private bool TryAssertBlog(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
        {
            var pageReference = entity.GetAttributeValue <EntityReference>("adx_parentpageid");

            if (pageReference == null)
            {
                return(false);
            }

            var parentPage = serviceContext.RetrieveSingle(
                "adx_webpage",
                new[] { "adx_name" },
                new Condition("adx_webpageid", ConditionOperator.Equal, pageReference.Id));

            if (right == CrmEntityRight.Read)
            {
                return(parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies));
            }

            if (!Roles.Enabled)
            {
                ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Denying Change.");

                return(false);
            }

            IEnumerable <Entity> authorRoles = new List <Entity>();
            EntityNode           blogNode;

            if (!map.TryGetValue(entity, out blogNode))
            {
                return(false);
            }

            if (blogNode is BlogNode)
            {
                authorRoles = ((BlogNode)blogNode).WebRoles.Select(wr => wr.ToEntity());
            }

            if (!authorRoles.Any())
            {
                return(false);
            }

            dependencies.AddEntityDependencies(authorRoles);

            var userRoles = this.GetUserRoles();

            return(authorRoles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any() ||
                   (parentPage != null && this.WebPageSecurityProvider.TryAssert(serviceContext, parentPage, right, dependencies)));
        }
        protected virtual IEnumerable <Entity> GetRulesApplicableToForum(Entity forum, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
        {
            forum.AssertEntityName("adx_communityforum");

            var rules = new List <Entity>();

            ForumNode currentForumNode;

            if (map.TryGetValue(forum, out currentForumNode))
            {
                var rulesForCurrentForum = currentForumNode.ForumAccessPermissions.Where(fr => fr.StateCode == 0);
                rules.AddRange(rulesForCurrentForum.Select(r => r.ToEntity()));
            }

            dependencies.AddEntityDependencies(rules);

            return(rules);
        }
Exemplo n.º 3
0
        protected virtual IEnumerable <Entity> GetRulesApplicableToEvent(OrganizationServiceContext context, Entity crmEvent, CrmEntityCacheDependencyTrace dependencies)
        {
            crmEvent.AssertEntityName("adx_event");

            var rules = new List <Entity>();

            var currentEvent = crmEvent;

            if (currentEvent != null)
            {
                var rulesForCurrentEvent = currentEvent.GetRelatedEntities(context, "adx_event_eventaccesspermission");

                if (rulesForCurrentEvent != null)
                {
                    rules.AddRange(rulesForCurrentEvent);
                }
            }

            dependencies.AddEntityDependencies(rules);

            return(rules);
        }
Exemplo n.º 4
0
        private bool UserInRole(string roleRelationship, bool defaultIfNoRoles, OrganizationServiceContext serviceContext, Entity entity, CrmEntityCacheDependencyTrace dependencies)
        {
            if (!Roles.Enabled)
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles));

                return(defaultIfNoRoles);
            }

            var website = entity.GetAttributeValue <EntityReference>("adx_websiteid");

            if (website == null)
            {
                return(false);
            }

            var roles = entity.GetRelatedEntities(serviceContext, new Relationship(roleRelationship))
                        .Where(e => Equals(e.GetAttributeValue <EntityReference>("adx_websiteid"), website))
                        .ToArray();

            if (!roles.Any())
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles));

                return(defaultIfNoRoles);
            }

            dependencies.AddEntityDependencies(roles);

            // Windows Live ID Server decided to return null for an unauthenticated user's name
            // A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string.
            var currentUsername = HttpContext.Current.User != null && HttpContext.Current.User.Identity != null
                                ? HttpContext.Current.User.Identity.Name ?? string.Empty
                                : string.Empty;

            var userRoles = Roles.GetRolesForUser(currentUsername);

            return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any());
        }
Exemplo n.º 5
0
        private bool UserInRole(CrmEntityRight right, bool defaultIfNoRoles, Entity ideaForumEntity, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
        {
            if (!Roles.Enabled)
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Roles are not enabled for this application. Returning {0}.", defaultIfNoRoles));
                return(defaultIfNoRoles);
            }

            IEnumerable <Entity> roles = new List <Entity>();
            IdeaForumNode        ideaForumNode;

            if (!map.TryGetValue(ideaForumEntity, out ideaForumNode))
            {
                return(false);
            }

            if (right == CrmEntityRight.Read)
            {
                roles = ideaForumNode.WebRolesRead.Select(wr => wr.ToEntity());
            }
            else if (right == CrmEntityRight.Change)
            {
                roles = ideaForumNode.WebRolesWrite.Select(wr => wr.ToEntity());
            }

            if (!roles.Any())
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Read is not restricted to any particular roles. Returning {0}.", defaultIfNoRoles));
                return(defaultIfNoRoles);
            }

            dependencies.AddEntityDependencies(roles);

            var userRoles = this.GetUserRoles();

            return(roles.Select(e => e.GetAttributeValue <string>("adx_name")).Intersect(userRoles, StringComparer.InvariantCulture).Any());
        }
        public bool TryAssertRightProperty(OrganizationServiceContext context, string rightPropertyName, CrmEntityCacheDependencyTrace dependencies)
        {
            // If Roles are not enabled on the site, deny permission.
            if (!Roles.Enabled)
            {
                ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Permission denied.");

                return(false);
            }

            dependencies.AddEntitySetDependency("adx_webrole");
            dependencies.AddEntitySetDependency("adx_webrole_contact");
            dependencies.AddEntitySetDependency("adx_webrole_account");

            dependencies.AddEntityDependency(_website);

            var userRoles = this.GetUserRoles();

            if (!userRoles.Any())
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No roles were found for the current user. Permission denied.");

                return(false);
            }

            var websiteaccessFetch =
                new Fetch
            {
                Entity = new FetchEntity("adx_websiteaccess", new [] { "adx_manageweblinksets", "adx_previewunpublishedentities" })
                {
                    Filters = new[]
                    {
                        new Filter
                        {
                            Conditions = new[]
                            {
                                new Condition(
                                    "adx_websiteid",
                                    ConditionOperator.Equal,
                                    this._website.Id),
                            }
                        }
                    }
                }
            };

            var rules = context.RetrieveMultiple(websiteaccessFetch).Entities;

            // If no access permissions are defined for this site, deny permission.
            if (!rules.Any())
            {
                ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No website access permission rules were found for the current website. Permission denied.");

                return(false);
            }

            dependencies.AddEntityDependencies(rules);

            foreach (var rule in rules)
            {
                var ruleRoles = context.RetrieveRelatedEntities(rule, "adx_websiteaccess_webrole", new [] { "adx_name" }).Entities;

                if (ruleRoles == null)
                {
                    continue;
                }

                var ruleRoleNames = ruleRoles.Select(role => role.GetAttributeValue <string>("adx_name"));

                var roleIntersection = ruleRoleNames.Intersect(userRoles, StringComparer.InvariantCulture);

                // If the user is in any of the roles associated with the permission rule, and
                // the rightsPredicate evaluates to true for the given rule, grant permission.
                if (roleIntersection.Any() && rule.GetAttributeValue <bool?>(rightPropertyName).GetValueOrDefault(false))
                {
                    return(true);
                }
            }

            // If no permission rules meet the necessary conditions, deny permission.
            return(false);
        }