private void ValidateCustomPermissions(User user, IExecutionContext executionContext, RoleDetails executorRole) { if (user.IsSystemAccount) { throw new NotPermittedException("You cannot delete the system account."); } if (user.UserAreaCode == CofoundryAdminUserArea.AreaCode) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } if (user.UserId == executionContext.UserContext.UserId) { throw new NotPermittedException("You cannot delete your own user account via this api."); } // Only super admins can delete super admin if (user.Role.RoleCode == SuperAdminRole.SuperAdminRoleCode && !executorRole.IsSuperAdministrator) { throw new NotPermittedException("Only Super Administrator users can delete other users with the Super Administrator role"); } }
public void ValidatePermissions(IExecutionContext executionContext) { if (executionContext.UserContext.IsCofoundryUser()) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } }
public void ValidatePermissions(IUserAreaDefinition userArea, IExecutionContext executionContext) { if (userArea is CofoundryAdminUserArea) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } }
public virtual void Validate <TCommand>(TCommand command, IAsyncCommandHandler <TCommand> commandHandler, IExecutionContext executionContext) where TCommand : ICommand { ValidateCommmandImplementation <TCommand>(commandHandler); if (commandHandler is IPermissionRestrictedCommandHandler <TCommand> ) { var permissions = ((IPermissionRestrictedCommandHandler <TCommand>)commandHandler).GetPermissions(command); _permissionValidationService.EnforcePermission(permissions, executionContext.UserContext); } CheckAdditionalPermissionHandlers(commandHandler, executionContext, _permissionValidationService); }
public void ValidatePermissions(User user, IExecutionContext executionContext) { var userArea = _userAreaRepository.GetByCode(user.UserAreaCode); if (userArea is CofoundryAdminUserArea) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } }
private async Task <List <PageUrlChangedMessage> > GetAffectedPagesAndValidatePermissionsAsync(ICollection <int> affectedPageDirectoryIds, IExecutionContext executionContext) { var pageIds = await _dbContext .Pages .AsNoTracking() .Where(p => affectedPageDirectoryIds.Contains(p.PageDirectoryId)) .Select(p => p.PageId) .ToListAsync(); if (pageIds.Any()) { _permissionValidationService.EnforcePermission <PageUpdateUrlPermission>(executionContext.UserContext); } var affectedPages = await _queryExecutor.ExecuteAsync(new GetPageRoutesByIdRangeQuery(pageIds), executionContext); var results = new List <PageUrlChangedMessage>(affectedPages.Count); foreach (var affectedPage in affectedPages.Values) { var result = new PageUrlChangedMessage() { PageId = affectedPage.PageId, OldFullUrlPath = affectedPage.FullUrlPath, HasPublishedVersionChanged = affectedPage.PublishStatus == PublishStatus.Published }; results.Add(result); } return(results); }
/// <summary> /// Gets all pages that will be deleted when each of the specified directories /// are deleted. Note that these will be actually deleted via the database trigger /// but we need the list to check for constraints and publish messages. /// </summary> private async Task <Dictionary <int, PageDeletedMessage> > GetPageIdsToDeleteAndValidatePermissionAsync(ICollection <int> directoryIdsToDelete, IExecutionContext executionContext) { var pageIds = await _dbContext .Pages .AsNoTracking() .Where(p => directoryIdsToDelete.Contains(p.PageDirectoryId)) .Select(p => p.PageId) .ToListAsync(); if (pageIds.Any()) { _permissionValidationService.EnforcePermission <PageDeletePermission>(executionContext.UserContext); } var pagesToDelete = await _queryExecutor.ExecuteAsync(new GetPageRoutesByIdRangeQuery(pageIds), executionContext); var results = new Dictionary <int, PageDeletedMessage>(pagesToDelete.Count); foreach (var pageToDelete in pagesToDelete.Values) { var result = new PageDeletedMessage() { PageId = pageToDelete.PageId, FullUrlPath = pageToDelete.FullUrlPath }; results.Add(result.PageId, result); } return(results); }
public async Task ValidatePermissionsAsync(User user, IExecutionContext executionContext) { if (user.UserId == executionContext.UserContext.UserId) { throw new NotPermittedException("A user cannot reset the password on their own user account."); } var userArea = _userAreaDefinitionRepository.GetRequiredByCode(user.UserAreaCode); if (userArea is CofoundryAdminUserArea) { _permissionValidationService.EnforcePermission(new CofoundryUserResetPasswordPermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserResetPasswordPermission(), executionContext.UserContext); } await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext); }
private async Task ValidateCustomPermissionsAsync(User user, IExecutionContext executionContext) { if (user.IsSystemAccount) { throw new NotPermittedException("You cannot delete the system account."); } if (user.UserAreaCode == CofoundryAdminUserArea.Code) { _permissionValidationService.EnforcePermission(new CofoundryUserUpdatePermission(), executionContext.UserContext); } else { _permissionValidationService.EnforcePermission(new NonCofoundryUserUpdatePermission(), executionContext.UserContext); } if (user.UserId == executionContext.UserContext.UserId) { throw new NotPermittedException("You cannot delete your own user account via this api."); } // Only super admins can delete super admin await _userCommandPermissionsHelper.ThrowIfCannotManageSuperAdminAsync(user, executionContext); }
public Task ExecuteAsync(Controller controller, PageActionRoutingState state) { var pageRoutingInfo = state.PageRoutingInfo; if (pageRoutingInfo == null || state.VisualEditorState.VisualEditorMode != VisualEditorMode.Edit) { return(Task.CompletedTask); } if (pageRoutingInfo.CustomEntityRoute != null && state.InputParameters.IsEditingCustomEntity ) { _permissionValidationService.EnforceCustomEntityPermission <CustomEntityUpdatePermission>(pageRoutingInfo.CustomEntityRoute.CustomEntityDefinitionCode, state.CofoundryAdminUserContext); } if (!state.InputParameters.IsEditingCustomEntity) { _permissionValidationService.EnforcePermission <PageUpdatePermission>(state.CofoundryAdminUserContext); } return(Task.CompletedTask); }