/// <summary>
/// Returns a list of all the possible Roles
/// </summary>
/// <returns></returns>
public static List <Role> AllRoles()
{
List <Role> roles = new List <Role>();
Rock.Groups.GroupService groupService = new Rock.Groups.GroupService();
foreach (int id in groupService.
Queryable().Where(g => g.IsSecurityRole == true).Select(g => g.Id).ToList())
{
roles.Add(Role.Read(id));
}
return(roles);
}
/// <summary>
/// Returns a list of all the possible Roles
/// </summary>
/// <returns></returns>
public static List <Role> AllRoles()
{
List <Role> roles = new List <Role>();
Guid securityRoleGuid = Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid();
Rock.Model.GroupService groupService = new Rock.Model.GroupService(new RockContext());
foreach (int id in groupService.Queryable()
.Where(g =>
g.GroupType.Guid.Equals(securityRoleGuid) ||
g.IsSecurityRole == true)
.OrderBy(g => g.Name)
.Select(g => g.Id)
.ToList())
{
roles.Add(Role.Read(id));
}
return(roles);
}
/// <summary>
/// Returns a list of all the possible Roles
/// </summary>
/// <returns></returns>
public static List <Role> AllRoles()
{
List <Role> roles = new List <Role>();
var securityGroupType = GroupTypeCache.Read(Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid());
int securityGroupTypeId = securityGroupType != null ? securityGroupType.Id : 0;
Rock.Model.GroupService groupService = new Rock.Model.GroupService(new RockContext());
foreach (int id in groupService.Queryable()
.Where(g =>
g.IsActive &&
(g.GroupTypeId == securityGroupTypeId || g.IsSecurityRole == true))
.OrderBy(g => g.Name)
.Select(g => g.Id)
.ToList())
{
roles.Add(Role.Read(id));
}
return(roles);
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity"></param>
/// <param name="action"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, Rock.CMS.User user)
{
// return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
//}
///// <summary>
///// Evaluates whether a selected user is allowed to perform the selected action on the selected
///// entity.
///// </summary>
///// <param name="entity">The entity.</param>
///// <param name="action">The action.</param>
///// <param name="userName">Name of the user.</param>
///// <returns></returns>
//private static bool Authorized( ISecured entity, string action, string userName )
//{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entity.AuthEntity) &&
Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) &&
Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action))
{
string userName = user != null?user.Person.Guid.ToString() : string.Empty;
foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action])
{
// All Users
if (authRule.SpecialRole == SpecialRole.AllUsers)
{
return(authRule.AllowOrDeny == "A");
}
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
// All Unauthenticated Users
if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty)
{
// See if person has been authorized to entity
if (authRule.PersonId.HasValue &&
user.PersonId.HasValue &&
authRule.PersonId.Value == user.PersonId.Value)
{
return(authRule.AllowOrDeny == "A");
}
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read(authRule.GroupId.Value);
if (role != null && role.UserInRole(userName))
{
return(authRule.AllowOrDeny == "A");
}
}
}
}
}
// If not match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if (entity.ParentAuthority != null)
{
return(Authorized(entity.ParentAuthority, action, user));
}
else
{
return(entity.DefaultAuthorization(action));
}
}
private static bool?ItemAuthorized(ISecured entity, string action, Rock.Model.Person person)
{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
var entityTypeId = entity.TypeId;
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entityTypeId) &&
Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
{
string userName = person != null?person.Guid.ToString() : string.Empty;
foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
{
// All Users
if (authRule.SpecialRole == SpecialRole.AllUsers)
{
return(authRule.AllowOrDeny == "A");
}
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
// All Unauthenticated Users
if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
if (authRule.SpecialRole == SpecialRole.None && person != null)
{
// See if person has been authorized to entity
if (authRule.PersonId.HasValue &&
authRule.PersonId.Value == person.Id)
{
return(authRule.AllowOrDeny == "A");
}
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read(authRule.GroupId.Value);
if (role != null && role.IsUserInRole(userName))
{
return(authRule.AllowOrDeny == "A");
}
}
}
}
}
// If no match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
bool?parentAuthorized = null;
if (entity.ParentAuthorityPre != null)
{
parentAuthorized = ItemAuthorized(entity.ParentAuthorityPre, action, person);
}
if (!parentAuthorized.HasValue && entity.ParentAuthority != null)
{
parentAuthorized = ItemAuthorized(entity.ParentAuthority, action, person);
}
return(parentAuthorized);
}
