private bool TryAssertBlog(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
{
var pageReference = entity.GetAttributeValue <EntityReference>("adx_parentpageid");
if (pageReference == null)
{
return(false);
}
var parentPage = serviceContext.RetrieveSingle(
"adx_webpage",
new[] { "adx_name" },
new Condition("adx_webpageid", ConditionOperator.Equal, pageReference.Id));
if (right == CrmEntityRight.Read)
{
return(parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies));
}
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Denying Change.");
return(false);
}
IEnumerable <Entity> authorRoles = new List <Entity>();
EntityNode blogNode;
if (!map.TryGetValue(entity, out blogNode))
{
return(false);
}
if (blogNode is BlogNode)
{
authorRoles = ((BlogNode)blogNode).WebRoles.Select(wr => wr.ToEntity());
}
if (!authorRoles.Any())
{
return(false);
}
dependencies.AddEntityDependencies(authorRoles);
var userRoles = this.GetUserRoles();
return(authorRoles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any() ||
(parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies)));
}
protected virtual IEnumerable <Entity> GetRulesApplicableToForum(Entity forum, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
{
forum.AssertEntityName("adx_communityforum");
var rules = new List <Entity>();
ForumNode currentForumNode;
if (map.TryGetValue(forum, out currentForumNode))
{
var rulesForCurrentForum = currentForumNode.ForumAccessPermissions.Where(fr => fr.StateCode == 0);
rules.AddRange(rulesForCurrentForum.Select(r => r.ToEntity()));
}
dependencies.AddEntityDependencies(rules);
return(rules);
}
protected virtual IEnumerable <Entity> GetRulesApplicableToEvent(OrganizationServiceContext context, Entity crmEvent, CrmEntityCacheDependencyTrace dependencies)
{
crmEvent.AssertEntityName("adx_event");
var rules = new List <Entity>();
var currentEvent = crmEvent;
if (currentEvent != null)
{
var rulesForCurrentEvent = currentEvent.GetRelatedEntities(context, "adx_event_eventaccesspermission");
if (rulesForCurrentEvent != null)
{
rules.AddRange(rulesForCurrentEvent);
}
}
dependencies.AddEntityDependencies(rules);
return(rules);
}
private bool UserInRole(string roleRelationship, bool defaultIfNoRoles, OrganizationServiceContext serviceContext, Entity entity, CrmEntityCacheDependencyTrace dependencies)
{
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles));
return(defaultIfNoRoles);
}
var website = entity.GetAttributeValue <EntityReference>("adx_websiteid");
if (website == null)
{
return(false);
}
var roles = entity.GetRelatedEntities(serviceContext, new Relationship(roleRelationship))
.Where(e => Equals(e.GetAttributeValue <EntityReference>("adx_websiteid"), website))
.ToArray();
if (!roles.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles));
return(defaultIfNoRoles);
}
dependencies.AddEntityDependencies(roles);
// Windows Live ID Server decided to return null for an unauthenticated user's name
// A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string.
var currentUsername = HttpContext.Current.User != null && HttpContext.Current.User.Identity != null
? HttpContext.Current.User.Identity.Name ?? string.Empty
: string.Empty;
var userRoles = Roles.GetRolesForUser(currentUsername);
return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any());
}
private bool UserInRole(CrmEntityRight right, bool defaultIfNoRoles, Entity ideaForumEntity, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
{
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles));
return(defaultIfNoRoles);
}
IEnumerable <Entity> roles = new List <Entity>();
IdeaForumNode ideaForumNode;
if (!map.TryGetValue(ideaForumEntity, out ideaForumNode))
{
return(false);
}
if (right == CrmEntityRight.Read)
{
roles = ideaForumNode.WebRolesRead.Select(wr => wr.ToEntity());
}
else if (right == CrmEntityRight.Change)
{
roles = ideaForumNode.WebRolesWrite.Select(wr => wr.ToEntity());
}
if (!roles.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles));
return(defaultIfNoRoles);
}
dependencies.AddEntityDependencies(roles);
var userRoles = this.GetUserRoles();
return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any());
}
public bool TryAssertRightProperty(OrganizationServiceContext context, string rightPropertyName, CrmEntityCacheDependencyTrace dependencies)
{
// If Roles are not enabled on the site, deny permission.
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Permission denied.");
return(false);
}
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_webrole_contact");
dependencies.AddEntitySetDependency("adx_webrole_account");
dependencies.AddEntityDependency(_website);
var userRoles = this.GetUserRoles();
if (!userRoles.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No roles were found for the current user. Permission denied.");
return(false);
}
var websiteaccessFetch =
new Fetch
{
Entity = new FetchEntity("adx_websiteaccess", new [] { "adx_manageweblinksets", "adx_previewunpublishedentities" })
{
Filters = new[]
{
new Filter
{
Conditions = new[]
{
new Condition(
"adx_websiteid",
ConditionOperator.Equal,
this._website.Id),
}
}
}
}
};
var rules = context.RetrieveMultiple(websiteaccessFetch).Entities;
// If no access permissions are defined for this site, deny permission.
if (!rules.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No website access permission rules were found for the current website. Permission denied.");
return(false);
}
dependencies.AddEntityDependencies(rules);
foreach (var rule in rules)
{
var ruleRoles = context.RetrieveRelatedEntities(rule, "adx_websiteaccess_webrole", new [] { "adx_name" }).Entities;
if (ruleRoles == null)
{
continue;
}
var ruleRoleNames = ruleRoles.Select(role => role.GetAttributeValue <string>("adx_name"));
var roleIntersection = ruleRoleNames.Intersect(userRoles, StringComparer.InvariantCulture);
// If the user is in any of the roles associated with the permission rule, and
// the rightsPredicate evaluates to true for the given rule, grant permission.
if (roleIntersection.Any() && rule.GetAttributeValue <bool?>(rightPropertyName).GetValueOrDefault(false))
{
return(true);
}
}
// If no permission rules meet the necessary conditions, deny permission.
return(false);
}
