public File(string name, byte[] data, bool ReadAccess_to_low_users, UserPermissions perm)
{
Name = name;
Data = data;
permissions = perm;
ReadAccessToLowUsers = ReadAccess_to_low_users;
}
/// <summary>
/// 角色权限
/// </summary>
/// <returns></returns>
public List <UserPermissions> getUserPer(string q)
{
string sql = string.Format("select MS_User.[User_Name],MS_Permissios.Permissions_name,MS_Permissios.Permissions_Id from MS_UserPermissions,MS_User,MS_Permissios " +
"where MS_UserPermissions.[User_ID]=MS_User.[User_Id] and MS_UserPermissions.Permissios_ID=MS_Permissios.Permissions_Id and MS_User.User_JobNumber like '%{0}%'", q);
var table = DBHelper.Select(sql);
List <UserPermissions> list = new List <UserPermissions>();
foreach (DataRow item in table.Rows)
{
UserPermissions permissions = new UserPermissions
{
UserId = new User
{
Name = item["User_Name"].ToString()
},
PermissiosID = new Permissios
{
PermissiosName = item["Permissions_name"].ToString(),
PermissiosID = Convert.ToInt32(item["Permissions_Id"])
}
};
list.Add(permissions);
}
return(list);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["User"] != null && Session["User"].ToString() != string.Empty)
{
if (Request.QueryString["id"] == null)
{
if (UserPermissions.Any(
p =>
p.PageUrl.ToLower().Equals(Common.Members) &&
p.ModuleID == (int)ModulesEnum.Committees &&
(p.Show.Equals(true) || p.Add.Equals(true) || p.Edit.Equals(true) || p.Delete.Equals(true))))
{
var per = UserPermissions.FirstOrDefault(
p =>
p.PageUrl.ToLower().Equals(Common.Members) &&
p.ModuleID == (int)ModulesEnum.Committees &&
(p.Show.Equals(true) || p.Add.Equals(true) || p.Edit.Equals(true) || p.Delete.Equals(true)));
((HtmlGenericControl)Page.Master.FindControl("ulBreadcrumb")).InnerHtml = "<li><i class='ace-icon fa fa-home home-icon'></i><a href ='Dashboard.aspx'> الرئيسية </a></li><li>" + per.ModuleName + "</li><li>" + per.PageName + "</li><li></li>";
Page.Title = per.PageName;
}
else
{
Response.Redirect("NoPermission.aspx");
}
}
else
{
if (UserPermissions.Any(
p =>
p.PageUrl.ToLower().Equals(Common.Members) &&
p.ModuleID == (int)ModulesEnum.CommitteeWorks &&
(p.Show.Equals(true) || p.Add.Equals(true) || p.Edit.Equals(true) || p.Delete.Equals(true))))
{
var per = UserPermissions.FirstOrDefault(
p =>
p.PageUrl.ToLower().Equals(Common.Members) &&
p.ModuleID == (int)ModulesEnum.CommitteeWorks &&
(p.Show.Equals(true) || p.Add.Equals(true) || p.Edit.Equals(true) || p.Delete.Equals(true)));
((HtmlGenericControl)Page.Master.FindControl("ulBreadcrumb")).InnerHtml = "<li><i class='ace-icon fa fa-home home-icon'></i><a href ='Dashboard.aspx'> الرئيسية </a></li><li>" + per.ModuleName + "</li><li>" + per.PageName + "</li><li></li>";
Page.Title = per.PageName;
}
else
{
Response.Redirect("NoPermission.aspx");
}
}
}
else
{
Session["back"] = Request.Url.AbsoluteUri;
Response.Redirect("Login.aspx?ReturnURL=" + Request.Url.AbsolutePath);
}
BindData();
BindAttachments();
BindAwards();
BindAttendance();
}
}
public IActionResult Update(int groupId, [FromBody] FeatureGroupArgs groupArgs)
{
if (!UserPermissions.IsAllowedToAdminister(User.Identity))
{
return(Forbid());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
_manager.UpdateGroup(groupId, groupArgs);
return(NoContent());
}
catch (ResourceNotFoundException <FeatureGroup> e)
{
return(NotFound(e.Message)); // invalid group ID
}
catch (ResourceNotFoundException <Feature> e)
{
return(StatusCode(422, e.Message)); // invalid feature ID
}
catch (InvalidOperationException e)
{
// tried to rename protected group or tried to move users to the public group
return(StatusCode(409, e.Message));
}
catch (ArgumentException e)
{
return(StatusCode(409, e.Message)); // new group name already in use
}
}
public IActionResult GetFileById(int id)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var status = _entityIndex.Status(ResourceType.Media, id) ?? ContentStatus.Published;
if (!UserPermissions.IsAllowedToGet(User.Identity, status, _entityIndex.Owner(ResourceType.Media, id)))
{
return(Forbid());
}
if (!_entityIndex.Exists(ResourceType.Media, id))
{
return(NotFound());
}
var media = _db.Database.GetCollection <MediaElement>(ResourceType.Media.Name)
.AsQueryable()
.FirstOrDefault(x => x.Id == id);
if (media?.File == null || !System.IO.File.Exists(media.File))
{
return(NotFound());
}
new FileExtensionContentTypeProvider().TryGetContentType(media.File, out string mimeType);
mimeType = mimeType ?? "application/octet-stream";
return(File(new FileStream(media.File, FileMode.Open), mimeType, Path.GetFileName(media.File)));
}
public IActionResult GetById(int id, DateTimeOffset?timestamp = null)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var status = _entityIndex.Status(ResourceType.Tag, id) ?? ContentStatus.Published;
if (!UserPermissions.IsAllowedToGet(User.Identity, status, _entityIndex.Owner(ResourceType.Tag, id)))
{
return(Forbid());
}
var tag = _db.Database.GetCollection <Tag>(ResourceType.Tag.Name)
.AsQueryable()
.FirstOrDefault(x => x.Id == id);
if (tag == null)
{
return(NotFound());
}
if (timestamp != null && tag.Timestamp <= timestamp.Value)
{
return(StatusCode(304));
}
var tagResult = new TagResult(tag)
{
Timestamp = _referencesIndex.LastModificationCascading(ResourceType.Tag, id)
};
return(Ok(tagResult));
}
public async static Task <IEnumerable <PermissionDto> > GetUsersPermissions(IEnumerable <User> dto)
{
var task = Task.Run(() =>
{
var viewModel = new List <PermissionDto>();
foreach (var dt in dto)
{
var permission = new PermissionDto();
permission.Id = dt.Id;
permission.Email = dt.Email;
permission.Username = dt.Username;
var per = new List <UserPermissions>();
foreach (var pe in dt.Permissions)
{
var permi = new UserPermissions();
permi.Id = pe.Id;
permi.EntityId = pe.EntityId;
permi.UserId = pe.UserId;
permi.HasAccess = pe.HasAccess ? true : false;
per.Add(permi);
}
permission.Permissions = per;
viewModel.Add(permission);
}
return(viewModel);
});
return(await task);
}
public async Task <IActionResult> PutAsync(string userId, [FromBody] UserUpdateArgs args)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!_userIndex.TryGetInternalId(userId, out var internalId))
{
return(NotFound());
}
if (!UserPermissions.IsAllowedToModify(User.Identity, userId))
{
return(Forbid());
}
var oldUser = await EventStreamExtensions.GetCurrentEntityAsync <UserEventArgs>(_eventStore.EventStream, ResourceTypes.User, internalId);
var changedUserArgs = new UserEventArgs(oldUser)
{
FirstName = args.FirstName,
LastName = args.LastName,
};
await EntityManager.UpdateEntityAsync(_eventStore, oldUser, changedUserArgs, ResourceTypes.User, internalId,
User.Identity.GetUserIdentity());
return(NoContent());
}
public async Task <IActionResult> PutRolesAsync(string userId, [FromBody] string[] roles)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
var invalidRoles = roles.Distinct().Where(s => !Enum.TryParse <UserRoles>(s, out _));
foreach (var invalidRole in invalidRoles)
{
ModelState.AddModelError("Roles", $"'{invalidRole}' is not a valid role");
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!_userIndex.TryGetInternalId(userId, out var _))
{
return(NotFound());
}
if (!UserPermissions.IsAllowedToChangeRoles(User.Identity))
{
return(Forbid());
}
var actualRoles = roles.Distinct();
await Auth.SetUserRolesAsync(userId, actualRoles);
return(NoContent());
}
public async Task UpdateUserPermissions_Success()
{
var userId = "uid";
var ep = new[] {
new EntityPermission
{
EntityId = "eid",
}
};
var toUpdate = new UserPermissions
{
UserId = userId,
EntityPermissions = ep,
};
var dbEntity = new UserPermissions
{
UserId = userId,
};
var repo = new Mock <IRepository <UserPermissions> >();
var cm = new Mock <ICacheManager>();
repo.Setup(r => r.GetAll(It.IsAny <Pagination <UserPermissions> >())).ReturnsAsync(new[] { dbEntity });
repo.Setup(r => r.Update(It.IsAny <UserPermissions>())).ReturnsAsync(dbEntity);
var pm = new PermissionManager(cm.Object, repo.Object);
var res = await pm.UpdateUserPermissions(toUpdate);
res.ShouldBe(dbEntity);
cm.Verify(c => c.Remove(It.Is <string>(s => s.EndsWith(userId))), Times.Once);
repo.Verify(r => r.Update(It.Is <UserPermissions>(u => u == dbEntity && u.EntityPermissions == ep)), Times.Once);
}
public async Task <IActionResult> GetByEmailAsync(string email)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!UserPermissions.IsAllowedToGetAll(User.Identity))
{
return(Forbid());
}
var user = _db.Database.GetCollection <User>(ResourceTypes.User.Name)
.AsQueryable()
.FirstOrDefault(u => u.Email == email);
if (user == null)
{
return(NotFound());
}
var result = new UserResult(user)
{
Roles = await Auth.GetUserRolesAsStringAsync(user.UserId),
ProfilePicture = GenerateFileUrl(user.UserId)
};
return(Ok(result));
}
public async Task InvokeAsync_BadRequestOnMissingIdForDeleteAndPut(string method, string reqesteeId)
{
var logger = new Mock <ILogger <AnyServicePermissionMiddleware> >();
var mw = new AnyServicePermissionMiddleware(null, logger.Object);
string entityKey = "entity-key",
updateKey = "update-key",
deleteKey = "delete-key";
var wc = new WorkContext
{
CurrentEntityConfigRecord = new EntityConfigRecord
{
Type = typeof(TestModel),
PermissionRecord = new PermissionRecord(null, null, updateKey, deleteKey),
EntityKey = entityKey
},
RequestInfo = new RequestInfo
{
Method = method,
RequesteeId = reqesteeId,
}
};
var httpResponse = new Mock <HttpResponse>();
var httpContext = new Mock <HttpContext>();
httpContext.SetupGet(h => h.Response).Returns(httpResponse.Object);
var userPermissions = new UserPermissions();
var mgr = new Mock <IPermissionManager>();
mgr.Setup(m => m.GetUserPermissions(It.IsAny <string>())).ReturnsAsync(userPermissions);
await mw.InvokeAsync(httpContext.Object, wc, mgr.Object);
httpResponse.VerifySet(r => r.StatusCode = StatusCodes.Status403Forbidden, Times.Once);
}
public bool HasPermission(string key)
{
key = key.ToUpper();
if (UserPermissions.Contains(key))
{
return(true);
}
if (Permissions.Contains(key))
{
return(false);
}
var query = DataQuery.Create("Security", "ws_Permissions_Create", new { Key = key });
var ds = this.Execute(query);
if (ds == null)
{
UI.ShowError(this.LastError);
}
Permissions.Add(key);
return(false);
}
private void SaveUserFieldPermissions()
{
string selectId = "";
StringBuilder roleIdList = new StringBuilder();
StringBuilder builder2 = new StringBuilder();
StringBuilder builder3 = new StringBuilder();
this.m_NodeSkimAll = ((CheckBox)this.EgvNodes.Rows[0].FindControl("ChkNodeSkim")).Checked;
this.m_NodePreviewAll = ((CheckBox)this.EgvNodes.Rows[0].FindControl("ChkNodePreview")).Checked;
this.m_NodeInputAll = ((CheckBox)this.EgvNodes.Rows[0].FindControl("ChkNodeInput")).Checked;
for (int i = 0; i < this.EgvNodes.Rows.Count; i++)
{
this.m_ChkNodeSkim = (CheckBox)this.EgvNodes.Rows[i].Cells[2].FindControl("ChkNodeSkim");
this.m_ChkNodePreview = (CheckBox)this.EgvNodes.Rows[i].Cells[3].FindControl("ChkNodePreview");
this.m_ChkNodeInput = (CheckBox)this.EgvNodes.Rows[i].Cells[4].FindControl("ChkNodeInput");
selectId = this.EgvNodes.DataKeys[i].Value.ToString();
AppendSelectId(this.m_ChkNodeSkim.Checked || this.m_NodeSkimAll, selectId, ref roleIdList);
AppendSelectId(this.m_ChkNodePreview.Checked || this.m_NodePreviewAll, selectId, ref builder2);
AppendSelectId(this.m_ChkNodeInput.Checked || this.m_NodeInputAll, selectId, ref builder3);
}
AppendAllId(roleIdList, this.EgvNodes.Rows.Count - 1);
AppendAllId(builder2, this.EgvNodes.Rows.Count - 1);
AppendAllId(builder3, this.EgvNodes.Rows.Count - 1);
UserPermissions.DeleteNodePermissions(this.m_RoleId, this.m_IdType);
UserPermissions.AddNodePermissions(this.m_RoleId, OperateCode.NodeContentSkim, roleIdList.ToString(), this.m_IdType);
UserPermissions.AddNodePermissions(this.m_RoleId, OperateCode.NodeContentPreview, builder2.ToString(), this.m_IdType);
UserPermissions.AddNodePermissions(this.m_RoleId, OperateCode.NodeContentInput, builder3.ToString(), this.m_IdType);
}
public User(string firstName, string lastName, string email, string password, List <Guid> permissions)
{
//if (permissions == null || permissions.Count == 0)
//{
// throw new Exception("User should have at least one permission");
//}
FirstName = firstName;
LastName = lastName;
Email = email;
byte[] passwordHash;
byte[] passwordSalt;
Common.Identity.Authentication.CreatePasswordHash(password, out passwordHash, out passwordSalt);
this.PasswordHash = passwordHash;
this.PasswordSalt = passwordSalt;
if (permissions != null)
{
permissions.ForEach(a =>
{
if (UserPermissions == null)
{
UserPermissions = new List <UserPermission>();
}
UserPermissions.Add(new UserPermission(this.Id, a));
});
}
}
protected override void CreateChildControls()
{
Control child = this.Page.LoadControl("~/Controls/FieldControl/" + this.ControlType.ToString() + ".ascx");
child.ID = "EasyOne2007";
if (this.IsAdminManage)
{
this.Visible = RolePermissions.AccessCheckFieldPermission(OperateCode.ContentFieldInput, DataConverter.CLng(HttpContext.Current.Request.QueryString["ModelId"]), this.FieldName);
}
else
{
this.Visible = UserPermissions.AccessCheck(OperateCode.ContentFieldInput, DataConverter.CLng(HttpContext.Current.Request.QueryString["ModelId"]), this.FieldName);
}
this.m_FieldControl = (IFieldControl)child;
this.m_FieldControl.Settings = this.Settings;
this.m_FieldControl.EnableNull = this.EnableNull;
this.m_FieldControl.FieldAlias = this.FieldAlias;
this.m_FieldControl.FieldLevel = this.FieldLevel;
this.m_FieldControl.FieldName = this.FieldName;
this.m_FieldControl.Tips = this.Tips;
this.m_FieldControl.Description = this.Description;
this.m_FieldControl.ControlType = this.ControlType;
this.m_FieldControl.IsAdminManage = this.IsAdminManage;
this.m_FieldControl.InitFieldControl();
this.Controls.Add(child);
}
/// <inheritdoc />
public virtual bool HasPermissions(Guid sessionId, UserPermissions requiredPermissions, string securityId, string dataType, object arg, DateTime?date)
{
switch (requiredPermissions)
{
case UserPermissions.Save:
case UserPermissions.Delete:
case UserPermissions.EditSecurities:
case UserPermissions.EditExchanges:
case UserPermissions.EditBoards:
case UserPermissions.DeleteSecurities:
case UserPermissions.DeleteExchanges:
case UserPermissions.DeleteBoards:
case UserPermissions.GetUsers:
case UserPermissions.EditUsers:
case UserPermissions.ServerManage:
case UserPermissions.Trading:
case UserPermissions.Withdraw:
return(false);
case UserPermissions.Load:
case UserPermissions.SecurityLookup:
case UserPermissions.ExchangeLookup:
case UserPermissions.ExchangeBoardLookup:
return(true);
default:
throw new ArgumentOutOfRangeException(nameof(requiredPermissions), requiredPermissions, LocalizedStrings.Str1219);
}
}
/* Assign
* ----------------------------------------------------------------------
*/
#region Assign
public async Task <bool> AssignUserPermissionsAsync(string permissionId, string userId)
{
try
{
var userPermissionsList = await _permissionsContext
.UserPermissionsCollection
.AsQueryable()
.ToListAsync();
// Insert ---------------------------------------------------------
// Если для такого юзера не было пермишинсов создаём новый список
if (!userPermissionsList.Exists(up => up.UserId == userId))
{
var cursor = await _permissionsContext
.UserPermissionsCollection.FindAsync(u => u.UserId == userId);
var any = await cursor.AnyAsync();
if (!any)
{
var up = new UserPermissions
{
UserId = userId,
PermissionIds = new List <string> {
permissionId
}
};
await _permissionsContext
.UserPermissionsCollection
.InsertOneAsync(up);
return(true);
}
}
// Update ---------------------------------------------------------
// Иначе добавляем новые данные к старым и обновляем их в базе
else
{
var upfOld = userPermissionsList.First(up => up.UserId == userId).ToBsonDocument();
var upfNew = userPermissionsList.First(up => up.UserId == userId);
if (!upfNew.PermissionIds.Exists(id => id == permissionId))
{
upfNew.PermissionIds.Add(permissionId);
await _permissionsContext
.UserPermissionsCollection
.ReplaceOneAsync(upfOld, upfNew);
return(true);
}
}
}
catch (Exception e)
{
_logger.LogWarning($"--- AssignUserPermissionsAsync() \n\n Reason:\n {e.Message}");
_logger.LogDebug(1000, e, "------------------------------------------------------");
return(false);
}
return(false);
}
public async Task CreateUserPermissions_InvalidModel(UserPermissions data)
{
var pm = new PermissionManager(null, null);
var up = await pm.UpdateUserPermissions(data);
up.ShouldBeNull();
}
public async Task <UserPermissions> GetUserPermissions()
{
var claims = User.Claims.ToList();
UserPermissions userPermissions = GetPermissionsFromClaims(claims);
return(userPermissions);
}
/// <summary>
/// Checks if the current user has permissions to execute this action against this node
/// </summary>
/// <param name="node"></param>
/// <param name="currentAction"></param>
/// <returns></returns>
/// <remarks>
/// This used to do a recursive check for all descendent nodes but this is not required and is a massive CPU hog.
/// See: http://issues.umbraco.org/issue/U4-2632, https://groups.google.com/forum/?fromgroups=#!topic/umbraco-dev/L1D4LwVSP2Y
/// </remarks>
private bool CheckPermissions(IContentBase node, IAction currentAction)
{
var currUserPermissions = new UserPermissions(CurrentUser);
var lstCurrUserActions = currUserPermissions.GetExistingNodePermission(node.Id);
return(lstCurrUserActions.Contains(currentAction));
}
public async Task <IActionResult> DeleteAsync(string userId)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!UserPermissions.IsAllowedToModify(User.Identity, userId))
{
return(Forbid());
}
if (!_userIndex.TryGetInternalId(userId, out var internalId))
{
return(NotFound());
}
var oldUser = await _eventStore.EventStream.GetCurrentEntityAsync <UserEventArgs>(ResourceTypes.User, internalId);
//we need to set the StudentDetails to null to delete it
var newUserArgs = new UserEventArgs(oldUser)
{
StudentDetails = null
};
await EntityManager.UpdateEntityAsync(_eventStore, oldUser, newUserArgs, ResourceTypes.User,
internalId, User.Identity.GetUserIdentity());
return(NoContent());
}
public IActionResult Create([FromBody] FeatureGroupArgs groupArgs)
{
if (!UserPermissions.IsAllowedToAdminister(User.Identity))
{
return(Forbid());
}
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
var group = _manager.CreateGroup(groupArgs);
return(Created($"{Request.Scheme}://{Request.Host}/api/FeatureGroups/{group.Id}", group.Id));
}
catch (ResourceNotFoundException <Feature> e)
{
return(StatusCode(422, e.Message)); // invalid feature ID
}
catch (ArgumentException e)
{
return(StatusCode(409, e.Message)); // group with that name already exists
}
}
public UserContext(DB.User data, bool isAuthorized)
{
_idUser = data.IdUser;
_data = data;
_isAuthorized = isAuthorized;
_permissions = new UserPermissions();
}
private void AddBibTexLinks()
{
using (ResourceDataAccess resourceDAL = new ResourceDataAccess(this.CreateContext()))
{
if (!IsSecurityAwareControl || (UserPermissions != null && UserPermissions.Contains(UserResourcePermissions.Read)))
{
ScholarlyWork scholarlyWorkObj = (ScholarlyWork)resourceDAL.GetScholarlyWorkWithCitedScholarlyWorks(SubjectResource.Id);
if (scholarlyWorkObj != null && scholarlyWorkObj.Cites.Count > 0)
{
BibTexExportLink.Visible = true;
}
else
{
BibTexExportLink.Visible = false;
}
}
if (!IsSecurityAwareControl || (UserPermissions != null && UserPermissions.Contains(UserResourcePermissions.Update)))
{
BibTexImportLink.Visible = true;
}
else
{
BibTexImportLink.Visible = false;
}
SeperatorLabel.Visible = (BibTexExportLink.Visible == false || BibTexImportLink.Visible == false) ? false : true;
}
this.Controls.Add(BibTexPanel);
}
public async Task GetPermittedIds_ReturnsEntityIds()
{
string eId1 = "id-1",
eId2 = "id-2";
var up = new UserPermissions
{
EntityPermissions = new[] {
new EntityPermission {
EntityId = eId1, EntityKey = "ek", PermissionKeys = new[] { "pk" },
},
new EntityPermission {
EntityId = eId2, EntityKey = "ek", PermissionKeys = new[] { "pk" },
},
},
};
var pm = new Mock <IPermissionManager>();
pm.Setup(p => p.GetUserPermissions(It.IsAny <string>())).ReturnsAsync(up);
var res = await PermissionManagerExtensions.GetPermittedIds(pm.Object, "some-user-id", "ek", "pk");
res.Count().ShouldBe(2);
res.Contains(eId1);
res.Contains(eId2);
}
public async Task <IActionResult> Edit(int id, [Bind("Id,UserId,PermissionId,Acces")] UserPermissions userPermissions)
{
if (id != userPermissions.Id)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(userPermissions);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UserPermissionsExists(userPermissions.Id))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
ViewData["PermissionId"] = new SelectList(_context.Permission, "Id", "Id", userPermissions.PermissionId);
ViewData["UserId"] = new SelectList(_context.Set <Users>(), "Id", "Password", userPermissions.UserId);
return(View(userPermissions));
}
public string GetFileList(UserPermissions perm)
{
string[] FilesList = Directory.GetFiles(PathCombine(Root, WD), "*.*", SearchOption.TopDirectoryOnly);
string[] FoldersList = Directory.GetDirectories(PathCombine(Root, WD), "*.*", SearchOption.TopDirectoryOnly);
var List = new StringBuilder();
foreach (string Folder in FoldersList)
{
if (!perm.CanViewHiddenFolders && (new DirectoryInfo(Folder).Attributes & FileAttributes.Hidden) == FileAttributes.Hidden)
{
continue;
}
string date = Directory.GetCreationTime(Folder).ToString("MM-dd-yy hh:mmtt");
List.AppendLine(date + " <DIR> " + Folder.Substring(Folder.Replace('\\', '/').LastIndexOf('/') + 1));
}
foreach (string FileName in FilesList)
{
if (!perm.CanViewHiddenFiles && (File.GetAttributes(FileName) & FileAttributes.Hidden) == FileAttributes.Hidden)
{
continue;
}
string date = File.GetCreationTime(FileName).ToString("MM-dd-yy hh:mmtt");
List.AppendLine(date + " " + new FileInfo(FileName).Length.ToString() + " " + FileName.Substring(FileName.Replace('\\', '/').LastIndexOf('/') + 1));
}
return(List.ToString());
}
public void DenyUserAccess(UserPermissions up)
{
try
{
ValidateToken();
Byte[] parameters = null;
{
using (MemoryStream ms = new MemoryStream())
{
JsonUtil.WriteJsonParam <string>(AuthenticationToken, ms, "authenticationCookie");
JsonUtil.WriteJsonParam <UserPermissions>(up, ms, "userAccess");
JsonUtil.WriteJsonParam <ExtraOptions>(new ExtraOptions(), ms, "extraOptions");
parameters = ms.ToArray();
}
}
JsonUtil.POSTCallJson(ServiceUrl, "DenyUserAccess", parameters);
}
catch (Exception ex)
{
throw ex;
}
}
public async Task <IActionResult> PostAsync([FromBody] TagArgs args)
{
ValidateTagArgs(args);
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (!UserPermissions.IsAllowedToCreate(User.Identity, args.Status))
{
return(Forbid());
}
if (_tagIndex.IsTitleExist(args.Title))
{
return(StatusCode(409));
}
int id = _entityIndex.NextId(ResourceType.Tag);
var ev = new TagCreated
{
Id = id,
UserId = User.Identity.GetUserIdentity(),
Properties = args,
Timestamp = DateTimeOffset.Now
};
await _eventStore.AppendEventAsync(ev);
return(Created($"{Request.Scheme}://{Request.Host}/api/Tags/{id}", id));
}
void InitialisePermissions()
{
_groups = new GroupTable();
_nodes = new PermissionTable();
_userPerms = new UserPermissions();
_groupPerms = new GroupPermissions();
_users = new UsersTable();
_groups.Initialise(this);
_nodes.Initialise(this);
_userPerms.Initialise(this);
_groupPerms.Initialise(this);
_users.Initialise(this);
}
/// <summary>
/// Sets the permission level for this account.
/// </summary>
/// <param name="newPermissions">The new <see cref="UserPermissions"/> level.</param>
public void SetPermissions(UserPermissions newPermissions)
{
if (newPermissions == Permissions)
return;
// Set the new value
Permissions = newPermissions;
// Update the database
DbController.GetQuery<UpdateAccountPermissionsQuery>().Execute(ID, Permissions);
}
/// <summary>
/// Gets if the given <see cref="UserPermissions"/> is set.
/// </summary>
/// <param name="p">The <see cref="UserPermissions"/>.</param>
/// <param name="level">The <see cref="UserPermissions"/> to check if set.</param>
/// <returns>
/// True if the <paramref name="level"/> is set; otherwise false.
/// </returns>
public static bool IsSet(this UserPermissions p, UserPermissions level)
{
return (p & level) == level;
}
public void UpdateData(UserPermissions value)
{
if (value == null)
{
return;
}
AllowCreateCheatNotes = value.AllowCreateCheatNotes;
AllowEditCheatNotes = value.AllowEditCheatNotes;
AllowDeleteCheatNotes = value.AllowDeleteCheatNotes;
AllowCreateCheatNoteItems = value.AllowCreateCheatNoteItems;
AllowEditCheatNoteItems = value.AllowEditCheatNoteItems;
AllowDeleteCheatNoteItems = value.AllowDeleteCheatNoteItems;
AllowGenerateCheatNoteHtml = value.AllowGenerateCheatNoteHtml;
AllowManageUsers = value.AllowManageUsers;
}
/// <summary>
/// Populates the fields for multiple objects from the columns found in an open reader.
/// </summary>
///
/// <param name="rdr" type="IDataReader">An object that implements the IDataReader interface</param>
///
/// <returns>Object of UserPermissions</returns>
///
/// <remarks>
///
/// <RevisionHistory>
/// Author Date Description
/// DLGenerator 7/5/2012 11:05:31 AM Created function
///
/// </RevisionHistory>
///
/// </remarks>
///
internal static UserPermissions PopulateObjectsFromReader(IDataReader rdr, string ConnectionString)
{
UserPermissions list = new UserPermissions();
while (rdr.Read())
{
UserPermission obj = new UserPermission(ConnectionString);
PopulateObjectFromReader(obj,rdr);
list.Add(obj);
}
return list;
}
/// <summary>
/// Populates the fields for multiple objects from the columns found in an open reader.
/// </summary>
///
/// <param name="rdr" type="IDataReader">An object that implements the IDataReader interface</param>
///
/// <returns>Object of UserPermissions</returns>
///
/// <remarks>
///
/// <RevisionHistory>
/// Author Date Description
/// DLGenerator 7/5/2012 11:05:31 AM Created function
///
/// </RevisionHistory>
///
/// </remarks>
///
internal static UserPermissions PopulateObjectsFromReaderWithCheckingReader(IDataReader rdr, DatabaseHelper oDatabaseHelper, string ConnectionString)
{
UserPermissions list = new UserPermissions();
if (rdr.Read())
{
UserPermission obj = new UserPermission(ConnectionString);
PopulateObjectFromReader(obj, rdr);
list.Add(obj);
while (rdr.Read())
{
obj = new UserPermission(ConnectionString);
PopulateObjectFromReader(obj, rdr);
list.Add(obj);
}
oDatabaseHelper.Dispose();
return list;
}
else
{
oDatabaseHelper.Dispose();
return null;
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SayHandlerCommandAttribute"/> class.
/// </summary>
/// <param name="command">The name of the command.</param>
/// <param name="permissions">The permission level required to invoke this command.</param>
public SayHandlerCommandAttribute(string command, UserPermissions permissions = UserPermissions.None) : base(command)
{
_permissions = permissions;
}
/// <summary>
/// Initializes a new instance of the <see cref="AccountTable"/> class.
/// </summary>
/// <param name="creatorIp">The initial value for the corresponding property.</param>
/// <param name="currentIp">The initial value for the corresponding property.</param>
/// <param name="email">The initial value for the corresponding property.</param>
/// <param name="iD">The initial value for the corresponding property.</param>
/// <param name="name">The initial value for the corresponding property.</param>
/// <param name="password">The initial value for the corresponding property.</param>
/// <param name="permissions">The initial value for the corresponding property.</param>
/// <param name="timeCreated">The initial value for the corresponding property.</param>
/// <param name="timeLastLogin">The initial value for the corresponding property.</param>
public AccountTable(UInt32 @creatorIp, uint? @currentIp, String @email, AccountID @iD, String @name, String @password,
UserPermissions @permissions, DateTime @timeCreated, DateTime @timeLastLogin)
{
CreatorIp = @creatorIp;
CurrentIp = @currentIp;
Email = @email;
ID = @iD;
Name = @name;
Password = @password;
Permissions = @permissions;
TimeCreated = @timeCreated;
TimeLastLogin = @timeLastLogin;
}