private void CleanupRoles(UserDefinition data)
{
if (data.RolesList == null)
{
data.RolesList = new SerializableList <Role>();
}
// remove User and Superuser from allowed roles as he/she's in there by default
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider(SiteIdentity)) {
int userRole = roleDP.GetUserRoleId();
int superuserRole = SuperuserDefinitionDataProvider.SuperUserId;
data.RolesList = new SerializableList <Role>((from r in data.RolesList where r.RoleId != userRole && r.RoleId != superuserRole select r).ToList());
}
}
private UserDefinition GetUser(string name)
{
using (RoleDefinitionDataProvider roleProvider = new RoleDefinitionDataProvider(SiteIdentity)) {
int roleId = roleProvider.GetUserRoleId();
return(new UserDefinition()
{
UserName = name,
RolesList = new SerializableList <Role>(),
UserStatus = UserStatusEnum.Approved,
Comment = this.__ResStr("user", "A sample user"),
Email = name + "@" + Manager.CurrentSite.SiteDomain,
RegistrationIP = "127.0.0.1",
});
}
}
private Authorization GetFromAuthorizationResource(RoleDefinitionDataProvider roleDP, ResourceAttribute resAttr)
{
Authorization auth = new Authorization()
{
ResourceName = resAttr.Name,
ResourceDescription = resAttr.Description,
};
auth.AllowedRoles.Add(new Role()
{
RoleId = RoleDefinitionDataProvider.SuperUserId
});
if (resAttr.Anonymous)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAnonymousRoleId()
});
}
if (resAttr.User)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetUserRoleId()
});
}
if (resAttr.Editor)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetEditorRoleId()
});
}
if (resAttr.Administrator)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAdministratorRoleId()
});
}
return(auth);
}
public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
{
// we need to check if this resource is protected
if (string.IsNullOrEmpty(resourceName))
{
throw new InternalError("Missing resource name");
}
if (IsBackDoorWideOpen())
{
return(true);
}
if (YetaWFManager.IsDemo || Manager.IsDemoUser)
{
return(true);
}
// check if this is the superuser
if (Manager.HasSuperUserRole)
{
return(true);
}
using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
Authorization auth = await authDP.GetItemAsync(resourceName);
if (auth == null)
{
Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
return(false);// not authorized, there is no such resource
#endif
}
RoleComparer roleComp = new RoleComparer();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
if (!Manager.HaveUser)
{
// check if anonymous user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetAnonymousRoleId()
}, roleComp))
{
return(true);
}
return(false);
}
// authenticated user
// check if any authenticated user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetUserRoleId()
}, roleComp))
{
return(true);
}
}
string userName = Manager.UserName;
UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user
if (user == null)
{
throw new InternalError("UserObject missing for authenticated user");
}
// check if this user is allowed
if (auth.AllowedUsers.Contains(new User {
UserId = user.UserId
}, new UserComparer()))
{
return(true);
}
// check if this user is in a permitted role
foreach (Role loginRole in user.RolesList)
{
if (auth.AllowedRoles.Contains(new Role {
RoleId = loginRole.RoleId
}, roleComp))
{
return(true);
}
}
} // simply not authorized
return(false);
}
public int GetUserRoleId()
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetUserRoleId());
}
}