public bool TryCheckAccess(Permission permission, IUser user, IContent content)
{
user = new ActiveDirectoryUser();
var context = new CheckAccessContext {
Permission = permission, User = user, Content = content
};
_authorizationServiceEventHandler.Checking(context);
for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
{
if (!context.Granted && context.User != null)
{
if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal))
{
context.Granted = true;
}
}
if (!context.Granted)
{
// determine which set of permissions would satisfy the access check
var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray();
// determine what set of roles should be examined by the access check
IEnumerable <string> rolesToExamine;
if (context.User == null)
{
rolesToExamine = AnonymousRole;
}
else
{
// the current user is not null, so get his roles and add "Authenticated" to it.
// This line has been changed from the core implementation of IAuthorizationService,
// because our ActiveDirectoryUser implements the IUserRoles interface instead of having
// an UserRolesPart included on the content.
rolesToExamine = (context.User as IUserRoles).Roles;
// when it is a simulated anonymous user in the admin
if (!rolesToExamine.Contains(AnonymousRole[0]))
{
rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
}
}
foreach (var role in rolesToExamine)
{
foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
{
string possessedName = permissionName;
if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
{
context.Granted = true;
}
if (context.Granted)
{
break;
}
}
if (context.Granted)
{
break;
}
}
}
context.Adjusted = false;
_authorizationServiceEventHandler.Adjust(context);
if (!context.Adjusted)
{
break;
}
}
_authorizationServiceEventHandler.Complete(context);
return(context.Granted);
}
public bool TryCheckAccess(Permission permission, IUser user, IContent content)
{
var context = new CheckAccessContext {
Permission = permission, User = user, Content = content
};
_authorizationServiceEventHandler.Checking(context);
for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
{
if (!context.Granted && context.User != null)
{
if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal))
{
context.Granted = true;
}
}
if (!context.Granted)
{
// determine which set of permissions would satisfy the access check
var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray();
// determine what set of roles should be examined by the access check
IEnumerable <string> rolesToExamine;
if (context.User == null)
{
rolesToExamine = AnonymousRole;
}
else if (context.User.Has <IUserRoles>())
{
// the current user is not null, so get his roles and add "Authenticated" to it
rolesToExamine = context.User.As <IUserRoles>().Roles;
// when it is a simulated anonymous user in the admin
if (!rolesToExamine.Contains(AnonymousRole[0]))
{
rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
}
}
else
{
// the user is not null and has no specific role, then it's just "Authenticated"
rolesToExamine = AuthenticatedRole;
}
foreach (var role in rolesToExamine)
{
foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role))
{
string possessedName = permissionName;
if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
{
context.Granted = true;
}
if (context.Granted)
{
break;
}
}
if (context.Granted)
{
break;
}
}
}
context.Adjusted = false;
_authorizationServiceEventHandler.Adjust(context);
if (!context.Adjusted)
{
break;
}
}
_authorizationServiceEventHandler.Complete(context);
return(context.Granted);
}
public bool TryCheckAccess(Permission permission, IUserInfo user)
{
var context = new CheckAccessContext {
Permission = permission, User = user
};
authorizationServiceEventHandler.Checking(context);
for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter)
{
if (!context.Granted && context.User != null && context.User.SuperUser)
{
context.Granted = true;
}
if (!context.Granted)
{
// determine which set of permissions would satisfy the access check
var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray();
// determine what set of roles should be examined by the access check
IEnumerable <string> rolesToExamine;
if (context.User == null)
{
rolesToExamine = anonymousRole;
}
else
{
rolesToExamine = roleService.GetRolesForUser(context.User.Id).Select(x => x.Name).ToList();
if (!rolesToExamine.Contains(anonymousRole[0]))
{
rolesToExamine = rolesToExamine.Concat(authenticatedRole);
}
}
foreach (var role in rolesToExamine)
{
foreach (var rolePermission in roleService.GetPermissionsForRole(role))
{
string possessedName = rolePermission.Name;
if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase)))
{
context.Granted = true;
}
if (context.Granted)
{
break;
}
}
if (context.Granted)
{
break;
}
}
}
context.Adjusted = false;
authorizationServiceEventHandler.Adjust(context);
if (!context.Adjusted)
{
break;
}
}
authorizationServiceEventHandler.Complete(context);
return(context.Granted);
}
