private void DownloadRolesExport()
        {
            var allright = CurrentRights.GetAllRightsMaster();
            var rols     = Request.Form.Get("rol");

            if (rols != null)
            {
                foreach (var rol in rols.Split(','))
                {
                    var account = Sitecore.Security.Accounts.Role.FromName(rol);
                    if (account == null)
                    {
                        break;
                    }
                    dowload.Text += "role," + account.Name + ",";
                    int count = 0;
                    foreach (var subrol in RolesInRolesManager.GetRolesInRole(account, false))
                    {
                        if (count != 0)
                        {
                            dowload.Text += "|";
                        }
                        dowload.Text += subrol.Name;
                        count++;
                    }
                    dowload.Text += "\n";
                }
                foreach (var rol in rols.Split(','))
                {
                    var account = Sitecore.Security.Accounts.Role.FromName(rol);
                    if (account == null)
                    {
                        break;
                    }
                    foreach (var itemWithRights in allright)
                    {
                        var accessRules = itemWithRights.Security.GetAccessRules();
                        if (accessRules != null)
                        {
                            foreach (var rule in accessRules)
                            {
                                if (rule.Account == account)
                                {
                                    AccessRuleCollection ruleCollection = new AccessRuleCollection();
                                    ruleCollection.Add(rule);
                                    dowload.Text += itemWithRights.Paths.FullPath + "," + ruleCollection.ToString() + "\n";
                                }
                            }
                        }
                    }
                }
            }
            Response.Clear();
            Response.ContentType = "application/CSV";
            Response.AddHeader("Cache-Control", "must-revalidate");
            Response.AddHeader("Pragma", "must-revalidate");
            Response.AddHeader("Content-type", "application/x-download");
            Response.AddHeader("Content-disposition", "attachment; filename=sitecore-roles-export.csv");
        }
예제 #2
0
        public override async Task Apply()
        {
            var cycle = (Block.Level - 1) / Block.Protocol.BlocksPerCycle;

            #region current rights
            CurrentRights = await Cache.BakingRights.GetAsync(cycle, Block.Level);

            var sql = string.Empty;

            // TODO: better use protocol of the block where the endorsing rights were generated
            if (Block.Priority == 0 && Block.Validations == Block.Protocol.EndorsersPerBlock)
            {
                CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
                CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);

                sql = $@"
                    DELETE  FROM ""BakingRights""
                    WHERE   ""Level"" = {Block.Level}
                    AND     ""Type"" = {(int)BakingRightType.Baking}
                    AND     ""Priority"" > 0;

                    UPDATE  ""BakingRights""
                    SET     ""Status"" = {(int)BakingRightStatus.Realized}
                    WHERE   ""Level"" = {Block.Level};";
            }
            else
            {
                #region load missed priority
                var maxExistedPriority = CurrentRights
                                         .Where(x => x.Type == BakingRightType.Baking)
                                         .Select(x => x.Priority)
                                         .Max();

                if (maxExistedPriority < Block.Priority)
                {
                    using var stream = await Proto.Node.GetLevelBakingRightsAsync(Block.Level, Block.Priority + 1);

                    var bakingRights = await(Proto.Serializer as Serializer).DeserializeBakingRights(stream);
                    //bakingRights = bakingRights.OrderBy(x => x.Priority);

                    var sqlInsert = @"
                        INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";

                    foreach (var bakingRight in bakingRights.SkipWhile(x => x.Priority <= maxExistedPriority))
                    {
                        var delegat = Cache.Accounts.GetDelegateOrDefault(bakingRight.Delegate);
                        if (delegat == null)
                        {
                            continue;                  // WTF: [level:28680] - Baking rights were given to non-baker account
                        }
                        sqlInsert += $@"
                            ({cycle}, {Block.Level}, {delegat.Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {bakingRight.Priority}, null),";
                    }

                    await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
예제 #3
0
        public virtual async Task Apply(Block block)
        {
            #region current rights
            CurrentRights = await Cache.BakingRights.GetAsync(block.Cycle, block.Level);

            var sql = string.Empty;

            if (block.Priority == 0 && block.Validations == block.Protocol.EndorsersPerBlock)
            {
                CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
                CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);

                sql = $@"
                    DELETE  FROM ""BakingRights""
                    WHERE   ""Level"" = {block.Level}
                    AND     ""Type"" = {(int)BakingRightType.Baking}
                    AND     ""Priority"" > 0;

                    UPDATE  ""BakingRights""
                    SET     ""Status"" = {(int)BakingRightStatus.Realized}
                    WHERE   ""Level"" = {block.Level};";
            }
            else
            {
                #region load missed priority
                var maxExistedPriority = CurrentRights
                                         .Where(x => x.Type == BakingRightType.Baking)
                                         .Select(x => x.Priority)
                                         .Max();

                if (maxExistedPriority < block.Priority)
                {
                    var bakingRights = await Proto.Rpc.GetLevelBakingRightsAsync(block.Level, block.Level, block.Priority);

                    //bakingRights = bakingRights.OrderBy(x => x.Priority);

                    var sqlInsert = @"
                        INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";

                    foreach (var bakingRight in bakingRights.EnumerateArray().SkipWhile(x => x.RequiredInt32("priority") <= maxExistedPriority))
                    {
                        var delegat = Cache.Accounts.GetDelegateOrDefault(bakingRight.RequiredString("delegate"));
                        if (delegat == null)
                        {
                            continue;                  // WTF: [level:28680] - Baking rights were given to non-baker account
                        }
                        sqlInsert += $@"
                            ({block.Cycle}, {block.Level}, {delegat.Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {bakingRight.RequiredInt32("priority")}, null),";
                    }

                    await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
예제 #4
0
        public override async Task Apply(Block block)
        {
            var cycle = (block.Level - 1) / block.Protocol.BlocksPerCycle;

            #region current rights
            CurrentRights = await Cache.BakingRights.GetAsync(cycle, block.Level);

            var sql = string.Empty;

            // TODO: better use protocol of the block where the endorsing rights were generated
            if (block.Priority == 0 && block.Validations == block.Protocol.EndorsersPerBlock)
            {
                CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
                CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);

                sql = $@"
                    DELETE  FROM ""BakingRights""
                    WHERE   ""Level"" = {block.Level}
                    AND     ""Type"" = {(int)BakingRightType.Baking}
                    AND     ""Priority"" > 0;

                    UPDATE  ""BakingRights""
                    SET     ""Status"" = {(int)BakingRightStatus.Realized}
                    WHERE   ""Level"" = {block.Level};";
            }
            else
            {
                #region load missed priority
                var maxExistedPriority = CurrentRights
                                         .Where(x => x.Type == BakingRightType.Baking)
                                         .Select(x => x.Priority)
                                         .Max();

                if (maxExistedPriority < block.Priority)
                {
                    var bakingRights = await Proto.Rpc.GetLevelBakingRightsAsync(block.Level, block.Priority);

                    //bakingRights = bakingRights.OrderBy(x => x.Priority);

                    var sqlInsert = @"
                        INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";

                    foreach (var br in bakingRights.EnumerateArray().SkipWhile(x => x.RequiredInt32("priority") <= maxExistedPriority))
                    {
                        sqlInsert += $@"
                            ({cycle}, {block.Level}, {Cache.Accounts.GetDelegate(br.RequiredString("delegate")).Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {br.RequiredInt32("priority")}, null),";
                    }

                    await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
        private static void Step2(HttpRequest request, Literal rolesexport)
        {
            rolesexport.Text += "Export preview<br><br>";
            var allright = CurrentRights.GetAllRightsMaster();
            var rols     = request.Form.Get("rol");

            if (rols != null)
            {
                foreach (var rol in rols.Split(','))
                {
                    rolesexport.Text += "<strong>" + rol + "</strong>  :<br> ";
                    var account = Sitecore.Security.Accounts.Role.FromName(rol);
                    if (account == null)
                    {
                        break;
                    }
                    foreach (var itemWithRights in allright)
                    {
                        var accessRules = itemWithRights.Security.GetAccessRules();
                        if (accessRules != null)
                        {
                            foreach (var rule in accessRules)
                            {
                                if (rule.Account == account)
                                {
                                    AccessRuleCollection ruleCollection = new AccessRuleCollection();
                                    ruleCollection.Add(rule);
                                    rolesexport.Text += itemWithRights.Paths.FullPath + " " + RightsHelper.RightToHtml(rule) + " " + rule.AccessRight.Name + " " + rule.SecurityPermission.ToString() + "<br>";
                                }
                            }
                        }
                    }
                    rolesexport.Text += "<br>\n";
                }
                rolesexport.Text += "<form method=\"post\" action=\"/sitecore modules/Shell/Security-Rights-Reporting/Download.aspx?rolesexport=1\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"rol\" name=\"rol\" value=\"" + "" + HttpUtility.HtmlAttributeEncode(rols) + "\"><input type=\"submit\" value=\"Download\" name=\"submit\" ></form>";
            }
        }
예제 #6
0
        public static void DisplayAccountRight(Literal userrights, Database db, string account, bool showdefaultrights)
        {
            if (account == "all")
            {
                userrights.Text += string.Format("<h2 id=\"{0}\">Item Rights set on all users and roles on {0} Database</h2>", db.Name);
            }
            else
            {
                userrights.Text += string.Format("<h2 id=\"{1}\">Item Rights set on account {0} on {1} Database</h2>", System.Web.HttpUtility.HtmlEncode(account), db.Name);
            }

            //We use a query instead of index search because, security field data is not in query, will be slower by large resultset.
            var itemList = CurrentRights.GetAllRights(db);

            if (itemList.Count.ToString() == Settings.GetSetting("Query.MaxItems"))
            {
                userrights.Text += "<p style=\"color:#FF3333;\">Alert Query limit is: " + itemList.Count + " looks like we don't have all data because this limit see Query.MaxItems in config </p>";
            }
            var count = 0;

            var    checkAccount = new CheckAccount();
            string outmessage;

            var defaultRights = Reporting.Shell.RightsData.RightsData.GetDefaultRights(db.Name, account, out outmessage);

            if (!string.IsNullOrEmpty(outmessage))
            {
                userrights.Text += "<p>" + outmessage + "</p>";
            }
            userrights.Text += "<table id=\"table-accountrights\">";
            foreach (var item in itemList)
            {
                var accessRules = item.Security.GetAccessRules();
                if (accessRules != null)
                {
                    if (account == "devexport")
                    {
                        userrights.Text += string.Format(",new[] {{\"{0}\",@\"{1}\"}}\n<br>", item.Paths.FullPath, item.Fields["__Security"].Value);
                        if (item.Paths.FullPath.StartsWith("[orphan]"))
                        {
                            userrights.Text += string.Format("orphan id={0} template={1}\n<br>", item.ID, item.TemplateID);
                        }
                    }
                    else
                    {
                        foreach (var rule in accessRules)
                        {
                            var defaultRight = defaultRights.FirstOrDefault(x => x.Path == item.Paths.FullPath && x.Account == rule.Account.Name && x.Right == rule.SecurityPermission.ToString() && x.Name == rule.AccessRight.Name && x.PropagationType == rule.PropagationType.ToString());
                            var style        = "";
                            var message      = "";
                            if (defaultRight != null)
                            {
                                defaultRight.Hit = true;
                                style            = " style=\"color:#008800;\" class=\"green\"";
                                message          = string.Format(", ({0})", defaultRight.Message);
                                if (!showdefaultrights)
                                {
                                    continue;
                                }
                            }
                            var accountExsist = true;
                            if (rule.Account.AccountType == AccountType.Role)
                            {
                                accountExsist = checkAccount.IsRolExsisting(rule.Account.Name);
                            }
                            else
                            {
                                accountExsist = checkAccount.IsUserExsisting(rule.Account.Name);
                            }
                            if (!accountExsist)
                            {
                                message += ", Account unknown";
                                style    = " style=\"color:#FFA500;\" class=\"orange\"";
                            }

                            if (rule.Account.Name == account)
                            {
                                userrights.Text += string.Format("<tr{3}><td>{0}</td><td>{1}</td><td>{6}</td><td>{7}</td><td>{2}{4}</td><td>{5}</td></tr>\n", item.Paths.FullPath, rule.AccessRight.Comment, rule.SecurityPermission, style, message, rule.PropagationType, rule.AccessRight.Name, RightsHelper.RightToHtml(rule));
                                count++;
                            }
                            else if (account == "all")
                            {
                                userrights.Text += string.Format("<tr{4}><td>{0}</td><td>{8} : {1}</td><td>{7}</td><td>{9}</td><td>{2}{5}</td><td>{3}</td><td>{6}</td></tr>\n", item.Paths.FullPath, rule.Account.Name, rule.AccessRight.Comment, rule.SecurityPermission, style, message, rule.PropagationType, rule.AccessRight.Name, rule.Account.AccountType.ToString(), RightsHelper.RightToHtml(rule));
                                count++;
                            }
                            else if (account == "alldevexport")
                            {
                                userrights.Text += string.Format(",new[] {{\"{0}\",\"{1}\",\"{2}\",\"{3}\"}}\n<br>", item.Paths.FullPath, rule.Account.Name.Replace("\\", "\\\\"), rule.SecurityPermission, rule.PropagationType);
                                count++;
                            }
                        }
                    }
                }
            }
            if (count == 0)
            {
                if (showdefaultrights)
                {
                    userrights.Text += "<tr><td>No rights found in this Database for the user or role.</td></tr>";
                }
                else
                {
                    userrights.Text += "<tr><td>No custom rights found in this Database.</td></tr>";
                }
            }
            userrights.Text += "</table>";

            var warningRights = defaultRights.Where(x => x.Hit == false).ToList();

            if (warningRights.Any())
            {
                userrights.Text += "<br><span style=\"color:#880000;\">WARNING:</span> Expected rights not found, or no Access:<br><table style=\"color:#880000;\">";
                foreach (var warningRight in warningRights)
                {
                    userrights.Text += string.Format("<tr><td>{0}</td><td>{1}</td><td>{2}</td><td>{3}</td><td>{4}</td><td>{5}</td></tr>\n", warningRight.Path, warningRight.Account, warningRight.Name, warningRight.Message, warningRight.Right, warningRight.PropagationType);
                }
                userrights.Text += "</table>";
            }
        }