/// <summary> /// Copies any auths for the original pages and blocks over to the copied pages and blocks. /// </summary> /// <param name="pageGuidDictionary">The dictionary containing the original page guids and the corresponding copied page guids.</param> /// <param name="blockGuidDictionary">The dictionary containing the original block guids and the corresponding copied block guids.</param> /// <param name="rockContext">The rock context.</param> /// <param name="currentPersonAliasId">The current person alias identifier.</param> private void GeneratePageBlockAuths(Dictionary <Guid, Guid> pageGuidDictionary, Dictionary <Guid, Guid> blockGuidDictionary, RockContext rockContext, int?currentPersonAliasId = null) { var authService = new AuthService(rockContext); var pageService = new PageService(rockContext); var blockService = new BlockService(rockContext); var pageGuid = Rock.SystemGuid.EntityType.PAGE.AsGuid(); var blockGuid = Rock.SystemGuid.EntityType.BLOCK.AsGuid(); Dictionary <Guid, int> pageIntDictionary = pageService.Queryable() .Where(p => pageGuidDictionary.Keys.Contains(p.Guid) || pageGuidDictionary.Values.Contains(p.Guid)) .ToDictionary(p => p.Guid, p => p.Id); Dictionary <Guid, int> blockIntDictionary = blockService.Queryable() .Where(p => blockGuidDictionary.Keys.Contains(p.Guid) || blockGuidDictionary.Values.Contains(p.Guid)) .ToDictionary(p => p.Guid, p => p.Id); var pageAuths = authService.Queryable().Where(a => a.EntityType.Guid == pageGuid && pageIntDictionary.Values.Contains(a.EntityId.Value)) .ToList(); var blockAuths = authService.Queryable().Where(a => a.EntityType.Guid == blockGuid && blockIntDictionary.Values.Contains(a.EntityId.Value)) .ToList(); foreach (var pageAuth in pageAuths) { var newPageAuth = pageAuth.Clone(false); newPageAuth.CreatedByPersonAlias = null; newPageAuth.CreatedByPersonAliasId = currentPersonAliasId; newPageAuth.CreatedDateTime = RockDateTime.Now; newPageAuth.ModifiedByPersonAlias = null; newPageAuth.ModifiedByPersonAliasId = currentPersonAliasId; newPageAuth.ModifiedDateTime = RockDateTime.Now; newPageAuth.Id = 0; newPageAuth.Guid = Guid.NewGuid(); newPageAuth.EntityId = pageIntDictionary[pageGuidDictionary[pageIntDictionary.Where(d => d.Value == pageAuth.EntityId.Value).FirstOrDefault().Key]]; authService.Add(newPageAuth); } foreach (var blockAuth in blockAuths) { var newBlockAuth = blockAuth.Clone(false); newBlockAuth.CreatedByPersonAlias = null; newBlockAuth.CreatedByPersonAliasId = currentPersonAliasId; newBlockAuth.CreatedDateTime = RockDateTime.Now; newBlockAuth.ModifiedByPersonAlias = null; newBlockAuth.ModifiedByPersonAliasId = currentPersonAliasId; newBlockAuth.ModifiedDateTime = RockDateTime.Now; newBlockAuth.Id = 0; newBlockAuth.Guid = Guid.NewGuid(); newBlockAuth.EntityId = blockIntDictionary[blockGuidDictionary[blockIntDictionary.Where(d => d.Value == blockAuth.EntityId.Value).FirstOrDefault().Key]]; authService.Add(newBlockAuth); } rockContext.SaveChanges(); }
/// <summary> /// Handles the Click event of the lbAddUser control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param> protected void lbAddUser_Click(object sender, EventArgs e) { if (ppUser.PersonId.HasValue) { int?personAliasId = ppUser.PersonAliasId; if (personAliasId.HasValue) { using (var rockContext = new RockContext()) { var authService = new Rock.Model.AuthService(rockContext); var existingAuths = authService.GetAuths(iSecured.TypeId, iSecured.Id, CurrentAction).ToList(); if (!existingAuths.Any(a => a.PersonAliasId.HasValue && a.PersonAliasId.Value == personAliasId.Value)) { int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0; Rock.Model.Auth auth = new Rock.Model.Auth(); auth.EntityTypeId = iSecured.TypeId; auth.EntityId = iSecured.Id; auth.Action = CurrentAction; auth.AllowOrDeny = "A"; auth.SpecialRole = Rock.Model.SpecialRole.None; auth.PersonAliasId = personAliasId; auth.Order = order; authService.Add(auth); rockContext.SaveChanges(); Authorization.ReloadAction(iSecured.TypeId, iSecured.Id, CurrentAction); } } } } pnlAddUser.Visible = false; phList.Visible = true; BindGrid(); }
/// <summary> /// Copies any auths for the original pages and blocks over to the copied pages and blocks. /// </summary> /// <param name="pageGuidDictionary">The dictionary containing the original page guids and the corresponding copied page guids.</param> /// <param name="blockGuidDictionary">The dictionary containing the original block guids and the corresponding copied block guids.</param> /// <param name="rockContext">The rock context.</param> /// <param name="currentPersonAliasId">The current person alias identifier.</param> private void GeneratePageBlockAuths( Dictionary<Guid, Guid> pageGuidDictionary, Dictionary<Guid, Guid> blockGuidDictionary, RockContext rockContext, int? currentPersonAliasId = null ) { var authService = new AuthService( rockContext ); var pageService = new PageService( rockContext ); var blockService = new BlockService( rockContext ); var pageGuid = Rock.SystemGuid.EntityType.PAGE.AsGuid(); var blockGuid = Rock.SystemGuid.EntityType.BLOCK.AsGuid(); Dictionary<Guid, int> pageIntDictionary = pageService.Queryable() .Where( p => pageGuidDictionary.Keys.Contains( p.Guid ) || pageGuidDictionary.Values.Contains( p.Guid ) ) .ToDictionary( p => p.Guid, p => p.Id ); Dictionary<Guid, int> blockIntDictionary = blockService.Queryable() .Where( p => blockGuidDictionary.Keys.Contains( p.Guid ) || blockGuidDictionary.Values.Contains( p.Guid ) ) .ToDictionary( p => p.Guid, p => p.Id ); var pageAuths = authService.Queryable().Where( a => a.EntityType.Guid == pageGuid && pageIntDictionary.Values.Contains( a.EntityId.Value ) ) .ToList(); var blockAuths = authService.Queryable().Where( a => a.EntityType.Guid == blockGuid && blockIntDictionary.Values.Contains( a.EntityId.Value ) ) .ToList(); foreach ( var pageAuth in pageAuths ) { var newPageAuth = pageAuth.Clone( false ); newPageAuth.CreatedByPersonAlias = null; newPageAuth.CreatedByPersonAliasId = currentPersonAliasId; newPageAuth.CreatedDateTime = RockDateTime.Now; newPageAuth.ModifiedByPersonAlias = null; newPageAuth.ModifiedByPersonAliasId = currentPersonAliasId; newPageAuth.ModifiedDateTime = RockDateTime.Now; newPageAuth.Id = 0; newPageAuth.Guid = Guid.NewGuid(); newPageAuth.EntityId = pageIntDictionary[pageGuidDictionary[pageIntDictionary.Where( d => d.Value == pageAuth.EntityId.Value ).FirstOrDefault().Key]]; authService.Add( newPageAuth ); } foreach ( var blockAuth in blockAuths ) { var newBlockAuth = blockAuth.Clone( false ); newBlockAuth.CreatedByPersonAlias = null; newBlockAuth.CreatedByPersonAliasId = currentPersonAliasId; newBlockAuth.CreatedDateTime = RockDateTime.Now; newBlockAuth.ModifiedByPersonAlias = null; newBlockAuth.ModifiedByPersonAliasId = currentPersonAliasId; newBlockAuth.ModifiedDateTime = RockDateTime.Now; newBlockAuth.Id = 0; newBlockAuth.Guid = Guid.NewGuid(); newBlockAuth.EntityId = blockIntDictionary[blockGuidDictionary[blockIntDictionary.Where( d => d.Value == blockAuth.EntityId.Value ).FirstOrDefault().Key]]; authService.Add( newBlockAuth ); } rockContext.SaveChanges(); }
/// <summary> /// Handles the Click event of the lbAddRole control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param> protected void lbAddRole_Click( object sender, EventArgs e ) { using ( var rockContext = new RockContext() ) { var authService = new AuthService( rockContext ); foreach ( ListItem li in cblRoleActionList.Items ) { if ( li.Selected ) { Rock.Model.SpecialRole specialRole = Rock.Model.SpecialRole.None; int? groupId = ddlRoles.SelectedValue.AsIntegerOrNull(); switch ( groupId ) { case -1: specialRole = Rock.Model.SpecialRole.AllUsers; break; case -2: specialRole = Rock.Model.SpecialRole.AllAuthenticatedUsers; break; case -3: specialRole = Rock.Model.SpecialRole.AllUnAuthenticatedUsers; break; default: specialRole = Rock.Model.SpecialRole.None; break; } if ( groupId < 0 ) { groupId = null; } var existingAuths = authService.GetAuths( iSecured.TypeId, iSecured.Id, li.Text ).ToList(); if ( !existingAuths.Any( a => a.SpecialRole == specialRole && a.GroupId.Equals( groupId ) ) ) { int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0; Rock.Model.Auth auth = new Rock.Model.Auth(); auth.EntityTypeId = iSecured.TypeId; auth.EntityId = iSecured.Id; auth.Action = li.Text; auth.AllowOrDeny = "A"; auth.SpecialRole = specialRole; auth.GroupId = groupId; auth.Order = order; authService.Add( auth ); rockContext.SaveChanges(); Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, li.Text ); } } } } pnlAddRole.Visible = false; phList.Visible = true; BindGrid(); }
/// <summary> /// Handles the Click event of the lbAddUser control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param> protected void lbAddUser_Click( object sender, EventArgs e ) { if ( ppUser.PersonId.HasValue ) { int? personAliasId = ppUser.PersonAliasId; if ( personAliasId.HasValue ) { using ( var rockContext = new RockContext() ) { var authService = new Rock.Model.AuthService( rockContext ); var existingAuths = authService.GetAuths( iSecured.TypeId, iSecured.Id, CurrentAction ).ToList(); if ( !existingAuths.Any( a => a.PersonAliasId.HasValue && a.PersonAliasId.Value == personAliasId.Value ) ) { int order = existingAuths.Count > 0 ? existingAuths.Last().Order + 1 : 0; Rock.Model.Auth auth = new Rock.Model.Auth(); auth.EntityTypeId = iSecured.TypeId; auth.EntityId = iSecured.Id; auth.Action = CurrentAction; auth.AllowOrDeny = "A"; auth.SpecialRole = Rock.Model.SpecialRole.None; auth.PersonAliasId = personAliasId; auth.Order = order; authService.Add( auth ); rockContext.SaveChanges(); Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, CurrentAction ); } } } } pnlAddUser.Visible = false; phList.Visible = true; BindGrid(); }
/// <summary> /// Makes the entity private by setting up two authorization rules, one granting the selected person, and /// then another that denies all other users. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> public static void MakePrivate( ISecured entity, string action, Person person, RockContext rockContext = null ) { if ( !IsPrivate( entity, action, person ) ) { if ( person != null ) { rockContext = rockContext ?? new RockContext(); // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( rockContext ); } var authService = new AuthService( rockContext ); // If there are not entries in the Authorizations object for this entity type and entity instance, create // the dictionary entries if ( !Authorizations.Keys.Contains( entity.TypeId ) ) { Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) ) { Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() ); } if ( !Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) ) { Authorizations[entity.TypeId][entity.Id].Add( action, new List<AuthRule>() ); } else { // If existing rules exist, delete them. foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] ) { var oldAuth = authService.Get( authRule.Id ); authService.Delete( oldAuth ); } } var rules = new List<AuthRule>(); Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.None; auth1.PersonId = person.Id; authService.Add( auth1 ); Auth auth2 = new Auth(); auth2.EntityTypeId = entity.TypeId; auth2.EntityId = entity.Id; auth2.Order = 1; auth2.Action = action; auth2.AllowOrDeny = "D"; auth2.SpecialRole = SpecialRole.AllUsers; authService.Add( auth2 ); rockContext.SaveChanges(); rules.Add( new AuthRule( auth1 ) ); rules.Add( new AuthRule( auth2 ) ); Authorizations[entity.TypeId][entity.Id][action] = rules; } } }
/// <summary> /// Updates authorization rules for the entity so that the current person is allowed to perform the specified action. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> public static void AllowPerson( ISecured entity, string action, Person person, RockContext rockContext = null ) { if ( person != null ) { rockContext = rockContext ?? new RockContext(); // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( rockContext ); } var authService = new AuthService( rockContext ); // If there are not entries in the Authorizations object for this entity type and entity instance, create // the dictionary entries if ( !Authorizations.Keys.Contains( entity.TypeId ) ) { Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) ) { Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() ); } List<AuthRule> rules = null; if ( Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) ) { rules = Authorizations[entity.TypeId][entity.Id][action]; } else { rules = new List<AuthRule>(); Authorizations[entity.TypeId][entity.Id].Add( action, rules ); } int order = 0; Auth auth = new Auth(); auth.EntityTypeId = entity.TypeId; auth.EntityId = entity.Id; auth.Order = order++; auth.Action = action; auth.AllowOrDeny = "A"; auth.SpecialRole = SpecialRole.None; auth.PersonId = person.Id; authService.Add( auth ); foreach(var rule in rules) { var existingAuth = authService.Get( rule.Id ); existingAuth.Order = order++; } rockContext.SaveChanges(); rules.Insert(0, new AuthRule( auth ) ); } }
/// <summary> /// Copies the authorizations from one <see cref="ISecured" /> object to another /// </summary> /// <param name="sourceEntity">The source entity.</param> /// <param name="targetEntity">The target entity.</param> /// <param name="rockContext">The rock context.</param> /// <remarks> /// If a rockContext value is included, this method will save any previous changes made to the context /// </remarks> public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext = null ) { rockContext = rockContext ?? new RockContext(); // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( rockContext ); } var sourceEntityTypeId = sourceEntity.TypeId; var targetEntityTypeId = targetEntity.TypeId; AuthService authService = new AuthService( rockContext ); // Delete the current authorizations for the target entity foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ) ) { authService.Delete( auth ); } Dictionary<string, List<AuthRule>> newActions = new Dictionary<string, List<AuthRule>>(); int order = 0; if ( Authorizations.ContainsKey( sourceEntityTypeId ) && Authorizations[sourceEntityTypeId].ContainsKey( sourceEntity.Id ) ) { foreach ( KeyValuePair<string, List<AuthRule>> action in Authorizations[sourceEntityTypeId][sourceEntity.Id] ) { if ( targetEntity.SupportedActions.ContainsKey( action.Key ) ) { newActions.Add( action.Key, new List<AuthRule>() ); foreach ( AuthRule rule in action.Value ) { Auth auth = new Auth(); auth.EntityTypeId = targetEntityTypeId; auth.EntityId = targetEntity.Id; auth.Order = order; auth.Action = action.Key; auth.AllowOrDeny = rule.AllowOrDeny; auth.SpecialRole = rule.SpecialRole; auth.PersonId = rule.PersonId; auth.GroupId = rule.GroupId; authService.Add( auth ); newActions[action.Key].Add( new AuthRule( rule.Id, rule.EntityId, rule.AllowOrDeny, rule.SpecialRole, rule.PersonId, rule.GroupId, rule.Order ) ); order++; } } } } rockContext.SaveChanges(); if ( !Authorizations.ContainsKey( targetEntityTypeId ) ) { Authorizations.Add( targetEntityTypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } Dictionary<int, Dictionary<string, List<AuthRule>>> entityType = Authorizations[targetEntityTypeId]; if ( !entityType.ContainsKey( targetEntity.Id ) ) { entityType.Add( targetEntity.Id, new Dictionary<string, List<AuthRule>>() ); } entityType[targetEntity.Id] = newActions; }
/// <summary> /// Copies the authorizations from one <see cref="ISecured" /> object to another /// </summary> /// <param name="sourceEntity">The source entity.</param> /// <param name="targetEntity">The target entity.</param> /// <param name="rockContext">The rock context.</param> /// <param name="action">Optional action (if ommitted or left blank, all actions will be copied).</param> /// <remarks> /// This method will save any previous changes made to the context /// </remarks> public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext, string action = "" ) { Load(); var sourceEntityTypeId = sourceEntity.TypeId; var targetEntityTypeId = targetEntity.TypeId; AuthService authService = new AuthService( rockContext ); // Delete the current authorizations for the target entity foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ).ToList() ) { if ( string.IsNullOrWhiteSpace( action ) || auth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) ) { authService.Delete( auth ); } } rockContext.SaveChanges(); // Copy target auths to source auths int order = 0; foreach ( Auth sourceAuth in authService.Get( sourceEntityTypeId, sourceEntity.Id ).ToList() ) { if ( ( string.IsNullOrWhiteSpace( action ) || sourceAuth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) ) && targetEntity.SupportedActions.ContainsKey( sourceAuth.Action ) ) { Auth auth = new Auth(); auth.EntityTypeId = targetEntityTypeId; auth.EntityId = targetEntity.Id; auth.Action = sourceAuth.Action; auth.AllowOrDeny = sourceAuth.AllowOrDeny; auth.GroupId = sourceAuth.GroupId; auth.PersonAliasId = sourceAuth.PersonAliasId; auth.SpecialRole = sourceAuth.SpecialRole; auth.Order = order++; authService.Add( auth ); rockContext.SaveChanges(); } } ReloadEntity( targetEntityTypeId, targetEntity.Id, rockContext ); }
/// <summary> /// Makes the entity private for the selected action and person /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> private static void MyMakePrivate( ISecured entity, string action, Person person, RockContext rockContext ) { if ( !IsPrivate( entity, action, person ) ) { if ( person != null ) { var personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id ); if ( personAlias != null ) { var authService = new AuthService( rockContext ); // Delete any existing rules in database foreach ( Auth auth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { authService.Delete( auth ); } rockContext.SaveChanges(); // Create the rules in the database Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.None; auth1.PersonAlias = personAlias; auth1.PersonAliasId = personAlias.Id; authService.Add( auth1 ); Auth auth2 = new Auth(); auth2.EntityTypeId = entity.TypeId; auth2.EntityId = entity.Id; auth2.Order = 1; auth2.Action = action; auth2.AllowOrDeny = "D"; auth2.SpecialRole = SpecialRole.AllUsers; authService.Add( auth2 ); rockContext.SaveChanges(); // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); } } } }
/// <summary> /// Mies the allow all users. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="rockContext">The rock context.</param> private static void MyAllowAllUsers( ISecured entity, string action, RockContext rockContext ) { var authService = new AuthService( rockContext ); // Delete any existing rules in database foreach ( Auth auth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { authService.Delete( auth ); } rockContext.SaveChanges(); // Create the rule in the database Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.AllUsers; authService.Add( auth1 ); rockContext.SaveChanges(); // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); }
/// <summary> /// Creates authorization rules to make the entity private to selected person /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="group">The group.</param> /// <param name="specialRole">The special role.</param> /// <param name="rockContext">The rock context.</param> private static void MyAllow( ISecured entity, string action, Person person = null, Group group = null, SpecialRole specialRole = SpecialRole.None, RockContext rockContext = null ) { rockContext = rockContext ?? new RockContext(); PersonAlias personAlias = null; if ( person != null ) { personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id ); } if ( personAlias != null || group != null || specialRole != SpecialRole.None ) { var authService = new AuthService( rockContext ); // Update the order for any existing rules in database int order = 1; foreach ( Auth existingAuth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { existingAuth.Order = order++; } // Add the new auth (with order of zero) Auth auth = new Auth(); auth.EntityTypeId = entity.TypeId; auth.EntityId = entity.Id; auth.Order = 0; auth.Action = action; auth.AllowOrDeny = "A"; auth.SpecialRole = specialRole; if ( personAlias != null ) { auth.PersonAlias = personAlias; auth.PersonAliasId = personAlias.Id; } if ( group != null ) { auth.Group = group; auth.GroupId = group.Id; } authService.Add( auth ); rockContext.SaveChanges(); // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); } }