/// <summary> /// This performs the calculations for inherited nodes based on this /// http://issues.umbraco.org/issue/U4-10075#comment=67-40085 /// </summary> /// <param name="groupPermissions"></param> /// <param name="pathIds"></param> /// <returns></returns> internal static EntityPermissionSet CalculatePermissionsForPathForUser( EntityPermission[] groupPermissions, int[] pathIds) { // not sure this will ever happen, it shouldn't since this should return defaults, but maybe those are empty? if (groupPermissions.Length == 0 || pathIds.Length == 0) { return(EntityPermissionSet.Empty()); } // The actual entity id being looked at (deepest part of the path) var entityId = pathIds[0]; var resultPermissions = new EntityPermissionCollection(); // create a grouped by dictionary of another grouped by dictionary var permissionsByGroup = groupPermissions .GroupBy(x => x.UserGroupId) .ToDictionary( x => x.Key, x => x.GroupBy(a => a.EntityId).ToDictionary(a => a.Key, a => a.ToArray())); // iterate through each group foreach (KeyValuePair <int, Dictionary <int, EntityPermission[]> > byGroup in permissionsByGroup) { var added = false; // iterate deepest to shallowest foreach (var pathId in pathIds) { if (byGroup.Value.TryGetValue(pathId, out EntityPermission[]? permissionsForNodeAndGroup) == false)
public void Access_Allowed_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A", "F", "C" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); var userServiceMock = new Mock <IUserService>(); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, out var foundContent, new[] { 'F' }); //assert Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result); }
public void No_Access_By_Path() { // Arrange IUser user = CreateUser(id: 9, startContentId: 9876); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); IContent content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") }); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result); }
public void No_Access_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 }); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") }); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }); //assert Assert.IsFalse(result); }
public void Throws_Exception_When_No_Content_Found() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(0)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act/assert Assert.Throws <HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' })); }
public void No_Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' }); //assert Assert.IsFalse(result); }
public void Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(-20, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' }); //assert Assert.IsTrue(result); }
private bool CurrentUserHasPermissions(EntityPermissionCollection permissionResults, int nodeId) { //This is done for us in 7.7.2 var perms = permissionResults.Where(x => x.EntityId == nodeId).SelectMany(x => x.AssignedPermissions).Distinct().ToArray(); return(perms.Any(x => x == "F")); }
public void No_Access_To_Recycle_Bin_By_Permission() { // Arrange IUser user = CreateUser(withUserGroup: false); var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); IContentService contentService = contentServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result); }
internal void FilterBasedOnPermissions(IList items, IUser user) { var length = items.Count; if (length > 0) { var ids = new List <int>(); for (var i = 0; i < length; i++) { ids.Add(((dynamic)items[i] !).Id); } //get all the permissions for these nodes in one call EntityPermissionCollection permissions = _userService.GetPermissions(user, ids.ToArray()); var toRemove = new List <dynamic>(); foreach (dynamic item in items) { //get the combined permission set across all user groups for this node //we're in the world of dynamics here so we need to cast var nodePermission = ((IEnumerable <string>)permissions.GetAllPermissions(item.Id)).ToArray(); //if the permission being checked doesn't exist then remove the item if (nodePermission.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false) { toRemove.Add(item); } } foreach (dynamic item in toRemove) { items.Remove(item); } } }
public void No_Access_By_Path() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 }); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>())) .Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") }); var entityService = entityServiceMock.Object; //act var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' }); //assert Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result); }
public void No_Access_To_Recycle_Bin_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; //act var result = ContentPermissionsHelper.CheckPermissions(-20, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'B' }); //assert Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Denied, result); }
public void No_Content_Found() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(0)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentPermissionsHelper.CheckPermissions(1234, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'F' }); //assert Assert.AreEqual(ContentPermissionsHelper.ContentAccess.NotFound, result); }
public void No_Access_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); var user = userMock.Object; var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); var content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(1234)).Returns(content); var contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A", "B", "C" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentController.CheckPermissions(new Dictionary <string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }); //assert Assert.IsFalse(result); }
public void Access_To_Root_By_Permission() { //arrange var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(0); userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List <string>()) }); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1234, new string[] { "A" }) }; var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1")).Returns(permissionSet); var contentServiceMock = new Mock <IContentService>(); var contentService = contentServiceMock.Object; var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; //act var result = ContentPermissionsHelper.CheckPermissions(-1, user, userService, contentService, entityService, AppCaches.Disabled, out var foundContent, new[] { 'A' }); //assert Assert.AreEqual(ContentPermissionsHelper.ContentAccess.Granted, result); }
private bool HasPermissions(EntityPermissionCollection permissionResults, int nodeId) { var forNode = permissionResults.Where(x => x.EntityId == nodeId).ToList(); var permissions = forNode.SelectMany(x => x.AssignedPermissions).ToList(); return(permissions.Contains("F")); }
public void No_Content_Found() { // Arrange IUser user = CreateUser(id: 9); var contentMock = new Mock <IContent>(); contentMock.Setup(c => c.Path).Returns("-1,1234,5678"); IContent content = contentMock.Object; var contentServiceMock = new Mock <IContentService>(); contentServiceMock.Setup(x => x.GetById(0)).Returns(content); IContentService contentService = contentServiceMock.Object; var userServiceMock = new Mock <IUserService>(); var permissions = new EntityPermissionCollection(); var permissionSet = new EntityPermissionSet(1234, permissions); userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet); IUserService userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); IEntityService entityService = entityServiceMock.Object; var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled); // Act ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' }); // Assert Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result); }
public Dictionary <int, string[]> GetPermissions(int[] nodeIds) { EntityPermissionCollection permissions = _userService .GetPermissions(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, nodeIds); var permissionsDictionary = new Dictionary <int, string[]>(); foreach (var nodeId in nodeIds) { var aggregatePerms = permissions.GetAllPermissions(nodeId).ToArray(); permissionsDictionary.Add(nodeId, aggregatePerms); } return(permissionsDictionary); }
/// <summary> /// Returns explicitly defined permissions for a user group for any number of nodes /// </summary> /// <param name="groupIds"> /// The group ids to lookup permissions for /// </param> /// <param name="entityIds"></param> /// <returns></returns> /// <remarks> /// This method will not support passing in more than 2000 group IDs when also passing in entity IDs. /// </remarks> public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds) { var result = new EntityPermissionCollection(); if (entityIds.Length == 0) { foreach (IEnumerable <int> group in groupIds.InGroupsOf(Constants.Sql.MaxParameterCount)) { Sql <ISqlContext> sql = Sql() .SelectAll() .From <UserGroup2NodeDto>() .LeftJoin <UserGroup2NodePermissionDto>().On <UserGroup2NodeDto, UserGroup2NodePermissionDto>( (left, right) => left.NodeId == right.NodeId && left.UserGroupId == right.UserGroupId) .Where <UserGroup2NodeDto>(dto => group.Contains(dto.UserGroupId)); List <UserGroup2NodePermissionDto> permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (EntityPermission permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } } else { foreach (IEnumerable <int> group in entityIds.InGroupsOf(Constants.Sql.MaxParameterCount - groupIds.Length)) { Sql <ISqlContext> sql = Sql() .SelectAll() .From <UserGroup2NodeDto>() .LeftJoin <UserGroup2NodePermissionDto>().On <UserGroup2NodeDto, UserGroup2NodePermissionDto>( (left, right) => left.NodeId == right.NodeId && left.UserGroupId == right.UserGroupId) .Where <UserGroup2NodeDto>(dto => groupIds.Contains(dto.UserGroupId) && group.Contains(dto.NodeId)); List <UserGroup2NodePermissionDto> permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (EntityPermission permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } } return(result); }
private static EntityPermissionCollection ConvertToPermissionList(IEnumerable <UserGroup2NodePermissionDto> result) { var permissions = new EntityPermissionCollection(); var nodePermissions = result.GroupBy(x => x.NodeId); foreach (var np in nodePermissions) { var userGroupPermissions = np.GroupBy(x => x.UserGroupId); foreach (var permission in userGroupPermissions) { var perms = permission.Select(x => x.Permission).Distinct().ToArray(); permissions.Add(new EntityPermission(permission.Key, np.Key, perms)); } } return(permissions); }
public void Filter_On_Permissions() { var list = new List <ContentItemBasic>(); for (var i = 0; i < 10; i++) { list.Add(new ContentItemBasic { Id = i, Name = "Test" + i, ParentId = -1 }); } var ids = list.Select(x => (int)x.Id).ToArray(); IUser user = CreateUser(id: 9, startContentId: 0); var userServiceMock = new Mock <IUserService>(); // We're only assigning 3 nodes browse permissions so that is what we expect as a result var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1, new string[] { ActionBrowse.ActionLetter.ToString() }), new EntityPermission(9876, 2, new string[] { ActionBrowse.ActionLetter.ToString() }), new EntityPermission(9876, 3, new string[] { ActionBrowse.ActionLetter.ToString() }), new EntityPermission(9876, 4, new string[] { ActionUpdate.ActionLetter.ToString() }) }; userServiceMock.Setup(x => x.GetPermissions(user, ids)).Returns(permissions); IUserService userService = userServiceMock.Object; var att = new FilterAllowedOutgoingContentFilter( list.GetType(), null, ActionBrowse.ActionLetter, userService, Mock.Of <IEntityService>(), AppCaches.Disabled, Mock.Of <IBackOfficeSecurityAccessor>()); att.FilterBasedOnPermissions(list, user); Assert.AreEqual(3, list.Count); Assert.AreEqual(1, list.ElementAt(0).Id); Assert.AreEqual(2, list.ElementAt(1).Id); Assert.AreEqual(3, list.ElementAt(2).Id); }
/// <summary> /// Returns explicitly defined permissions for a user group for any number of nodes /// </summary> /// <param name="groupIds"> /// The group ids to lookup permissions for /// </param> /// <param name="entityIds"></param> /// <returns></returns> /// <remarks> /// This method will not support passing in more than 2000 group Ids /// </remarks> public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds) { var result = new EntityPermissionCollection(); foreach (var groupOfGroupIds in groupIds.InGroupsOf(2000)) { //copy local var localIds = groupOfGroupIds.ToArray(); if (entityIds.Length == 0) { var sql = Sql() .SelectAll() .From <UserGroup2NodePermissionDto>() .Where <UserGroup2NodePermissionDto>(dto => localIds.Contains(dto.UserGroupId)); var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (var permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } else { //iterate in groups of 2000 since we don't want to exceed the max SQL param count foreach (var groupOfEntityIds in entityIds.InGroupsOf(2000)) { var ids = groupOfEntityIds; var sql = Sql() .SelectAll() .From <UserGroup2NodePermissionDto>() .Where <UserGroup2NodePermissionDto>(dto => localIds.Contains(dto.UserGroupId) && ids.Contains(dto.NodeId)); var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (var permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } } } return(result); }
public void Filter_On_Permissions() { var list = new List <dynamic>(); for (var i = 0; i < 10; i++) { list.Add(new ContentItemBasic { Id = i, Name = "Test" + i, ParentId = -1 }); } var ids = list.Select(x => (int)x.Id).ToArray(); var userMock = new Mock <IUser>(); userMock.Setup(u => u.Id).Returns(9); userMock.Setup(u => u.StartContentIds).Returns(new int[0]); var user = userMock.Object; var userServiceMock = new Mock <IUserService>(); //we're only assigning 3 nodes browse permissions so that is what we expect as a result var permissions = new EntityPermissionCollection { new EntityPermission(9876, 1, new string[] { "F" }), new EntityPermission(9876, 2, new string[] { "F" }), new EntityPermission(9876, 3, new string[] { "F" }), new EntityPermission(9876, 4, new string[] { "A" }) }; userServiceMock.Setup(x => x.GetPermissions(user, ids)).Returns(permissions); var userService = userServiceMock.Object; var entityServiceMock = new Mock <IEntityService>(); var entityService = entityServiceMock.Object; var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable <ContentItemBasic>), userService, entityService); att.FilterBasedOnPermissions(list, user); Assert.AreEqual(3, list.Count); Assert.AreEqual(1, list.ElementAt(0).Id); Assert.AreEqual(2, list.ElementAt(1).Id); Assert.AreEqual(3, list.ElementAt(2).Id); }
/// <summary> /// Gets explicit and default permissions (if requested) permissions for the group for specified entities /// </summary> /// <param name="groups"></param> /// <param name="fallbackToDefaultPermissions">If true will include the group's default permissions if no permissions are explicitly assigned</param> /// <param name="nodeIds">Array of entity Ids, if empty will return permissions for the group for all entities</param> public EntityPermissionCollection GetPermissions(IReadOnlyUserGroup[] groups, bool fallbackToDefaultPermissions, params int[] nodeIds) { if (groups == null) { throw new ArgumentNullException(nameof(groups)); } var groupIds = groups.Select(x => x.Id).ToArray(); var explicitPermissions = GetPermissions(groupIds, nodeIds); var result = new EntityPermissionCollection(explicitPermissions); // If requested, and no permissions are assigned to a particular node, then we will fill in those permissions with the group's defaults if (fallbackToDefaultPermissions) { //if no node ids are passed in, then we need to determine the node ids for the explicit permissions set nodeIds = nodeIds.Length == 0 ? explicitPermissions.Select(x => x.EntityId).Distinct().ToArray() : nodeIds; //if there are still no nodeids we can just exit if (nodeIds.Length == 0) { return(result); } foreach (var group in groups) { foreach (var nodeId in nodeIds) { // TODO: We could/should change the EntityPermissionsCollection into a KeyedCollection and they key could be // a struct of the nodeid + groupid so then we don't actually allocate this class just to check if it's not // going to be included in the result! var defaultPermission = new EntityPermission(group.Id, nodeId, group.Permissions.ToArray(), isDefaultPermissions: true); //Since this is a hashset, this will not add anything that already exists by group/node combination result.Add(defaultPermission); } } } return(result); }
private static EntityPermissionCollection ConvertToPermissionList( IEnumerable <UserGroup2NodePermissionDto> result) { var permissions = new EntityPermissionCollection(); IEnumerable <IGrouping <int, UserGroup2NodePermissionDto> > nodePermissions = result.GroupBy(x => x.NodeId); foreach (IGrouping <int, UserGroup2NodePermissionDto> np in nodePermissions) { IEnumerable <IGrouping <int, UserGroup2NodePermissionDto> > userGroupPermissions = np.GroupBy(x => x.UserGroupId); foreach (IGrouping <int, UserGroup2NodePermissionDto> permission in userGroupPermissions) { var perms = permission.Select(x => x.Permission).Distinct().ToArray(); // perms can contain null if there are no permissions assigned, but the node is chosen in the UI. permissions.Add(new EntityPermission(permission.Key, np.Key, perms.WhereNotNull().ToArray())); } } return(permissions); }
/// <summary> /// Returns explicitly defined permissions for a user group for any number of nodes /// </summary> /// <param name="groupIds"> /// The group ids to lookup permissions for /// </param> /// <param name="entityIds"></param> /// <returns></returns> /// <remarks> /// This method will not support passing in more than 2000 group IDs when also passing in entity IDs. /// </remarks> public EntityPermissionCollection GetPermissionsForEntities(int[] groupIds, params int[] entityIds) { var result = new EntityPermissionCollection(); if (entityIds.Length == 0) { foreach (var group in groupIds.InGroupsOf(Constants.Sql.MaxParameterCount)) { var sql = Sql() .SelectAll() .From <UserGroup2NodePermissionDto>() .Where <UserGroup2NodePermissionDto>(dto => group.Contains(dto.UserGroupId)); var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (var permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } } else { foreach (var group in entityIds.InGroupsOf(Constants.Sql.MaxParameterCount - groupIds.Length)) { var sql = Sql() .SelectAll() .From <UserGroup2NodePermissionDto>() .Where <UserGroup2NodePermissionDto>(dto => groupIds.Contains(dto.UserGroupId) && group.Contains(dto.NodeId)); var permissions = AmbientScope.Database.Fetch <UserGroup2NodePermissionDto>(sql); foreach (var permission in ConvertToPermissionList(permissions)) { result.Add(permission); } } } return(result); }
internal UserToNodeAccessHelper(IUser currentUser, IUserService userService, IEnumerable <IUmbracoNodeWithPermissions> nodes) { _permissions = userService.GetPermissions(currentUser, AllNodeIdsFromPath(nodes)); }
public ContentPermissionSet(IContent content, EntityPermissionCollection permissionsSet) : base(content.Id, permissionsSet) =>