_Recycle_Bin_By_Permission()
{
// Arrange
var user = CreateUser();
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(-20, user, out IContent _, new[] { 'A' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void No_Access_By_Path()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(9);
userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
var user = userMock.Object;
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result);
}
/// <summary>
/// Assigns permissions to an entity for multiple group/permission entries
/// </summary>
/// <param name="permissionSet">
/// </param>
/// <remarks>
/// This will first clear the permissions for this entity then re-create them
/// </remarks>
public void ReplaceEntityPermissions(EntityPermissionSet permissionSet)
{
var db = AmbientScope.Database;
const string sql = "DELETE FROM umbracoUserGroup2NodePermission WHERE nodeId = @nodeId";
db.Execute(sql, new { nodeId = permissionSet.EntityId });
var toInsert = new List <UserGroup2NodePermissionDto>();
foreach (var entityPermission in permissionSet.PermissionsSet)
{
foreach (var permission in entityPermission.AssignedPermissions)
{
toInsert.Add(new UserGroup2NodePermissionDto
{
NodeId = permissionSet.EntityId,
Permission = permission,
UserGroupId = entityPermission.UserGroupId
});
}
}
db.BulkInsertRecords(toInsert);
}
/// <summary>
/// This performs the calculations for inherited nodes based on this
/// http://issues.umbraco.org/issue/U4-10075#comment=67-40085
/// </summary>
/// <param name="groupPermissions"></param>
/// <param name="pathIds"></param>
/// <returns></returns>
internal static EntityPermissionSet CalculatePermissionsForPathForUser(
EntityPermission[] groupPermissions,
int[] pathIds)
{
// not sure this will ever happen, it shouldn't since this should return defaults, but maybe those are empty?
if (groupPermissions.Length == 0 || pathIds.Length == 0)
{
return(EntityPermissionSet.Empty());
}
// The actual entity id being looked at (deepest part of the path)
var entityId = pathIds[0];
var resultPermissions = new EntityPermissionCollection();
// create a grouped by dictionary of another grouped by dictionary
var permissionsByGroup = groupPermissions
.GroupBy(x => x.UserGroupId)
.ToDictionary(
x => x.Key,
x => x.GroupBy(a => a.EntityId).ToDictionary(a => a.Key, a => a.ToArray()));
// iterate through each group
foreach (KeyValuePair <int, Dictionary <int, EntityPermission[]> > byGroup in permissionsByGroup)
{
var added = false;
// iterate deepest to shallowest
foreach (var pathId in pathIds)
{
if (byGroup.Value.TryGetValue(pathId, out EntityPermission[]? permissionsForNodeAndGroup) == false)
public void Access_To_Root_By_Permission()
{
//arrange
var userMock = new Mock <IUser>();
userMock.Setup(u => u.Id).Returns(0);
userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) });
var user = userMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1")).Returns(permissionSet);
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
//act
var result = ContentPermissionsHelper.CheckPermissions(-1, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'A' });
//assert
Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result);
}
public void Get_User_Implicit_Permissions()
{
// Arrange
UserGroup userGroup = CreateTestUserGroup();
Template template = TemplateBuilder.CreateTextPageTemplate();
FileService.SaveTemplate(template);
ContentType contentType = ContentTypeBuilder.CreateSimpleContentType(defaultTemplateId: template.Id);
ContentTypeService.Save(contentType);
Content parent = ContentBuilder.CreateSimpleContent(contentType);
ContentService.Save(parent);
Content child1 = ContentBuilder.CreateSimpleContent(contentType, "child1", parent.Id);
ContentService.Save(child1);
Content child2 = ContentBuilder.CreateSimpleContent(contentType, "child2", child1.Id);
ContentService.Save(child2);
ContentService.SetPermission(parent, ActionBrowse.ActionLetter, new int[] { userGroup.Id });
ContentService.SetPermission(parent, ActionDelete.ActionLetter, new int[] { userGroup.Id });
ContentService.SetPermission(parent, ActionMove.ActionLetter, new int[] { userGroup.Id });
ContentService.SetPermission(parent, ActionBrowse.ActionLetter, new int[] { userGroup.Id });
ContentService.SetPermission(parent, ActionDelete.ActionLetter, new int[] { userGroup.Id });
// Act
EntityPermissionSet permissions = UserService.GetPermissionsForPath(userGroup, child2.Path);
// Assert
string[] allPermissions = permissions.GetAllPermissions().ToArray();
Assert.AreEqual(3, allPermissions.Length);
}
/// <summary>
/// Gets the implicit/inherited permissions for the user for the given path
/// </summary>
/// <param name="user">User to check permissions for</param>
/// <param name="path">Path to check permissions for</param>
public EntityPermissionSet GetPermissionsForPath(IUser?user, string?path)
{
var nodeIds = path?.GetIdsFromPathReversed();
if (nodeIds is null || nodeIds.Length == 0 || user is null)
{
return(EntityPermissionSet.Empty());
}
// collect all permissions structures for all nodes for all groups belonging to the user
EntityPermission[] groupPermissions = GetPermissionsForPath(user.Groups.ToArray(), nodeIds, true).ToArray();
return(CalculatePermissionsForPathForUser(groupPermissions, nodeIds));
}
/// <summary>
/// Gets the permissions for the provided group and path
/// </summary>
/// <param name="groups"></param>
/// <param name="path">Path to check permissions for</param>
/// <param name="fallbackToDefaultPermissions">
/// Flag indicating if we want to include the default group permissions for each result if there are not explicit
/// permissions set
/// </param>
/// <returns>String indicating permissions for provided user and path</returns>
public EntityPermissionSet GetPermissionsForPath(IUserGroup[] groups, string path, bool fallbackToDefaultPermissions = false)
{
var nodeIds = path.GetIdsFromPathReversed();
if (nodeIds.Length == 0)
{
return(EntityPermissionSet.Empty());
}
// collect all permissions structures for all nodes for all groups
EntityPermission[] groupPermissions =
GetPermissionsForPath(groups.Select(x => x.ToReadOnlyGroup()).ToArray(), nodeIds, true).ToArray();
return(CalculatePermissionsForPathForUser(groupPermissions, nodeIds));
}
/// <summary>
/// Assigns permissions to an entity for multiple users/permission entries
/// </summary>
/// <param name="permissionSet">
/// </param>
/// <remarks>
/// This will first clear the permissions for this entity then re-create them
/// </remarks>
public void ReplaceEntityPermissions(EntityPermissionSet permissionSet)
{
var db = _unitOfWork.Database;
db.Execute("DELETE FROM umbracoUser2NodePermission WHERE nodeId=@nodeId", new { nodeId = permissionSet.EntityId });
var actions = permissionSet.UserPermissionsSet.Select(p => new User2NodePermissionDto
{
NodeId = permissionSet.EntityId,
Permission = p.Permission,
UserId = p.UserId
}).ToArray();
_unitOfWork.Database.BulkInsertRecords(actions, _sqlSyntax);
//Raise the event
_unitOfWork.Events.Dispatch(AssignedPermissions, this, new SaveEventArgs <EntityPermission>(ConvertToPermissionList(actions), false));
}
private bool CheckPermissionsPath(string?path, IUser user, IReadOnlyList <char>?permissionsToCheck = null)
{
if (permissionsToCheck == null)
{
permissionsToCheck = Array.Empty <char>();
}
// get the implicit/inherited permissions for the user for this path,
// if there is no content item for this id, than just use the id as the path (i.e. -1 or -20)
EntityPermissionSet permission = _userService.GetPermissionsForPath(user, path);
var allowed = true;
foreach (var p in permissionsToCheck)
{
if (permission == null ||
permission.GetAllPermissions().Contains(p.ToString(CultureInfo.InvariantCulture)) == false)
{
allowed = false;
}
}
return(allowed);
}
/// <summary>
/// Assigns permissions to an entity for multiple users/permission entries
/// </summary>
/// <param name="permissionSet">
/// </param>
/// <remarks>
/// This will first clear the permissions for this entity then re-create them
/// </remarks>
public void ReplaceEntityPermissions(EntityPermissionSet permissionSet)
{
var db = _unitOfWork.Database;
using (var trans = db.GetTransaction())
{
db.Execute("DELETE FROM umbracoUser2NodePermission WHERE nodeId=@nodeId", new { nodeId = permissionSet.EntityId });
var actions = permissionSet.UserPermissionsSet.Select(p => new User2NodePermissionDto
{
NodeId = permissionSet.EntityId,
Permission = p.Permission,
UserId = p.UserId
}).ToArray();
_unitOfWork.Database.BulkInsertRecords(actions, trans);
trans.Complete();
//Raise the event
AssignedPermissions.RaiseEvent(
new SaveEventArgs <EntityPermission>(ConvertToPermissionList(actions), false), this);
}
}
public void ReplaceContentPermissions(EntityPermissionSet permissionSet)
{
var repo = new PermissionRepository <IContent>(UnitOfWork, _cacheHelper, SqlSyntax);
repo.ReplaceEntityPermissions(permissionSet);
}
public void SetPermissions(EntityPermissionSet permissionSet)
{
inner.SetPermissions(permissionSet);
}
public void Calculate_Permissions_For_User_For_Path()
{
// see: http://issues.umbraco.org/issue/U4-10075#comment=67-40085
// for an overview of what this is testing
const string path = "-1,1,2,3,4";
int[] pathIds = path.GetIdsFromPathReversed();
const int groupA = 7;
const int groupB = 8;
const int groupC = 9;
var userGroups = new Dictionary <int, string[]>
{
{ groupA, new[] { "S", "D", "F" } },
{ groupB, new[] { "S", "D", "G", "K" } },
{ groupC, new[] { "F", "G" } }
};
EntityPermission[] permissions = new[]
{
new EntityPermission(groupA, 1, userGroups[groupA], isDefaultPermissions: true),
new EntityPermission(groupA, 2, userGroups[groupA], isDefaultPermissions: true),
new EntityPermission(groupA, 3, userGroups[groupA], isDefaultPermissions: true),
new EntityPermission(groupA, 4, userGroups[groupA], isDefaultPermissions: true),
new EntityPermission(groupB, 1, userGroups[groupB], isDefaultPermissions: true),
new EntityPermission(groupB, 2, new[] { "F", "R" }, isDefaultPermissions: false),
new EntityPermission(groupB, 3, userGroups[groupB], isDefaultPermissions: true),
new EntityPermission(groupB, 4, userGroups[groupB], isDefaultPermissions: true),
new EntityPermission(groupC, 1, userGroups[groupC], isDefaultPermissions: true),
new EntityPermission(groupC, 2, userGroups[groupC], isDefaultPermissions: true),
new EntityPermission(groupC, 3, new[] { "Q", "Z" }, isDefaultPermissions: false),
new EntityPermission(groupC, 4, userGroups[groupC], isDefaultPermissions: true),
};
// Permissions for Id 4
EntityPermissionSet result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds);
Assert.AreEqual(4, result.EntityId);
string[] allPermissions = result.GetAllPermissions().ToArray();
Assert.AreEqual(6, allPermissions.Length, string.Join(",", allPermissions));
Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "R", "Q", "Z" }));
// Permissions for Id 3
result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(1).ToArray());
Assert.AreEqual(3, result.EntityId);
allPermissions = result.GetAllPermissions().ToArray();
Assert.AreEqual(6, allPermissions.Length, string.Join(",", allPermissions));
Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "R", "Q", "Z" }));
// Permissions for Id 2
result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(2).ToArray());
Assert.AreEqual(2, result.EntityId);
allPermissions = result.GetAllPermissions().ToArray();
Assert.AreEqual(5, allPermissions.Length, string.Join(",", allPermissions));
Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "G", "R" }));
// Permissions for Id 1
result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(3).ToArray());
Assert.AreEqual(1, result.EntityId);
allPermissions = result.GetAllPermissions().ToArray();
Assert.AreEqual(5, allPermissions.Length, string.Join(",", allPermissions));
Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "G", "K" }));
}
