private void CacheRightsForNode(MvcSiteMapNode mvcNode, MvcHandler handler, string permissionCacheKey) { lock (this.padlock) { // double check if (!permissionCache.ContainsKey(permissionCacheKey)) { // check permission attributes and store required rights in the permission cache. // It's an MvcSiteMapNode, try to figure out the controller class IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller); Type controllerType = controller.GetType(); // Find all AuthorizeAttributes on the controller class and action method ArrayList controllerAttributes = new ArrayList(controllerType.GetCustomAttributes(typeof(PermissionFilterAttribute), true)); ArrayList actionAttributes = new ArrayList(); MethodInfo[] methods = controllerType.GetType().GetMethods(BindingFlags.Public); foreach (MethodInfo method in methods) { object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true); if ( (attributes.Length == 0 && method.Name == mvcNode.Action) || (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action) ) { actionAttributes.AddRange(method.GetCustomAttributes(typeof(PermissionFilterAttribute), true)); } } ICollection <string> rights = new List <string>(); // Attributes found? if (controllerAttributes.Count > 0) { PermissionFilterAttribute attribute = controllerAttributes[0] as PermissionFilterAttribute; foreach (string right in attribute.RightsArray) { if (!rights.Contains(right)) { rights.Add(right); } } } if (actionAttributes.Count > 0) { PermissionFilterAttribute attribute = actionAttributes[0] as PermissionFilterAttribute; foreach (string right in attribute.RightsArray) { if (!rights.Contains(right)) { rights.Add(right); } } } permissionCache.Add(permissionCacheKey, rights.ToArray()); } } }
private MenuItemData GenerateMenuItemFromSiteMapNode(ActionExecutingContext filterContext, MvcSiteMapNode node, SiteMapNode currentNode, UrlHelper urlHelper) { // HACK: it's possible that we have a querystring ?container=true. This is required when for a top-level // menu item with the same action and controller as one of the children. Leaving the parameter out causes the // sitemapprovider to crash because it doesn't allow duplicate url's. string url = node.Url.Replace("?container=true", String.Empty); return new MenuItemData(VirtualPathUtility.ToAbsolute(url) , GlobalResources.ResourceManager.GetString(node.ResourceKey, Thread.CurrentThread.CurrentUICulture) , CheckInPath(node, currentNode, filterContext.RouteData) , node.Icon != null ? urlHelper.Content("~/manager/Content/images/" + node.Icon) : null); }
private bool CheckInPath(MvcSiteMapNode node, SiteMapNode currentNode, RouteData currentRouteData) { MvcSiteMapNode currentMvcNode = currentNode as MvcSiteMapNode; if (currentMvcNode != null) { return currentMvcNode.Key == node.Key || currentMvcNode.IsDescendantOf(node); } // We might have some unmapped actions. Check routedata if the node is in the path. Only check top-level nodes. if (currentRouteData != null) { return node.Controller == currentRouteData.Values["controller"].ToString() && node.ParentNode == this._sitemapProvider.RootNode; } return false; }
/// <summary> /// Determine if a node is accessible for a user /// </summary> /// <param name="context">Current HttpContext</param> /// <param name="node">Sitemap node</param> /// <param name="site">Cuyahoga site (optional)</param> /// <returns>True/false if the node is accessible</returns> public bool IsAccessibleToUser(HttpContextBase context, SiteMapNode node, Site site) { // Is security trimming enabled? if (!this.SecurityTrimmingEnabled) { return(true); } // Is it a regular node? No need for more things to do! MvcSiteMapNode mvcNode = node as MvcSiteMapNode; if (mvcNode == null) { return(base.IsAccessibleToUser(HttpContext.Current, node)); // dirty, but the base sitemap provider requires an HttpContext. } // Find current handler MvcHandler handler = context.Handler as MvcHandler; if (handler != null) { User cuyahogaUser = handler.RequestContext.HttpContext.User as User; if (cuyahogaUser == null) { return(false); } string permissionCacheKey = mvcNode.Key + "_" + mvcNode.Action; if (!permissionCache.ContainsKey(permissionCacheKey)) { CacheRightsForNode(mvcNode, handler, permissionCacheKey); } // Determine if the user has the required rights foreach (string requiredRight in this.permissionCache[permissionCacheKey]) { if (site == null && !cuyahogaUser.HasRight(requiredRight) || site != null && !cuyahogaUser.HasRight(requiredRight, site)) { return(false); } } return(true); // MVC handler and all required rights are OK. } return(false); }
/// <summary> /// Maps an XMLElement from the XML file to a SiteMapNode. /// </summary> /// <param name="node">The element to map.</param> /// <returns>A SiteMapNode which represents the XMLElement.</returns> protected SiteMapNode GetMvcSiteMapNodeFromXMLElement(XElement node) { // Get the ID attribute, need this so we can get the key. string id = GetAttributeValue(node.Attribute("id")); // Create a new sitemapnode, setting the key and url var smNode = new MvcSiteMapNode(this, id); // Create a route data dictionary IDictionary <string, object> routeValues = new Dictionary <string, object>(); // Add each attribute to our attributes collection on the sitemapnode // and to a route data dictionary. foreach (XAttribute attribute in node.Attributes()) { string attributeName = attribute.Name.ToString(); string attributeValue = attribute.Value; smNode[attributeName] = attributeValue; if (!this.ignoreAttributes.Contains(attributeName)) { routeValues.Add(attributeName, attributeValue); } else if (attributeName == "paramid") { routeValues.Add("id", attributeValue); } } // Set the other properties on the sitemapnode, // these are for title and description, these come // from the nodes attrbutes are we populated all attributes // from the xml to the node. smNode.Title = smNode["title"]; smNode.Description = smNode["description"]; smNode.ResourceKey = smNode["resourceKey"]; smNode.Controller = smNode["controller"]; smNode.Action = smNode["action"] ?? "Index"; smNode.Icon = smNode["icon"]; // Verify route values if (!routeValues.ContainsKey("controller")) { routeValues.Add("controller", "Home"); } if (!routeValues.ContainsKey("action")) { routeValues.Add("action", "Index"); } // Build URL HttpContextWrapper httpContext = new HttpContextWrapper(HttpContext.Current); RouteData routeData = RouteTable.Routes.GetRouteData(httpContext); if (routeData != null) { VirtualPathData virtualPath = routeData.Route.GetVirtualPath(new RequestContext(httpContext, routeData), new RouteValueDictionary(routeValues)); if (virtualPath != null) { smNode.Url = "~/" + virtualPath.VirtualPath; } else { canCache = false; } } return(smNode); }
public MvcSiteMapNode GetMvcParentNode(MvcSiteMapNode node) { return(node.ParentNode as MvcSiteMapNode); }
private void CacheRightsForNode(MvcSiteMapNode mvcNode, MvcHandler handler, string permissionCacheKey) { lock (this.padlock) { // double check if (! permissionCache.ContainsKey(permissionCacheKey)) { // check permission attributes and store required rights in the permission cache. // It's an MvcSiteMapNode, try to figure out the controller class IController controller = ControllerBuilder.Current.GetControllerFactory().CreateController(handler.RequestContext, mvcNode.Controller); Type controllerType = controller.GetType(); // Find all AuthorizeAttributes on the controller class and action method ArrayList controllerAttributes = new ArrayList(controllerType.GetCustomAttributes(typeof(PermissionFilterAttribute), true)); ArrayList actionAttributes = new ArrayList(); MethodInfo[] methods = controllerType.GetType().GetMethods(BindingFlags.Public); foreach (MethodInfo method in methods) { object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true); if ( (attributes.Length == 0 && method.Name == mvcNode.Action) || (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == mvcNode.Action) ) { actionAttributes.AddRange(method.GetCustomAttributes(typeof(PermissionFilterAttribute), true)); } } ICollection<string> rights = new List<string>(); // Attributes found? if (controllerAttributes.Count > 0) { PermissionFilterAttribute attribute = controllerAttributes[0] as PermissionFilterAttribute; foreach (string right in attribute.RightsArray) { if (! rights.Contains(right)) { rights.Add(right); } } } if (actionAttributes.Count > 0) { PermissionFilterAttribute attribute = actionAttributes[0] as PermissionFilterAttribute; foreach (string right in attribute.RightsArray) { if (!rights.Contains(right)) { rights.Add(right); } } } permissionCache.Add(permissionCacheKey, rights.ToArray()); } } }
/// <summary> /// Maps an XMLElement from the XML file to a SiteMapNode. /// </summary> /// <param name="node">The element to map.</param> /// <returns>A SiteMapNode which represents the XMLElement.</returns> protected SiteMapNode GetMvcSiteMapNodeFromXMLElement(XElement node) { // Get the ID attribute, need this so we can get the key. string id = GetAttributeValue(node.Attribute("id")); // Create a new sitemapnode, setting the key and url var smNode = new MvcSiteMapNode(this, id); // Create a route data dictionary IDictionary<string, object> routeValues = new Dictionary<string, object>(); // Add each attribute to our attributes collection on the sitemapnode // and to a route data dictionary. foreach (XAttribute attribute in node.Attributes()) { string attributeName = attribute.Name.ToString(); string attributeValue = attribute.Value; smNode[attributeName] = attributeValue; if (! this.ignoreAttributes.Contains(attributeName)) { routeValues.Add(attributeName, attributeValue); } else if (attributeName == "paramid") { routeValues.Add("id", attributeValue); } } // Set the other properties on the sitemapnode, // these are for title and description, these come // from the nodes attrbutes are we populated all attributes // from the xml to the node. smNode.Title = smNode["title"]; smNode.Description = smNode["description"]; smNode.ResourceKey = smNode["resourceKey"]; smNode.Controller = smNode["controller"]; smNode.Action = smNode["action"] ?? "Index"; smNode.Icon = smNode["icon"]; // Verify route values if (!routeValues.ContainsKey("controller")) routeValues.Add("controller", "Home"); if (!routeValues.ContainsKey("action")) routeValues.Add("action", "Index"); // Build URL HttpContextWrapper httpContext = new HttpContextWrapper(HttpContext.Current); RouteData routeData = RouteTable.Routes.GetRouteData(httpContext); if (routeData != null) { VirtualPathData virtualPath = routeData.Route.GetVirtualPath(new RequestContext(httpContext, routeData), new RouteValueDictionary(routeValues)); if (virtualPath != null) { smNode.Url = "~/" + virtualPath.VirtualPath; } else { canCache = false; } } return smNode; }
public MvcSiteMapNode GetMvcParentNode(MvcSiteMapNode node) { return node.ParentNode as MvcSiteMapNode; }