/// <summary> /// Detects the permissions for the current user. /// </summary> /// <remarks><b>currentPage</b> should be set before calling this method.</remarks> private void DetectPermissions() { string currentUser = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki); AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); if (currentPage != null) { Pages.CanEditPage(currentPage.Provider.CurrentWiki, currentPage.FullName, currentUser, currentGroups, out canEdit, out canEditWithApproval); canCreateNewPages = false; // Least privilege canCreateNewCategories = authChecker.CheckActionForNamespace(Pages.FindNamespace(currentWiki, NameTools.GetNamespace(currentPage.FullName)), Actions.ForNamespaces.ManageCategories, currentUser, currentGroups); canManagePageCategories = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.ManageCategories, currentUser, currentGroups); canDownloadAttachments = authChecker.CheckActionForPage(currentPage.FullName, Actions.ForPages.DownloadAttachments, currentUser, currentGroups); } else { NamespaceInfo ns = DetectNamespaceInfo(); canCreateNewPages = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups); canCreateNewCategories = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups); canManagePageCategories = canCreateNewCategories; canDownloadAttachments = authChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups); } }
/// <summary> /// Detects the permissions for the current user. /// </summary> /// <remarks><b>currentPage</b> should be set before calling this method.</remarks> private void DetectPermissions() { // Sueetie Modified - Bug fix for session expiring and user not known if (!Page.User.Identity.IsAuthenticated) { Response.Redirect("accessdenied.aspx"); return; } MembershipUser _user = Membership.GetUser(); var currentUser = _user.UserName; UserInfo user = Users.FindUser(_user.UserName); if (user == null) { Response.Redirect("/members/message.aspx?msgid=2"); return; } var currentGroups = SessionFacade.GetCurrentGroupNames(); currentGroups = UserGroups(user); if (HttpContext.Current.Session == null) { if (user == null) { user = Users.FindUser(_user.UserName); } SessionFacade.LoginKey = ConfigurationManager.AppSettings["SUEETIE.WikiLoginKey"].ToString(); SessionFacade.CurrentUsername = user.Username; Session["Logout"] = null; Log.LogEntry("User " + user.Username + " auto-logged in through edit bug fix session restart", EntryType.General, "SUEETIE"); } // END - Bug fix for session expiring and user not known if (currentPage != null) { Pages.CanEditPage(currentPage, currentUser, currentGroups, out canEdit, out canEditWithApproval); canCreateNewPages = false; // Least privilege canCreateNewCategories = AuthChecker.CheckActionForNamespace(Pages.FindNamespace(NameTools.GetNamespace(currentPage.FullName)), Actions.ForNamespaces.ManageCategories, currentUser, currentGroups); canManagePageCategories = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageCategories, currentUser, currentGroups); canDownloadAttachments = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUser, currentGroups); } else { NamespaceInfo ns = DetectNamespaceInfo(); canCreateNewPages = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.CreatePages, currentUser, currentGroups); canCreateNewCategories = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.ManageCategories, currentUser, currentGroups); canManagePageCategories = canCreateNewCategories; canDownloadAttachments = AuthChecker.CheckActionForNamespace(ns, Actions.ForNamespaces.DownloadAttachments, currentUser, currentGroups); } }
protected void Page_Load(object sender, EventArgs e) { discussMode = Request["Discuss"] != null; viewCodeMode = Request["Code"] != null && !discussMode; if (!Settings.EnableViewPageCodeFeature) { viewCodeMode = false; } currentPage = DetectPageInfo(true); VerifyAndPerformRedirects(); // The following actions are verified: // - View content (redirect to AccessDenied) // - Edit or Edit with Approval (for button display) // - Any Administrative activity (Rollback/Admin/Perms) (for button display) // - Download attachments (for button display - download permissions are also checked in GetFile) // - View discussion (for button display in content mode) // - Post discussion (for button display in discuss mode) string currentUsername = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(); bool canView = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadPage, currentUsername, currentGroups); bool canEdit = false; bool canEditWithApproval = false; Pages.CanEditPage(currentPage, currentUsername, currentGroups, out canEdit, out canEditWithApproval); if (canEditWithApproval && canEdit) { canEditWithApproval = false; } bool canDownloadAttachments = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.DownloadAttachments, currentUsername, currentGroups); bool canSetPerms = AuthChecker.CheckActionForGlobals(Actions.ForGlobals.ManagePermissions, currentUsername, currentGroups); bool canAdmin = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManagePage, currentUsername, currentGroups); bool canViewDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups); bool canPostDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.PostDiscussion, currentUsername, currentGroups); bool canManageDiscussion = AuthChecker.CheckActionForPage(currentPage, Actions.ForPages.ManageDiscussion, currentUsername, currentGroups); if (!canView) { if (SessionFacade.LoginKey == null) { UrlTools.Redirect("Login.aspx?Redirect=" + Tools.UrlEncode(Request.Url.ToString())); } else { UrlTools.Redirect(UrlTools.BuildUrl("AccessDenied.aspx")); } } attachmentViewer.Visible = canDownloadAttachments; attachmentViewer.PageInfo = currentPage; currentContent = Content.GetPageContent(currentPage, true); pnlPageInfo.Visible = Settings.EnablePageInfoDiv; SetupTitles(); SetupToolbarLinks(canEdit || canEditWithApproval, canViewDiscussion, canPostDiscussion, canDownloadAttachments, canAdmin, canAdmin, canSetPerms); SetupLabels(); SetupPrintAndRssLinks(); SetupMetaInformation(); VerifyAndPerformPageRedirection(); SetupRedirectionSource(); SetupNavigationPaths(); SetupAdjacentPages(); SessionFacade.Breadcrumbs.AddPage(currentPage); SetupBreadcrumbsTrail(); SetupDoubleClickHandler(); SetupEmailNotification(); SetupPageContent(canPostDiscussion, canManageDiscussion); }