public async Task <ActionResult> RolesEdit_Partial(EditModel model)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
string originalRole = model.OriginalName;
RoleDefinition role = await dataProvider.GetItemAsync(originalRole);// get the original item
if (role == null)
{
throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole));
}
if (!ModelState.IsValid)
{
return(PartialView(model));
}
role = model.GetData(role); // merge new data into original
model.SetData(role); // and all the data back into model for final display
switch (await dataProvider.UpdateItemAsync(originalRole, role))
{
default:
case UpdateStatusEnum.RecordDeleted:
throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", originalRole));
case UpdateStatusEnum.NewKeyExists:
ModelState.AddModelError(nameof(model.Name), this.__ResStr("alreadyExists", "A role named \"{0}\" already exists.", model.Name));
return(PartialView(model));
case UpdateStatusEnum.OK:
break;
}
return(FormProcessed(model, this.__ResStr("okSaved", "Role \"{0}\" saved", role.Name), OnPopupClose: OnPopupCloseEnum.ReloadModule));
}
}
//~RoleStore() { Dispose(false); }
// IRoleStore
// IRoleStore
// IRoleStore
public async Task <IdentityResult> CreateAsync(RoleDefinition role, CancellationToken cancellationToken)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider(this.CurrentSiteIdentity)) {
await dataProvider.AddItemAsync(role);
}
return(IdentityResult.Success);
}
public async Task <IdentityResult> DeleteAsync(RoleDefinition role)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider(this.CurrentSiteIdentity)) {
await dataProvider.RemoveItemAsync(role.Name);
}
return(IdentityResult.Success);
}
public async Task <List <SelectionItem <string> > > GetUserRolesAsync(int userId)
{
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
List <SelectionItem <string> > list = new List <SelectionItem <string> >();
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user != null)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
List <RoleDefinition> allRoles = roleDP.GetAllRoles();
foreach (Role r in user.RolesList)
{
RoleDefinition roleDef = (from a in allRoles where a.RoleId == r.RoleId select a).FirstOrDefault();
if (roleDef != null)
{
list.Add(new SelectionItem <string> {
Text = roleDef.Name, Tooltip = roleDef.Description, Value = roleDef.Id
});
}
}
}
}
return(list);
}
}
private void CleanupUsersAndRoles(Authorization data)
{
// remove superuser from allowed roles as he/she's in there by default
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider(SiteIdentity)) {
if (data.AllowedRoles == null)
{
data.AllowedRoles = new SerializableList <Role>();
}
else
{
data.AllowedRoles = new SerializableList <Role>((from r in data.AllowedRoles where r.RoleId != RoleDefinitionDataProvider.SuperUserId select r).ToList());
}
if (data.AllowedUsers != null && data.AllowedUsers.Count > Info.MAX_USERS_IN_RESOURCE)
{
throw new Error(this.__ResStr("maxUsers", "Only up to {0} users can be authorized for a resource. Consider creating a role instead, and add all users to that role. There is no limit to the number of users that can be added to a role."));
}
// remove superuser from allowed users as he/she's allowed by default
if (data.AllowedUsers == null)
{
data.AllowedUsers = new SerializableList <User>();
}
else
{
data.AllowedUsers = new SerializableList <User>((from u in data.AllowedUsers where u.UserId != SuperuserDefinitionDataProvider.SuperUserId select u).ToList());
}
}
}
public async Task RemoveRoleFromUserAsync(int userId, string roleName)
{
int roleId;
// get the role id for roleName
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
RoleDefinition role = await roleDP.GetItemAsync(roleName);
if (role == null)
{
throw new InternalError("Unexpected error in AddRoleToUser - expected role {0} not found", roleName);
}
roleId = role.RoleId;
}
// remove the role from the user
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user != null)
{
Role role = (from Role r in user.RolesList where r.RoleId == roleId select r).FirstOrDefault();
if (role != null)
{
user.RolesList.Remove(role);
UpdateStatusEnum status = await userDP.UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected status {0} updating user account in RemoveRoleFromUser", status);
}
}
}
}
}
public async Task <DataProviderGetRecords <Authorization> > GetItemsAsync(int skip, int take, List <DataProviderSortInfo> sort, List <DataProviderFilterInfo> filters)
{
// get all defined authorizations
DataProviderGetRecords <Authorization> list = await DataProvider.GetRecordsAsync(0, 0, null, filters);
foreach (Authorization l in list.Data)
{
l.CanDelete = true;
}
// get all AuthorizationResource items
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider(SiteIdentity)) {
AuthorizationResourceDataProvider authResDP = new AuthorizationResourceDataProvider();
DataProviderGetRecords <ResourceAttribute> resAttrs = authResDP.GetItems();
// merge in AuthorizationResource items
foreach (ResourceAttribute resAttr in resAttrs.Data)
{
Authorization auth = (from l in list.Data where l.ResourceName == resAttr.Name select l).FirstOrDefault();
if (auth == null)
{
auth = GetFromAuthorizationResource(roleDP, resAttr);
list.Data.Add(auth);
}
}
}
return(DataProviderImpl <Authorization> .GetRecords(list.Data, skip, take, sort, filters));
}
/// <summary>
/// Used from site template to add a site admin role
/// </summary>
public void AddAdministratorRole()
{
YetaWFManager.Syncify(async() => { // super-rare so sync is OK
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
await dataProvider.AddAdministratorRoleAsync();
}
});
}
public async Task <ActionResult> Remove(string name)
{
if (string.IsNullOrWhiteSpace(name))
{
throw new Error(this.__ResStr("noItem", "No role name specified"));
}
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
await dataProvider.RemoveItemAsync(name);
return(Reload(null, Reload: ReloadEnum.ModuleParts));
}
}
private void CleanupRoles(UserDefinition data)
{
if (data.RolesList == null)
{
data.RolesList = new SerializableList <Role>();
}
// remove User and Superuser from allowed roles as he/she's in there by default
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider(SiteIdentity)) {
int userRole = roleDP.GetUserRoleId();
int superuserRole = SuperuserDefinitionDataProvider.SuperUserId;
data.RolesList = new SerializableList <Role>((from r in data.RolesList where r.RoleId != userRole && r.RoleId != superuserRole select r).ToList());
}
}
public async Task <ActionResult> RolesAdd_Partial(AddModel model)
{
if (!ModelState.IsValid)
{
return(PartialView(model));
}
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
if (!await dataProvider.AddItemAsync(model.GetData()))
{
throw new Error(this.__ResStr("alreadyExists", "A role named \"{0}\" already exists."), model.Name);
}
return(FormProcessed(model, this.__ResStr("okSaved", "New role \"{0}\" saved", model.Name), OnPopupClose: OnPopupCloseEnum.ReloadModule));
}
}
public Task <string> RenderAsync(int model)
{
YTagBuilder tag = new YTagBuilder("span");
FieldSetup(tag, FieldType.Anonymous);
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
RoleDefinition role = dataProvider.GetRoleById(model);
tag.SetInnerText(role.Name);
tag.Attributes.Add(Basics.CssTooltipSpan, role.Description);
}
return(Task.FromResult(tag.ToString(YTagRenderMode.Normal)));
}
public async Task <ActionResult> RolesDisplay(string name)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
RoleDefinition data = await dataProvider.GetItemAsync(name);
if (data == null)
{
throw new Error(this.__ResStr("notFound", "Role \"{0}\" not found."), name);
}
DisplayModel model = new DisplayModel();
model.SetData(data);
Module.Title = this.__ResStr("modDisplayTitle", "{0} Role", name);
return(View(model));
}
}
// API
// API
// API
public async Task <Authorization> GetItemAsync(string resourceName)
{
Authorization data = await DataProvider.GetAsync(resourceName);
if (data != null)
{
data.CanDelete = true;
return(data);
}
AuthorizationResourceDataProvider authResDP = new AuthorizationResourceDataProvider();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider(SiteIdentity)) {
return(GetFromAuthorizationResource(roleDP, authResDP.GetItem(resourceName)));
}
}
private UserDefinition GetUser(string name)
{
using (RoleDefinitionDataProvider roleProvider = new RoleDefinitionDataProvider(SiteIdentity)) {
int roleId = roleProvider.GetUserRoleId();
return(new UserDefinition()
{
UserName = name,
RolesList = new SerializableList <Role>(),
UserStatus = UserStatusEnum.Approved,
Comment = this.__ResStr("user", "A sample user"),
Email = name + "@" + Manager.CurrentSite.SiteDomain,
RegistrationIP = "127.0.0.1",
});
}
}
private GridDefinition GetGridModel()
{
return(new GridDefinition {
ModuleGuid = Module.ModuleGuid,
SettingsModuleGuid = Module.PermanentGuid,
RecordType = typeof(BrowseItem),
AjaxUrl = GetActionUrl(nameof(RolesBrowse_GridData)),
DirectDataAsync = async(int skip, int take, List <DataProviderSortInfo> sort, List <DataProviderFilterInfo> filters) => {
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider()) {
DataProviderGetRecords <RoleDefinition> browseItems = await dataProvider.GetItemsAsync(skip, take, sort, filters);
return new DataSourceResult {
Data = (from s in browseItems.Data select new BrowseItem(Module, s)).ToList <object>(),
Total = browseItems.Total
};
}
},
});
}
public async Task <IdentityResult> UpdateAsync(RoleDefinition role, CancellationToken cancellationToken)
{
RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider(this.CurrentSiteIdentity);
UpdateStatusEnum status = await dataProvider.UpdateItemAsync(role);
switch (status)
{
default:
case UpdateStatusEnum.RecordDeleted:
throw new Error(this.__ResStr("alreadyDeleted", "The role named \"{0}\" has been removed and can no longer be updated.", role.Name));
case UpdateStatusEnum.NewKeyExists:
throw new Error(this.__ResStr("alreadyExists", "A role named \"{0}\" already exists.", role.Name));
case UpdateStatusEnum.OK:
break;
}
return(IdentityResult.Success);
}
private Authorization GetFromAuthorizationResource(RoleDefinitionDataProvider roleDP, ResourceAttribute resAttr)
{
Authorization auth = new Authorization()
{
ResourceName = resAttr.Name,
ResourceDescription = resAttr.Description,
};
auth.AllowedRoles.Add(new Role()
{
RoleId = RoleDefinitionDataProvider.SuperUserId
});
if (resAttr.Anonymous)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAnonymousRoleId()
});
}
if (resAttr.User)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetUserRoleId()
});
}
if (resAttr.Editor)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetEditorRoleId()
});
}
if (resAttr.Administrator)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAdministratorRoleId()
});
}
return(auth);
}
public Task <string> GetUserPostLoginUrlAsync(List <int> userRoles)
{
if (userRoles != null)
{
foreach (int roleId in userRoles)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
RoleDefinition role = roleDP.GetRoleById(roleId);
if (role != null)
{
if (!string.IsNullOrWhiteSpace(role.PostLoginUrl))
{
return(Task.FromResult(role.PostLoginUrl));
}
}
}
}
}
return(Task.FromResult <string>(null));
}
public List <RoleInfo> GetDefaultRoleList(bool Exclude2FA = false)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
List <RoleDefinition> allRoles = roleDP.GetAllRoles();
List <RoleInfo> roles;
if (Exclude2FA)
{
roles = (from r in allRoles
where r.RoleId != roleDP.GetUser2FARoleId()
select new RoleInfo {
RoleId = r.RoleId, Name = r.Name, Description = r.Description, PostLoginUrl = r.PostLoginUrl
}).ToList();
}
else
{
roles = (from r in allRoles select new RoleInfo {
RoleId = r.RoleId, Name = r.Name, Description = r.Description, PostLoginUrl = r.PostLoginUrl
}).ToList();
}
return(roles);
}
}
private async Task <UserDefinition> GetSuperuserUserAsync()
{
using (RoleDefinitionDataProvider roleProvider = new RoleDefinitionDataProvider(SiteIdentity)) {
RoleDefinition role = await roleProvider.GetItemAsync(Globals.Role_Superuser);
return(new UserDefinition()
{
UserName = SuperUserName,
RolesList = new SerializableList <Role>()
{
new Role()
{
RoleId = role.RoleId
}
},
UserStatus = UserStatusEnum.Approved,
Comment = this.__ResStr("super", "The superuser for all sites"),
Email = SuperUserName + "@" + Manager.CurrentSite.SiteDomain,
RegistrationIP = "127.0.0.1",
});
}
}
public async Task AddRoleToUserAsync(int userId, string roleName)
{
int roleId;
// get the role id for roleName
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
RoleDefinition role = await roleDP.GetItemAsync(roleName);
if (role == null)
{
throw new InternalError("Unexpected error in AddRoleToUser - expected role {0} not found", roleName);
}
roleId = role.RoleId;
}
// add the role to the user
using (UserDefinitionDataProvider userDP = new UserDefinitionDataProvider()) {
UserDefinition user = await userDP.GetItemByUserIdAsync(userId);
if (user == null)
{
throw new InternalError("Unexpected error in AddRoleToUser - no user found");
}
Role role = new Role {
RoleId = roleId
};
if (!user.RolesList.Contains(role, new RoleComparer()))
{
user.RolesList.Add(role);
UpdateStatusEnum status = await userDP.UpdateItemAsync(user);
if (status != UpdateStatusEnum.OK)
{
throw new InternalError("Unexpected status {0} updating user account in AddRoleToUser", status);
}
}
}
}
public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
{
// we need to check if this resource is protected
if (string.IsNullOrEmpty(resourceName))
{
throw new InternalError("Missing resource name");
}
if (IsBackDoorWideOpen())
{
return(true);
}
if (YetaWFManager.IsDemo || Manager.IsDemoUser)
{
return(true);
}
// check if this is the superuser
if (Manager.HasSuperUserRole)
{
return(true);
}
using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
Authorization auth = await authDP.GetItemAsync(resourceName);
if (auth == null)
{
Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
return(false);// not authorized, there is no such resource
#endif
}
RoleComparer roleComp = new RoleComparer();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
if (!Manager.HaveUser)
{
// check if anonymous user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetAnonymousRoleId()
}, roleComp))
{
return(true);
}
return(false);
}
// authenticated user
// check if any authenticated user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetUserRoleId()
}, roleComp))
{
return(true);
}
}
string userName = Manager.UserName;
UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user
if (user == null)
{
throw new InternalError("UserObject missing for authenticated user");
}
// check if this user is allowed
if (auth.AllowedUsers.Contains(new User {
UserId = user.UserId
}, new UserComparer()))
{
return(true);
}
// check if this user is in a permitted role
foreach (Role loginRole in user.RolesList)
{
if (auth.AllowedRoles.Contains(new Role {
RoleId = loginRole.RoleId
}, roleComp))
{
return(true);
}
}
} // simply not authorized
return(false);
}
public async Task <RoleDefinition> FindByNameAsync(string roleName, CancellationToken cancellationToken)
{
using (RoleDefinitionDataProvider dataProvider = new RoleDefinitionDataProvider(this.CurrentSiteIdentity)) {
return(await dataProvider.GetItemAsync(roleName));
}
}
public async Task RemoveRoleAsync(string roleName)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
await roleDP.RemoveItemAsync(roleName);
}
}
public async Task AddRoleWithUrlAsync(string roleName, string description, string postLoginUrl)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
await roleDP.AddItemAsync(new RoleDefinition { Name = roleName, Description = description, PostLoginUrl = postLoginUrl });
}
}
public int GetRoleId(string name)
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetRoleId(name));
}
}
public int GetAnonymousRoleId()
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetAnonymousRoleId());
}
}
public int GetAdministratorRoleId()
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetAdministratorRoleId());
}
}
public int GetUser2FARoleId()
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetUser2FARoleId());
}
}
