private void ApplySecurity(Item item, Dictionary <string, SecurityEntry> entries)
{
if (item == null)
{
return;
}
var securityString = item.Fields[FieldIDs.Security].ContainsStandardValue
? null
: item.Security.GetAccessRules().ToString();
var newSecurityString = securityString;
if (entries.ContainsKey(item.ID.ToString()))
{
var entry = entries[item.ID.ToString()];
if (!_options.SkipPathIntegrityCheck && !entry.Path.Equals(item.Paths.FullPath, StringComparison.InvariantCultureIgnoreCase))
{
LogError($"Skipping item that failed path integrity check '{item.ID}'. Item path '{item.Paths.FullPath}' does not match entry path '{entry.Path}'");
}
else if (entry.Security != securityString)
{
newSecurityString = entry.Security;
}
}
else if (!string.IsNullOrWhiteSpace(securityString))
{
newSecurityString = null;
}
if (securityString != newSecurityString)
{
LogMessage($"Updating security for item '{item.Paths.FullPath}' ('{(securityString == null ? "null" : securityString)}' => '{(newSecurityString == null ? "null" : newSecurityString)}')", false);
if (!_options.Preview)
{
using (new EditContext(item, Sitecore.SecurityModel.SecurityCheck.Disable))
{
if (newSecurityString == null)
{
item.Fields[FieldIDs.Security].Reset();
}
else
{
item.Security.SetAccessRules(AccessRuleCollection.FromString(newSecurityString));
}
}
IncrementProcessed();
}
}
foreach (Item child in item.GetChildren(Sitecore.Collections.ChildListOptions.IgnoreSecurity | Sitecore.Collections.ChildListOptions.SkipSorting))
{
ApplySecurity(child, entries);
}
}
public static List <DefaultRight> GetDefaultRights(string database, string account, out string message)
{
IEnumerable <string[]> rights;
if (database.ToLower() == "core")
{
rights = GetDefaultCoreRightsByVersion(out message);
}
else
{
rights = GetDefaultMasterRightsByVersion(out message);
}
//Here is a issue, we handle account without looking for user or rol... so if a user has same name as rol, it is mixing.
var returnlist = new List <DefaultRight>();
foreach (var r in rights.OrderBy(x => x[0]))
{
var accessRules = AccessRuleCollection.FromString(r[1]);
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (account == "all" || account == rule.Account.Name)
{
var tmp = new DefaultRight
{
Path = r[0],
Account = rule.Account.Name,
AccountType = rule.Account.AccountType,
Right = rule.SecurityPermission.ToString(),
PropagationType = rule.PropagationType.ToString(),
Name = rule.AccessRight.Name,
Message = "Default Sitecore",
Hit = false
};
if (tmp.AccountType != AccountType.Role)
{
if (tmp.AccountType == AccountType.User)
{
tmp.Message += " User role not recommend";
}
else
{
tmp.Message += " User role Unknown";
}
}
returnlist.Add(tmp);
}
}
}
}
return(returnlist);
}
private static void Import2(HttpRequest request, Literal rolesexport)
{
if (!CheckOnManagingRights())
{
rolesexport.Text += "You need Sitecore Client Securing right for Importing Riols and Users, the follow rol should work: Developer, Admin, Client Account Managing or Client Securing right";
return;
}
var file = request.Files.Get("fileToUpload");
if (file == null || file.ContentLength == 0)
{
rolesexport.Text += "Select an import csv file.<br/>";
Import1(rolesexport);
return;
}
rolesexport.Text += "Import size=" + file.ContentLength + " characters<br/>";
var db = Sitecore.Configuration.Factory.GetDatabase("master");
var updatecount = 0;
var newcount = 0;
List <string> rolsPostponedProcess = new List <string>();
using (StreamReader reader = new StreamReader(file.InputStream))
{
string line;
int count = 0;
while ((line = reader.ReadLine()) != null)
{
count++;
var splitted = line.Split(',');
if (splitted.Length == 3 && splitted[0] == "role")
{
if (!Sitecore.Security.Accounts.Role.Exists(splitted[1]))
{
try
{
Roles.CreateRole(splitted[1]);
rolesexport.Text += "<br>rol created" + HttpUtility.HtmlEncode(splitted[1]);
if (!string.IsNullOrEmpty(splitted[0]))
{
rolsPostponedProcess.Add(line);
}
} catch
{
rolesexport.Text += "<br>Error cannot create rol " + HttpUtility.HtmlEncode(splitted[1]);
}
}
}
else if (splitted.Length == 2)
{
if (rolsPostponedProcess.Any())
{
CreateRolInRols(rolsPostponedProcess);
rolsPostponedProcess = new List <string>();
}
Item item = db.GetItem(splitted[0]);
if (item == null)
{
rolesexport.Text += "<br>Error unknow item path or no read rights" + HttpUtility.HtmlEncode(splitted[0]);
}
else
{
var accessRules = item.Security.GetAccessRules();
var rules = AccessRuleCollection.FromString(splitted[1]);
if (rules != null)
{
if (item.Access.CanWrite())
{
foreach (var rule in rules)
{
if (accessRules.Contains(rule))
{
accessRules.Remove(rule);
updatecount++;
}
else
{
newcount++;
}
accessRules.Add(rule);
}
item.Editing.BeginEdit();
item.Security.SetAccessRules(accessRules);
item.Editing.EndEdit();
rolesexport.Text += "<br>" + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value);
}
else
{
rolesexport.Text += "<br><span style=\"color:#880000;\">Skipped: No write Access for " + HttpUtility.HtmlEncode(splitted[0]) + " = " + HttpUtility.HtmlEncode(item.Fields["__Security"].Value) + "<span>";
}
}
}
}
else
{
rolesexport.Text += "<br>Error unknow line " + count + " : " + line;
}
}
}
rolesexport.Text += "<p>Rights are imported, new rights " + newcount + " updated rights " + updatecount + "<br>Remember nothing is deleted, only the items that are in the import file are affected </p>";
}