public void CheckAccess(Permission permission, IUser user, IContent content)
{
if (!TryCheckAccess(permission, user, content)) {
throw new CoeverySecurityException(T("A security exception occurred in the content management system.")) {
PermissionName = permission.Name,
User = user,
Content = content
};
}
}
public NavigationItemBuilder Permission(Permission permission)
{
_item.Permissions = _item.Permissions.Concat(new[] { permission });
return this;
}
public bool TryCheckAccess(Permission permission, IUser user, IContent content)
{
return true;
}
public void CheckAccess(Permission permission, IUser user, IContent content)
{
}
public bool TryCheckAccess(Permission permission, IUser user, IContent content)
{
var context = new CheckAccessContext { Permission = permission, User = user, Content = content };
_authorizationServiceEventHandler.Checking(context);
for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) {
if (!context.Granted && context.User != null) {
if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) &&
String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) {
context.Granted = true;
}
}
if (!context.Granted) {
// determine which set of permissions would satisfy the access check
var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray();
// determine what set of roles should be examined by the access check
IEnumerable<string> rolesToExamine;
if (context.User == null) {
rolesToExamine = AnonymousRole;
}
else if (context.User.Has<IUserRoles>()) {
// the current user is not null, so get his roles and add "Authenticated" to it
rolesToExamine = context.User.As<IUserRoles>().Roles;
// when it is a simulated anonymous user in the admin
if (!rolesToExamine.Contains(AnonymousRole[0])) {
rolesToExamine = rolesToExamine.Concat(AuthenticatedRole);
}
}
else {
// the user is not null and has no specific role, then it's just "Authenticated"
rolesToExamine = AuthenticatedRole;
}
foreach (var role in rolesToExamine) {
foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) {
string possessedName = permissionName;
if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) {
context.Granted = true;
}
if (context.Granted)
break;
}
if (context.Granted)
break;
}
}
context.Adjusted = false;
_authorizationServiceEventHandler.Adjust(context);
if (!context.Adjusted)
break;
}
_authorizationServiceEventHandler.Complete(context);
return context.Granted;
}
private static IEnumerable<string> PermissionNames(Permission permission, IEnumerable<string> stack)
{
// the given name is tested
yield return permission.Name;
// iterate implied permissions to grant, it present
if (permission.ImpliedBy != null && permission.ImpliedBy.Any()) {
foreach (var impliedBy in permission.ImpliedBy) {
// avoid potential recursion
if (stack.Contains(impliedBy.Name))
continue;
// otherwise accumulate the implied permission names recursively
foreach (var impliedName in PermissionNames(impliedBy, stack.Concat(new[] { permission.Name }))) {
yield return impliedName;
}
}
}
yield return StandardPermissions.SiteOwner.Name;
}
public bool Authorize(Permission permission, IContent content, LocalizedString message)
{
if (_authorizationService.TryCheckAccess(permission, _workContextAccessor.GetContext().CurrentUser, content))
return true;
if (message != null) {
if (_workContextAccessor.GetContext().CurrentUser == null) {
_notifier.Error(T("{0}. Anonymous users do not have {1} permission.",
message, permission.Name));
}
else {
_notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
message, permission.Name, _workContextAccessor.GetContext().CurrentUser.UserName));
}
}
return false;
}
public bool Authorize(Permission permission, IContent content)
{
return Authorize(permission, content, null);
}
public bool Authorize(Permission permission, LocalizedString message)
{
return Authorize(permission, null, message);
}
public bool Authorize(Permission permission)
{
return Authorize(permission, null, null);
}
