protected override bool TryAssert(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
{
entity.ThrowOnNull("entity");
dependencies.AddEntityDependency(entity);
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on {1} ""{2}"" ({3}).", right, entity.LogicalName, entity.GetAttributeValue <string>("adx_name"), entity.Id));
switch (entity.LogicalName)
{
case "adx_ideaforum":
dependencies.AddEntitySetDependency("adx_webrole");
return(this.TryAssertIdeaForum(entity, right, dependencies, map));
case "adx_idea":
return(this.TryAssertIdea(serviceContext, entity, right, dependencies, map));
case "adx_ideacomment":
return(this.TryAssertIdeaComment(serviceContext, entity, right, dependencies, map));
case "adx_ideavote":
return(this.TryAssertIdeaVote(serviceContext, entity, right, dependencies, map));
default:
throw new NotSupportedException("Entities of type {0} are not supported by this provider.".FormatWith(entity.LogicalName));
}
}
public override bool TryAssert(OrganizationServiceContext context, Entity currentEvent, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies)
{
currentEvent.AssertEntityName("adx_event");
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("Testing right {0} on event ({1}).", right, currentEvent.Id));
dependencies.AddEntityDependency(currentEvent);
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_eventaccesspermission");
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "Roles are not enabled for this application. Allowing Read, but not Change.");
// If roles are not enabled on the site, grant Read, deny Change.
return(right == CrmEntityRight.Read);
}
// Windows Live ID Server decided to return null for an unauthenticated user's name
// A null username, however, breaks the Roles.GetRolesForUser() because it expects an empty string.
var currentUsername = (HttpContext.Current.User != null && HttpContext.Current.User.Identity != null)
? HttpContext.Current.User.Identity.Name ?? string.Empty
: string.Empty;
var userRoles = Roles.GetRolesForUser(currentUsername);
// Get all rules applicable to the event, grouping equivalent rules. (Rules that
// target the same event and confer the same right are equivalent.)
var ruleGroupings = from rule in GetRulesApplicableToEvent(context, currentEvent, dependencies)
let eventReference = rule.GetAttributeValue <EntityReference>("adx_eventid")
let rightOption = rule.GetAttributeValue <OptionSetValue>("adx_right")
where eventReference != null && rightOption != null
group rule by new { EventID = eventReference.Id, Right = rightOption.Value } into ruleGrouping
select ruleGrouping;
var websiteReference = currentEvent.GetAttributeValue <EntityReference>("adx_websiteid");
foreach (var ruleGrouping in ruleGroupings)
{
// Collect the names of all the roles that apply to this rule grouping
var ruleGroupingRoles = ruleGrouping.SelectMany(rule => rule.GetRelatedEntities(context, "adx_eventaccesspermission_webrole").ToList()
.Where(role => BelongsToWebsite(websiteReference, role))
.Select(role => role.GetAttributeValue <string>("adx_name")));
// Determine if the user belongs to any of the roles that apply to this rule grouping
var userIsInAnyRoleForThisRule = ruleGroupingRoles.Any(role => userRoles.Any(userRole => userRole == role));
// If the user belongs to one of the roles...
if (userIsInAnyRoleForThisRule)
{
if (ruleGrouping.Key.Right != RestrictRead)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User has right Change on forum ({0}). Permission granted.", ruleGrouping.Key.EventID));
// ...the user has all rights.
return(true);
}
}
// If the user does not belong to any of the roles, the rule restricts read, and the desired right
// is read...
else if (ruleGrouping.Key.Right == RestrictRead && right == CrmEntityRight.Read)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format("User does not have right Read due to read restriction on event ({0}). Permission denied.", ruleGrouping.Key.EventID));
// ...the user has no right.
return(false);
}
}
//Get all membership type applicable to the event
var membershipTypes = currentEvent.GetRelatedEntities(context, "adx_event_membershiptype");
//If the event has membership types, specific user has right to access it. If there is no membership type, every user has right.
if (membershipTypes.Any())
{
var contact = PortalContext.Current.User;
//Anonymouse user has no right.
if (contact == null)
{
return(false);
}
foreach (var membershipType in membershipTypes)
{
if (contact.GetRelatedEntities(context, "adx_membership_contact").Any(m => m.GetAttributeValue <EntityReference>("adx_membershiptypeid") == membershipType.ToEntityReference()))
{
return(true);
}
}
return(false);
}
// If none of the above rules apply, assert on parent webpage.
var parentWebPage = currentEvent.GetRelatedEntity(context, "adx_webpage_event");
// If there is no parent web page, grant Read by default, and deny Change.
if (parentWebPage == null)
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and event. Allowing Read, but not Change.");
return(right == CrmEntityRight.Read);
}
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No access control rules apply to the current user and event. Asserting right on parent web page.");
return(_webPageAccessControlProvider.TryAssert(context, parentWebPage, right, dependencies));
}
public override bool TryAssert(OrganizationServiceContext serviceContext, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies)
{
entity.ThrowOnNull("entity");
if (entity.LogicalName == "adx_issueforum")
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issueforum ({1}).", right, entity.Id));
dependencies.AddEntityDependency(entity);
dependencies.AddEntitySetDependency("adx_webrole");
return(right == CrmEntityRight.Change
? UserInRole("adx_webrole_issueforum_write", false, serviceContext, entity, dependencies)
: UserInRole("adx_webrole_issueforum_read", true, serviceContext, entity, dependencies) ||
UserInRole("adx_webrole_issueforum_write", false, serviceContext, entity, dependencies));
}
if (entity.LogicalName == "adx_issue")
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issue ({1}).", right, entity.Id));
dependencies.AddEntityDependency(entity);
var issueForum = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issueforum_issue"));
if (issueForum == null)
{
return(false);
}
var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false);
// If the right being asserted is Read, and the issue is approved, assert whether the issue forum is readable.
if (right == CrmEntityRight.Read && approved)
{
return(TryAssert(serviceContext, issueForum, right, dependencies));
}
return(TryAssert(serviceContext, issueForum, CrmEntityRight.Change, dependencies));
}
if (entity.LogicalName == "adx_issuecomment")
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issuecomment ({1}).", right, entity.Id));
dependencies.AddEntityDependency(entity);
var issue = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issue_issuecomment"));
if (issue == null)
{
return(false);
}
var approved = entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false);
// If the right being asserted is Read, and the comment is approved, assert whether the issue is readable.
if (right == CrmEntityRight.Read && approved)
{
return(TryAssert(serviceContext, issue, right, dependencies));
}
return(TryAssert(serviceContext, issue, CrmEntityRight.Change, dependencies));
}
if (entity.LogicalName == "adx_issuevote")
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, string.Format(@"Testing right {0} on adx_issuevote ({1}).", entity.Id));
dependencies.AddEntityDependency(entity);
var issue = entity.GetRelatedEntity(serviceContext, new Relationship("adx_issue_issuevote"));
return(issue != null && TryAssert(serviceContext, issue, right, dependencies));
}
throw new NotSupportedException("Entities of type {0} are not supported by this provider.".FormatWith(entity.LogicalName));
}
public override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies)
{
if (entity == null || right == CrmEntityRight.Change)
{
return(false);
}
dependencies.AddEntityDependency(entity);
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_webrole_contact");
dependencies.AddEntitySetDependency("adx_webrole_account");
dependencies.AddEntitySetDependency("adx_websiteaccess");
var entityName = entity.LogicalName;
// Weblinks require some special handling.
if (entityName == "adx_weblink")
{
var weblinkPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_weblink");
// If a weblink has a publishing state, and that state is not visible, state access is
// denied (unless the user can preview).
if (weblinkPublishingState != null && !weblinkPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault())
{
dependencies.AddEntityDependency(weblinkPublishingState);
return(UserCanPreview(context, entity));
}
var weblinkPage = context.RetrieveRelatedEntity(entity, "adx_webpage_weblink");
// If a weblink has an associated page, and page validation is not disabled, return the
// result of assertion on that page.
if (weblinkPage != null && !entity.GetAttributeValue <bool?>("adx_disablepagevalidation").GetValueOrDefault(false))
{
return(TryAssert(context, weblinkPage, right, dependencies));
}
}
if (entityName == "adx_idea")
{
return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false));
}
if (entityName == "adx_ideacomment")
{
return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false));
}
EntityReference publishingStateReference = null;
Entity entityPublishingState = null;
switch (entityName)
{
case "adx_webpage":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_weblinkset":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_webfile":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_communityforum":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_communityforumpost":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_ad":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
// legacy entities
case "adx_event":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_event");
break;
case "adx_eventschedule":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventschedule");
break;
case "adx_eventspeaker":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventspeaker");
break;
case "adx_eventsponsor":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventsponsor");
break;
case "adx_survey":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_survey");
break;
}
if (publishingStateReference != null)
{
entityPublishingState = context.RetrieveSingle(
"adx_publishingstate",
new[] { "adx_isvisible" },
new Condition("adx_publishingstateid", ConditionOperator.Equal, publishingStateReference.Id));
}
if (entityPublishingState == null)
{
return(true);
}
dependencies.AddEntityDependency(entityPublishingState);
if (entityPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault())
{
return(true);
}
return(UserCanPreview(context, entityPublishingState));
}
public override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies)
{
if (entity == null || right == CrmEntityRight.Change)
{
return(false);
}
dependencies.AddEntityDependency(entity);
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_webrole_contact");
dependencies.AddEntitySetDependency("adx_webrole_account");
dependencies.AddEntitySetDependency("adx_websiteaccess");
var entityName = entity.LogicalName;
if (entityName == "adx_idea")
{
return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false));
}
if (entityName == "adx_ideacomment")
{
return(entity.GetAttributeValue <bool?>("adx_approved").GetValueOrDefault(false));
}
EntityReference publishingStateReference = null;
Entity entityPublishingState = null;
switch (entityName)
{
case "adx_communityforumpost":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
case "adx_ad":
publishingStateReference = entity.GetAttributeValue <EntityReference>("adx_publishingstateid");
break;
// legacy entities
case "adx_event":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_event");
break;
case "adx_eventschedule":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventschedule");
break;
case "adx_eventspeaker":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventspeaker");
break;
case "adx_eventsponsor":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_eventsponsor");
break;
case "adx_survey":
entityPublishingState = context.RetrieveRelatedEntity(entity, "adx_publishingstate_survey");
break;
}
if (publishingStateReference != null)
{
entityPublishingState = context.RetrieveSingle(
"adx_publishingstate",
new[] { "adx_isvisible" },
new Condition("adx_publishingstateid", ConditionOperator.Equal, publishingStateReference.Id));
}
if (entityPublishingState == null)
{
return(true);
}
dependencies.AddEntityDependency(entityPublishingState);
if (entityPublishingState.GetAttributeValue <bool?>("adx_isvisible").GetValueOrDefault())
{
return(true);
}
return(UserCanPreview(context, entityPublishingState));
}
/// <summary>
/// Test whether or not an Entity's published dates are visible in the current context.
/// </summary>
/// <param name="context">OrganizationServiceContext</param>
/// <param name="entity">CRM Entity</param>
/// <param name="right">Entity Right</param>
/// <param name="dependencies">Cache Dependency Trace</param>
/// <param name="map">Content Map</param>
/// <returns></returns>
protected override bool TryAssert(OrganizationServiceContext context, Entity entity, CrmEntityRight right, CrmEntityCacheDependencyTrace dependencies, ContentMap map)
{
if (entity == null || right == CrmEntityRight.Change)
{
return(false);
}
dependencies.AddEntityDependency(entity);
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_websiteaccess");
var entityName = entity.LogicalName;
var releaseDate = DateTime.MinValue;
var expiryDate = DateTime.MaxValue;
if (entityName == "adx_webpage" ||
entityName == "adx_webfile" ||
entityName == "adx_event" ||
entityName == "adx_survey" ||
entityName == "adx_ad")
{
releaseDate = entity.GetAttributeValue <DateTime?>("adx_releasedate").GetValueOrDefault(DateTime.MinValue);
expiryDate = entity.GetAttributeValue <DateTime?>("adx_expirationdate").GetValueOrDefault(DateTime.MaxValue);
}
else if (entityName == "adx_weblink")
{
if (!entity.GetAttributeValue <bool?>("adx_disablepagevalidation").GetValueOrDefault(false))
{
var pageReference = entity.GetAttributeValue <EntityReference>("adx_pageid");
if (pageReference != null)
{
WebPageNode rootPage;
if (map.TryGetValue(pageReference, out rootPage))
{
var weblinkWebPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false);
if (weblinkWebPage != null)
{
return(TryAssert(context, weblinkWebPage.ToEntity(), right, dependencies));
}
}
}
}
return(true);
}
else if (entityName == "adx_shortcut")
{
if (!entity.GetAttributeValue <bool?>("adx_disabletargetvalidation").GetValueOrDefault(false))
{
var pageReference = entity.GetAttributeValue <EntityReference>("adx_webpageid");
var webFileReference = entity.GetAttributeValue <EntityReference>("adx_webfileid");
if (pageReference != null)
{
WebPageNode rootPage;
if (map.TryGetValue(pageReference, out rootPage))
{
var shortcutWebPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false);
if (shortcutWebPage != null)
{
return(TryAssert(context, shortcutWebPage.ToEntity(), right, dependencies));
}
}
}
else if (webFileReference != null)
{
WebFileNode webFile;
if (map.TryGetValue(webFileReference, out webFile))
{
return(TryAssert(context, webFile.ToEntity(), right, dependencies));
}
}
}
var parentPageReference = entity.GetAttributeValue <EntityReference>("adx_parentpage_webpageid");
if (parentPageReference != null)
{
WebPageNode rootPage;
if (map.TryGetValue(parentPageReference, out rootPage))
{
var parentPage = HttpContext.Current.GetContextLanguageInfo().FindLanguageSpecificWebPageNode(rootPage, false);
return(TryAssert(context, parentPage.ToEntity(), right, dependencies));
}
}
return(true);
}
return(UserCanPreview(context, entity) || InnerTryAssert(releaseDate, expiryDate));
}
public bool TryAssertRightProperty(OrganizationServiceContext context, string rightPropertyName, CrmEntityCacheDependencyTrace dependencies)
{
// If Roles are not enabled on the site, deny permission.
if (!Roles.Enabled)
{
ADXTrace.Instance.TraceError(TraceCategory.Application, "Roles are not enabled for this application. Permission denied.");
return(false);
}
dependencies.AddEntitySetDependency("adx_webrole");
dependencies.AddEntitySetDependency("adx_webrole_contact");
dependencies.AddEntitySetDependency("adx_webrole_account");
dependencies.AddEntityDependency(_website);
var userRoles = this.GetUserRoles();
if (!userRoles.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No roles were found for the current user. Permission denied.");
return(false);
}
var websiteaccessFetch =
new Fetch
{
Entity = new FetchEntity("adx_websiteaccess", new [] { "adx_manageweblinksets", "adx_previewunpublishedentities" })
{
Filters = new[]
{
new Filter
{
Conditions = new[]
{
new Condition(
"adx_websiteid",
ConditionOperator.Equal,
this._website.Id),
}
}
}
}
};
var rules = context.RetrieveMultiple(websiteaccessFetch).Entities;
// If no access permissions are defined for this site, deny permission.
if (!rules.Any())
{
ADXTrace.Instance.TraceInfo(TraceCategory.Application, "No website access permission rules were found for the current website. Permission denied.");
return(false);
}
dependencies.AddEntityDependencies(rules);
foreach (var rule in rules)
{
var ruleRoles = context.RetrieveRelatedEntities(rule, "adx_websiteaccess_webrole", new [] { "adx_name" }).Entities;
if (ruleRoles == null)
{
continue;
}
var ruleRoleNames = ruleRoles.Select(role => role.GetAttributeValue <string>("adx_name"));
var roleIntersection = ruleRoleNames.Intersect(userRoles, StringComparer.InvariantCulture);
// If the user is in any of the roles associated with the permission rule, and
// the rightsPredicate evaluates to true for the given rule, grant permission.
if (roleIntersection.Any() && rule.GetAttributeValue <bool?>(rightPropertyName).GetValueOrDefault(false))
{
return(true);
}
}
// If no permission rules meet the necessary conditions, deny permission.
return(false);
}
