상속: System.Data.Linq.DataContext
예제 #1
0
        public SPGlymaUser(SPWeb web, IGlymaSession glymaSession)
        {
            Web = web;
            GlymaSession = glymaSession;

            SecurableContextId = GlymaSession.SecurableContextId;

            SecurityDBDataContext dataContext = null;
            IDbConnectionAbstraction securityDbConnection = GlymaSession.ConnectionFactory.CreateSecurityDbConnection();

            try
            {
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    dataContext = new SecurityDBDataContext(securityDbConnection.Connection);

                    var securableContext = (from dcSecurableContext in dataContext.SecurableContexts
                                            where dcSecurableContext.SecurableContextId == SecurableContextId
                                            select dcSecurableContext).FirstOrDefault();

                    if (securableContext == null)
                    {
                        return;
                    }

                    SecurableContextName = securableContext.SecurableContextName;
                    SecurableContextUid = securableContext.SecurableContextUid;
                });
            }
            finally
            {
                if (dataContext != null)
                {
                    dataContext.Dispose();
                    dataContext = null;
                }

                if (securityDbConnection != null)
                {
                    securityDbConnection.Dispose();
                    securityDbConnection = null;
                }
            }
        }
예제 #2
0
        public SPGlymaUser(SPWeb web, IGlymaSession glymaSession)
        {
            Web          = web;
            GlymaSession = glymaSession;

            SecurableContextId = GlymaSession.SecurableContextId;

            SecurityDBDataContext    dataContext          = null;
            IDbConnectionAbstraction securityDbConnection = GlymaSession.ConnectionFactory.CreateSecurityDbConnection();

            try
            {
                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    dataContext = new SecurityDBDataContext(securityDbConnection.Connection);

                    var securableContext = (from dcSecurableContext in dataContext.SecurableContexts
                                            where dcSecurableContext.SecurableContextId == SecurableContextId
                                            select dcSecurableContext).FirstOrDefault();

                    if (securableContext == null)
                    {
                        return;
                    }

                    SecurableContextName = securableContext.SecurableContextName;
                    SecurableContextUid  = securableContext.SecurableContextUid;
                });
            }
            finally
            {
                if (dataContext != null)
                {
                    dataContext.Dispose();
                    dataContext = null;
                }

                if (securityDbConnection != null)
                {
                    securityDbConnection.Dispose();
                    securityDbConnection = null;
                }
            }
        }
예제 #3
0
        private HashSet<Guid> IsAuthorisedHashSet(Guid? securableParentUid, IEnumerable<Guid> securableObjectUids, params IRight[] requiredRights)
        {
            /// This user is a Glyma Security Manager, they have access to everything.
            if (Web.UserIsSiteAdmin)
            {
                return new HashSet<Guid>(securableObjectUids);
            }

            IDbConnectionAbstraction securityDbConnection = GlymaSession.ConnectionFactory.CreateSecurityDbConnection();
            SecurityDBDataContext dataContext = null;
            SPSite elevatedSite = null;
            SPWeb elevatedWeb = null;

            try
            {
                GroupAssociationsOrderedByGroupSPId groupAssociations = new GroupAssociationsOrderedByGroupSPId();
                SecurableObjectGenealogyTracker geneaologyTracker = new SecurableObjectGenealogyTracker();

                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    dataContext = new SecurityDBDataContext(securityDbConnection.Connection);

                    if (securableParentUid != null)
                    {
                        IQueryable<SecurableObject> securableObjectInheritanceInfo = from securableObject in dataContext.SecurableObjects
                                                                                     where securableObject.SecurableContextId == SecurableContextId
                                                                                     select securableObject;

                        MultipleOrExpressionFilter<SecurableObject, Guid> securableObjectInheritanceInfoFilter = new MultipleOrExpressionFilter<SecurableObject, Guid>(securableObjectInheritanceInfo, securableObjectUids, "SecurableObjectUid");

                        IQueryable<SecurableObject> filteredSecurableObjectInheritanceInfo = securableObjectInheritanceInfoFilter.FilterResultSet();

                        geneaologyTracker.AddRange(securableParentUid, filteredSecurableObjectInheritanceInfo);

                        geneaologyTracker.AddRangeIfNotPreExisting(securableParentUid, securableObjectUids);
                    }
                    else
                    {
                        geneaologyTracker.AddRange(null, securableObjectUids);

                        IQueryable<GroupAssociation> groupsAssocationsWithBrokenInheritance = from securableObjectGroupAssocation in dataContext.GroupAssociations
                                                                                              where securableObjectGroupAssocation.SecurableContextId == SecurableContextId && securableObjectGroupAssocation.SecurableObject.BreaksInheritance == true
                                                                                              select securableObjectGroupAssocation;

                        MultipleOrExpressionFilter<GroupAssociation, Guid> securableObjectInheritanceInfoFilter = new MultipleOrExpressionFilter<GroupAssociation, Guid>(groupsAssocationsWithBrokenInheritance, securableObjectUids, "SecurableParentUid");

                        IQueryable<GroupAssociation> filteredSecurableObjectInheritanceInfo = securableObjectInheritanceInfoFilter.FilterResultSet();

                        groupAssociations.AddRange(filteredSecurableObjectInheritanceInfo);

                        foreach (GroupAssociation securableObjectWithBrokenInheritance in filteredSecurableObjectInheritanceInfo)
                        {
                            geneaologyTracker.Add(securableObjectWithBrokenInheritance.SecurableParentUid, securableObjectWithBrokenInheritance.SecurableObjectUid);
                        }
                    }

                    /// Get the group associations for only the securable objects.
                    IQueryable<GroupAssociation> allAccessibleGroupAssociations;

                    /// The following needs to be done as Linq doesn't detect the null value in Nullable types and so doesn't generate the correct "IS NULL" SQL.
                    if (securableParentUid.HasValue && geneaologyTracker.HasIndependentObjects && geneaologyTracker.HasInheritingObjects)
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where (securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == securableParentUid) || (securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == null)
                                                         select securableObject;
                    }
                    else if (securableParentUid.HasValue && geneaologyTracker.HasIndependentObjects)
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == securableParentUid
                                                         select securableObject;
                    }
                    else /// This means the tracker has only either inheriting objects or domains.
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == null
                                                         select securableObject;
                    }

                    MultipleOrExpressionFilter<GroupAssociation, Guid> groupAssocationFilter = new MultipleOrExpressionFilter<GroupAssociation, Guid>(allAccessibleGroupAssociations, geneaologyTracker.GetPermissionSources(), "SecurableObjectUid");

                    IQueryable<GroupAssociation> filteredGroupAssociations = groupAssocationFilter.FilterResultSet();

                    groupAssociations.AddRange(filteredGroupAssociations);
                });

                AccessibleObjectsBuilder accessibleObjects = new AccessibleObjectsBuilder();

                elevatedSite = GetElevatedSite();
                elevatedWeb = GetElevatedWeb(elevatedSite);

                foreach (SPRoleAssignment roleAssignment in elevatedWeb.RoleAssignments)
                {
                    SPGroup elevatedGroup = roleAssignment.Member as SPGroup;

                    if (elevatedGroup != null)
                    {
                        SPGroup group = Web.Groups.GetByID(elevatedGroup.ID);

                        /// Check that we're actually looking at a group, and that this group is on the list of accessible groups, and that this group contains the current user.
                        if (group != null && group.ContainsCurrentUser)
                        {
                            /// Do a check that this group actually has the required right.
                            foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
                            {
                                IRole role = GetRole(roleDefinition.Name);

                                IEnumerable<GroupAssociation> accessibleParentObjects;

                                if (groupAssociations.GetBySPId(group.ID, out accessibleParentObjects))
                                {
                                    if (role != null && role.HasRights(requiredRights))
                                    {
                                        IEnumerable<Guid> accessibleSecurableObjects = geneaologyTracker.GetSecurableObjectsByPermissionSources(accessibleParentObjects);
                                        accessibleObjects.AddRange(accessibleSecurableObjects);
                                    }
                                }
                            }
                        }
                    }
                }

                return accessibleObjects.GetAccessibleObjects();
            }
            finally
            {
                if (dataContext != null)
                {
                    dataContext.Dispose();
                    dataContext = null;
                }

                if (elevatedWeb != null)
                {
                    elevatedWeb.Dispose();
                    elevatedWeb = null;
                }

                if (elevatedSite != null)
                {
                    elevatedSite.Dispose();
                    elevatedSite = null;
                }

                if (securityDbConnection != null)
                {
                    securityDbConnection.Dispose();
                    securityDbConnection = null;
                }
            }
        }
예제 #4
0
        private HashSet <Guid> IsAuthorisedHashSet(Guid?securableParentUid, IEnumerable <Guid> securableObjectUids, params IRight[] requiredRights)
        {
            /// This user is a Glyma Security Manager, they have access to everything.
            if (Web.UserIsSiteAdmin)
            {
                return(new HashSet <Guid>(securableObjectUids));
            }

            IDbConnectionAbstraction securityDbConnection = GlymaSession.ConnectionFactory.CreateSecurityDbConnection();
            SecurityDBDataContext    dataContext          = null;
            SPSite elevatedSite = null;
            SPWeb  elevatedWeb  = null;

            try
            {
                GroupAssociationsOrderedByGroupSPId groupAssociations = new GroupAssociationsOrderedByGroupSPId();
                SecurableObjectGenealogyTracker     geneaologyTracker = new SecurableObjectGenealogyTracker();

                SPSecurity.RunWithElevatedPrivileges(delegate()
                {
                    dataContext = new SecurityDBDataContext(securityDbConnection.Connection);

                    if (securableParentUid != null)
                    {
                        IQueryable <SecurableObject> securableObjectInheritanceInfo = from securableObject in dataContext.SecurableObjects
                                                                                      where securableObject.SecurableContextId == SecurableContextId
                                                                                      select securableObject;

                        MultipleOrExpressionFilter <SecurableObject, Guid> securableObjectInheritanceInfoFilter = new MultipleOrExpressionFilter <SecurableObject, Guid>(securableObjectInheritanceInfo, securableObjectUids, "SecurableObjectUid");

                        IQueryable <SecurableObject> filteredSecurableObjectInheritanceInfo = securableObjectInheritanceInfoFilter.FilterResultSet();

                        geneaologyTracker.AddRange(securableParentUid, filteredSecurableObjectInheritanceInfo);

                        geneaologyTracker.AddRangeIfNotPreExisting(securableParentUid, securableObjectUids);
                    }
                    else
                    {
                        geneaologyTracker.AddRange(null, securableObjectUids);

                        IQueryable <GroupAssociation> groupsAssocationsWithBrokenInheritance = from securableObjectGroupAssocation in dataContext.GroupAssociations
                                                                                               where securableObjectGroupAssocation.SecurableContextId == SecurableContextId && securableObjectGroupAssocation.SecurableObject.BreaksInheritance == true
                                                                                               select securableObjectGroupAssocation;

                        MultipleOrExpressionFilter <GroupAssociation, Guid> securableObjectInheritanceInfoFilter = new MultipleOrExpressionFilter <GroupAssociation, Guid>(groupsAssocationsWithBrokenInheritance, securableObjectUids, "SecurableParentUid");

                        IQueryable <GroupAssociation> filteredSecurableObjectInheritanceInfo = securableObjectInheritanceInfoFilter.FilterResultSet();

                        groupAssociations.AddRange(filteredSecurableObjectInheritanceInfo);

                        foreach (GroupAssociation securableObjectWithBrokenInheritance in filteredSecurableObjectInheritanceInfo)
                        {
                            geneaologyTracker.Add(securableObjectWithBrokenInheritance.SecurableParentUid, securableObjectWithBrokenInheritance.SecurableObjectUid);
                        }
                    }

                    /// Get the group associations for only the securable objects.
                    IQueryable <GroupAssociation> allAccessibleGroupAssociations;

                    /// The following needs to be done as Linq doesn't detect the null value in Nullable types and so doesn't generate the correct "IS NULL" SQL.
                    if (securableParentUid.HasValue && geneaologyTracker.HasIndependentObjects && geneaologyTracker.HasInheritingObjects)
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where (securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == securableParentUid) || (securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == null)
                                                         select securableObject;
                    }
                    else if (securableParentUid.HasValue && geneaologyTracker.HasIndependentObjects)
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == securableParentUid
                                                         select securableObject;
                    }
                    else /// This means the tracker has only either inheriting objects or domains.
                    {
                        allAccessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
                                                         where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == null
                                                         select securableObject;
                    }

                    MultipleOrExpressionFilter <GroupAssociation, Guid> groupAssocationFilter = new MultipleOrExpressionFilter <GroupAssociation, Guid>(allAccessibleGroupAssociations, geneaologyTracker.GetPermissionSources(), "SecurableObjectUid");

                    IQueryable <GroupAssociation> filteredGroupAssociations = groupAssocationFilter.FilterResultSet();

                    groupAssociations.AddRange(filteredGroupAssociations);
                });

                AccessibleObjectsBuilder accessibleObjects = new AccessibleObjectsBuilder();

                elevatedSite = GetElevatedSite();
                elevatedWeb  = GetElevatedWeb(elevatedSite);

                foreach (SPRoleAssignment roleAssignment in elevatedWeb.RoleAssignments)
                {
                    SPGroup elevatedGroup = roleAssignment.Member as SPGroup;

                    if (elevatedGroup != null)
                    {
                        SPGroup group = Web.Groups.GetByID(elevatedGroup.ID);

                        /// Check that we're actually looking at a group, and that this group is on the list of accessible groups, and that this group contains the current user.
                        if (group != null && group.ContainsCurrentUser)
                        {
                            /// Do a check that this group actually has the required right.
                            foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
                            {
                                IRole role = GetRole(roleDefinition.Name);

                                IEnumerable <GroupAssociation> accessibleParentObjects;

                                if (groupAssociations.GetBySPId(group.ID, out accessibleParentObjects))
                                {
                                    if (role != null && role.HasRights(requiredRights))
                                    {
                                        IEnumerable <Guid> accessibleSecurableObjects = geneaologyTracker.GetSecurableObjectsByPermissionSources(accessibleParentObjects);
                                        accessibleObjects.AddRange(accessibleSecurableObjects);
                                    }
                                }
                            }
                        }
                    }
                }

                return(accessibleObjects.GetAccessibleObjects());
            }
            finally
            {
                if (dataContext != null)
                {
                    dataContext.Dispose();
                    dataContext = null;
                }

                if (elevatedWeb != null)
                {
                    elevatedWeb.Dispose();
                    elevatedWeb = null;
                }

                if (elevatedSite != null)
                {
                    elevatedSite.Dispose();
                    elevatedSite = null;
                }

                if (securityDbConnection != null)
                {
                    securityDbConnection.Dispose();
                    securityDbConnection = null;
                }
            }
        }