コード例 #1
0
        private static bool CheckPermission(Project project, UserActivity ua, EngineFactory engineFactory)
        {
            var additionalDataParts = ua.AdditionalData.Split('|');

            if (additionalDataParts.Length == 0)
            {
                return(false);
            }

            var entityType = (EntityType)Enum.Parse(typeof(EntityType), additionalDataParts[0], true);

            if (entityType == EntityType.Message)
            {
                return(ProjectSecurity.CanReadMessages(project));
            }
            if (entityType == EntityType.Task || entityType == EntityType.TimeSpend)
            {
                if (ProjectSecurity.CanReadTasks(project))
                {
                    return(true);
                }
                if (entityType == EntityType.Task)
                {
                    var match = GetIdParam.Match(ua.URL);
                    int taskId;
                    if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out taskId))
                    {
                        var task = engineFactory.GetTaskEngine().GetByID(taskId);
                        if (ProjectSecurity.CanRead(task))
                        {
                            return(true);
                        }
                    }
                    return(false);
                }
                return(SecurityContext.CurrentAccount.ID == ua.UserID);
            }
            if (entityType == EntityType.Milestone)
            {
                var match = GetIdParam.Match(ua.URL);
                int milestoneId;
                if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out milestoneId))
                {
                    var milestone = engineFactory.GetMilestoneEngine().GetByID(milestoneId);
                    return(ProjectSecurity.CanRead(milestone));
                }
                return(false);
            }
            return(true);
        }
コード例 #2
0
        public List <SearchGroup> Search(String searchText, int projectId)
        {
            var queryResult = _searchDao.Search(searchText, projectId);

            var groups = new Dictionary <int, SearchGroup>();

            foreach (var r in queryResult)
            {
                var        projId = 0;
                SearchItem item   = null;

                if (r is Project)
                {
                    var p = (Project)r;
                    if (ProjectSecurity.CanRead(p))
                    {
                        projId = p.ID;
                        if (!groups.ContainsKey(projId))
                        {
                            groups[projId] = new SearchGroup(projId, p.Title);
                        }
                        item = new SearchItem(EntityType.Project, p.ID, p.Title, p.Description, p.CreateOn);
                    }
                }
                else
                {
                    if (r is Milestone)
                    {
                        var m = (Milestone)r;
                        if (ProjectSecurity.CanRead(m))
                        {
                            projId = m.Project.ID;
                            if (!groups.ContainsKey(projId))
                            {
                                groups[projId] = new SearchGroup(projId, m.Project.Title);
                            }
                            item = new SearchItem(EntityType.Milestone, m.ID, m.Title, null, m.CreateOn);
                        }
                    }
                    else if (r is Message)
                    {
                        var m = (Message)r;
                        if (ProjectSecurity.CanReadMessages(m.Project))
                        {
                            projId = m.Project.ID;
                            if (!groups.ContainsKey(projId))
                            {
                                groups[projId] = new SearchGroup(projId, m.Project.Title);
                            }
                            item = new SearchItem(EntityType.Message, m.ID, m.Title, m.Content, m.CreateOn);
                        }
                    }
                    else if (r is Task)
                    {
                        var t = (Task)r;
                        if (ProjectSecurity.CanRead(t))
                        {
                            projId = t.Project.ID;
                            if (!groups.ContainsKey(projId))
                            {
                                groups[projId] = new SearchGroup(projId, t.Project.Title);
                            }
                            item = new SearchItem(EntityType.Task, t.ID, t.Title, t.Description, t.CreateOn);
                        }
                    }
                }
                if (0 < projId && item != null)
                {
                    groups[projId].Items.Add(item);
                }
            }

            try
            {
                // search in files
                var fileEntries = new List <Files.Core.FileEntry>();
                using (var folderDao = FilesIntegration.GetFolderDao())
                    using (var fileDao = FilesIntegration.GetFileDao())
                    {
                        fileEntries.AddRange(folderDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>());
                        fileEntries.AddRange(fileDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>());

                        var projectIds = projectId != 0
                                         ? new List <int> {
                            projectId
                        }
                                         : fileEntries.GroupBy(f => f.RootFolderId)
                        .Select(g => folderDao.GetFolder(g.Key))
                        .Select(f => f != null ? folderDao.GetBunchObjectID(f.RootFolderId).Split('/').Last() : null)
                        .Where(s => !string.IsNullOrEmpty(s))
                        .Select(s => int.Parse(s));

                        var rootProject = projectIds.ToDictionary(id => FilesIntegration.RegisterBunch("projects", "project", id.ToString()));
                        fileEntries.RemoveAll(f => !rootProject.ContainsKey(f.RootFolderId));

                        var security = FilesIntegration.GetFileSecurity();
                        fileEntries.RemoveAll(f => !security.CanRead(f));

                        foreach (var f in fileEntries)
                        {
                            var id = rootProject[f.RootFolderId];
                            if (!groups.ContainsKey(id))
                            {
                                var project = _projDao.GetById(id);
                                if (project != null && ProjectSecurity.CanRead(project) && ProjectSecurity.CanReadFiles(project))
                                {
                                    groups[id] = new SearchGroup(id, project.Title);
                                }
                                else
                                {
                                    continue;
                                }
                            }
                            var item = new SearchItem
                            {
                                EntityType = EntityType.File,
                                ID         = f is Files.Core.File ? ((Files.Core.File)f).ViewUrl : string.Format("{0}tmdocs.aspx?prjID={1}#{2}", VirtualPathUtility.ToAbsolute("~/products/projects/"), id, f.ID),
                                Title      = f.Title,
                                CreateOn   = f.CreateOn,
                            };
                            groups[id].Items.Add(item);
                        }
                    }
            }
            catch (Exception err)
            {
                LogManager.GetLogger("ASC.Web").Error(err);
            }
            return(new List <SearchGroup>(groups.Values));
        }
コード例 #3
0
        private static bool CheckAccess(UserActivity activity, EngineFactory engineFactory)
        {
            if (!string.IsNullOrEmpty(activity.SecurityId))
            {
                var data = activity.SecurityId.Split('|');
                if (data.Length == 3)
                {
                    try
                    {
                        var entityType = (EntityType)Enum.Parse(typeof(EntityType), data[0], true);
                        var entityId   = string.IsNullOrEmpty(data[1]) ? -1 : int.Parse(data[1]);
                        var projectId  = 0;
                        if (!int.TryParse(data[2], out projectId))
                        {
                            return(false);
                        }
                        var project = engineFactory.GetProjectEngine().GetByID(projectId);
                        if (project.Private)
                        {
                            //Switch types
                            switch (entityType)
                            {
                            case EntityType.Team:
                            case EntityType.Project:
                                return(ProjectSecurity.CanRead(project));

                            case EntityType.Milestone:
                                return(ProjectSecurity.CanRead(engineFactory.GetMilestoneEngine().GetByID(entityId)));

                            case EntityType.Task:
                                return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId)));

                            case EntityType.Message:
                                return(ProjectSecurity.CanReadMessages(project));

                            case EntityType.File:
                                return(ProjectSecurity.CanReadFiles(project));

                            case EntityType.TimeSpend:
                            {
                                if (entityId < 0)
                                {
                                    return(ProjectSecurity.CanRead(project));
                                }
                                return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId)));
                            }
                            }
                        }
                    }
                    catch (Exception)
                    {
                        return(false);
                    }
                }
            }
            else if (!string.IsNullOrEmpty(activity.ContainerID))
            {
                //Go long way. Parse old data
                int prjId;
                if (int.TryParse(activity.ContainerID, out prjId))
                {
                    var prj = engineFactory.GetProjectEngine().GetByID(prjId);
                    if (prj != null)
                    {
                        if (prj.Private)
                        {
                            try
                            {
                                return(!string.IsNullOrEmpty(activity.AdditionalData) &&
                                       CheckPermission(prj, activity, engineFactory));
                            }
                            catch
                            {
                                return(false);
                            }
                        }
                    }
                }
            }
            return(true);
        }