private DocumentOpenLevel GetDocumentLevel(string path, int creatorId, int lastModifierId) { var userId = this.User.Id; if (userId == -1) { return(DocumentOpenLevel.OpenMinor); } if (userId < -1) { return(DocumentOpenLevel.Denied); } bool isCreator = userId == creatorId; bool isLastModifier = userId == lastModifierId; var identities = new List <int>(((ContentRepository.User) this.User).Security.GetPrincipals(isCreator, isLastModifier)); SecurityEntry[] entries = null; using (new SystemAccount()) entries = SecurityHandler.GetEffectiveEntries(path, creatorId, lastModifierId); uint allowBits = 0; uint denyBits = 0; foreach (var entry in entries) { if (identities.Contains(entry.PrincipalId)) { allowBits |= entry.AllowBits; denyBits |= entry.DenyBits; } } allowBits = allowBits & ~denyBits; var docLevel = DocumentOpenLevel.Denied; if ((allowBits & PermissionType.See.Mask) > 0) { docLevel = DocumentOpenLevel.See; } if ((allowBits & PermissionType.Preview.Mask) > 0) { docLevel = DocumentOpenLevel.Preview; } if ((allowBits & PermissionType.PreviewWithoutRedaction.Mask) > 0) { docLevel = DocumentOpenLevel.Open; } if ((allowBits & PermissionType.OpenMinor.Mask) > 0) { docLevel = DocumentOpenLevel.OpenMinor; } return(docLevel); }
/// <summary> /// Returns the current content's effective entries. Current user must have SeePermissions permission. /// </summary> /// <param name="entryType">Security entry type. Default: all entries.</param> public List <AceInfo> GetEffectiveEntries(EntryType?entryType = null) { return(_securityHandler.GetEffectiveEntries(_node.Id, null, entryType)); }
private DocumentOpenLevel GetDocumentLevel(int nodeId) { var userId = _userId; if (userId == -1) { return(DocumentOpenLevel.OpenMinor); } if (userId < -1) { return(DocumentOpenLevel.Denied); } List <int> identities; try { identities = SecurityHandler.GetIdentitiesByMembership(_user, nodeId); } catch (EntityNotFoundException) { return(DocumentOpenLevel.Denied); } List <AceInfo> entries; try { using (new SystemAccount()) entries = SecurityHandler.GetEffectiveEntries(nodeId); } catch (Exception ex) // LOGGED { //TODO: collect aggregated errors per query instead of logging every error SnLog.WriteWarning($"GetEffectiveEntries threw an exception for id {nodeId}. Error: {ex}"); return(DocumentOpenLevel.Denied); } var allowBits = 0UL; var denyBits = 0UL; foreach (var entry in entries) { if (identities.Contains(entry.IdentityId)) { allowBits |= entry.AllowBits; denyBits |= entry.DenyBits; } } allowBits = allowBits & ~denyBits; var docLevel = DocumentOpenLevel.Denied; if ((allowBits & PermissionType.See.Mask) > 0) { docLevel = DocumentOpenLevel.See; } if ((allowBits & PermissionType.Preview.Mask) > 0) { docLevel = DocumentOpenLevel.Preview; } if ((allowBits & PermissionType.PreviewWithoutRedaction.Mask) > 0) { docLevel = DocumentOpenLevel.Open; } if ((allowBits & PermissionType.OpenMinor.Mask) > 0) { docLevel = DocumentOpenLevel.OpenMinor; } return(docLevel); }