private void DownloadRolesExport()
{
var allright = CurrentRights.GetAllRightsMaster();
var rols = Request.Form.Get("rol");
if (rols != null)
{
foreach (var rol in rols.Split(','))
{
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
dowload.Text += "role," + account.Name + ",";
int count = 0;
foreach (var subrol in RolesInRolesManager.GetRolesInRole(account, false))
{
if (count != 0)
{
dowload.Text += "|";
}
dowload.Text += subrol.Name;
count++;
}
dowload.Text += "\n";
}
foreach (var rol in rols.Split(','))
{
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
foreach (var itemWithRights in allright)
{
var accessRules = itemWithRights.Security.GetAccessRules();
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (rule.Account == account)
{
AccessRuleCollection ruleCollection = new AccessRuleCollection();
ruleCollection.Add(rule);
dowload.Text += itemWithRights.Paths.FullPath + "," + ruleCollection.ToString() + "\n";
}
}
}
}
}
}
Response.Clear();
Response.ContentType = "application/CSV";
Response.AddHeader("Cache-Control", "must-revalidate");
Response.AddHeader("Pragma", "must-revalidate");
Response.AddHeader("Content-type", "application/x-download");
Response.AddHeader("Content-disposition", "attachment; filename=sitecore-roles-export.csv");
}
public override async Task Apply()
{
var cycle = (Block.Level - 1) / Block.Protocol.BlocksPerCycle;
#region current rights
CurrentRights = await Cache.BakingRights.GetAsync(cycle, Block.Level);
var sql = string.Empty;
// TODO: better use protocol of the block where the endorsing rights were generated
if (Block.Priority == 0 && Block.Validations == Block.Protocol.EndorsersPerBlock)
{
CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);
sql = $@"
DELETE FROM ""BakingRights""
WHERE ""Level"" = {Block.Level}
AND ""Type"" = {(int)BakingRightType.Baking}
AND ""Priority"" > 0;
UPDATE ""BakingRights""
SET ""Status"" = {(int)BakingRightStatus.Realized}
WHERE ""Level"" = {Block.Level};";
}
else
{
#region load missed priority
var maxExistedPriority = CurrentRights
.Where(x => x.Type == BakingRightType.Baking)
.Select(x => x.Priority)
.Max();
if (maxExistedPriority < Block.Priority)
{
using var stream = await Proto.Node.GetLevelBakingRightsAsync(Block.Level, Block.Priority + 1);
var bakingRights = await(Proto.Serializer as Serializer).DeserializeBakingRights(stream);
//bakingRights = bakingRights.OrderBy(x => x.Priority);
var sqlInsert = @"
INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";
foreach (var bakingRight in bakingRights.SkipWhile(x => x.Priority <= maxExistedPriority))
{
var delegat = Cache.Accounts.GetDelegateOrDefault(bakingRight.Delegate);
if (delegat == null)
{
continue; // WTF: [level:28680] - Baking rights were given to non-baker account
}
sqlInsert += $@"
({cycle}, {Block.Level}, {delegat.Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {bakingRight.Priority}, null),";
}
await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
public virtual async Task Apply(Block block)
{
#region current rights
CurrentRights = await Cache.BakingRights.GetAsync(block.Cycle, block.Level);
var sql = string.Empty;
if (block.Priority == 0 && block.Validations == block.Protocol.EndorsersPerBlock)
{
CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);
sql = $@"
DELETE FROM ""BakingRights""
WHERE ""Level"" = {block.Level}
AND ""Type"" = {(int)BakingRightType.Baking}
AND ""Priority"" > 0;
UPDATE ""BakingRights""
SET ""Status"" = {(int)BakingRightStatus.Realized}
WHERE ""Level"" = {block.Level};";
}
else
{
#region load missed priority
var maxExistedPriority = CurrentRights
.Where(x => x.Type == BakingRightType.Baking)
.Select(x => x.Priority)
.Max();
if (maxExistedPriority < block.Priority)
{
var bakingRights = await Proto.Rpc.GetLevelBakingRightsAsync(block.Level, block.Level, block.Priority);
//bakingRights = bakingRights.OrderBy(x => x.Priority);
var sqlInsert = @"
INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";
foreach (var bakingRight in bakingRights.EnumerateArray().SkipWhile(x => x.RequiredInt32("priority") <= maxExistedPriority))
{
var delegat = Cache.Accounts.GetDelegateOrDefault(bakingRight.RequiredString("delegate"));
if (delegat == null)
{
continue; // WTF: [level:28680] - Baking rights were given to non-baker account
}
sqlInsert += $@"
({block.Cycle}, {block.Level}, {delegat.Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {bakingRight.RequiredInt32("priority")}, null),";
}
await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
public override async Task Apply(Block block)
{
var cycle = (block.Level - 1) / block.Protocol.BlocksPerCycle;
#region current rights
CurrentRights = await Cache.BakingRights.GetAsync(cycle, block.Level);
var sql = string.Empty;
// TODO: better use protocol of the block where the endorsing rights were generated
if (block.Priority == 0 && block.Validations == block.Protocol.EndorsersPerBlock)
{
CurrentRights.RemoveAll(x => x.Type == BakingRightType.Baking && x.Priority > 0);
CurrentRights.ForEach(x => x.Status = BakingRightStatus.Realized);
sql = $@"
DELETE FROM ""BakingRights""
WHERE ""Level"" = {block.Level}
AND ""Type"" = {(int)BakingRightType.Baking}
AND ""Priority"" > 0;
UPDATE ""BakingRights""
SET ""Status"" = {(int)BakingRightStatus.Realized}
WHERE ""Level"" = {block.Level};";
}
else
{
#region load missed priority
var maxExistedPriority = CurrentRights
.Where(x => x.Type == BakingRightType.Baking)
.Select(x => x.Priority)
.Max();
if (maxExistedPriority < block.Priority)
{
var bakingRights = await Proto.Rpc.GetLevelBakingRightsAsync(block.Level, block.Priority);
//bakingRights = bakingRights.OrderBy(x => x.Priority);
var sqlInsert = @"
INSERT INTO ""BakingRights"" (""Cycle"", ""Level"", ""BakerId"", ""Type"", ""Status"", ""Priority"", ""Slots"") VALUES ";
foreach (var br in bakingRights.EnumerateArray().SkipWhile(x => x.RequiredInt32("priority") <= maxExistedPriority))
{
sqlInsert += $@"
({cycle}, {block.Level}, {Cache.Accounts.GetDelegate(br.RequiredString("delegate")).Id}, {(int)BakingRightType.Baking}, {(int)BakingRightStatus.Future}, {br.RequiredInt32("priority")}, null),";
}
await Db.Database.ExecuteSqlRawAsync(sqlInsert[..^ 1]);
private static void Step2(HttpRequest request, Literal rolesexport)
{
rolesexport.Text += "Export preview<br><br>";
var allright = CurrentRights.GetAllRightsMaster();
var rols = request.Form.Get("rol");
if (rols != null)
{
foreach (var rol in rols.Split(','))
{
rolesexport.Text += "<strong>" + rol + "</strong> :<br> ";
var account = Sitecore.Security.Accounts.Role.FromName(rol);
if (account == null)
{
break;
}
foreach (var itemWithRights in allright)
{
var accessRules = itemWithRights.Security.GetAccessRules();
if (accessRules != null)
{
foreach (var rule in accessRules)
{
if (rule.Account == account)
{
AccessRuleCollection ruleCollection = new AccessRuleCollection();
ruleCollection.Add(rule);
rolesexport.Text += itemWithRights.Paths.FullPath + " " + RightsHelper.RightToHtml(rule) + " " + rule.AccessRight.Name + " " + rule.SecurityPermission.ToString() + "<br>";
}
}
}
}
rolesexport.Text += "<br>\n";
}
rolesexport.Text += "<form method=\"post\" action=\"/sitecore modules/Shell/Security-Rights-Reporting/Download.aspx?rolesexport=1\" enctype=\"multipart/form-data\"><input type=\"hidden\" id=\"rol\" name=\"rol\" value=\"" + "" + HttpUtility.HtmlAttributeEncode(rols) + "\"><input type=\"submit\" value=\"Download\" name=\"submit\" ></form>";
}
}
public static void DisplayAccountRight(Literal userrights, Database db, string account, bool showdefaultrights)
{
if (account == "all")
{
userrights.Text += string.Format("<h2 id=\"{0}\">Item Rights set on all users and roles on {0} Database</h2>", db.Name);
}
else
{
userrights.Text += string.Format("<h2 id=\"{1}\">Item Rights set on account {0} on {1} Database</h2>", System.Web.HttpUtility.HtmlEncode(account), db.Name);
}
//We use a query instead of index search because, security field data is not in query, will be slower by large resultset.
var itemList = CurrentRights.GetAllRights(db);
if (itemList.Count.ToString() == Settings.GetSetting("Query.MaxItems"))
{
userrights.Text += "<p style=\"color:#FF3333;\">Alert Query limit is: " + itemList.Count + " looks like we don't have all data because this limit see Query.MaxItems in config </p>";
}
var count = 0;
var checkAccount = new CheckAccount();
string outmessage;
var defaultRights = Reporting.Shell.RightsData.RightsData.GetDefaultRights(db.Name, account, out outmessage);
if (!string.IsNullOrEmpty(outmessage))
{
userrights.Text += "<p>" + outmessage + "</p>";
}
userrights.Text += "<table id=\"table-accountrights\">";
foreach (var item in itemList)
{
var accessRules = item.Security.GetAccessRules();
if (accessRules != null)
{
if (account == "devexport")
{
userrights.Text += string.Format(",new[] {{\"{0}\",@\"{1}\"}}\n<br>", item.Paths.FullPath, item.Fields["__Security"].Value);
if (item.Paths.FullPath.StartsWith("[orphan]"))
{
userrights.Text += string.Format("orphan id={0} template={1}\n<br>", item.ID, item.TemplateID);
}
}
else
{
foreach (var rule in accessRules)
{
var defaultRight = defaultRights.FirstOrDefault(x => x.Path == item.Paths.FullPath && x.Account == rule.Account.Name && x.Right == rule.SecurityPermission.ToString() && x.Name == rule.AccessRight.Name && x.PropagationType == rule.PropagationType.ToString());
var style = "";
var message = "";
if (defaultRight != null)
{
defaultRight.Hit = true;
style = " style=\"color:#008800;\" class=\"green\"";
message = string.Format(", ({0})", defaultRight.Message);
if (!showdefaultrights)
{
continue;
}
}
var accountExsist = true;
if (rule.Account.AccountType == AccountType.Role)
{
accountExsist = checkAccount.IsRolExsisting(rule.Account.Name);
}
else
{
accountExsist = checkAccount.IsUserExsisting(rule.Account.Name);
}
if (!accountExsist)
{
message += ", Account unknown";
style = " style=\"color:#FFA500;\" class=\"orange\"";
}
if (rule.Account.Name == account)
{
userrights.Text += string.Format("<tr{3}><td>{0}</td><td>{1}</td><td>{6}</td><td>{7}</td><td>{2}{4}</td><td>{5}</td></tr>\n", item.Paths.FullPath, rule.AccessRight.Comment, rule.SecurityPermission, style, message, rule.PropagationType, rule.AccessRight.Name, RightsHelper.RightToHtml(rule));
count++;
}
else if (account == "all")
{
userrights.Text += string.Format("<tr{4}><td>{0}</td><td>{8} : {1}</td><td>{7}</td><td>{9}</td><td>{2}{5}</td><td>{3}</td><td>{6}</td></tr>\n", item.Paths.FullPath, rule.Account.Name, rule.AccessRight.Comment, rule.SecurityPermission, style, message, rule.PropagationType, rule.AccessRight.Name, rule.Account.AccountType.ToString(), RightsHelper.RightToHtml(rule));
count++;
}
else if (account == "alldevexport")
{
userrights.Text += string.Format(",new[] {{\"{0}\",\"{1}\",\"{2}\",\"{3}\"}}\n<br>", item.Paths.FullPath, rule.Account.Name.Replace("\\", "\\\\"), rule.SecurityPermission, rule.PropagationType);
count++;
}
}
}
}
}
if (count == 0)
{
if (showdefaultrights)
{
userrights.Text += "<tr><td>No rights found in this Database for the user or role.</td></tr>";
}
else
{
userrights.Text += "<tr><td>No custom rights found in this Database.</td></tr>";
}
}
userrights.Text += "</table>";
var warningRights = defaultRights.Where(x => x.Hit == false).ToList();
if (warningRights.Any())
{
userrights.Text += "<br><span style=\"color:#880000;\">WARNING:</span> Expected rights not found, or no Access:<br><table style=\"color:#880000;\">";
foreach (var warningRight in warningRights)
{
userrights.Text += string.Format("<tr><td>{0}</td><td>{1}</td><td>{2}</td><td>{3}</td><td>{4}</td><td>{5}</td></tr>\n", warningRight.Path, warningRight.Account, warningRight.Name, warningRight.Message, warningRight.Right, warningRight.PropagationType);
}
userrights.Text += "</table>";
}
}