private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.Management.Name) return Permissions.Lead; if (permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name) return Orchard.Core.Contents.Permissions.ViewOwnContent; return null; }
public override void OnAuthorization(AuthorizationContext filterContext) { if (String.IsNullOrEmpty(PermissionName)) { throw new ApplicationException("No permission supplied"); } //No authorization if permission is AllowAnonymous if (String.Equals(PermissionName, "AllowAnonymous", StringComparison.InvariantCultureIgnoreCase)) { return; } WorkContext workContext = filterContext.GetWorkContext(); IAuthorizer authorizer = workContext.Resolve<IAuthorizer>(); Permission permission = new Permission {Name = PermissionName}; if (authorizer.Authorize(permission, new LocalizedString("Access is denied"))) { return; } //Access is denied filterContext.Result = new HttpUnauthorizedResult(); }
public new bool Authorize(Permission permission, IContent content, LocalizedString message) { var authorizerMessage = new AuthorizerMessage {PermissionName = permission.Name}; if (content != null) { authorizerMessage.ContentId = content.Id; authorizerMessage.ContentType = content.ContentItem.ContentType; authorizerMessage.ContentName = content.GetContentName(); } return _performanceMonitor.PublishTimedAction(() => { if (permission == StandardPermissions.AccessFrontEnd) { return true; } return base.Authorize(permission, content, message); }, (r, t) => { authorizerMessage.Duration = t.Duration; authorizerMessage.UserIsAuthorized = r; return authorizerMessage; }, TimelineCategories.Authorization, "Authorize", permission.Name).ActionResult; }
/// <summary> /// Returns a dynamic permission for a content type, based on a global content permission template /// </summary> public static Permission ConvertToDynamicPermission(Permission permission) { if (PermissionTemplates.ContainsKey(permission.Name)) { return PermissionTemplates[permission.Name]; } return null; }
public bool TryCheckAccess(Permission permission, IUser user, IContent content) { var context = new CheckAccessContext { Permission = permission, User = user, Content = content }; _authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null) { if (String.Equals(context.User.UserName, "Administrator", StringComparison.OrdinalIgnoreCase) || ((!String.IsNullOrEmpty(CurrentSite.SuperUser) && String.Equals(context.User.UserName, CurrentSite.SuperUser, StringComparison.OrdinalIgnoreCase)))) { context.Granted = true; } } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).ToArray(); // determine what set of roles should be examined by the access check IEnumerable<string> rolesToExamine; if (context.User == null) { rolesToExamine = AnonymousRole; } else if (context.User.Has<IUserRoles>()) { rolesToExamine = context.User.As<IUserRoles>().Roles.Concat(AuthenticatedRole); } else { rolesToExamine = AuthenticatedRole; } foreach (var role in rolesToExamine) { RoleRecord roleRecord = _roleService.GetRoleByName(role); if ( roleRecord == null ) continue; foreach (var permissionName in _roleService.GetPermissionsForRole(roleRecord.Id)) { string possessedName = permissionName; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) break; } if (context.Granted) break; } } context.Adjusted = false; _authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) break; } _authorizationServiceEventHandler.Complete(context); return context.Granted; }
public bool TryCheckAccess(Permission permission, IUser user, IContent content) { var context = new CheckAccessContext { Permission = permission, User = user, Content = content }; _authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null) { if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) && String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) { context.Granted = true; } } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty<string>()).Distinct().ToArray(); // determine what set of roles should be examined by the access check IEnumerable<string> rolesToExamine; if (context.User == null) { rolesToExamine = AnonymousRole; } else if (user.As<IUserRoles>().Roles.Any()) { // the current user is not null, so get his roles and add "Authenticated" to it rolesToExamine = user.As<IUserRoles>().Roles.Union(AuthenticatedRole); } else { // the user is not null and has no specific role, then it's just "Authenticated" rolesToExamine = AuthenticatedRole; } foreach (var role in rolesToExamine) { foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) { string possessedName = permissionName; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) break; } if (context.Granted) break; } } context.Adjusted = false; _authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) break; } _authorizationServiceEventHandler.Complete(context); return context.Granted; }
/// <summary> /// Generates a permission dynamically for a content type /// </summary> public static Permission CreateDynamicPermission(Permission template, ContentTypeDefinition typeDefinition) { return new Permission { Name = String.Format(template.Name, typeDefinition.Name), Description = String.Format(template.Description, typeDefinition.DisplayName), Category = typeDefinition.DisplayName, ImpliedBy = (template.ImpliedBy ?? new Permission[0]).Select(t => CreateDynamicPermission(t, typeDefinition)) }; }
public PermissionRequirement(Permission permission) { if (permission == null) { throw new ArgumentNullException(nameof(permission)); } Permission = permission; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.PublishOthersPages.Name) return Permissions.PublishPages; if (permission.Name == Permissions.EditOthersPages.Name) return Permissions.EditPages; if (permission.Name == Permissions.DeleteOthersPages.Name) return Permissions.DeletePages; return null; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.PublishTimetableAppointment.Name) return Permissions.PublishOwnTimetableAppointment; if (permission.Name == Permissions.EditTimetableAppointment.Name) return Permissions.EditOwnTimetableAppointment; if (permission.Name == Permissions.DeleteTimetableAppointment.Name) return Permissions.DeleteOwnTimetableAppointment; return null; }
public void CheckAccess(Permission permission, IUser user, IContent content) { if (!TryCheckAccess(permission, user, content)) { throw new OrchardSecurityException(T("A security exception occurred in the content management system.")) { PermissionName = permission.Name, User = user, Content = content }; } }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.PublishBlogPost.Name) return Permissions.PublishOwnBlogPost; if (permission.Name == Permissions.EditBlogPost.Name) return Permissions.EditOwnBlogPost; if (permission.Name == Permissions.DeleteBlogPost.Name) return Permissions.DeleteOwnBlogPost; return null; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.PublishContent.Name) return Permissions.PublishOwnContent; if (permission.Name == Permissions.EditContent.Name) return Permissions.EditOwnContent; if (permission.Name == Permissions.DeleteContent.Name) return Permissions.DeleteOwnContent; return null; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.DeletePost.Name) return Permissions.DeleteOwnPost; if (permission.Name == Permissions.EditPost.Name) return Permissions.EditOwnPost; if (permission.Name == Permissions.MarkPostAsAnswer.Name) return Permissions.MarkPostInOwnThreadAsAnswer; return null; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.ManageForums.Name) return Permissions.ManageOwnForums; if (permission.Name == Permissions.MoveThread.Name) return Permissions.MoveOwnThread; if (permission.Name == Permissions.StickyThread.Name) return Permissions.StickyOwnThread; if (permission.Name == Permissions.CloseThread.Name) return Permissions.CloseOwnThread; return null; }
/// <summary> /// Gets the given permission variation (if any) for the given menu. /// </summary> /// <param name="permission">Permission to look variation for.</param> /// <param name="menu">Menu to look variation for.</param> /// <returns>Appropriate permission.</returns> private static Permission GetPermissionVariation(Permission permission, IContent menu) { var variation = MenuPermissions.ConvertToDynamicPermission(permission); if (variation == null) { return permission; } variation = MenuPermissions.CreateDynamicPermission(variation, menu); return variation; }
/// <summary> /// Generates a permission dynamically for a content item /// </summary> public static Permission CreateItemPermission(Permission template, IContent content, Localizer T, IContentManager contentManager) { var identity = contentManager.GetItemMetadata(content).Identity.ToString(); var displayText = contentManager.GetItemMetadata(content).DisplayText; var typeDefinition = content.ContentItem.TypeDefinition; return new Permission { Name = String.Format(template.Name, identity), Description = String.Format(template.Description, typeDefinition.DisplayName), Category = T("{0} - {1}", typeDefinition.DisplayName, displayText).ToString(), ImpliedBy = (template.ImpliedBy ?? new Permission[0]).Select(t => CreateItemPermission(t, content, T, contentManager)) }; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name) return Orchard.Core.Contents.Permissions.PublishOwnContent; if (permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name) return Orchard.Core.Contents.Permissions.EditOwnContent; if (permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name) return Orchard.Core.Contents.Permissions.DeleteOwnContent; if (permission.Name == Orchard.Core.Contents.Permissions.ViewContent.Name) return Orchard.Core.Contents.Permissions.ViewOwnContent; if (permission.Name == Orchard.Core.Contents.Permissions.PreviewContent.Name) return Orchard.Core.Contents.Permissions.PreviewOwnContent; return null; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.PublishBlogPost.Name) return Permissions.PublishOwnBlogPost; if (permission.Name == Permissions.EditBlogPost.Name) return Permissions.EditOwnBlogPost; if (permission.Name == Permissions.DeleteBlogPost.Name) return Permissions.DeleteOwnBlogPost; if (permission.Name == Core.Contents.Permissions.ViewContent.Name) return Core.Contents.Permissions.ViewOwnContent; if (permission.Name == Permissions.MetaListBlogs.Name) return Permissions.MetaListOwnBlogs; return null; }
public bool Authorize(Permission permission, IContent content, LocalizedString message) { if (_authorizationService.TryCheckAccess(permission, _workContextAccessor.GetContext().CurrentUser, content)) return true; if (message != null) { if (_workContextAccessor.GetContext().CurrentUser == null) { _notifier.Error(T("{0}. Anonymous users do not have {1} permission.", message, permission.Name)); } else { _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.", message, permission.Name, _workContextAccessor.GetContext().CurrentUser.UserName)); } } return false; }
private static Permission GetOwnerVariation(Permission permission) { if (permission.Name == Permissions.ManageForums.Name) return Permissions.ManageOwnForums; if (permission.Name == Permissions.MoveThread.Name) return Permissions.MoveOwnThread; if (permission.Name == Permissions.StickyThread.Name) return Permissions.StickyOwnThread; if (permission.Name == Permissions.CloseThread.Name) return Permissions.CloseOwnThread; if (permission.Name == Permissions.EditPosts.Name) return Permissions.EditOwnPosts; if (permission.Name == Permissions.ModerateInappropriatePosts.Name) return Permissions.ModerateOwnInappropriatePosts; if (permission.Name == Permissions.DeleteThreadsAndPosts.Name) return Permissions.DeleteOwnThreadsAndPosts; return null; }
public bool Authorize(Permission permission, IContent content, LocalizedString message) { // creates a user for the active directory user if one doesn't already // exist. If one does already exists then that user from the database // is returned by the method. var user = CreateUserForActiveDirectoryUserIfNotExists(new ActiveDirectoryUser()); // attempts to authorize the active directory user based on their roles // and the permissions that their associated roles have. if (_authorizationService.TryCheckAccess(permission, user, content)) return true; if (message != null) { _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.", message, permission.Name, user.UserName)); } return false; }
public bool Authorize(Permission permission, IContent content, LocalizedString message) { // gets the current active directory user. var user = new ActiveDirectoryUser(); // attempts to authorize the active directory user based on their roles // and the permissions that their associated roles have. if (_authorizationService.TryCheckAccess(permission, user, content)) { if (!_attemptedToSaveUser) CreateUserForActiveDirectoryUserIfNotExists(user); return true; } if (message != null) { _notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.", message, permission.Name, user.UserName)); } return false; }
private static IEnumerable<string> PermissionNames(Permission permission, IEnumerable<string> stack) { // the given name is tested yield return permission.Name; // iterate implied permissions to grant, it present if (permission.ImpliedBy != null && permission.ImpliedBy.Any()) { foreach (var impliedBy in permission.ImpliedBy) { // avoid potential recursion if (stack.Contains(impliedBy.Name)) continue; // otherwise accumulate the implied permission names recursively foreach (var impliedName in PermissionNames(impliedBy, stack.Concat(new[] { permission.Name }))) { yield return impliedName; } } } yield return StandardPermissions.SiteOwner.Name; }
private static Permission GetContentTypeVariation(Permission permission) { return DynamicPermissions.ConvertToDynamicPermission(permission); }
private static bool OwnerVariationExists(Permission permission) { return GetOwnerVariation(permission) != null; }
public bool Authorize(Permission permission, object content) { return Authorize(permission, content, null); }
public bool Authorize(Permission permission, LocalizedString message) { return Authorize(permission, null, message); }
public bool Authorize(Permission permission) { return Authorize(permission, null, null); }
public bool TryCheckAccess(Permission permission, IUser user, IContent content) { return true; }