/// <summary>
/// Rules visualisation in umbraco backoffice
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void TreeControllerBase_TreeNodesRendering(TreeControllerBase sender, TreeNodesRenderingEventArgs e)
{
if (KeepOutRulesFolderId == 0)
{
return;
}
if (!VisualiseRules)
{
return;
}
if (sender.TreeAlias != "content")
{
return;
}
using (var context = _factory.EnsureUmbracoContext())
{
foreach (var node in e.Nodes)
{
var intCurrentNodeId = int.Parse(node.Id.ToString());
var page = context.UmbracoContext.Content.GetById(intCurrentNodeId);
if (page == null)
{
continue;
}
// if the current node is secured by a rule (or is the rule itself), colour the node
var isRule = page.ContentType.Alias == "keepOutSecurityRule";
var path = page.Path.Split(',').ToList();
var hasRule = RulesPages.Intersect(path).ToList();
if (!hasRule.Any() && !isRule)
{
continue;
}
node.CssClasses.Add("keepout");
if (isRule)
{
// node is the rule itself
var ruleColour = page.GetProperty("coverageColour").GetValue() as ColorPickerValueConverter.PickedColor;
node.CssClasses.Add($"keepout-{ruleColour.Label}");
node.CssClasses.Add("keepoutrule");
}
else
{
// node is content that is covered by a rule
var ruleNdx = RulesPages.IndexOf(hasRule.Last()); // if multiple rules overlap, last wins
var activeRule = Rules[ruleNdx];
node.CssClasses.Add(activeRule.CoverageColour);
}
}
}
}
private void TreeControllerBase_TreeNodesRendering(TreeControllerBase sender, TreeNodesRenderingEventArgs e)
{
if (!VisualiseRules)
{
return;
}
switch (sender.TreeAlias)
{
case "content":
foreach (var node in e.Nodes)
{
// if the current node is secured by a rule, find it and colour the node
var id = int.Parse(node.Id.ToString());
// need IContent object to gain access to Path, node Path is always null :(
//var page = ApplicationContext.Current.Services.ContentService.GetById(id);
// get IPublishedContent from cache
var page = UmbracoContext.Current.ContentCache.GetById(id);
if (page == null)
{
break;
}
var path = page.Path.Split(new[] { ',' }).ToList();
var hasRule = RulesPages.Intersect(path);
if (hasRule.Any())
{
var ruleIndex = RulesPages.IndexOf(hasRule.First()); // if multiple rules overlap, take the first
var activeRule = Rules[ruleIndex];
node.CssClasses.Add("keepout");
node.CssClasses.Add(activeRule.Colour);
}
// colour the actual rule node to indicate the rule assignment
if (page.ContentType.Alias == "keepOutSecurityRule")
{
node.CssClasses.Add("keepout");
var colourJson = page.GetProperty("contentColour").DataValue.ToString();
node.CssClasses.Add("keepout-" + KeepOutHelper.Json.Deserialize <RuleColour>(colourJson).Label);
}
}
break;
}
}
/// <summary>
/// The event that fires whenever a resource is requested
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void UmbracoApplication_PreRequestHandlerExecute(object sender, EventArgs e)
{
var context = ((UmbracoApplicationBase)sender).Context;
// if no context, session or anonymous user return
if (context == null)
{
return;
}
if (context.Session == null)
{
return;
}
if (context.Request.LogonUserIdentity == null)
{
return;
}
if (context.Items == null)
{
return;
}
var umbPageId = context.Items["pageID"];
var umbPage = context.Items["UmbPage"];
var umbracoContext = (UmbracoContext)context.Items["Umbraco.Web.UmbracoContext"];
if (umbPageId == null || umbPage == null || umbracoContext == null)
{
return;
}
// if accessing via the umbraco admin return
var isUmbraco = umbPage.ToString().StartsWith("/umbraco/");
if (isUmbraco)
{
return;
}
var umbracoHelper = new UmbracoHelper(umbracoContext);
if (!umbracoContext.PageId.HasValue)
{
return;
}
// First we check if this page is part of a rule
var page = umbracoHelper.TypedContent(umbracoContext.PageId.Value);
var path = page.Path.Split(new[] { ',' }).ToList();
// if the current page should be secured, the page path will contain the root page that was secured
// this is how we know that this is a descendant of the secured page
var hasRule = RulesPages.Intersect(path);
if (hasRule.Any())
{
LogHelper.Debug <KeepOutHandler>("Access rule was found");
var ruleIndex = RulesPages.IndexOf(hasRule.First()); // if multiple rules overlap, take the first
var activeRule = Rules[ruleIndex];
// now we have found a rule we check if it applies to the current member
LogHelper.Debug <KeepOutHandler>("Checking member '" + context.Request.LogonUserIdentity.Name + "' for membership");
var memberRoles = System.Web.Security.Roles.GetRolesForUser(context.Request.LogonUserIdentity.Name).ToList();
LogHelper.Debug <KeepOutHandler>("Found " + memberRoles.Count() + " roles for member");
if (!memberRoles.Any())
{
return;
}
var appliesToUser = activeRule.MemberRoles.Intersect(memberRoles);
if (appliesToUser.Any())
{
LogHelper.Debug <KeepOutHandler>("Applicable group membership found, attempting redirect to no-access page");
// member is in a group that has been denied access, so redirect to the no access page defined by the rule
var noAccessPage = umbracoHelper.NiceUrl(activeRule.NoAccessPage);
umbracoContext.HttpContext.Response.Redirect(noAccessPage);
}
}
}
/// <summary>
/// The event that fires whenever a resource is requested, so we can check if it is allowed
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void UmbracoApplication_PreRequestHandlerExecute(object sender, EventArgs e)
{
// we can cast sender to HttpApplication to get the logged in member
var httpApp = sender as HttpApplication;
if (httpApp == null)
{
return;
}
var loggedInMember = httpApp.User.Identity.Name;
if (string.IsNullOrEmpty(loggedInMember))
{
return;
}
var memberRoles = Roles.GetRolesForUser(loggedInMember);
if (!memberRoles.Any())
{
return;
}
// attempt to get the umbraco context
if (!(httpApp.Context.Items["Umbraco.Web.HybridUmbracoContextAccessor"] is UmbracoContext umbracoContext))
{
return;
}
// stop now if this is an umbraco backend request
if (!umbracoContext.IsFrontEndUmbracoRequest)
{
return;
}
//// First we check if the requested page is part of a rule
var pageId = umbracoContext.PublishedRequest.PublishedContent.Id;
var page = umbracoContext.Content.GetById(pageId);
var path = page.Path.Split(',').ToList();
// if the current page should be secured, the page path will contain the root page that was secured
// this is how we know that this is a descendant of the secured page
var hasRule = RulesPages.Intersect(path).ToList();
if (!hasRule.Any())
{
return;
}
var ruleIndex = RulesPages.IndexOf(hasRule.Last()); // if multiple rules overlap, take the last, rules are cumulative
var activeRule = Rules[ruleIndex];
var appliesToUser = activeRule.DeniedMemberGroups.Intersect(memberRoles);
if (!appliesToUser.Any())
{
return;
}
// member is in a group that has been denied access, so redirect to the no access page defined by the rule
var noAccessPage = umbracoContext.Content.GetById(activeRule.NoAccessPage);
umbracoContext.HttpContext.Response.Redirect(noAccessPage.Url);
}