Exemplo n.º 1
0
        private bool HasAccessLevel(IList <Root.Models.Content> contents)
        {
            if (!cmsConfiguration.Security.AccessControlEnabled)
            {
                return(true);
            }

            if (contents.Count > 0)
            {
                var content = contents[0].Original ?? contents[0];
                if (content != null)
                {
                    var pageContent = Repository.AsQueryable <Root.Models.PageContent>()
                                      .Where(x => x.Content == content && !x.IsDeleted)
                                      .Fetch(x => x.Page)
                                      .ThenFetchMany(x => x.AccessRules)
                                      .ToList()
                                      .FirstOrDefault();

                    if (pageContent != null)
                    {
                        return(AccessControlService.GetAccessLevel(pageContent.Page, Context.Principal) >= AccessLevel.ReadWrite);
                    }
                }
            }

            return(true);
        }
Exemplo n.º 2
0
        /// <summary>
        /// Converts the specified media.
        /// </summary>
        /// <param name="media">The media.</param>
        /// <returns>Converts media entity to view model.</returns>
        private MediaHistoryItem Convert(Media media)
        {
            var file = media.Original as MediaFile;

            var canRestore = media.Original != null &&
                             (SecurityService.IsAuthorized(RootModuleConstants.UserRoles.EditContent) || SecurityService.IsAuthorized(RootModuleConstants.UserRoles.Administration)) &&
                             (file == null || AccessControlService.GetAccessLevel(file, Context.Principal) >= AccessLevel.ReadWrite);

            return(new MediaHistoryItem
            {
                Id = media.Id,
                Version = media.Version,
                StatusName = media.Original != null
                                ? MediaGlobalization.MediaHistory_Status_Archived
                                : MediaGlobalization.MediaHistory_Status_Active,
                Status = media.Original != null
                                ? MediaHistoryStatus.Archived
                                : MediaHistoryStatus.Active,
                PublishedOn = media.PublishedOn,
                PublishedByUser = media.ModifiedByUser,
                ArchivedOn = media.Original != null ? media.ModifiedOn : (DateTime?)null,
                DisplayedFor = media.Original != null
                                   ? media.ModifiedOn - media.PublishedOn
                                   : (TimeSpan?)null,
                CanCurrentUserRestoreIt = canRestore
            });
        }
Exemplo n.º 3
0
        protected override System.Collections.Generic.IEnumerable <System.Guid> GetDeniedMedias(ViewModels.MediaManager.MediaManagerViewModel request)
        {
            var query = Repository.AsQueryable <MediaFile>()
                        .Where(f => f.AccessRules.Any(b => b.AccessLevel == AccessLevel.Deny))
                        .FetchMany(f => f.AccessRules);

            var list      = query.ToList().Distinct();
            var principle = SecurityService.GetCurrentPrincipal();

            foreach (var file in list)
            {
                var accessLevel = AccessControlService.GetAccessLevel(file, principle);
                if (accessLevel == AccessLevel.Deny)
                {
                    yield return(file.Id);
                }
            }
        }
Exemplo n.º 4
0
        /// <summary>
        /// Executes the specified request.
        /// </summary>
        /// <param name="request">The request.</param>
        /// <returns></returns>
        /// <exception cref="ConcurrentDataException"></exception>
        /// <exception cref="System.ComponentModel.DataAnnotations.ValidationException">
        /// </exception>
        public virtual bool Execute(DeletePageViewModel request)
        {
            var page = Repository.First <PageProperties>(request.PageId);

            if (page.Version != request.Version)
            {
                throw new ConcurrentDataException(page);
            }

            if (page.IsMasterPage && Repository.AsQueryable <MasterPage>(mp => mp.Master == page).Any())
            {
                var message    = PagesGlobalization.DeletePageCommand_MasterPageHasChildren_Message;
                var logMessage = string.Format("Failed to delete page. Page is selected as master page. Id: {0} Url: {1}", page.Id, page.PageUrl);
                throw new ValidationException(() => message, logMessage);
            }

            request.RedirectUrl = urlService.FixUrl(request.RedirectUrl);

            if (request.UpdateSitemap)
            {
                AccessControlService.DemandAccess(Context.Principal, RootModuleConstants.UserRoles.EditContent);
            }

            var sitemaps     = new Dictionary <Models.Sitemap, bool>();
            var sitemapNodes = sitemapService.GetNodesByPage(page);

            if (request.UpdateSitemap)
            {
                sitemapNodes.Select(node => node.Sitemap)
                .Distinct()
                .ToList()
                .ForEach(
                    sitemap =>
                    sitemaps.Add(
                        sitemap,
                        !cmsConfiguration.Security.AccessControlEnabled || AccessControlService.GetAccessLevel(sitemap, Context.Principal) == AccessLevel.ReadWrite));

                foreach (var node in sitemapNodes)
                {
                    if (sitemaps[node.Sitemap] && node.ChildNodes.Count > 0)
                    {
                        var logMessage = string.Format("In {0} sitemap node {1} has {2} child nodes.", node.Sitemap.Id, node.Id, node.ChildNodes.Count);
                        throw new ValidationException(() => PagesGlobalization.DeletePageCommand_SitemapNodeHasChildNodes_Message, logMessage);
                    }
                }
            }

            UnitOfWork.BeginTransaction();

            IList <SitemapNode> updatedNodes = new List <SitemapNode>();
            IList <SitemapNode> deletedNodes = new List <SitemapNode>();

            if (sitemapNodes != null)
            {
                // Archive sitemaps before update.
                sitemaps.Select(pair => pair.Key).ToList().ForEach(sitemap => sitemapService.ArchiveSitemap(sitemap.Id));
                foreach (var node in sitemapNodes)
                {
                    if (!node.IsDeleted)
                    {
                        if (request.UpdateSitemap && sitemaps[node.Sitemap])
                        {
                            // Delete sitemap node.
                            sitemapService.DeleteNode(node, ref deletedNodes);
                        }
                        else
                        {
                            // Unlink sitemap node.
                            if (node.Page != null && node.Page.Id == page.Id)
                            {
                                node.Page    = null;
                                node.Url     = page.PageUrl;
                                node.UrlHash = page.PageUrlHash;
                                Repository.Save(node);
                                updatedNodes.Add(node);
                            }
                        }
                    }
                }
            }

            if (!string.IsNullOrWhiteSpace(request.RedirectUrl))
            {
                if (string.Equals(page.PageUrl, request.RedirectUrl, StringComparison.OrdinalIgnoreCase))
                {
                    var logMessage = string.Format("Circular redirect loop from url {0} to url {0}.", request.RedirectUrl);
                    throw new ValidationException(() => PagesGlobalization.ValidatePageUrlCommand_SameUrlPath_Message, logMessage);
                }

                // Validate url
                if (!urlService.ValidateUrl(request.RedirectUrl))
                {
                    var logMessage = string.Format("Invalid redirect url {0}.", request.RedirectUrl);
                    throw new ValidationException(() => PagesGlobalization.ValidatePageUrlCommand_InvalidUrlPath_Message, logMessage);
                }

                string patternsValidationMessage;
                if (!urlService.ValidateUrlPatterns(request.RedirectUrl, out patternsValidationMessage, PagesGlobalization.DeletePage_RedirectUrl_Name))
                {
                    var logMessage = string.Format("{0}. URL: {1}.", patternsValidationMessage, request.RedirectUrl);
                    throw new ValidationException(() => patternsValidationMessage, logMessage);
                }

                var redirect = redirectService.GetPageRedirect(page.PageUrl);
                if (redirect != null)
                {
                    redirect.RedirectUrl = request.RedirectUrl;
                }
                else
                {
                    redirect = redirectService.CreateRedirectEntity(page.PageUrl, request.RedirectUrl);
                }

                if (redirect != null)
                {
                    Repository.Save(redirect);
                }
            }

            // Delete child entities.
            if (page.PageTags != null)
            {
                foreach (var pageTag in page.PageTags)
                {
                    Repository.Delete(pageTag);
                }
            }

            if (page.PageContents != null)
            {
                foreach (var pageContent in page.PageContents)
                {
                    Repository.Delete(pageContent);
                }
            }

            if (page.Options != null)
            {
                foreach (var option in page.Options)
                {
                    Repository.Delete(option);
                }
            }

            if (page.AccessRules != null)
            {
                var rules = page.AccessRules.ToList();
                rules.ForEach(page.RemoveRule);
            }

            if (page.MasterPages != null)
            {
                foreach (var master in page.MasterPages)
                {
                    Repository.Delete(master);
                }
            }

            // Delete page
            Repository.Delete <Root.Models.Page>(request.PageId, request.Version);

            // Commit
            UnitOfWork.Commit();

            var updatedSitemaps = new List <Models.Sitemap>();

            foreach (var node in updatedNodes)
            {
                Events.SitemapEvents.Instance.OnSitemapNodeUpdated(node);
                if (!updatedSitemaps.Contains(node.Sitemap))
                {
                    updatedSitemaps.Add(node.Sitemap);
                }
            }

            foreach (var node in deletedNodes)
            {
                Events.SitemapEvents.Instance.OnSitemapNodeDeleted(node);
                if (!updatedSitemaps.Contains(node.Sitemap))
                {
                    updatedSitemaps.Add(node.Sitemap);
                }
            }

            foreach (var updatedSitemap in updatedSitemaps)
            {
                Events.SitemapEvents.Instance.OnSitemapUpdated(updatedSitemap);
            }

            // Notifying, that page is deleted.
            Events.PageEvents.Instance.OnPageDeleted(page);

            if (sitemaps.Any(tuple => !tuple.Value))
            {
                // Some sitemaps where skipped, because user has no permission to edit.
                Context.Messages.AddSuccess(PagesGlobalization.DeletePage_SitemapSkipped_Message);
            }

            return(true);
        }