/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="specialRole">The special role.</param> /// <returns></returns> public static bool Authorized(ISecured entity, string action, SpecialRole specialRole) { // If there's no Authorizations object, create it if (Authorizations == null) { Load(); } var entityTypeId = entity.TypeId; // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if (Authorizations.Keys.Contains(entityTypeId) && Authorizations[entityTypeId].Keys.Contains(entity.Id) && Authorizations[entityTypeId][entity.Id].Keys.Contains(action)) { foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action]) { if (authRule.SpecialRole == specialRole) { return(authRule.AllowOrDeny == "A"); } } } // If no match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if (entity.ParentAuthority != null) { return(Authorized(entity.ParentAuthority, action, specialRole)); } else { return(entity.IsAllowedByDefault(action)); } }
/// <summary> /// Evaluates whether a selected person is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <returns></returns> public static bool Authorized(ISecured entity, string action, Rock.Model.Person person) { return(ItemAuthorized(entity, action, person) ?? entity.IsAllowedByDefault(action)); }
/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="specialRole">The special role.</param> /// <returns></returns> public static bool Authorized(ISecured entity, string action, SpecialRole specialRole) { return(ItemAuthorized(entity, action, specialRole) ?? entity.IsAllowedByDefault(action)); }
/// <summary> /// Evaluates whether a selected person is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <returns></returns> public static bool Authorized(ISecured entity, string action, Rock.Model.Person person) { // If there's no Authorizations object, create it if (Authorizations == null) { Load(); } var entityTypeId = entity.TypeId; // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if (Authorizations.Keys.Contains(entityTypeId) && Authorizations[entityTypeId].Keys.Contains(entity.Id) && Authorizations[entityTypeId][entity.Id].Keys.Contains(action)) { string userName = person != null?person.Guid.ToString() : string.Empty; foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action]) { // All Users if (authRule.SpecialRole == SpecialRole.AllUsers) { return(authRule.AllowOrDeny == "A"); } // All Authenticated Users if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty) { return(authRule.AllowOrDeny == "A"); } // All Unauthenticated Users if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty) { return(authRule.AllowOrDeny == "A"); } if (authRule.SpecialRole == SpecialRole.None && person != null) { // See if person has been authorized to entity if (authRule.PersonId.HasValue && authRule.PersonId.Value == person.Id) { return(authRule.AllowOrDeny == "A"); } // See if person is in role authorized if (authRule.GroupId.HasValue) { Role role = Role.Read(authRule.GroupId.Value); if (role != null && role.IsUserInRole(userName)) { return(authRule.AllowOrDeny == "A"); } } } } } // If no match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if (entity.ParentAuthority != null) { return(Authorized(entity.ParentAuthority, action, person)); } else { return(entity.IsAllowedByDefault(action)); } }
/// <summary> /// Evaluates whether a selected person is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, Rock.Model.Person person, RockContext rockContext = null ) { // If there's no Authorizations object, create it if ( Authorizations == null ) { rockContext = rockContext ?? new RockContext(); Load( rockContext ); } var entityTypeId = entity.TypeId; // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if ( Authorizations.Keys.Contains( entityTypeId ) && Authorizations[entityTypeId].Keys.Contains( entity.Id ) && Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) ) { string userName = person != null ? person.Guid.ToString() : string.Empty; foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] ) { // All Users if ( authRule.SpecialRole == SpecialRole.AllUsers ) { return authRule.AllowOrDeny == "A"; } // All Authenticated Users if ( authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty ) { return authRule.AllowOrDeny == "A"; } // All Unauthenticated Users if ( authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty ) { return authRule.AllowOrDeny == "A"; } if ( authRule.SpecialRole == SpecialRole.None && person != null ) { // See if person has been authorized to entity if ( authRule.PersonId.HasValue && authRule.PersonId.Value == person.Id ) { return authRule.AllowOrDeny == "A"; } // See if person is in role authorized if ( authRule.GroupId.HasValue ) { Role role = Role.Read( authRule.GroupId.Value ); if ( role != null && role.IsUserInRole( userName ) ) { return authRule.AllowOrDeny == "A"; } } } } } // If no match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if ( entity.ParentAuthority != null ) { return Authorized( entity.ParentAuthority, action, person ); } else { return entity.IsAllowedByDefault( action ); } }
/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="specialRole">The special role.</param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, SpecialRole specialRole ) { // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( new RockContext() ); } var entityTypeId = entity.TypeId; // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if ( Authorizations.Keys.Contains( entityTypeId ) && Authorizations[entityTypeId].Keys.Contains( entity.Id ) && Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) ) { foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] ) { if ( authRule.SpecialRole == specialRole ) { return authRule.AllowOrDeny == "A"; } } } // If no match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if ( entity.ParentAuthority != null ) { return Authorized( entity.ParentAuthority, action, specialRole ); } else { return entity.IsAllowedByDefault( action ); } }
/// <summary> /// Evaluates whether a selected person is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, Rock.Model.Person person ) { return ItemAuthorized( entity, action, person, true, true ) ?? entity.IsAllowedByDefault( action ); }
/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="specialRole">The special role.</param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, SpecialRole specialRole ) { return ItemAuthorized( entity, action, specialRole, true, true ) ?? entity.IsAllowedByDefault( action ); }