internal bool IfUpdateValidateAndCorrectIds(int count, IEntity newEntity, out HttpExceptionAbstraction preparedException)
{
var wrapLog = Log.Call();
var previousEntity = AppRead.Entities.Get(newEntity.EntityId)
?? AppRead.Entities.Get(newEntity.EntityGuid);
if (previousEntity != null)
{
Log.Add("found previous entity, will check types/ids/attributes");
CompareTypes(count, previousEntity, newEntity);
// for saving, ensure we are using the DB entity-ID
if (newEntity.EntityId == 0)
{
Log.Add("found existing entity - will set the ID to that to overwrite");
newEntity.ResetEntityId(previousEntity.EntityId);
}
CompareIdentities(count, previousEntity, newEntity);
CompareAttributes(count, previousEntity, newEntity);
}
else
{
Log.Add("no previous entity found");
}
var ok = BuildExceptionIfHasIssues(out preparedException, "EntityIsOk() done");
wrapLog($"{ok}");
return(ok);
}
/// <summary>
/// The package format for loading and saving are the same, but we want to make sure
/// that the save package doesn't contain unexpected trash (which would indicate the UI was broken)
/// or that invalid combinations get back here
/// </summary>
/// <param name="preparedException"></param>
/// <returns></returns>
internal bool ContainsOnlyExpectedNodes(out HttpExceptionAbstraction preparedException)
{
var wrapLog = Log.Call();
if (Package.ContentTypes != null)
{
Add("package contained content-types, unexpected!");
}
if (Package.InputTypes != null)
{
Add("package contained input types, unexpected!");
}
if (Package.Features != null)
{
Add("package contained features, unexpected!");
}
// check that items are mostly intact
if (Package.Items == null || Package.Items.Count == 0)
{
Add("package didn't contain items, unexpected!");
}
else
{
// do various validity tests on items
VerifyAllGroupAssignmentsValid(Package.Items);
ValidateEachItemInBundle(Package.Items);
}
var ok = BuildExceptionIfHasIssues(out preparedException, "ContainsOnlyExpectedNodes() done");
wrapLog($"{ok}");
return(ok);
}
internal bool UserIsPermittedOnField(List <Grants> requiredPermissions, out HttpExceptionAbstraction preparedException)
{
// check field permissions, but only for non-publish-data
if (UserIsRestricted && !FieldPermissionOk(requiredPermissions))
{
preparedException = HttpException.PermissionDenied("this field is not configured to allow uploads by the current user");
return(false);
}
preparedException = null;
return(true);
}
internal bool MustThrowIfAccessingRootButNotAllowed(bool usePortalRoot, out HttpExceptionAbstraction preparedException)
{
if (usePortalRoot && UserIsRestricted)
{
preparedException = HttpException.BadRequest("you may only create draft-data, so file operations outside of ADAM is not allowed");
return(true);
}
preparedException = null;
return(false);
}
internal bool ExtensionIsOk(string fileName, out HttpExceptionAbstraction preparedException)
{
if (!SiteAllowsExtension(fileName))
{
preparedException = HttpException.NotAllowedFileType(fileName, "Not in whitelisted CMS file types.");
return(false);
}
if (AdamSecurityCheckHelpers.IsKnownRiskyExtension(fileName))
{
preparedException = HttpException.NotAllowedFileType(fileName, "This is a known risky file type.");
return(false);
}
preparedException = null;
return(true);
}
/// <summary>
/// Determine if errors exist, and return that state
/// </summary>
/// <returns></returns>
protected bool BuildExceptionIfHasIssues(out HttpExceptionAbstraction preparedException, string logMessage = null)
{
var wrapLog = Log.Call();
preparedException = HasErrors ? HttpException.BadRequest(Errors): null;
if (logMessage != null)
{
Log.Add($"{nameof(logMessage)}:{logMessage}");
}
if (HasErrors)
{
Log.Add($"Errors:{Errors}");
}
wrapLog(HasErrors ? "found errors" : "all ok");
return(!HasErrors);
}
internal bool EntityIsOk(int count, IEntity newEntity, out HttpExceptionAbstraction preparedException)
{
var wrapLog = Log.Call <bool>();
if (newEntity == null)
{
Add($"entity {count} couldn't deserialize");
var notOk = BuildExceptionIfHasIssues(out preparedException);
return(wrapLog("newEntity is null", notOk));
}
if (newEntity.Attributes.Count == 0)
{
Add($"entity {count} doesn't have attributes (or they are invalid)");
}
var ok = BuildExceptionIfHasIssues(out preparedException, "EntityIsOk() done");
return(wrapLog("", ok));
}
/// <summary>
/// Returns true if user isn't restricted, or if the restricted user is accessing a draft item
/// </summary>
internal bool UserIsNotRestrictedOrItemIsDraft(Guid guid, out HttpExceptionAbstraction exp)
{
Log.Add($"check if user is restricted ({UserIsRestricted}) or if the item '{guid}' is draft");
exp = null;
// check that if the user should only see drafts, he doesn't see items of normal data
if (!UserIsRestricted || FieldPermissionOk(GrantSets.ReadPublished))
{
return(true);
}
// check if the data is public
var itm = AdamState.AppRuntime.Entities.Get(guid);
if (!(itm?.IsPublished ?? false))
{
return(true);
}
exp = HttpException.PermissionDenied(Log.Add("user is restricted and may not see published, but item exists and is published - not allowed"));
return(false);
}
internal bool FileTypeIsOkForThisField(out HttpExceptionAbstraction preparedException)
{
var wrapLog = Log.Call <bool>();
var fieldDef = AdamState.Attribute;
bool result;
// check if this field exists and is actually a file-field or a string (wysiwyg) field
if (fieldDef == null || !(fieldDef.Type != Eav.Constants.DataTypeHyperlink ||
fieldDef.Type != Eav.Constants.DataTypeString))
{
preparedException = HttpException.BadRequest("Requested field '" + AdamState.ItemField + "' type doesn't allow upload");
Log.Add($"field type:{fieldDef?.Type} - does not allow upload");
result = false;
}
else
{
Log.Add($"field type:{fieldDef.Type}");
preparedException = null;
result = true;
}
return(wrapLog(result.ToString(), result));
}
internal bool SuperUserOrAccessingItemFolder(string path, out HttpExceptionAbstraction preparedException)
{
preparedException = null;
return(!UserIsRestricted || AdamSecurityCheckHelpers.DestinationIsInItem(AdamState.ItemGuid, AdamState.ItemField, path, out preparedException));
}
internal static bool DestinationIsInItem(Guid guid, string field, string path, out HttpExceptionAbstraction preparedException)
{
var inAdam = Sxc.Adam.Security.PathIsInItemAdam(guid, field, path);
preparedException = inAdam
? null
: HttpException.PermissionDenied("Can't access a resource which is not part of this item.");
return(inAdam);
}
internal bool SuperUserOrAccessingItemFolder(string path, out HttpExceptionAbstraction preparedException)
{
preparedException = null;
return(!UserIsRestricted || DestinationIsInItem(AdamContext.ItemGuid, AdamContext.ItemField, path, out preparedException));
}
