/// <summary> /// Gets the current security associations for a list of groups against a particular securable object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="glGroups">A list of groups to get the security assocations for</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns> internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable <GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; if (this.CurrentUser.IsUserSecurityManager()) { SecurityAssociations securityAssociations = new SecurityAssociations(); Dictionary <GlymaSecurityGroup, bool> results = new Dictionary <GlymaSecurityGroup, bool>(); SecurableContext securableContext = GetSecurableContext(); int securableContextId = securableContext.SecurableContextId; GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); bool isInherited = securableObjectContext.GetIsInherited(); foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups) { try { GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject); bool response = securityAssociationContext.HasAssociation(); results.Add(glymaSecurityGroup, response); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } } if (!result.HasError) { securityAssociations.HasAssociations = results; securityAssociations.IsInherited = isInherited; result.Result = securityAssociations; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return(result); }
/// <summary> /// Gets the current security associations for a list of groups against a particular securable object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="glGroups">A list of groups to get the security assocations for</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns> internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable<GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; if (this.CurrentUser.IsUserSecurityManager()) { SecurityAssociations securityAssociations = new SecurityAssociations(); Dictionary<GlymaSecurityGroup, bool> results = new Dictionary<GlymaSecurityGroup, bool>(); SecurableContext securableContext = GetSecurableContext(); int securableContextId = securableContext.SecurableContextId; GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); bool isInherited = securableObjectContext.GetIsInherited(); foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups) { try { GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject); bool response = securityAssociationContext.HasAssociation(); results.Add(glymaSecurityGroup, response); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } } if (!result.HasError) { securityAssociations.HasAssociations = results; securityAssociations.IsInherited = isInherited; result.Result = securityAssociations; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return result; }
/// <summary> /// Checks if the association exists /// </summary> /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param> /// <returns>True if the GroupAssociation exists on this particular object for the group</returns> internal bool HasAssociation(bool checkProjectsChildren = false) { bool result = false; if (Group != null) { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(Context.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { SPSecurity.RunWithElevatedPrivileges(delegate() { Group glGroup = Context.GetGroup(Group); if (glGroup != null) { IEnumerable <GroupAssociation> groupAssociations = null; if (SecurableObject.SecurableParentUid == Guid.Empty) { //searching for a Project association groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableObjectUid && ga.SecurableParentUid.HasValue == false && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; if (!groupAssociations.Any() && checkProjectsChildren) { //check if the user has access to anything under the project which inherintly gives them access to that project //cross check the project id (sent as the object id) against the parent uid and we don't care about the object uid as any root map //gives them access to that particular project groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableParentUid == SecurableObject.SecurableObjectUid && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } } else { //searching for a RootMap association GlymaSecurableObjectContext objectContext = new GlymaSecurableObjectContext(Context, Group.SecurableContextId, SecurableObject); bool isInherited = objectContext.GetIsInherited(); if (!isInherited) { //if not inherited it will have it's own group associations groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableObjectUid && ga.SecurableParentUid == SecurableObject.SecurableParentUid && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } else { //if it is inherited look fro the parents group associations groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableParentUid && ga.SecurableParentUid.HasValue == false && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } } if (groupAssociations.Any()) { result = true; } } }); } } } } return(result); }
/// <summary> /// Checks if the association exists /// </summary> /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param> /// <returns>True if the GroupAssociation exists on this particular object for the group</returns> internal bool HasAssociation(bool checkProjectsChildren = false) { bool result = false; if (Group != null) { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(Context.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { SPSecurity.RunWithElevatedPrivileges(delegate() { Group glGroup = Context.GetGroup(Group); if (glGroup != null) { IEnumerable<GroupAssociation> groupAssociations = null; if (SecurableObject.SecurableParentUid == Guid.Empty) { //searching for a Project association groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableObjectUid && ga.SecurableParentUid.HasValue == false && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; if (!groupAssociations.Any() && checkProjectsChildren) { //check if the user has access to anything under the project which inherintly gives them access to that project //cross check the project id (sent as the object id) against the parent uid and we don't care about the object uid as any root map //gives them access to that particular project groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableParentUid == SecurableObject.SecurableObjectUid && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } } else { //searching for a RootMap association GlymaSecurableObjectContext objectContext = new GlymaSecurableObjectContext(Context, Group.SecurableContextId, SecurableObject); bool isInherited = objectContext.GetIsInherited(); if (!isInherited) { //if not inherited it will have it's own group associations groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableObjectUid && ga.SecurableParentUid == SecurableObject.SecurableParentUid && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } else { //if it is inherited look fro the parents group associations groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == SecurableObject.SecurableParentUid && ga.SecurableParentUid.HasValue == false && ga.SecurableContextId == Group.SecurableContextId && ga.GroupId == glGroup.GroupId select ga; } } if (groupAssociations.Any()) { result = true; } } }); } } } } return result; }