private bool TryAssertBlog(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { var pageReference = entity.GetAttributeValue <EntityReference>("adx_parentpageid"); if (pageReference == null) { return(false); } var parentPage = serviceContext.RetrieveSingle( "adx_webpage", new[] { "adx_name" }, new Condition("adx_webpageid", ConditionOperator.Equal, pageReference.Id)); if (right == CrmEntityRight.Read) { return(parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies)); } if (!Roles.Enabled) { ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Denying Change."); return(false); } IEnumerable <Entity> authorRoles = new List <Entity>(); EntityNode blogNode; if (!map.TryGetValue(entity, out blogNode)) { return(false); } if (blogNode is BlogNode) { authorRoles = ((BlogNode)blogNode).WebRoles.Select(wr => wr.ToEntity()); } if (!authorRoles.Any()) { return(false); } dependencies.AddEntityDependencies(authorRoles); var userRoles = this.GetUserRoles(); return(authorRoles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any() || (parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies))); }
protected virtual IEnumerable <Entity> GetRulesApplicableToForum(Entity forum, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { forum.AssertEntityName("adx_communityforum"); var rules = new List <Entity>(); ForumNode currentForumNode; if (map.TryGetValue(forum, out currentForumNode)) { var rulesForCurrentForum = currentForumNode.ForumAccessPermissions.Where(fr => fr.StateCode == 0); rules.AddRange(rulesForCurrentForum.Select(r => r.ToEntity())); } dependencies.AddEntityDependencies(rules); return(rules); }
protected virtual IEnumerable <Entity> GetRulesApplicableToEvent(OrganizationServiceContext context, Entity crmEvent, CrmEntityCacheDependencyTrace dependencies) { crmEvent.AssertEntityName("adx_event"); var rules = new List <Entity>(); var currentEvent = crmEvent; if (currentEvent != null) { var rulesForCurrentEvent = currentEvent.GetRelatedEntities(context, "adx_event_eventaccesspermission"); if (rulesForCurrentEvent != null) { rules.AddRange(rulesForCurrentEvent); } } dependencies.AddEntityDependencies(rules); return(rules); }
private bool UserInRole(string roleRelationship, bool defaultIfNoRoles, OrganizationServiceContext serviceContext, Entity entity, CrmEntityCacheDependencyTrace dependencies) { if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } var website = entity.GetAttributeValue <EntityReference>("adx_websiteid"); if (website == null) { return(false); } var roles = entity.GetRelatedEntities(serviceContext, new Relationship(roleRelationship)) .Where(e => Equals(e.GetAttributeValue <EntityReference>("adx_websiteid"), website)) .ToArray(); if (!roles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } dependencies.AddEntityDependencies(roles); // Windows Live ID Server decided to return null for an unauthenticated user's name // A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string. var currentUsername = HttpContext.Current.User != null && HttpContext.Current.User.Identity != null ? HttpContext.Current.User.Identity.Name ?? string.Empty : string.Empty; var userRoles = Roles.GetRolesForUser(currentUsername); return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any()); }
private bool UserInRole(CrmEntityRight right, bool defaultIfNoRoles, Entity ideaForumEntity, CrmEntityCacheDependencyTrace dependencies, ContentMap map) { if (!Roles.Enabled) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } IEnumerable <Entity> roles = new List <Entity>(); IdeaForumNode ideaForumNode; if (!map.TryGetValue(ideaForumEntity, out ideaForumNode)) { return(false); } if (right == CrmEntityRight.Read) { roles = ideaForumNode.WebRolesRead.Select(wr => wr.ToEntity()); } else if (right == CrmEntityRight.Change) { roles = ideaForumNode.WebRolesWrite.Select(wr => wr.ToEntity()); } if (!roles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles)); return(defaultIfNoRoles); } dependencies.AddEntityDependencies(roles); var userRoles = this.GetUserRoles(); return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any()); }
public bool TryAssertRightProperty(OrganizationServiceContext context, string rightPropertyName, CrmEntityCacheDependencyTrace dependencies) { // If Roles are not enabled on the site, deny permission. if (!Roles.Enabled) { ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Permission denied."); return(false); } dependencies.AddEntitySetDependency("adx_webrole"); dependencies.AddEntitySetDependency("adx_webrole_contact"); dependencies.AddEntitySetDependency("adx_webrole_account"); dependencies.AddEntityDependency(_website); var userRoles = this.GetUserRoles(); if (!userRoles.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No roles were found for the current user. Permission denied."); return(false); } var websiteaccessFetch = new Fetch { Entity = new FetchEntity("adx_websiteaccess", new [] { "adx_manageweblinksets", "adx_previewunpublishedentities" }) { Filters = new[] { new Filter { Conditions = new[] { new Condition( "adx_websiteid", ConditionOperator.Equal, this._website.Id), } } } } }; var rules = context.RetrieveMultiple(websiteaccessFetch).Entities; // If no access permissions are defined for this site, deny permission. if (!rules.Any()) { ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No website access permission rules were found for the current website. Permission denied."); return(false); } dependencies.AddEntityDependencies(rules); foreach (var rule in rules) { var ruleRoles = context.RetrieveRelatedEntities(rule, "adx_websiteaccess_webrole", new [] { "adx_name" }).Entities; if (ruleRoles == null) { continue; } var ruleRoleNames = ruleRoles.Select(role => role.GetAttributeValue <string>("adx_name")); var roleIntersection = ruleRoleNames.Intersect(userRoles, StringComparer.InvariantCulture); // If the user is in any of the roles associated with the permission rule, and // the rightsPredicate evaluates to true for the given rule, grant permission. if (roleIntersection.Any() && rule.GetAttributeValue <bool?>(rightPropertyName).GetValueOrDefault(false)) { return(true); } } // If no permission rules meet the necessary conditions, deny permission. return(false); }