internal static IEnumerable <Feature> FeatureListWithPermissionCheck(MultiPermissionsApp permCheck)
{
// if the user has full edit permissions, he may also get the un-public features
// otherwise just the public Ui features
var includeNonPublic = permCheck.UserMayOnAll(GrantSets.WritePublished);
return(Eav.Configuration.Features.Ui.Where(f => includeNonPublic || f.Public == true));
}
internal static IEnumerable <Feature> FeatureListWithPermissionCheck(int appId, MultiPermissionsApp permCheck)
{
// if the user has full edit permissions, he may also get the unpublic features
// otherwise just the public Ui features
//var permCheck = new AppAndPermissions(sxcInstance, appId, log);
//if (permCheck.Permissions == null)
// permCheck.GetTypePermissionChecker(null);
var includeNonPublic = permCheck.UserMayOnAll(GrantSets.WritePublished);
return(Eav.Configuration.Features.Ui
.Where(f => includeNonPublic || f.Public == true));
}
public string ResolveHyperlink(string hyperlink, int appId, string contentType, Guid guid, string field)
{
try
{
// different security checks depending on the link-type
var lookupPage = hyperlink.Trim().StartsWith("page", StringComparison.OrdinalIgnoreCase);
// look it up first, because we need to know if the result is in ADAM or not (different security scenario)
var conv = new DnnValueConverter();
var resolved = conv.Convert(ConversionScenario.GetFriendlyValue, "Hyperlink", hyperlink);
if (lookupPage)
{
// page link - only resolve if the user has edit-permissions
// only people who have some full edit permissions may actually look up pages
var permCheckPage = new MultiPermissionsApp(SxcInstance, appId, Log);
return(permCheckPage.UserMayOnAll(GrantSets.WritePublished)
? resolved
: hyperlink);
}
// for file, we need guid & field - otherwise return the original unmodified
if (guid == default(Guid) || string.IsNullOrEmpty(field) || string.IsNullOrEmpty(contentType))
{
return(hyperlink);
}
var isOutsideOfAdam = !(resolved.IndexOf("/adam/", StringComparison.Ordinal) > 0);
// file-check, more abilities to allow
// this will already do a ensure-or-throw inside it if outside of adam
var adamCheck = new AdamSecureState(SxcInstance, appId, contentType, field, guid, isOutsideOfAdam, Log);
if (!adamCheck.SuperUserOrAccessingItemFolder(resolved, out var exp))
{
throw exp;
}
if (!adamCheck.UserIsPermittedOnField(GrantSets.ReadSomething, out exp))
{
throw exp;
}
// if everythig worked till now, it's ok to return the result
return(resolved);
}
catch
{
return(hyperlink);
}
}