private static bool CheckPermission(Project project, UserActivity ua, EngineFactory engineFactory) { var additionalDataParts = ua.AdditionalData.Split('|'); if (additionalDataParts.Length == 0) { return(false); } var entityType = (EntityType)Enum.Parse(typeof(EntityType), additionalDataParts[0], true); if (entityType == EntityType.Message) { return(ProjectSecurity.CanReadMessages(project)); } if (entityType == EntityType.Task || entityType == EntityType.TimeSpend) { if (ProjectSecurity.CanReadTasks(project)) { return(true); } if (entityType == EntityType.Task) { var match = GetIdParam.Match(ua.URL); int taskId; if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out taskId)) { var task = engineFactory.GetTaskEngine().GetByID(taskId); if (ProjectSecurity.CanRead(task)) { return(true); } } return(false); } return(SecurityContext.CurrentAccount.ID == ua.UserID); } if (entityType == EntityType.Milestone) { var match = GetIdParam.Match(ua.URL); int milestoneId; if (match.Success && match.Groups["value"].Success && int.TryParse(match.Groups["value"].Value, out milestoneId)) { var milestone = engineFactory.GetMilestoneEngine().GetByID(milestoneId); return(ProjectSecurity.CanRead(milestone)); } return(false); } return(true); }
public List <SearchGroup> Search(String searchText, int projectId) { var queryResult = _searchDao.Search(searchText, projectId); var groups = new Dictionary <int, SearchGroup>(); foreach (var r in queryResult) { var projId = 0; SearchItem item = null; if (r is Project) { var p = (Project)r; if (ProjectSecurity.CanRead(p)) { projId = p.ID; if (!groups.ContainsKey(projId)) { groups[projId] = new SearchGroup(projId, p.Title); } item = new SearchItem(EntityType.Project, p.ID, p.Title, p.Description, p.CreateOn); } } else { if (r is Milestone) { var m = (Milestone)r; if (ProjectSecurity.CanRead(m)) { projId = m.Project.ID; if (!groups.ContainsKey(projId)) { groups[projId] = new SearchGroup(projId, m.Project.Title); } item = new SearchItem(EntityType.Milestone, m.ID, m.Title, null, m.CreateOn); } } else if (r is Message) { var m = (Message)r; if (ProjectSecurity.CanReadMessages(m.Project)) { projId = m.Project.ID; if (!groups.ContainsKey(projId)) { groups[projId] = new SearchGroup(projId, m.Project.Title); } item = new SearchItem(EntityType.Message, m.ID, m.Title, m.Content, m.CreateOn); } } else if (r is Task) { var t = (Task)r; if (ProjectSecurity.CanRead(t)) { projId = t.Project.ID; if (!groups.ContainsKey(projId)) { groups[projId] = new SearchGroup(projId, t.Project.Title); } item = new SearchItem(EntityType.Task, t.ID, t.Title, t.Description, t.CreateOn); } } } if (0 < projId && item != null) { groups[projId].Items.Add(item); } } try { // search in files var fileEntries = new List <Files.Core.FileEntry>(); using (var folderDao = FilesIntegration.GetFolderDao()) using (var fileDao = FilesIntegration.GetFileDao()) { fileEntries.AddRange(folderDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>()); fileEntries.AddRange(fileDao.Search(searchText, Files.Core.FolderType.BUNCH).Cast <Files.Core.FileEntry>()); var projectIds = projectId != 0 ? new List <int> { projectId } : fileEntries.GroupBy(f => f.RootFolderId) .Select(g => folderDao.GetFolder(g.Key)) .Select(f => f != null ? folderDao.GetBunchObjectID(f.RootFolderId).Split('/').Last() : null) .Where(s => !string.IsNullOrEmpty(s)) .Select(s => int.Parse(s)); var rootProject = projectIds.ToDictionary(id => FilesIntegration.RegisterBunch("projects", "project", id.ToString())); fileEntries.RemoveAll(f => !rootProject.ContainsKey(f.RootFolderId)); var security = FilesIntegration.GetFileSecurity(); fileEntries.RemoveAll(f => !security.CanRead(f)); foreach (var f in fileEntries) { var id = rootProject[f.RootFolderId]; if (!groups.ContainsKey(id)) { var project = _projDao.GetById(id); if (project != null && ProjectSecurity.CanRead(project) && ProjectSecurity.CanReadFiles(project)) { groups[id] = new SearchGroup(id, project.Title); } else { continue; } } var item = new SearchItem { EntityType = EntityType.File, ID = f is Files.Core.File ? ((Files.Core.File)f).ViewUrl : string.Format("{0}tmdocs.aspx?prjID={1}#{2}", VirtualPathUtility.ToAbsolute("~/products/projects/"), id, f.ID), Title = f.Title, CreateOn = f.CreateOn, }; groups[id].Items.Add(item); } } } catch (Exception err) { LogManager.GetLogger("ASC.Web").Error(err); } return(new List <SearchGroup>(groups.Values)); }
private static bool CheckAccess(UserActivity activity, EngineFactory engineFactory) { if (!string.IsNullOrEmpty(activity.SecurityId)) { var data = activity.SecurityId.Split('|'); if (data.Length == 3) { try { var entityType = (EntityType)Enum.Parse(typeof(EntityType), data[0], true); var entityId = string.IsNullOrEmpty(data[1]) ? -1 : int.Parse(data[1]); var projectId = 0; if (!int.TryParse(data[2], out projectId)) { return(false); } var project = engineFactory.GetProjectEngine().GetByID(projectId); if (project.Private) { //Switch types switch (entityType) { case EntityType.Team: case EntityType.Project: return(ProjectSecurity.CanRead(project)); case EntityType.Milestone: return(ProjectSecurity.CanRead(engineFactory.GetMilestoneEngine().GetByID(entityId))); case EntityType.Task: return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId))); case EntityType.Message: return(ProjectSecurity.CanReadMessages(project)); case EntityType.File: return(ProjectSecurity.CanReadFiles(project)); case EntityType.TimeSpend: { if (entityId < 0) { return(ProjectSecurity.CanRead(project)); } return(ProjectSecurity.CanRead(engineFactory.GetTaskEngine().GetByID(entityId))); } } } } catch (Exception) { return(false); } } } else if (!string.IsNullOrEmpty(activity.ContainerID)) { //Go long way. Parse old data int prjId; if (int.TryParse(activity.ContainerID, out prjId)) { var prj = engineFactory.GetProjectEngine().GetByID(prjId); if (prj != null) { if (prj.Private) { try { return(!string.IsNullOrEmpty(activity.AdditionalData) && CheckPermission(prj, activity, engineFactory)); } catch { return(false); } } } } } return(true); }