public async Task ExecuteAsync(ICommand command, IExecutionContext executionContext)
{
var userContext = await _userContextService.GetCurrentContextByUserAreaAsync(_userArea.UserAreaCode);
var newExecutionContext = _executionContextFactory.Create(userContext, executionContext);
await _innerDomainRepositoryExecutor.ExecuteAsync(command, newExecutionContext);
}
private async Task <string> RenderBootstrapperAsync(AngularModuleRouteLibrary routeLibrary, object options)
{
var args = string.Empty;
if (_hostingEnvironment.IsDevelopment())
{
// use strict DI when in debug mode to throw up errors
args = ", { strictDi: true }";
}
// Might need to add more info at some point, but right now we just need roles.
var user = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.AreaCode);
var role = await _queryExecutor.ExecuteAsync(new GetRoleDetailsByIdQuery(user.RoleId));
var currentUserInfo = new {
PermissionCodes = role
.Permissions
.Select(p => p.GetUniqueCode())
.ToList()
};
var tokens = _antiforgery.GetAndStoreTokens(_httpContextAccessor.HttpContext);
var canShowDeveloperException = _debugSettings.CanShowDeveloperExceptionPage(_hostingEnvironment);
return(@"<script>angular.element(document).ready(function() {
angular.module('" + _adminRouteLibrary.Shared.Angular.AngularModuleName + @"')
.constant('csrfToken', '" + tokens.RequestToken + @"')
.constant('csrfHeaderName', '" + tokens.HeaderName + @"')"
+ GetConstant(_adminRouteLibrary.Shared, "showDevException", canShowDeveloperException)
+ GetConstant(routeLibrary, "options", options) // not sure why the current module is loaded into the shared module - seems like a mistake?
+ GetConstant(_adminRouteLibrary.Shared, "currentUser", currentUserInfo) + @";
angular.bootstrap(document, ['" + routeLibrary.Angular.AngularModuleName + "']" + args + @");
});</script>");
}
/// <summary>
/// Returns information about the currently logged in user for a
/// specific user area. This is useful if you have multiple user
/// areas because only one can be set as the default auth schema.
/// Once the user data is loaded it is cached so you don't have to worry
/// about calling this multiple times.
/// </summary>
/// <param name="userAreaCode">
/// The unique 3 letter identifier code for the user area to check for.
/// </param>
public async Task <ICurrentUserViewHelperContext> GetAsync(string userAreaCode)
{
if (string.IsNullOrWhiteSpace(userAreaCode))
{
throw new ArgumentEmptyException(nameof(userAreaCode));
}
if (_helperContext?.Data?.UserArea?.UserAreaCode == userAreaCode)
{
return(_helperContext);
}
var helperContext = _alternativeHelperContextCache.GetOrDefault(userAreaCode);
if (helperContext != null)
{
return(helperContext);
}
var userContext = await _userContextService.GetCurrentContextByUserAreaAsync(userAreaCode);
helperContext = await GetHelperContextAsync(userContext);
_alternativeHelperContextCache.Add(userAreaCode, helperContext);
return(helperContext);
}
public async Task ExecuteAsync(Controller controller, PageActionRoutingState state)
{
// The ambient auth scheme might not be the cofoundry admin scheme
// So we will attempt to find the cofoundry user to execute the contoller with
// falling back to the user authenticated with the ambient scheme
state.AmbientUserContext = await _userContextService.GetCurrentContextAsync();
IUserContext cofoundryUserContext = null;
if (state.AmbientUserContext.IsCofoundryUser())
{
cofoundryUserContext = state.AmbientUserContext;
}
else
{
cofoundryUserContext = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.Code);
}
if (cofoundryUserContext.IsCofoundryUser())
{
state.IsCofoundryAdminUser = true;
state.CofoundryAdminUserContext = cofoundryUserContext;
state.CofoundryAdminExecutionContext = _executionContextFactory.Create(state.CofoundryAdminUserContext);
}
}
private async Task <VisualEditorState> CreateAsync()
{
var requestParameters = GetRequestParameters();
var state = new VisualEditorState();
var cofoundryUserContext = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.AreaCode);
// Work out whether to view the page in live/draft/edit mode.
// We use live by default (for logged out users) or for authenticated
// users we can show draft too.
var visualEditorMode = VisualEditorMode.Live;
if (cofoundryUserContext.IsCofoundryUser())
{
if (requestParameters.VersionId.HasValue)
{
visualEditorMode = VisualEditorMode.SpecificVersion;
}
else if (!Enum.TryParse(requestParameters.VisualEditorMode, true, out visualEditorMode))
{
visualEditorMode = VisualEditorMode.Any;
}
}
else if (_contentSettings.AlwaysShowUnpublishedData)
{
// We can optionally set the visual editor mode to any - ie show draft and published pages
// This is used in scenarios where devs are making modifications against a live db using a
// local debug version of the site but aren't ready to publish the pages yet.
visualEditorMode = VisualEditorMode.Any;
}
return(new VisualEditorState(visualEditorMode));
}
public async Task <IUserContext> ExecuteAsync(GetCurrentUserContextQuery query, IExecutionContext executionContext)
{
if (string.IsNullOrEmpty(query.UserAreaCode))
{
return(await _userContextService.GetCurrentContextAsync());
}
var user = await _userContextService.GetCurrentContextByUserAreaAsync(query.UserAreaCode);
return(user);
}
private async Task <IUserContext> GetCofoundryUserAsync()
{
// The ambient auth scheme may not be for CofoundryAdmin so make sure we get
var userContext = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.Code);
if (userContext.IsCofoundryUser())
{
return(userContext);
}
return(null);
}
public async Task ExecuteAsync(Controller controller, PageActionRoutingState state)
{
// The ambient auth schema might not be the cofoundry admin scheme
// So we will attempt to find the cofoundry user to execute the contoller with
// falling back to the user authenticated with the ambient scheme
state.AmbientUserContext = await _userContextService.GetCurrentContextAsync();
IUserContext cofoundryUserContext = null;
if (state.AmbientUserContext.IsCofoundryUser())
{
cofoundryUserContext = state.AmbientUserContext;
}
else
{
cofoundryUserContext = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.AreaCode);
}
if (cofoundryUserContext.IsCofoundryUser())
{
state.IsCofoundryAdminUser = true;
state.CofoundryAdminUserContext = cofoundryUserContext;
state.CofoundryAdminExecutionContext = _executionContextFactory.Create(state.CofoundryAdminUserContext);
}
// Work out whether to view the page in live/draft/edit mode.
// We use live by default (for logged out users) or for authenticated
// users we can show draft too.
var visualEditorMode = VisualEditorMode.Live;
if (state.IsCofoundryAdminUser)
{
if (state.InputParameters.VersionId.HasValue)
{
visualEditorMode = VisualEditorMode.SpecificVersion;
}
else if (!Enum.TryParse(state.InputParameters.VisualEditorMode, true, out visualEditorMode))
{
visualEditorMode = VisualEditorMode.Any;
}
}
else if (_contentSettings.AlwaysShowUnpublishedData)
{
// We can optionally set the visual editor mode to any - ie show draft and published pages
// This is used in scenarios where devs are making modifications against a live db using a
// local debug version of the site but aren't ready to publish the pages yet.
visualEditorMode = VisualEditorMode.Any;
}
state.VisualEditorMode = visualEditorMode;
}
private async Task <EntityAccessRuleSet> FindAccessRuleViolation(PageActionRoutingState state)
{
var accessRuleViolation = state.PageRoutingInfo.ValidateAccess(state.AmbientUserContext);
// If the user associated with the ambient context is not authorized, then we need to check
// to see if the user is logged into any other user areas that are permitted to access the route.
if (accessRuleViolation != null)
{
// For user areas, only the topmost ruleset matters
var relavantRuleSet = EnumerateAccessRuleSets(state.PageRoutingInfo).FirstOrDefault();
// Find any other user areas to check
// more than one custom user area should be a rare occurence
// more than two is rare indeed, but we should account for it and use determanistic ordering
var userAreaCodesToCheck = relavantRuleSet
.AccessRules
.Select(r => r.UserAreaCode)
.Where(r => r != state.AmbientUserContext.UserArea?.UserAreaCode)
.Distinct()
.OrderBy(r => r);
foreach (var userAreaCode in userAreaCodesToCheck)
{
var context = await _userContextService.GetCurrentContextByUserAreaAsync(userAreaCode);
var ruleViolation = state.PageRoutingInfo.ValidateAccess(context);
if (ruleViolation == null)
{
_logger.LogDebug(
"User is logged into non-default user area {UserAreaCode} that passes access rule validation, switching ambient context to userId {UserId}.",
context.UserArea.UserAreaCode,
context.UserId
);
// the user is logged into an alternative user area that matches one of the rules
// so we should set it as the ambient user context. This mimics the behaviour of
// AuthorizeAttribute in ASP.NET where the auth attribute determines the ambient
// auth scheme.
await _userSessionService.SetAmbientUserAreaAsync(context.UserArea.UserAreaCode);
state.AmbientUserContext = context;
accessRuleViolation = null;
break;
}
}
}
return(accessRuleViolation);
}
private async Task <string> RenderBootstrapperAsync(AngularModuleRouteLibrary routeLibrary, object options)
{
var args = string.Empty;
if (_webHostEnvironment.IsDevelopment())
{
// use strict DI when in debug mode to throw up errors
args = ", { strictDi: true }";
}
var user = await _userContextService.GetCurrentContextByUserAreaAsync(CofoundryAdminUserArea.Code);
var role = await _queryExecutor.ExecuteAsync(new GetRoleDetailsByIdQuery(user.RoleId));
var currentUserInfo = new
{
UserId = user.UserId,
IsSuperAdmin = user.IsSuperAdmin(),
PermissionCodes = role
.Permissions
.Select(p => p.GetUniqueIdentifier())
.ToList()
};
var tokens = _antiforgery.GetAndStoreTokens(_httpContextAccessor.HttpContext);
var canShowDeveloperException = _debugSettings.CanShowDeveloperExceptionPage(_webHostEnvironment);
return(@"<script>angular.element(document).ready(function() {
angular.module('" + _adminRouteLibrary.Shared.Angular.AngularModuleName + @"')
.constant('csrfToken', '" + tokens.RequestToken + @"')
.constant('csrfHeaderName', '" + tokens.HeaderName + @"')"
+ GetConstant(_adminRouteLibrary.Shared, "showDevException", canShowDeveloperException)
+ GetConstant(_adminRouteLibrary.Shared, "serviceBase", "/" + _adminSettings.DirectoryName + "/api/")
+ GetConstant(_adminRouteLibrary.Shared, "pluginServiceBase", "/" + _adminSettings.DirectoryName + "/api/plugins/")
+ GetConstant(_adminRouteLibrary.Shared, "urlBaseBase", "/" + _adminSettings.DirectoryName + "/")
+ GetConstant(_adminRouteLibrary.Shared, "internalContentPath", _adminRouteLibrary.Shared.GetStaticResourceUrlPath() + "/")
+ GetConstant(_adminRouteLibrary.Shared, "pluginContentPath", _adminRouteLibrary.SharedPlugin.GetStaticResourceUrlPath() + "/")
+ GetConstant(_adminRouteLibrary.Shared, "contentPath", _adminRouteLibrary.SharedAlternate.GetStaticResourceUrlPath() + "/")
+ GetConstant(routeLibrary, "options", options) // not sure why the current module is loaded into the shared module - seems like a mistake?
+ GetConstant(_adminRouteLibrary.Shared, "currentUser", currentUserInfo) + @";
angular.bootstrap(document, ['" + routeLibrary.Angular.AngularModuleName + "']" + args + @");
});</script>");
}
