/// <summary> /// Determines whether the specified command is authorized within the context. /// </summary> /// <param name="context">The context.</param> /// <param name="command">The command.</param> /// <returns> /// <c>true</c> if the specified command is authorized; otherwise, <c>false</c>. /// </returns> public static bool IsAuthorized(ILavaRenderContext context, string command) { if (command.IsNullOrWhiteSpace()) { return(false); } var enabledCommands = context.GetEnabledCommands(); if (enabledCommands.Any()) { if (enabledCommands.Contains("All", StringComparer.OrdinalIgnoreCase) || enabledCommands.Contains(command, StringComparer.OrdinalIgnoreCase)) { return(true); } } return(false); }
/// <summary> /// Renders the specified context. /// </summary> /// <param name="context">The context.</param> /// <param name="result">The result.</param> public override void OnRender(ILavaRenderContext context, TextWriter result) { if (_shortcode == null) { result.Write($"An error occurred while processing the {0} shortcode.", _tagName); } // Get the parameters and default values defined by the shortcode, then apply the parameters that have been specified in the shortcode tag attributes // and those that are stored in the current render context. var parms = new Dictionary <string, object>(); foreach (var shortcodeParm in _shortcode.Parameters) { parms.AddOrReplace(shortcodeParm.Key, shortcodeParm.Value); } SetParametersFromElementAttributes(parms, _elementAttributesMarkup, context); // Set a unique id for the shortcode. parms.AddOrReplace("uniqueid", "id-" + Guid.NewGuid().ToString()); // Apply the merge fields in the block context. var internalMergeFields = context.GetMergeFields(); foreach (var item in parms) { internalMergeFields.AddOrReplace(item.Key, item.Value); } // Add parameters for tracking the recursion depth. int currentRecursionDepth = 0; if (parms.ContainsKey("RecursionDepth")) { currentRecursionDepth = parms["RecursionDepth"].ToString().AsInteger() + 1; if (currentRecursionDepth > _maxRecursionDepth) { result.Write("A recursive loop was detected and processing of this shortcode has stopped."); return; } } parms.AddOrReplace("RecursionDepth", currentRecursionDepth); // Resolve the merge fields in the shortcode template in a separate context, using the set of merge fields that have been modified by the shortcode parameters. // Apply the set of enabled commands specified by the shortcode definition, or those enabled for the current context if none are defined by the shortcode. // The resulting content is a shortcode template that is ready to be processed to resolve its child elements. var enabledCommands = _shortcode.EnabledLavaCommands ?? new List <string>(); enabledCommands = enabledCommands.Where(x => !string.IsNullOrWhiteSpace(x)).ToList(); if (!enabledCommands.Any()) { enabledCommands = context.GetEnabledCommands(); } var shortcodeTemplateContext = _engine.NewRenderContext(internalMergeFields, enabledCommands); var blockMarkupRenderResult = _engine.RenderTemplate(_blockMarkup.ToString(), LavaRenderParameters.WithContext(shortcodeTemplateContext)); var shortcodeTemplateMarkup = blockMarkupRenderResult.Text; // Extract child elements from the shortcode template content. // One or more child elements can be added to a shortcode block using the syntax "[[ <childElementName> <paramName1>:value1 <paramName2>:value2 ... ]] ... [[ end<childElementName> ]]", // where <childElementName> is a shortcode-specific tag name, <param1> is a shortcode parameter name, and <value1> is the parameter value. // Child elements are grouped by <childElementName>, and each collection is passed as a separate parameter to the shortcode template // using the variable name "<childElementNameItems>". The first element of the array is also added using the variable name "<childElementName>". // Parameters declared on child elements can be referenced in the shortcode template as <childElementName>.<paramName>. Dictionary <string, object> childElements; var residualMarkup = ExtractShortcodeBlockChildElements(shortcodeTemplateMarkup, out childElements); // Add the collections of child to the set of parameters that will be passed to the shortcode template. foreach (var item in childElements) { parms.AddOrReplace(item.Key, item.Value); } // Set context variables related to the block content so they can be referenced by the shortcode template. if (residualMarkup.IsNotNullOrWhiteSpace()) { // JME (7/23/2019) Commented out the two lines below and substituted the line after to allow for better // processing of the block content. Testing was done on all existing shortcodes but leaving // this code in place in case a future edge case is found. Could/should remove this in the future. // Regex rgx = new Regex( @"{{\s*blockContent\s*}}", RegexOptions.IgnoreCase ); // lavaTemplate = rgx.Replace( lavaTemplate, blockMarkup ); parms.AddOrReplace("blockContent", residualMarkup); parms.AddOrReplace("blockContentExists", true); } else { parms.AddOrReplace("blockContentExists", false); } // Now ensure there aren't any entity commands in the block that are not allowed. // This is necessary because the shortcode may be configured to allow more entities for processing // than the source block, template, action, etc. permits. var securityCheckResult = _engine.RenderTemplate(residualMarkup, LavaRenderParameters.WithContext(context)); Regex securityErrorPattern = new Regex(string.Format(Constants.Messages.NotAuthorizedMessage, ".*")); Match securityErrorMatch = securityErrorPattern.Match(securityCheckResult.Text); // If the security check failed, return the error message. if (securityErrorMatch.Success) { result.Write(securityErrorMatch.Value); return; } // Merge the shortcode template in a new context, using the parameters and security allowed by the shortcode. var shortcodeContext = _engine.NewRenderContext(parms); // If the shortcode specifies a set of enabled Lava commands, set these for the current context. // If not, use the commands enabled for the current context. if (_shortcode.EnabledLavaCommands != null && _shortcode.EnabledLavaCommands.Any()) { shortcodeContext.SetEnabledCommands(_shortcode.EnabledLavaCommands); } else { shortcodeContext.SetEnabledCommands(context.GetEnabledCommands()); } var results = _engine.RenderTemplate(_shortcode.TemplateMarkup, LavaRenderParameters.WithContext(shortcodeContext)); result.Write(results.Text.Trim()); }
/// <summary> /// Renders the specified context. /// </summary> /// <param name="context">The context.</param> /// <param name="result">The result.</param> public override void OnRender(ILavaRenderContext context, TextWriter result) { var rockContext = LavaHelper.GetRockContextFromLavaContext(context); // Get enabled security commands _enabledSecurityCommands = context.GetEnabledCommands().JoinStrings(","); using (TextWriter writer = new StringWriter()) { bool filterProvided = false; base.OnRender(context, writer); var parms = ParseMarkup(_markup, context); var lookAheadDays = parms[LOOK_AHEAD_DAYS].AsInteger(); var scheduleCategoryId = parms[SCHEDULE_CATEGORY_ID].AsIntegerOrNull(); var asAtDate = parms[AS_AT_DATE].AsDateTime(); var now = asAtDate ?? RockDateTime.Now; var scheduleIds = new List <int>(); var requestedSchedules = parms[SCHEDULE_ID].StringToIntList(); var schedulesQry = new ScheduleService(rockContext).Queryable().AsNoTracking() .Where(s => s.IsActive == true); if (requestedSchedules.Count() > 0) { schedulesQry = schedulesQry.Where(s => requestedSchedules.Contains(s.Id)); filterProvided = true; } if (scheduleCategoryId.HasValue) { schedulesQry = schedulesQry.Where(s => s.CategoryId == scheduleCategoryId.Value); filterProvided = true; } // If neither a schedule id nor a schedule category id was provided stop if (!filterProvided) { return; } // Get the schedules are order them by the next start time var schedules = schedulesQry.ToList() .Where(s => s.GetNextStartDateTime(now) != null) .OrderBy(s => s.GetNextStartDateTime(now)); if (schedules.Count() == 0) { return; } var nextSchedule = schedules.FirstOrDefault(); var nextStartDateTime = nextSchedule.GetNextStartDateTime(now); var isLive = false; DateTime?occurrenceEndDateTime = null; // Determine if we're live if (nextSchedule.WasScheduleActive(now)) { isLive = true; var occurrences = nextSchedule.GetICalOccurrences(now, now.AddDays(lookAheadDays)).Take(2); var activeOccurrence = occurrences.FirstOrDefault(); occurrenceEndDateTime = (DateTime)activeOccurrence.Period.EndTime.Value; // Set the next occurrence to be the literal next occurrence (vs the current occurrence) nextStartDateTime = null; if (occurrences.Count() > 1) { nextStartDateTime = occurrences.Last().Period.EndTime.Value; } } // Determine when not to show the content if ((parms[SHOW_WHEN] == "notlive" && isLive) || (parms[SHOW_WHEN] == "live" && !isLive)) { return; } // Check role membership var roleId = parms[ROLE_ID].AsIntegerOrNull(); if (roleId.HasValue) { var currentPerson = GetCurrentPerson(context); var isInRole = new GroupMemberService(rockContext).Queryable() .Where(m => m.GroupId == roleId && m.PersonId == currentPerson.Id ) .Any(); if (!isInRole) { return; } } var mergeFields = context.GetMergeFields(); mergeFields.Add("NextOccurrenceDateTime", nextStartDateTime); mergeFields.Add("OccurrenceEndDateTime", occurrenceEndDateTime); mergeFields.Add("Schedule", nextSchedule); mergeFields.Add("IsLive", isLive); var engine = context.GetService <ILavaEngine>(); var renderContext = engine.NewRenderContext(mergeFields, _enabledSecurityCommands.SplitDelimitedValues()); var results = engine.RenderTemplate(_blockMarkup.ToString(), LavaRenderParameters.WithContext(renderContext)); result.Write(results.Text.Trim()); } }