private Permissions GetInternal(string userId = null) { umbraco.BusinessLogic.User umbracoUser = null; if (string.IsNullOrEmpty(userId)) { umbracoUser = umbraco.BusinessLogic.User.GetCurrent(); } else { int?umbracoUserId = userId.TryParse <int>(); if (umbracoUserId != null) { umbracoUser = umbraco.BusinessLogic.User.GetUser(umbracoUserId.Value); } } Permissions permissions = null; if (umbracoUser != null) { userId = umbracoUser.Id.ToString(CultureInfo.InvariantCulture); permissions = !umbracoUser.IsRoot() ? _repository.Get(userId) : new Permissions(userId, true); } return(permissions); }
protected override void OnInit(EventArgs e) { base.OnInit(e); umbraco.BusinessLogic.User currentUser = umbraco.helper.GetCurrentUmbracoUser(); #region Security check currentUserPermissions = PermissionService.Instance.GetCurrentLoggedInUserPermissions(); if (currentUserPermissions == null || !currentUserPermissions.HasPermission(GeneralPermissionType.AccessSecurity)) { throw new SecurityException(); } else { bool showUser = true; umbraco.BusinessLogic.User user = umbraco.BusinessLogic.User.GetUser(int.Parse(HttpContext.Current.Request.QueryString["id"])); showUser = !user.IsRoot(); //Don't ever show admin user if (showUser) { bool showAllUsers = currentUser.IsRoot() || currentUser.Applications.Any(a => a.alias == "users"); showUser = showAllUsers || currentUser.Id == user.Id || (permissions != null && currentUserPermissions.StoreSpecificPermissions.Any(p => p.Value.HasFlag(StoreSpecificPermissionType.AccessStore) && permissions.HasPermission(StoreSpecificPermissionType.AccessStore, p.Key))); } if (!showUser) { throw new SecurityException(); } } #endregion AddTab(CommonTerms.Common, PnlCommon, SaveButton_Clicked); PPnlAccessSecurity.Text = StoreTerms.Security; ImgAccessSecurity.ImageUrl = WebUtils.GetWebResourceUrl(Constants.TreeIcons.Lock); PPnlAccessLicenses.Text = DeveloperTerms.Licenses; ImgAccessLicenses.ImageUrl = WebUtils.GetWebResourceUrl(Constants.TreeIcons.LicenseKey); PPnlCreateAndDeleteStore.Text = CommonTerms.CreateAndDeleteStore; ImgCreateAndDeleteStore.ImageUrl = WebUtils.GetWebResourceUrl(Constants.TreeIcons.Store); PnStoreSpecificPermissions.Text = CommonTerms.Stores; PPnlStoreSpecificPermissions.Text = CommonTerms.StoreSpecificPermissions; }